Detailed release information

A string #XXX-NNN-NNNNN denotes the internal ticket ID for a task.

1.0.2.67

Added

  • New parameters to allow/deny mechanisms for PKCS#11 library.

  • List mechanisms for tokens in Net iD Command (earlier only dev-license).

  • Command to write parent processes to trace for a specific process.

  • Possibility to ask Net iD Service about who is parent process.

  • More trace for remote proxy connections.

  • Cleanup of dead remote proxy connections.

  • Optional hexadecimal encoding for communication with web-extension.

  • Connection type for connection status trace.

  • Configuration condition based on Registry values.

  • Sorting of sections and entries in the configuration file.

  • Internal date-time-format support.

  • Configuration variable {config-empty:<section>:<entry}.

  • Configuration variable {config-empty:<name>}.

  • Divider between tokens for Taskbar>CertificateList.

  • Link action support for Credential Provider.

  • Cleanup message for remote connections.

  • Support for soft token from NiE 7.0 (VSC 7.0).

  • Some trace for failure at remote component communication.

  • "Windows 11" for machine info string.

  • "Windows Server 2022" for machine info string.

  • Potential check of parent process for Plugin when called using I/O-API.

  • SCS parameter Service SCS>PluginSingleUse=1/0, default 1. Will create a new plugin object for each signature when active (=1).

  • Some trace information for Plugin write/delete certificate.

  • Unique installation id for shared memory communication.

  • Internal variable {certificate-auth-id} (authority key id from certificate).

  • Internal variable {certificate-key-id} (subject key id from certificate).

  • Remember last used credential in CP based on usage scenario.

  • KSP container/key name support for all CSP container names (KSP alias CSP).

  • Variables for Dialog>Image file name parameter.

  • Timestamp in the presentation of each line in trace parse.

  • New config parameter KSP>AliasList for CSP aliases for KSP registration.

  • Support for multiple web-extension IDs during install and use.

  • CSP name as alias for KSP registration.

  • Eventual deminiturize for WebAPP on macOS if application started and miniturized when another activation is initiated.

  • Plugin access level "always" for parameters that may be accessed even when normal access is blocked. Default will properties "AccessLevel", "Version" and "ProductInfo" have this access.

  • Report function for PKCS11 Sign/Verify/Encrypt/Decrypt.

  • Configuration variable License>Path, may specify another configuration path to retrieve License>Name/Company/Value.

  • Initial updated for IDPrime 930/3930. May read/use smart card, but not update, since unknown secure messaging keys.

  • Reading of FIPS information for YubiKey. Use SmartCard PIV>CheckFIPS=0/1/3, default 0.

  • Net iD Enterprise compability package.

  • PKCS#11 key attribute CKA_ALWAYS_AUTHENTICATE.

  • Exception handling for all dynamic loaded libraries.

  • Parameter KSP>IgnoreLogout=0/1.

  • Virtual Channel component for Citrix Workspace App Linux.

  • Parameter PKCS11>IgnoreLogout=0/1.

  • Updating of xml-configuration.

  • Install/uninstall PKCS11 and Virtual Channel for Citrix Workspace App Linux.

  • Support CSP parameters PP_USER_CERTSTORE/PP_ROOT_CERTSTORE for Linux/macOS.

  • Support image/svg+xml for dialogs.

  • arm64 architecture for macOS.

  • Matching condition for Watch startup/shutdown actions.

  • Possibility for infinite timeout for remote components.

Changed

  • Remote connection status time in trace from GMT/UTC to local time.

  • Most internal process communication trace only available during debugging will now always be available for Shared Memory and Network communication. Same behavior as communication using ICA/WTS.

  • Default value for CSP>AllowEmptyMemoryStore from 0 to 1.

  • Several places that used expand environment string to expand file path will now use the internal function expand full path to allow for internal variables like %ProgramFiles32% or %ProgramFiles64%.

  • Default access level for Plugin GetProperty 'Algorithm' and 'CertificateChain' from "use" to "low".

  • Upgraded Linux build environment to 18.04.

  • Upgraded Citrix VDAPI SDK 21.4.0.11(2104).

  • Command Utility reset update counter for minidriver type of counters, will increase counter values for pin/container/object with one. Earlier only object counter value.

Updated

  • Resource load/extract/get/set command. Both argument -file and -path can be used (same meaning).

  • Plugin configuration for SiteAccessUnknown.

  • Improved trace for running in an unsafe location.

  • Improved trace for redirected commands, i.e., I/O-API calls.

  • Improved trace for Plugin calls when used by SCS.

  • Extended trace for Cache component.

  • Improved trace for Plugin calls.

  • Internal PIN dialog behavior for write/remove certificate.

  • Improved trace for Plugin calls using STDIO/NPAPI/ActiveX.

  • Moved configuration Action>ServiceMonitor to Service>ActionMonitor.

  • Moved configuration Action>ServiceStart to Service>ActionStart.

  • Default KSP implementation type: hardware/software/removable.

  • Default certificate name for Command Utility > Utility > List CAPI to use friendly-name from CAPI MY store.

  • Safe locations for Windows. Allows a mix of 32-/64-bits locations with 32-/64-bits applications.

  • Some adjustments for PIN PAD with Credential Provider.

  • IDPrime MD profile model name. Read both attribute 80001101/80001102 from file EF(0025).

  • Invalid license behavior, some commands allowed.

  • IDPrime MD profile, will check only delete certificates for read-only keys when marked as read-write (new flag in profile documentation).

  • IDPrime MD profile, will try to delete certificates for read-only key, but only remove reference on delete success.

  • Merge configuration, will allow both files and Registry, earlier only files.

  • IDPrime MD profile, will block delete of objects related to read-only key.

  • Extract PIN from PKCS11 will use internal store instead of SSO cache.

  • Return value to CKR_OK instead of CKR_USER_ALREADY_LOGGED_IN for call to C_Login when PKCS11>IgnoreLogout=1.

  • Configuration till allow enviroment-variabler for file path.

  • SCS to always use local machine PKCS#11 implementation (even in TS/Citrix).

  • Configuration by ATR to allow card model instead of ATR.

  • Challenge/response configuration to be more automatic.

  • IDPrime 940 SIS smart card support for interop Thales minidriver.

  • Plugin trace for blocked parameters.

  • Build environment for macOS/iOS.

  • Minor trace text updates.

  • Exception handling for Windows.

  • System name for Windows Server to include Server.

  • Auto-logon for wrapped CP.

  • Some minor trace text adjustments.

  • Enhanced debugging for Linux Virtual Channel component.

  • Prepared porting Virtual Channel component to macOS (not finalized).

  • Safe location for Windows.

  • Variable TemporaryValidity, may specify days or seconds. Available for all token sections.

  • Trace server, will trace itself more often.

  • Configuration using ini-format. Keep comments and extra whitespace.

  • Configuration using ini-format. Allow extra whitespace between entry/value.

  • Setting of Registry files during install/uninstall.

  • Wild-card matching to allow wild-card in middle, i.e. "i*.reg".

  • Default remote trace timeout.

  • Timeout handling for remote components using shared memory.

  • Format html images.

Removed

  • Install of NPAPI plugin for Windows.

  • Extra access check added with "always" access.

  • Write of public key at generate key pair for IDPrime MD 4.2 and earlier. Was added for compability with Thales minidriver (QJO-445-81994).

  • Automatic pause/continue for Net iD User Service at session event RemoteDisconnect/RemoteConnect. Register as normal Watch events if the functionality is needed.

Fixed

  • Translation of symbolic links for Linux/macOS.

  • stdin/stdout mode for web-extension (always binary).

  • Write token number for YubiKey.

  • Resource get command (can now handle compressed).

  • Upgrade installation (uninstall followed by new install).

  • Error handling for communication with web-extension during write.

  • PIN expire for PKCS#15 smart cards with object-only update-counter.

  • Plugin access 'as-parent-app' for macOS.

  • Minor configuration error for remote proxy connections.

  • Remove of remote proxy connections during disconnect.

  • Reconnect of remote proxy connections during disconnect.

  • Global mutexes for remote connections (unique per desktop).

  • IDPrime 940 SIS. Encoding of first element in file-list-file (0101h).

  • IDPrime 940 SIS. Check for file existence at write certificate to handle inconsistence in content of file-list-file (0101h).

  • IDPrime 940 SIS. Will remove all elements with the specified id in file-list-file (0101h) at add of new element to avoid duplicates.

  • Remote component cleanup message when using proxy.

  • Auto-close of remote PKCS11/CSP session/context when used with proxy.

  • Trace split broken by update.

  • Link action support for Credential Provider.

  • SCS parameter PluginSingleUse=1.

  • Broken PIN PAD check for PIN expire update.

  • Potential crash when calling CryptoAPI to free certificate from store.

  • Problem with retrieve SCS version.

  • Presentation of Net iD Command UpdateCount time (correct timezone).

  • SmartCard>PinExpire=X/0. Will now always be inactive (=0) for smart card profiles without PinExpire support.

  • PIN expire handling. Will auto-switch between different UpdateCounter objects if needed when PIN expire is active/inactive.

  • PIN expire handling. Will not show dual UpdateCounter object á la PKCS#15 profile LastUpdate when stored with relative path.

  • Soft token storage in Registry with "big" content.

  • Potential dead-lock while updating soft tokens.

  • Token present event after PKCS#11 InitToken when number of PINs changed.

  • Initialize token for Aventra MyEID 4.0.1.

  • Smart card support Aventra MyEID 4.0.1.

  • Plugin EnumProperty Token after token updated.

  • Plugin STDIO interface with empty SetProperty value.

  • Uninitialized variable for Plugin signature.

  • Plugin access for "low" level items when site is "block".

  • Plugin access for "full" level items when site is "ask" (blocked without asking).

  • Plugin access for "file://" (will never be allowed to update).

  • Configuration Plugin > AllowURL when using "file://".

  • PIN PAD with Thales smart cards.

  • Problem with show-multiple-empty for CP.

  • Install on Linux with trace disabled.

  • Installation message for Net iD Application.

  • Plugin enum components description for Citrix extension on Linux.

  • Typo for Watch "ConsoleDisconnect" event.

  • SCS with IE when site is refreshed.

  • Case-insensitive compare for safe locations (applications that may use SSO).

  • Extract PIN from PKCS11 now working with TPM and soft tokens.

  • InitToken/ResetToken data "blob" from Plugin.

  • Command for logout all tokens.

  • Import of registry file with unknown environment variables.

  • Smart card key generation for IDPrime MD.ODD.

  • Key usage for PIN3 enrollment on IDPrime MD smart cards.

  • Net iD Enterprise compability package.

  • Unlock PIN for Credential Provider with ModeTokenEvent=0x02.

  • Remove of smart card reader for Credential Provider.

  • Credential Provider Filter problem.

  • Problem with monitoring processes for Net iD Service.

  • Problem with remote components using shared memory.

  • Unlock challenge/response for smart card MD830B level 3.

  • User service crasch for temporary certificates.

  • Windows scale 225% when using dpi-aware manifest.

  • Credential Provider when both mode flag TileAlwaysPresent and flag ShowMultipleEmpty are active.

  • system-name for Windows Server 2019.

  • National characters (åäö) for Shell Extension (aka ExplorerMenu).

  • Remember Watch execute-once-list between restart.

  • Duplicate credentials for Credential Provider.