v0.5.0

Breaking Change

MessageDetails.KeyID is now *string (was string).

RequestDetails() and ResponseDetails() previously required the keyid signature parameter and returned it as a plain string. RFC 9421 does not mandate keyid, so it is now optional: the field is nil when absent, &value when present.

Migration: any code reading details.KeyID must now nil-check before dereferencing.

Security Fixes

• Signature bypass via missing keyid — verifiers configured with SetKeyID() were vulnerable to bypass: signatures that omitted keyid entirely would pass verification. Now rejected with an error.

• Unbounded body buffering (OOM/DoS) — reading message bodies for Content-Digest computation and trailer parsing had no size cap. Added SetMaxBodySize() to HandlerConfig, ClientConfig, VerifyConfig, SignConfig, and DigestOptions. Default is 0 (no limit) for backward compatibility.

• Opaque verification errors — internal crypto error details are no longer propagated to callers, preventing leakage of cryptographic internals.

• Panic on malformed key — unguarded type assertions in sign() and verify() could panic if a Signer/Verifier was constructed with an incorrect key type. Now returns "malformed key" error.

New Features

• SetNonceValidator on VerifyConfig — callback for application-layer replay prevention; invoked when a signature includes a nonce parameter.
• SetSchemeFromRequest on SignConfig and VerifyConfig — derive @scheme from a custom callback (e.g. X-Forwarded-Proto) for deployments behind TLS-terminating reverse proxies.