Release notes: ============== Date : 28.06.2018   Version : 4.0.16 Revision : 6664 DigiSign Client changes: ======================== DS 4.0.16-6664: =============== - Certificate loader naming bug fix DS 4.0.16-6640: =============== - Fix error DSCLIENT-249 Current implementation considers "signatureType" value as mandatory in signature requests. Also this commit fix crash for wrong Json object. - Fix error DSCLIENT-245 once 64 octets length returns 400 error for SCS challenge request. - Linux PDF documentation, in Section 4.1 The smart card icon is missing, word "Windows" substituted with "system" - Linux documentation update, in Section 4.1 The smart card icon is missing, word "Windows" substituted with "system" - Fix error DSCLIENT-243 Internal server error 500 in the case when user presses Cancel in pin dialog for Sign request - DSCLIENT-244 Incorrect response code for SCS in two simultaneous sign requests - Technical References updated - SCS 1.1. improvement. Added signed text for authentication dialog. DSCLIENT-231. - Additional improvement for object removing task DSCLIENT-232. No need update if removing failed. Add Remove button only for objects that is allowed. - Documentation: Installation and User Guides for all languages and operating systems updated - Implementation DSCLIENT-234 Windows improvements. Certificate loading from smart card. - Implementation DSCLIENT-228 Windows server and minidriver installation - DSApp; Added uninstall action menu if installed from .exe package - Cryptoki; Added support for PIN flags; CKF_USER_PIN_TO_BE_CHANGED,CKF_USER_PIN_LOCKED,CKF_USER_PIN_FINAL_TRY, CKF_USER_PIN_COUNT_LOW - SCS Signer; Added setting 'scsPinPolicy' where 0='Use PIN cache if available', 1=Query PIN always before key operation - Windows minidriver; Added FINEID V3 contactless ATR bytes - Cryptoki; added cryptokiAuthMode and cryptokiAutoAuthExclude settings - DigiSignApplication; Added 'remove object' to right-click menu. - Windows; Add "127.0.0.1" into subjectAltName if OS is greater or equal than XP-SP3 or smaller or equal than 8.1 - Options query; Added cache level selection - PalmSign; Do not pop-up registration query if network is not available - Toolkit; Clear stored SSL/TLS socket sessions before new mPolluxAuthenticate() call - Toolkit; SelectSmartCardReader(), do not display readers without card on selection list - Removed SCS-V1.0 support - GetResponse Le fix if SM is not set - SCS Signer; 1K limit only for DS keys, allow longer signatures for NR keys - Fix error with "minidriverAutoAuthExclude" and problems with user lock screen. If minidriverAutoAuthExclude is set only one exe process is checking but it alsoshould verify for all process from systemModules[] string. - Fix error DSCLIENT-226 Firefox: TLS setup took long time while requesting site when PKCS#11 module (cryptoki.dll) - Minidriver; Added UAC 'consent.exe' into non-gui system process list to avoid GUI looping 4.0.14: ======= - VRK version; When activating, enable OK button only when PUK (=activation PIN) is exactly 8 characters long - Added "cms" signature type - Added support of M5 (Pro) PalmSecure sensors - Credential provider fix to first authenticate against local database and if authentication fails, authenticate against server - Added logic to avoid multiple PACE protocol PIN query dialogs - Documents updated - OSX multiuser support - Selection dialog enhancements; Show only scheme with address (show full address with query on tooltip) - Added first version of "activated features" dialog - Digisign directories moved from /tmp under home directory - Smart card cache files are always encrypted - SCS_VERSION upgraded to 1.1 - SCS security enhancements: - Do not allow signature operations over http (only https allowed) - Do not allow to sign data with the length of 1024 or more - Do not allow to sign digest if certificate key usage is "digitalSignature" or extended key usage contains "client authentication" extension - DSApplication start logic fix - VRK Version; "fi" => "FI" - Certificate selection dialog enhancements - Release notes; Removed obsolete registry key; HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fujitsu\DigiSign Client - MyEID create P15 object fix; NOTE: Dynamic size is supported from version 4 - Display revision in "About" - Windows; Display if minidriver is installed - FINEID-V3; Added low level support for PACE authentication - DSApp; Reverse proxy disabled by default - minidriver; Added time stamp into inf and cat files - minidriver; Added C:\windows\Explorer.EXE => Explorer.exe to non-GUI application list to avoid VPN to cause BSOD - IAS-ECC; Added IsActivated() method to validate that activated = MAX_USAGE_COUNTER-REMAINING_USAGE_COUNTER<2 - Added package time stamping - Web diagnostics; Show minidriver binary label - Peer certificate validation fix 4.0.12: ======= - Toolkit CRL check fix; If trusted list is not given, return value is TRUE and found root certificate is copied to return value - If all PINs are locked, we expect that card is not activated - Added 'Instructions...' menu - Cryptoki; Return object length when object value pointer is given - minidriver .inf file modification; Added support for newer IP9 cards - Bug fix; Activate PIN even in the case there is invalid card/cards in the card collection - Minidriver; Added more validity checks - Windows; Remove 'C:\ProgramData\Fujitsu\DS_Client' during uninstall - MacOS; Added uninstall menu selection - Fine tuning based on static and dynamic code analysis 4.0.10: ======= - Linux/Cryptoki; Do not use GUI if cisco VPN client loaded module. - cryptoki; Firefox/reauthenticate crash fix - minidriver; Add defaultKeyContainer if UPN domain doesn't match - Tokend; Allow to compute signatures with CSSM_ALGID_VENDOR_DEFINED+8 mechanism - Tokend; Force to add OID into signature if not given - tokend; Added PIN1 cache to be able to SSL/TLS-reauthenticate without irritating user with pop-up dialogs - minidriver; MAX_PIN_LENGTH fix to support 12 character PINs - minidriver; Do not allow automated PIN from CredentialUIBroker.exe - Ask activation code instead on PUK code when card is activated at the first time