NOLAI
diff --git a/‎.github/workflows/build-and-test.yml‎
Lines changed: 17 additions & 9 deletions b/‎.github/workflows/build-and-test.yml‎
Lines changed: 17 additions & 9 deletions
diff --git a/‎.github/workflows/check-version.yml‎
Lines changed: 5 additions & 1 deletion b/‎.github/workflows/check-version.yml‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎.github/workflows/lint-and-test.yml‎
Lines changed: 33 additions & 10 deletions b/‎.github/workflows/lint-and-test.yml‎
Lines changed: 33 additions & 10 deletions
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 7 additions & 1 deletion b/‎.github/workflows/publish.yml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎Cargo.toml‎
Lines changed: 39 additions & 18 deletions b/‎Cargo.toml‎
Lines changed: 39 additions & 18 deletions
@@ -9,41 +9,49 @@ on:
 jobs:
   semver-checks:
     runs-on: ubuntu-latest
-
     name: cargo semver-checks
     steps:
       - uses: actions/checkout@v4
       - uses: obi1kenobi/cargo-semver-checks-action@v2
+        with:
+          # Check default feature set, plus elgamal3 and legacy.
+          # python/wasm bindings are not included here (and remain mutually exclusive).
+          feature-group: default-features
+          features: elgamal3,legacy,insecure
 
   test:
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
         features:
           - ""
           - "elgamal3"
-          - "legacy-pep-repo-compatible"
-          - "elgamal3,legacy-pep-repo-compatible"
+          - "legacy"
+          - "elgamal3,legacy"
 
-    name: cargo test
+    name: cargo test (${{ matrix.features || 'default' }})
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
+      - uses: Swatinem/rust-cache@v2
       - run: cargo test --features "${{ matrix.features }}"
 
   build-wasm:
     runs-on: ubuntu-latest
     needs: test
     strategy:
+      fail-fast: false
       matrix:
         target: [ "web", "nodejs" ]
-        features: [ "", "elgamal3" ]
+        features:
+          - "wasm"
+          - "wasm,elgamal3"
 
-    name: wasm-pack build
+    name: wasm-pack build (${{ matrix.target }}, ${{ matrix.features }})
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
+      - uses: Swatinem/rust-cache@v2
       - run: cargo install wasm-pack
-      - run: npm install
-      - run: npm test
-      - run: wasm-pack build --target ${{ matrix.target }} --features "wasm,${{ matrix.features }}"
+      - run: wasm-pack build --target ${{ matrix.target }} --features "${{ matrix.features }}"
@@ -8,11 +8,15 @@ on:
 jobs:
   semver-checks:
     runs-on: ubuntu-latest
-
     name: cargo semver-checks
     steps:
       - uses: actions/checkout@v4
       - uses: obi1kenobi/cargo-semver-checks-action@v2
+        with:
+          # Check default feature set, plus elgamal3 and legacy.
+          # python/wasm bindings are not included here (and remain mutually exclusive).
+          feature-group: default-features
+          features: elgamal3,legacy,insecure
 
   check-versions:
     runs-on: ubuntu-latest
 
@@ -8,11 +8,22 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
-    name: cargo clippy
+    strategy:
+      fail-fast: false
+      matrix:
+        features:
+          - ""
+          - "elgamal3"
+          - "python"
+          - "python,elgamal3"
+          - "wasm"
+          - "wasm,elgamal3"
+    name: cargo clippy (${{ matrix.features || 'default' }})
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
-      - run: cargo clippy --all-targets --all-features -- -D warnings
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo clippy --all-targets --features "${{ matrix.features }}" -- -D warnings
 
   fmt:
     runs-on: ubuntu-latest
@@ -24,20 +35,33 @@ jobs:
 
   test:
     runs-on: ubuntu-latest
-    name: cargo test
+    strategy:
+      fail-fast: false
+      matrix:
+        features:
+          - ""
+          - "elgamal3"
+          - "python"
+          - "python,elgamal3"
+          - "wasm"
+          - "wasm,elgamal3"
+    name: cargo test (${{ matrix.features || 'default' }})
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
-      - run: cargo test --all-features
-      - run: cargo doc --no-deps
+      - uses: Swatinem/rust-cache@v2
+
+      - run: cargo test --features "${{ matrix.features }}"
+      - run: cargo doc --no-deps --features "${{ matrix.features }}"
 
   test-python:
     runs-on: ubuntu-latest
     name: test python bindings
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
-      - uses: actions/setup-python@v4
+      - uses: Swatinem/rust-cache@v2
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.x'
       - name: Create virtual environment
@@ -58,12 +82,11 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
+      - uses: Swatinem/rust-cache@v2
       - uses: actions/setup-node@v4
         with:
           node-version: '20.x'
       - run: cargo install wasm-pack
       - run: npm install
-      - name: Build WASM package
-        run: npm run build
-      - name: Run WASM tests
-        run: npm test
+      - name: Build and test WASM package
+        run: npm test
@@ -7,11 +7,15 @@ on:
 jobs:
   semver-checks:
     runs-on: ubuntu-latest
-
     name: cargo semver-checks
     steps:
       - uses: actions/checkout@v4
       - uses: obi1kenobi/cargo-semver-checks-action@v2
+        with:
+          # Check default feature set, plus elgamal3 and legacy.
+          # python/wasm bindings are not included here (and remain mutually exclusive).
+          feature-group: default-features
+          features: elgamal3,legacy,insecure
 
   publish-crate:
     runs-on: ubuntu-latest
@@ -24,6 +28,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
+      - uses: Swatinem/rust-cache@v2
       - uses: rust-lang/crates-io-auth-action@v1
         id: auth
       - run: cargo publish
@@ -41,6 +46,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rust-lang/setup-rust-toolchain@v1
+      - uses: Swatinem/rust-cache@v2
       - uses: actions/setup-node@v4
         with:
           node-version: '22.x'
 
@@ -1,28 +1,34 @@
 [package]
 name = "libpep"
 edition = "2021"
-version = "0.7.5"
+version = "0.8.0"
 authors = ["Bernard van Gastel <bvgastel@bitpowder.com>", "Job Doesburg <job@jobdoesburg.nl>"]
 homepage = "https://github.com/NOLAI/libpep"
 repository = "https://github.com/NOLAI/libpep"
 documentation = "https://docs.rs/libpep"
 license = "Apache-2.0"
 keywords = ["crypto", "pep", "pseudonymization"]
 categories = ["cryptography", "algorithms"]
-description = "Implementation of PEP primitives, offering pseudonymization and encryption interfaces"
+description = "Library for polymorphic encryption and pseudonymization"
 readme = "README.md"
 
 [features]
-default = ["build-binary"]
-elgamal3 = []
-wasm = ["wasm-bindgen", "getrandom"]
-python = ["pyo3"]
-legacy-pep-repo-compatible = []
-insecure-methods = []
-build-binary = ["buildinfy","commandy","commandy_macros"]
+default = ["build-binary", "long", "offline", "batch", "serde", "json"]
+serde = ["dep:serde"] # For (de)serialization support via Serde
+elgamal3 = [] # For ElGamal triple encryption, including the recipient's public key in message encoding
+offline = [] # For encryption towards global keys (instead of encryption with session keys)
+batch = [] # For batch transcryption with reordering to prevent linkability
+long = [] # For long pseudonyms and attributes over 15 bytes
+json = ["serde", "dep:serde_json"] # For JSON encryption/decryption support
+global-pseudonyms = ["offline"] # Allow pseudonyms in a global domain (uses global pseudonyms with reshuffle factor 1), which is potentially insecure
+legacy = ["elgamal3", "offline", "global-pseudonyms"] # For compatibility with the legacy PEP repository implementation
+insecure = [] # Enable insecure methods that typically should not be used in production (does not include "global-pseudonyms", which is a separate feature)
+build-binary = ["buildinfy","commandy","commandy_macros","rand"] # Build the peppy command line utility
 
+wasm = ["wasm-bindgen", "serde-wasm-bindgen", "js-sys", "getrandom/wasm_js"] # For building WebAssembly bindings via wasm-bindgen
+python = ["pyo3"] # For building Python bindings via PyO3
 # Note: python and wasm are mutually exclusive and should not be enabled together.
-# PyO3 builds a cdylib that links to Python interpreter, while wasm-bindgen builds
+# PyO3 builds a cdylib that links to the Python interpreter, while wasm-bindgen builds
 # a cdylib targeting WebAssembly - they have incompatible linking requirements.
 
 [lib]
@@ -35,24 +41,28 @@ name = "peppy"
 required-features = ["build-binary"]
 
 [dependencies]
-curve25519-dalek-libpep = { version = "^4.0", features = ["rand_core"] } # This is a published fork of signalapp/curve25519-dalek, which is a fork of popular dalek-cryptography/curve25519-dalek implementing lizard support
-rand = { version = "^0.8", features = ["std"] }
-rand_core = { version = "^0.6", features = ["std"] }
-sha2 = "^0.10"
-hmac = "^0.12"
-derive_more = { version = "^1.0", features = ["deref", "from", "into"] }
+curve25519-dalek = { version = "^ 5.0.0-pre.2", features = ["rand_core", "lizard"] }
+rand_core = "0.10.0-rc.2"
+rand = { version = "0.10.0-rc.5", optional = true }
+sha2 = "^0.11.0-rc.3"
+hmac = "^0.13.0-rc.3"
+derive_more = { version = "^2.0", features = ["deref", "from", "into"] }
 hex = "^0.4"
 base64 = "^0.22"
-serde = { version = "^1.0", features = ["derive"] }
+serde = { version = "^1.0", features = ["derive"], optional = true }
+serde_json = { version = "^1.0", optional = true }
 wasm-bindgen = { version = "0.2", optional = true }
-getrandom = { version = "^0.2", features = ["js"], optional = true}
+serde-wasm-bindgen = { version = "0.6", optional = true }
+js-sys = { version = "0.3", optional = true }
+getrandom = { version = "0.3", optional = true }
 pyo3 = { version = "0.27", features = ["extension-module"], optional = true }
 buildinfy = { version = "^0.1", optional = true }
 commandy = { version = "^0.2", optional = true }
 commandy_macros = { version = "^0.2", optional = true }
 
 [dev-dependencies]
 serde_json = "^1.0"
+rand = "0.10.0-rc.5"
 
 [package.metadata.deb]
 name = "peppy"
@@ -67,3 +77,14 @@ assets = [
     ["peppy.1", "man/man1/", "444"],
     ["target/release/peppy", "bin/peppy", "555"],
 ]
+
+[package.metadata.docs.rs]
+features = ["offline", "batch", "long", "serde", "elgamal3", "insecure"]
+rustdoc-args = ["--cfg", "docsrs"]
+
+[lints.rust]
+unsafe_code = "deny"
+
+[lints.clippy]
+unwrap_used = "deny"
+expect_used = "deny"