Migrate from Net iD Enterprise

Migrate CryptoAPI

The most common integration between applications and Net iD Client is Microsoft CryptoAPI. CryptoAPI has two levels of access: low-level or high-level.

Low-level access

Low-level access is used by applications that access the CSP directly.

High-level access

High-level access is used by applications that never access the CSP directly. Instead, they call CryptoAPI to get the certificates and use those for signing, decryption, etc. These applications are already prepared for Net iD Client, and everything works as before.

Application changes

No action is needed.

Migrate PKCS#11

Windows

CK_ULONG changed from 64-bit to 32-bit

For Windows, there is a change for the 64-bit version of the PKCS#11 library. There is no change for other platforms. The change is that the size of CK_ULONG was 64-bit and is now 32-bit. This change should not affect any application since all known integrations used the special library built with exactly this change. The default behavior is now to deliver what all applications already expected.

PKCS#11 libraries

Change the location of the PKCS#11 library.

Table 1. PKCS#11 libraries — Windows
Old New

C:\Program Files\Net iD\iidp11.dll

N/A, Contact SecMaker Support for more information.

C:\Program Files\Net iD\iidp11_u32.dll

C:\Program Files\Net iD\Client\netid.dll

C:\Program Files (x86)\Net iD\iidp11.dll

C:\Program Files (x86)\Net iD\Client\netid.dll

Use old PKCS#11 library install paths
This is an optional setting.

Create links that go to the old Net iD Enterprise library file. It still loads the new Net iD Client library. This can make it easier to make old applications to work.

Example 1. For backward compatibility, you can configure the PKCS#11 library paths.

Before installation, configure so that the PKCS#11 library is stored on the computer using the old path and name used in Net iD Enterprise.

Config WIN32
[Install Packages]
01=iid.dll;%ProgramFiles%\Net iD\iidp11.dll
Config WIN64
[Install Packages]
01=iid.dll;%ProgramFiles%\Net iD\iidxp11_u32.dll
Contact SecMaker to get Net iD Client built using these settings.

macOS

Table 2. PKCS#11 libraries — macOS
Old New

/usr/local/lib/libiidp11.dylib

/usr/local/lib/libnetid.dylib

Linux

Table 3. PKCS#11 libraries — Linux
Old New

/usr/lib/libiidp11.so

/usr/lib/libnetid.so

Migrate plugin — ActiveX

The ActiveX plugin is still available, but the class ID has changed. The old class ID is still possible to use if you need to. Net iD Client registers both the old and the new class ID.

Backward compatibility for version control

The old class ID uses version number 7 instead of 1. Because 1 (current Net iD Client major release identifier) is smaller than 6 (current Net iD Enterprise major release identifier), and it is necessary for many current application implementations using the plugin that the version is the same or greater than a specific number. For example, greater than "06010000".

Application changes

If needed, change to the new class ID.

Table 4. Class ID identifiers
Old New

{5BF56AD2-E297-416E-BC49-00B327C4426E}

{5BF56AD2-E297-416E-BC49-00B327C4428E}

Migrate plugin — NPAPI

The NPAPI plugin is still available, but the MIME type has changed.

Application changes

Change to new MIME type.

Table 5. MIME type
Old New

application/x-iid

application/x-netid

Migrate plugin — C

Some integrations access the internal C-API directly. These application vendors should contact SecMaker Support to get an example that loads this interface for both Net iD Enterprise and Net iD Client, depending on the installation. If you do the integration yourself, you need to change to the new location.

Windows

Table 6. Plugin libraries — Windows
Old New

C:\Program Files\Net iD\iidplg.dll

C:\Program Files\Net iD\Client\netid.dll

C:\Program Files\Net iD\iid.dll

C:\Program Files\Net iD\Client\netid.dll

C:\Program Files (x86)\Net iD\iidplg.dll

C:\Program Files (x86)\Net iD\Client\netid.dll

C:\Program Files (x86)\Net iD\iid.dll

C:\Program Files (x86)\Net iD\Client\netid.dll

Use old Plugin library install paths

This is an optional setting.

Create links that go to Net iD Enterprise’s library file. It still loads the new Net iD Client library. This can make it easier to make old applications to work.

Example 2. For backward compatibility, you can configure the Plugin library paths.

Before installation, configure so that the Plugin library is stored on the computer using the old path and name used in Net iD Enterprise.

Config WIN32
[Install Packages]
01=iid.dll;%ProgramFiles%\Net iD\iid.dll
Config WIN64
[Install Packages]
01=iid.dll;%ProgramFiles%\Net iD\iid.dll
Contact SecMaker to get Net iD Client built using these settings.

macOS

Table 7. Plugin libraries —  macOS
Old New

/usr/local/lib/libiidplg.dylib

/usr/local/lib/libnetid.dylib

/usr/local/lib/libiid.dylib

/usr/local/lib/libnetid.dylib

Linux

Table 8. Plugin libraries —  Linux
Old New

/usr/lib/libiidplg.so

/usr/lib/libnetid.so

/usr/lib/libiid.so

/usr/lib/libnetid.so