A newer version of this documentation is available.

View Latest

Release information, detailed

6.5.2.37

  • Added new ATR for Buypass BeID smart card.

  • Updated application parameters, may be specified with *, i.e Plugin>Allowed=*,1.

  • Added parameter 'version' as argument for Net iD Web App (iidxweb.exe).

  • Fixed uninstall PKCS11 module from Firefox on Linux/MacOSX

  • Fixed increased number of allowed characters for Notify dialog.

  • Fixed check for GemXpresso PIN status without PIN path (Gemalto IP10/IP1).

  • Fixed unlock in CP for Gemalto IP10.

  • Fixed environment variabels for full path bitmaps in CP.

  • Fixed allow pkcs11 session token for plugin for Encrypt/Digest.

  • Fixed block of application not allowed to use plugin.

  • Fixed check of CREDUIWIN_AUTHPACKAGE_ONLY for CP; RDP related problem.

  • Fixed check card expire; one day discrepancy

6.5.1.27

  • Full Credential Provider supported, enables focus on smart card credential for Windows 10 login. See Known Limitations below.

  • Parameter setting to remember last used certificate for Credential Provider, changed behaviour. Only works with Full Credential Provider for all supported Windows OS’s.

  • Added support for YubiKey (PIV) token from Yubico.

  • Prepared support for challenge-response with Oberthur IAS-ECC cards.

  • Added license check for custom component (iidxctm.dll).

  • Fixed multiple PIN2 signatures for VRK card.

  • Fixed application id:s for OS X (autostart).

6.5.0.17

  • Added remember last used certificate for CP.

  • Added new CP mode parameter AllowSoftToken (0x04).

  • Added parameter CSP>StoreList to specify external certificate stores, default value "addressbook;TrustedPeople".

  • Added open multiple file types for Plugin browse file.

  • Added new Soft Token parameter SystemUseAll=1/0, default 1.

  • Added plugin parameter MachineInfo for iOS/Android.

  • Added dynamic location for installation (Net iD Access).

  • Upgraded to Xcode 7.X for OS X/iOS.

  • Reactivated parameter Dialog>NoUserInterface.

  • Changed back finnish language name to "Suomi".

  • Made some minor Linux installation updates.

  • Fixed signature problem for PIN2 with Oberthur VRK IAS ECC.

  • Fixed card update problem for corrupt PKCS#15 smart cards.

  • Fixed problem with INTERNAL event when size is too big

  • Fixed potentiell problem with INTERNAL event and ExitWindows dialog

  • Fixed block of internal event when already running internal event.

  • Fixed reading of update counter for 64-bits machines.

  • Fixed PC/SC crasch when new readers added during search.

  • Fixed environment variables for images using Net iD Web.

  • Fixed ÅÄÖ problem for loader.

  • Fixed ÅÄÖ problem with GUI title when started from INTERNAL event.

  • Fixed Registry configuration using GPO for enumeration values.

  • Fixed potential cache problem (data too big) in v6.4.1.26:

6.4.1.26

  • Changed install location for OS X (/usr/lib ⇒ /usr/local/lib)

  • Changed default install location for OS X (/usr/lib ⇒ /usr/local/lib)

  • Changed default install location för OS X Tokend.

  • Fixed install pkcs#11 for new OS X location.

  • Fixed card detect for Siemens CardOS 4.01.

  • Fixed GUI problem for Ubuntu with an initial delay for all dialoges.

  • Reintroduced file-open dialog for plugin (Windows-only).

6.4.0.24

  • Added support Oberthur IAS ECC with v2.0 applet.

  • Added support for Estonian EID cards (EstEID v1.0, v3.0, v3.5.2).

  • Added Windows 10 GUID to application manifest.

  • Added reading of GPO.

  • Added read-only RSA support for Atos CardOS 5.0.

  • Added Signature Creation Service (SCS) for Windows/Linux/OS X.

    • Added support for pre-digested data for Signer plugin.

    • Added Signer plugin parameter AuthorityKeyId for certificate select during signature creation.

    • Added CertMover parameter General>ExtraService. A list of services which will be started/stopped by CertMover.

    • Extended SCS protocol with selector 'subjects'.

    • Updated SCS: selector "validate" ignored and parameter "hashAlgorithm" changed default value from none to SHA-256.

    • Fixed SCS protocol 1.0.1.

  • Added token flags for plugin EnumProperty("Token").

  • Added folder shell extension.

  • Added allowed plugin parameter "ConfigLocal:Reset:*".

  • Added pin block for soft token.

  • Updated NetControl may handle all logon applications.

  • Rewritten card cache completely. Will always use SSO cache if available and will handle no disk access (simulate SmartCard>NoDiskCache=1).

  • Skipped modifiable check for CSP before delete of key pair.

  • Verified Support for OS X 10.11 (El Capitan), see Known Issues.

  • Uses new code signing certificate for Windows.

  • Removed "Svenska SAMSET" as own "language", customized texts handled through dynamic strings from now on.

  • Fixed pin attempts for BeID cards when used by Credential Provider.

  • Fixed PIN Provider for Windows 10.

  • Fixed exit windows functionality when Ctrl-Alt-Del desktop active.

  • Fixed support for specifying card version for dynamic ATR:s.

  • Fixed detect Gemalto IDPrime SIS, all odd 4.X will behave as 4.1 and all even 4.X will behave as 4.0.

  • Fixed image size parameter for Credential Provider (CP), will only affect .ico files.

  • Fixed blocking of other CP even for unsupported scenario PLAP.

  • Fixed new window for Web component.

  • Fixed dual upgrade with remove old install.

  • Fixed remove old install during installation.

  • Fixed problem with system modal dialog for Net iD Web when called from CertMover.

  • Fixed PUK error message for unlock with CP.

  • Fixed error message using empty puk for unlock pin with old GUI.

  • Fixed parameter "-url" for LRA/Web components.

  • Fixed dynamic menu for explorer menu.

  • Fixed load of correct action (unlock/enroll) after card status is changed.

  • Fixed release of smart card reader after unlock pin with challenge response for CP.

  • Fixed key search for CSP after generate key pair when reusing existing key pair.

  • Fixed delete registry keys using registry file import.

  • Fixed new GUI for encrypt/decrypt using shell extension.

  • Fixed clear all PINs will only affect current session.

  • Fixed block of shell-extension for Win8+ metro-mode.

6.3.0.50

  • New GUI for Windows, OS X and Ubuntu.

  • Support for OS X 10.10.

  • Support for Gemalto IDPrime Instant IP10 card (only 2048 bits RSA keys supported, see Known Limitations).

  • Support for Gemalto IDPrime SIS EID IP1 card (only 2048 bits RSA keys supported, see Known Limitations).

  • Support for Oberthur IAS-ECC v1.0.1 card with v1.2 applet (only applet v1.3 supported earlier).

  • Support for Gemalto Tjanstekort EID card with new chip.

  • Support for Telia EID IP5 card with new chip.

  • Finnish language has been reviewed.

  • Support for Microsoft Windows Server 2003 ended.

  • Support for Microsoft Internet Explorer 8 ended.

  • General support for Microsoft Windows Vista ended (only supported via separate agreement).

  • General Support for Microsoft Internet Explorer 9 ended (only supported via separate agreement).

  • Added single-sign-on for soft tokens, use parameters SoftToken>SingleSignOnEnable and SoftToken>SingleSignOnDisable to control the behavior. Default off.

  • Added parameter DenyIssuers/AcceptIssuers for MiniDriver, same behavior as CSP.

  • Added thumbprint when listing certificates for -command.

  • Added handling of Credential/Certificate/PIN Provider for trace parse.

  • Added support of delete Registry entries for import registry file.

  • Added DenyIssuers/AcceptIssuers parameter for Credential Provider, same format as corresponding parameters for CertMover.

  • Added DefaultIssuers parameter för Credential Provider. Will set first matching certificate as default, will use same parameter format as DenyIssuers/AcceptIssuers parameters.

  • Added set pin expired for -command.

  • Added iid.exe -updateusermode to handle install of user mode plugin/pkcs11.

  • Added CertMover links action: TokenEvent, TokenPresent, TokenNotPresent.

  • Added verify of code signing signature for setup file used by plugin upgrade on Windows (WinVerifyTrust). Will also require SecMaker AB as signing organisation.

  • Added start of administration password dialog for Linux uninstallation when needed, i.e. running without sudo for all-user installation.

  • Added parameter for session token Pkcs11>SessionToken=0/1.

  • Added parameter to sort certificates for CSP.

  • Added WebApp for Linux (iidxapp).

  • Added SM Keys (Gemalto) in default configuration.

  • Added plugin operation Invoke('Action') for custom link action.

  • Added support for URL protocol with Web App on Windows.

  • Added new parameter to block RSA "raw" algorithm for cards supporting padded algorithms.

  • Added support for token/pin labels bigger than 32 characters.

  • Added plugin function SetLicense. Will update current license value using the parameters LicenseName/LicenseCompany/License. Will update global configuration if trace server is available (else local configuration).

  • Added plugin parameter MachineInfo, to return machine system name and unique id. Will return same information as Command Utility.

  • Added setting of file content using SetProperty("Data") fo plugin operation ResetToken.

  • Import of certificates with AdmUtil using BEGIN/END tags for base64 encoded value.

  • Added report success for PIN Provider using "Report CREDUI" section.

  • Reintroduced "BMP(Default)" parameter for Certificate Provider.

  • Enhanced trace parse for multi-threaded trace file.

  • Changed behavior. All Credential Provider parameters are handled by version or language.

  • Changed Pkcs11>SessionToken to an application list parameter. May still contain 0/1 as earlier or a list of applications which will have parameter enabled (=1).

  • Changed behavior. CSP will return NTE_SILENT_CONTEXT instead of NTE_BAD_KEY when CRYPT_SILENT is specified and PIN dialog is needed.

  • Changed behavior for plugin command ResetUserData. Will keep local configuration file, but remove sections SoftToken and Temp.

  • Changed behavior. CA certificate expire will load custom action CaCertificateExpire instead of show message dialog.

  • Changed behavior. PC/SC list readers will reuse same context, instead of create a new each call.

  • Changed behavior. Plugin will avoid loading of internal components while setting properties, only load for 'ActiveSlot'. This behavior will allow the use of InvokeThread even for initial loading of plugin (avoid hanging of javascript).

  • Changed behavior. CSP call CryptGetProvParam with parameter PP_USER_CERTSTORE will also register certificates to MY store.

  • CertMover will register ECC certificates on CNG instead of CSP when using PKCS11 as read access mode.

  • Changed behavior. Message for certificate license invalid removed, instead will any action be performed using Custom Action > TokenInvalid.

  • Watch configuration is only read from global configuration.

  • License invalid message was earlier always About dialog, may now perform any action using Custom Action > LicenseInvalid, default action is to show About dialog.

  • Updated behavior for Credential Provider. Will always check Enable=0/1 when checking for configuration section existence, still default 1.

  • Fixed reset of smart card without update counter.

  • Fixed PIN pad support.

  • Fixed generate PIN2 private keys for IP8.

  • Fixed support using T=1 protocol for key operations Buypass BEID cards.

  • Fixed upgrade of rebranded Net iD Enterprise.

  • Fixed support PIN pad for Credential Provider.

  • Fixed support ECC keys for plugin enum keys.

  • Fixed login status for create Keychain token at logon.

  • Fixed signature with algorithm SSL-SHAMD5 for Gemalto applet 3.X.

  • Fixed finnish language strings.

  • Fixed dialog box problem for Linux single-user install.

  • Fixed another way to handle Microsoft Terminal Server bug with CSP.

  • Fixed hide of some parameters for trace.

  • Fixed configure of ports for AllowedServers.

  • Fixed cache attempts counter for dual PIN1 smart cards.

  • Fixed language support for LRA, customer specific functionality.

  • Fixed applyconfig for dual installation with old AdmUtil.

  • Fixed clear of pin status for .Net cards after pin change.

  • Fixed storage of password history in private box.

  • Fixed custom links with non-ascii characters.

  • Fixed install silent as system.

  • Fixed disable trace will stop without restart of process.

6.1.2.25

  • Added ATR for Gemalto Instant EID IP9 (SetCosXpresso IP9) with new chip.

  • Added %thumbprint% and %pin% as variables for report logon.

  • Added support for Citrix FastConnect API v2 in custom component (separately priced).

  • Fixed plugin calls blocked for Crypt extension when used from CertMover.

  • Fixed select of default AID for initiate of secure messaging without earlier select of AID.

  • Fixed set of parameter Server for plugin when used by Net iD Access.

  • Fixed check of parameter exportable when importing PKCS#12 files via plugin, same behavior as generate key pair.

  • Fixed adding of soft token to Keychain Access for OS X 10.9.

  • Fixed display of fix version (third number) when using OS X and Linux, i.e. Command Utility.

  • Fixed reading of card version for GemXpresso 3.01.

  • Fixed utf-8 characters for Label/Manufacturer when updating via InitToken.

6.1.1.21

  • Added trace of system info when trace enabled.

  • Added version name for Windows 8.1 and Windows 2012 R2 to trace.

  • Added requirement for non-empty PIN using old GUI.

  • Added loading of CSP when using Credential Provider to avoid no valid certificate failure.

  • Added check of plugin name argument (1-256 ascii characters).

  • Added check for WTS session id for PC/SC context.

  • Limited plugin name length for SetProperty/EnumProperty/GetProperty/Invoke to 256 characters.

  • Changed CSP parameter KeepSessionAlive to specify list of applications.

  • Changed to allow much more data for parameter Plugin>Allowed.

  • Changed so OS X Keychain tokens will get same token number between reinitialize.

  • Changed so OS X Keychain tokens will not generate events when Keychain file is updated, since OS X is updating the file on each access.

  • Fixed read of correct license information for setup with GUI v6.

  • Fixed problem with loading of GUI v6 in OS X.

  • Fixed update counter when reinsert former empty card (aka no valid certificate).

  • Fixed reading of extra card information for Certificate Provider.

  • Fixed Minidriver pin verify to return pin incorrect for empty pin value instead of parameter invalid.

  • Fixed blocked pkcs#11 search for invalid license.

  • Removed Buypass BEID card license restriction (allowed for all).

6.1.0.12

  • Support for Microsoft Windows 8.1 and Internet Explorer 11, see Known Limitations.

  • Support for OS X 10.9 (Mavericks), see Known Issues.

  • Removed Plugin parameter SetProperty("Trace") for security reasons.

  • Added access control for all plugin functions/variables.

  • Added sanity check for Plugin parameter GetProperty("TokenData"), will require soft token to be stored at default location with default file extension.

  • Added DevStudio linker options ASLR and DEP.

  • Added converting of PKCS#11 token info labels via dynamic strings.

  • Separated LRA Enroll/Renew config: EnrollParameters/EnrollRequestURL/EnrollResponseURL, RenewParameters/RenewRequestURL/RenewResponseURL.

  • Moved CredProv LRA parameters to LRA section.

  • New CSP signature procedure, see Known Issues regarding Windows XP and Windows Server 2003.

  • Updated Taskbar "Custom Links", will only read from global configuration.

  • Updated CSP signature to be done without Microsoft involvment, according to new Microsoft processes.

  • Ended support for automatic installation of Net iD Enterprise PKCS#11 module in Mozilla Firefox on OS X for security reasons, see Known Limitations.

  • Fixed converting of PKCS#11 token info labels via dynamic strings.

  • Fixed generation of PIN2 key which requires PIN1 from SSO cache.

  • Fixed open of LRA menu for CertMover.

6.0.3.52

  • Added support for Entrust container format using TaskbarAccessMode with PKCS11.

  • Increased NetControl timeout before terminate (10 seconds) and added trace entry when process is terminated.

  • Fixed problem with Entrust container name for non-repudiation certificates.

  • Fixed new GUI blocked by new security requirements for plugin.

  • Fixed trace server Windows logoff problem.

  • Fixed CSP auto-release problem.

  • Fixed abort for PIN dialog in new process.

  • Fixed start of GUI via INTERNAL event.

6.0.2.49

  • Added support for expand of certificate variables to report logon.

  • Added support for new plugin folder for Firefox browser (Windows).

  • Fixed supervisor kill of smart card polling thread during shutdown.

  • Fixed exit windows for GINA locked screen.

  • Fixed plugin krasch, and Removed plugin command Invoke("Run").

  • Fixed SSO problem with CSP.

  • Fixed write of pin update counter for .NET card.

6.0.1.47

  • Updated plugin AllowedServer parameter, may configure to limit access or block access for some/all servers.

  • Added parameter Plugin>Allowed to specify a list of applications that may use the plugin. Specify with access mode: "iid.exe,1;good.exe,2;bad.exe,0". Same mode values as AllowedServers, but limited (=3) not available.

  • Changed to No as default button for confirm dialog on Windows (same as Linux/MacOSX).

  • Updated behavior, CertMover pause will also block plugin access.

  • Updated behavior, disable CSP will also affect MD for CertMover.

  • Updated behavior, FriendlyName=0 will set empty friendly name.

  • Updated card support Gemalto IDPrime MD applet.

  • Fixed license check based on certificate present, i.e. SITHS.

  • Fixed empty friendly name for CertMover, will use certificate label.

  • Fixed dynamic strings for Linux/OS X.

  • Fixed AdmUtil crash when using UNC path for user profile.

  • Fixed Registry naming issue when adding smart cards for Minidriver.

  • Fixed problem with loading of cmapfile for Minidriver after PIN change via Microsoft utilities.

  • Fixed problem when CertMover reset SSO cache for all users in TS session.

  • Fixed access blocked mode (=0) for parameter Plugin>Allowed

6.0.0.41

  • Added possibilty to add extra startup componets for Windows Run.

  • Added possiblity to use Secure Desktop for PIN dialog on Windows.

  • Updated behavior, will always use Secure Desktop for Exit Windows dialog.

  • Setup packages may be installed in installation folder. For example to include uninstall registry file.

  • Installation of registry files will always be executed as last action during setup. Files named 'iidxi*.reg' will be executed during install. Files named 'iidxu*.reg' will be executed during uninstall.

  • Added auto sorting of configuration file sections at merge.

  • Added support for certificate provider in Win8.

  • Fixed CredProv for Windows 8.

  • Added support for all SHA-2 algorithms (SHA-224/256/384/512), SHA-256 was available earlier.

  • Added Initial support Mifare logon for Credential Provider.

  • Added PIN pad support for plugin.

  • Added card update check before any update. At card update will card be reloaded before create objects and all destroy/update of objects are stopped.

  • Added support for key generation on Evry/CryptoTech JCOP smart card.

  • Added initialize token for ActivCard. or updates.

  • Added PIV smart card support. Key and certificate management will require admin key and special key id handling. Card will also require special data objects for conformance, standard card management will not work.

  • Added Taglio smart card support.

  • Added support PSO-Digital Signature for Oberthur IAS-ECC.

  • Fixed install script for linux/macos.

  • Added automatic installation of Netscape plugin for Chrome browser for Windows.

  • Fixed report database time format (UTC).

  • Added parameter Plugin>Disable. A list of applications that will not be able to create plugin ActiveX object, default empty.

  • Added "script" action for Watch insert/remove event. Same action as "open", but will run hidden.

  • Added parameter General>CheckEnroll to enable certificate enrollment when any certificate is missing (or card empty). Value format: "<token>,<number>,<ca>".

  • Added parameter Custom Action>WarningCertificateEnroll with same behavior as renewal and expire action, but used for enrollment check above.

  • Added Trace>UseLocalTime=0/1 (default 0) parameter to enable use of local system time in trace for trace server instead of time since trace server started.

  • Added parameter MiniDriver>UseCritical=2 for same functionality as CSP for better trace parsing. Only one thread at time may access MiniDriver.

  • Added variable %scenario% for custom Credential Provider presentation info.

  • Added dynamic loading correct icon size for Credential Provider when using icon as image: 48x48px for small (CREDUI), 256x256 for big (all other).

  • Added plugin property 'Compact' flag to use Name instead of OID for in subject/issuer field for enum property 'CertificateEx' and 'Certificate'.

  • Changed new GUI dialog behavior. Earlier all dialogs was system modal, not any more. Use parameter '-system' for dialogs that should be system modal.

  • Web application aka iidxweb.exe now uses same source code as Web dialog, so all functionality added by Web dialog is also available for Web application.

  • Added variable %expire% for custom certificate presentation info.

  • Added parameter Enable for all Credential Providers. Earlier was enable/disable based on configuration available/missing. Will allow setting of configuration and still be inactive.

  • Added "-application" as extra parameter for dialog, will never start new process.

  • Added "-timeout" as extra parameter for dialog, will use supplied value instead of timeout value for all dialogs (Dialog>Timeout).

  • Changed default value for Dialog>Timeout to 600 (10 minutes).

  • Added certificate expired/renewal for main application, will enable custom action for plugin.

  • Added CredentialProvider>BlockGUID for each provider type to add a list of providers that should be blocked beside the wrapped one.

  • Added Links Action>CertificateExpired/CertificateRenew as custom action.

  • Update Dialog>SecureDesktop parameter to include darken percent for background screen. Will be stored in second byte: 0x??01. Accepted values are 0-100 or 255, so 0x0001 to 0x6401 or 0xFF01, value 0 will specify default (0x43 ⇒ 67%). 255 will disable background image (as Windows 8).

  • Credential provider may wrap any provider instead of default Microsoft provider via configuration WrappedGuid for each provider type.

  • Added parameter for default PUK reference for pkcs#15 smart cards.

  • Added parameter SmartCardReader>SingleConnection=2 to open single global connection towards PC/SC, used for testing bad smart card reader drivers.

  • Added init token support in command utility for soft tokens, will remove the soft token content. Usable for testing on Mac OS X.

  • Added parameter Administration>View to hide/show elements in new Admin Utility.

  • Added parameter Dialog>BrowserVersion to specify minimum supported browser version for new GUI, default 8.

  • Added pin type and pin policy for token info object returned by plugin.

  • Added property 'ProtectedMode' for plugin, will return true/false dependning on protected mode status.

  • Added invoke 'ResetUser' command for plugin, will delete and recreate Net iD user application data folder and also reset trace file. Eventual virtualized (sandbox) folder will also be removed. Note, all Net iD user data will be lost and this operation will require not running in protected mode (sandbox).

  • Added invoke 'ActivateTrace' and 'DisableTrace' command for plugin, will activate or disable user trace. Note, will handle server trace when available.

  • Added client certificate support for internal http/ftp client.

  • Added parameter SoftToken>Events=0/1/2 to be able to detect soft token removal

  • Added sort configuration command for sorting of configuration sections and remove of unused sections for different platforms.

  • Added connected configuration for static configuration. For example a static configuration may be overwritten by configuration in Registry (GPO).

  • Added support for AllowedServers check for Firefox and Safari (Netscape plugin), earlier only Internet Explorer (ActiveX).

  • Added possibility to move global configuration file to Registry.

  • Added support read/write with both A/B keys for Mifare.

  • Added parameter Pkcs11>SeparateThreadSearch=0/1, to allow same session handle to be used for search in different threads simultaneously.

  • Added parameter SmartCard>AutoUpdateKeyId=0/1, to allow configure of auto update of connected objects when one is updated. Earlier behavior was always auto update, new default behavior is never auto update.

  • Added support for username/password stored on smart card for Credential Provider [OME-314473].

  • Added new trace feature, may use SSO2 server as trace server. All traces will be sent to SSO2 server and written with synchronized time, will also avoid problemd with two processes trying to write in the same time. Use "server" as name instead of full path to a file. Use Trace>Server to specify location of trace file.

  • Added new CertMover. Will access CSPs to get certificates instead of reading from PKCS11. Will add three mods for detecting token insert/remove events: poll, pcsc or pkcs11. Mode poll will check each CSP once a minute for certificate removal/insertion. Mode pcsc will check PC/SC for reader/card insert/remove. Mode pkcs11 will use old behavior accessing PKCS11.

  • Added new CertMover behavior. May be used as mover for any CSP: CSP>ExtraList.

  • Added new CertMover taskbar menu options: Certificate list (0x0200).

  • Added support for loading .ico files as Credential Provider bitmaps (size 256x256).

  • Added argument -clearcache for MiniDriver to clear Microsoft smart card cache.

  • Added support for CSP provider parameter PP_SMARTCARD_READER.

  • Added certificate variables for all Watch commands.

  • Changed behavior for pkcs#11 C_WaitForSlotEvent, will also generate events for smart card reader insert/remove, earlier smart card insert/remove and smart card updates.

  • Removed parameter MiniDriver>DisableFileCache, since it would have affected new CertMover.

  • Updated plugin to handle new Admin Utiltiy features on Mac OS X. 'Only open externally certificate viewer' not supported, since there is not externally certificate viewer available.

  • Updated AdmUtil and CertMover to enable/disable "server" trace when available, instead of only local trace.

  • Updated support for CSP provider parameter PP_SMARTCARD_GUID, will return same information as MS Base SmartCard CSP with our Minidriver.

5.7.1.14

  • Fixed dynamic strings for Linux/MacOSX.

  • Updated plugin AllowedServer parameter, may configure to limit access or block access for some/all servers.

5.7.0.12

  • Added support PSO-Digital Signature for Oberthur IAS-ECC.

  • Support for additional smart card: Skatteverkets ID-kort v2 (Swedish Tax Authorities updated ID card with Citizen IDs)

5.6.3.64

  • Fixed problem with SSO service shutting down at smart card reader connection failure.

5.6.2.62

  • Updated install PKCS#11 for Firefox.

  • Fixed pin unblock for ActivId card.

  • Fixed problem with ReloadOnError parameter.

  • Fixed NetControl search browser window problem, when application using browser control is running.

  • Fixed search for matching key pairs for PKCS#11 when no new key pairs available, will first search with all attributes and second search after modifibale attribute removed.

  • Fixed milliseconds for trace on Linux/MacOSX.

  • Added parameter -clear to -movecertificates argument, to remove all CSP certificates from CryptoAPI store before move.

  • Added automatic installation of Netscape plugin for all-user Chrome browser for Windows.

  • Changed refresh behavior, will not reload PC/SC connection any longer.

  • Fixed problem with CSP support for Nexus Personal Entrust container format.

  • Added automatic installation of Netscape plugin for single-user Chrome browser for Windows.

  • Added support for search by object in Tokend, beside search for object record. This is needed to support Safari 5.1.

  • Added parameter [Admin Utility]>UseService=-1 to disable installation of CertMover as background process (=0) or Service (=1).

  • Fixed problem with Citrix SSO component using cards with multiple certificates.

  • Fixed container mapping for CSP when multiple card readers used.

  • Fixed long pin (more than 8 bytes) with ActivId cards.

  • Fixed pin policy only digits.

  • Fixed ignore logoff command while disconnected for GINA.

  • Fixed connect after disconnect for GINA.

  • Fixed CA certificate install for CertMover, will only display single dialog even at failure.

  • Increased trace maximum size before clear to 100MB, check each hour.

  • Added parameter Smart Card>ObjectSortMode=0/1/2 (0=none/1=day/2=second) for sorting of objects stored on a smart card. Will affect default certificate behavior.

  • Fixed issue with old ActivId cards.

  • Fixed support T=1 protocol for ActiveId card profile.

  • Fixed event list order issue.

5.6.1.53

  • Fixed problem with PIN2 cache for card profile "Tjanstekort EID".

  • Fixed close of polling thread.

  • Support for TrueCrypt 7.1.

  • Fixed plugin reinitialize problem for Max OS X 10.5.

  • Fixed Net iD application loading problem for Mac OS X 10.5.

  • Fixed loading of extened pkcs#11 functions when plugin is loaded after pkcs#11 for Firefox on Mac OS X/Linux.

  • Fixed behavior for MiniDriver. Will reload smart card when receive unknown vendor specific value from Microsoft Base CSP.

  • Fixed support of internal read/write Mifare, will not require external library.

  • Fixed certificate enroll for card profile "Tjanstekort EID".

  • May start several instances of iidxweb.exe.

  • Fixed problem with adding objects to public box.

  • Added trace menu for task bar popup menu.

  • Fixed taskbar menu icon for about entry when running Win7 classic theme.

  • CSP default certificate will be returned as first container for enum containers.

  • CSP will not enumerate two containers with same certificates for default containers any longer.

  • Fixed support DetectNewSlot=1 for SSO.

  • Exit Windows dialogue aborted when Windows already is locked.

  • Fixed logoff background for GINA.

  • Fixed abort close for ESC button for Watch exit windows dialog.

  • Fixed argument for extended call for executable.

  • Fixed add entry to EF(UnusedSPace) for private keys stored as a file object.

  • Added support Oberthur special data object for Oberthur minidriver.

  • Fixed GINA problem.

5.6.0.44

  • Fixed support NT4 credential name GINA logoff at unlock.

  • Fixed card expire warning for multiple CA.

  • Added parameters Smart Card>Temporary and Smart Card>TemporaryValidity to identify temporary cards. Those cards will have special handling for enroll provider.

  • Updated CSP write certificate to handle write PIN2 certificates for Gemalto Classic Applet. Will not map writing to PIN1, as all other multiple PIN cards.

  • Fixed delete of read-only certificates for PKCS15 profile.

  • Fixed automatic create of update counter at login for PKCS15 profile.

  • Fixed CertMover refresh after manual remove of certificates.

  • Fixed plugin write of bigger internal private/public data, limit 256 bytes earlier 64 bytes.

  • Fixed PIN2 certificate mapping.

  • Fixed WLan soft token support for Windows 7 64-bit.

  • Fixed sorting of certificates (valid from) from only day to both day and time.

  • Added list keys for Command Utility.

  • Fixed problem with Minidriver register of multiple certificates for CryptoAPI.

  • Minidriver will register certificates in CryptoAPI depending in configuration parameter MiniDriver>MoveCertificates=0/1.

  • Credential/PIN Provider>Autologon may be disabled for a list of applications, default "lsass.exe;logonui.exe".

  • Fixed performance for Minidriver.

  • Fixed support Citrix new logon/logoff component.

  • Fixed removal of certificate for external CSP.

  • Parameter CSP>ReplaceCertificate may also be used to replace PIN2 certificates.

  • Old certificate will be removed when writing certificate using key id as container name for CSP.

  • Fixed license block based on License>Issuers. Only certificates with specified issuer available in list will be shown and usable.

  • Fixed problem with update of EF(UnusedSpace) for PKCS#15 profile.

  • Fixed Minidriver support for Buypass card.

  • Enhanced performance for reading Buypass cards. Will not read public keys when certificate is available in pocket. Will update file size to correct modulus size when reading public key from private key file.

  • Enhanced performance for .Net smart card.

  • Fixed running logoff script for GINA.

  • Removed plugin default message, since Internet Explorer will no accept zero size plugin.

  • Credential Provider will clear PIN entry field at failure.

  • Increased performance for GINA.

  • Added PIN unlock with challenge/response for Credential/PIN provider. Require card support (currently implemented for .NET smart card).

  • Added delete of subtree for Registry delete command utility.

  • Added Enroll Provider, to enroll certificates before logon for use with LRA component.

  • Updated IAS ECC for Gemalto, may generate key pair and write private and public objects for ECC Generic PKI application. May not delete key pairs and may not update ECC eID application.

  • Updated plugin behavior. Login will logout when enter bad pin for already logged on.

  • Added C_SignUpdate/C_SignFinal/C_VerifyUpdate/C_VerifyFinal for PKCS#11 library.

  • All old licenses blocked, starting with 'W'. All new standard license will start with 'N' and all new demo licenses will start with 'D'.

  • Added possibility to load static global configuration to each component.

  • Added possibility to load static license information to binary.

  • Fixed support OAEP padding Gemalto Classic v3.11.

  • Added %keyusage% as image selection parameter for Credential/Certificate provider.

  • Added Watch will act only on smart card used during logon.

  • Added support for RSA "raw" for SetCOS 4.4 (IP2/IP5/IP8).

  • Added PIN Provider for customized Microsoft PIN dialog in same way as Credential Provider. Enabled when "PIN Provider" section is available in configuration.

  • Added Autologon=0/1 for both PIN and Credential Provider. Will use stored PIN from SSO2 when available.

  • Changed default label for certificate to default friendly name. Will be used by PKCS#11 when label missing on card.

  • Added list certificate for Command Utility.

  • Initial support ActivIdentity v1 card.

  • Fixed allow single language for installation.

  • MiniDriver v5/v6 certify test successful with .NET smart card.

  • Updated support for Oberthur IAS ECC, for example:

    • set access condition when creating files for wireless access and import 2048 bit keys.

    • Fixed interopability with Oberthur minidriver for Oberthur IAS ECC card, will use same update counter.

    • Added support to change SO key for Oberthur IAS ECC.

  • Added Mozilla Thunderbird to list of applications for auto install of our PKCS#11 library.

  • Added static zlib compress library for PKCS#11 library (win32/win64).

  • Updated support Oberthur IAS ECC.

  • Fixed SHA-256 certificate enroll with MiniDriver.

  • Successful run of Entrust Entelligence CSP Test Utility with .Net smart card.

5.5.1.29

  • Fixed problem with update of PKCS#15 data objects.

  • Fixed problem with show bitmap for Credential Provider in certificate select dialog.

  • Fixed problem with minidriver when loaded after plugin.

  • Added C_UnblockPIN for PKCS#11 library.

  • Fixed problem reading PIN protected PrKDF for RPS card.

  • Fixed problem with long reader names for minidriver.

  • Fixed problem with certificate enroll for minidriver.

  • Fixed DER encode integer problem when negative number.

  • Fixed plugin Logout for SO user.

  • Fixed plugin Reset for SO user.

  • Fixed plugin InitToken, section DELETE>erase=1 always available.

5.5.0.27

  • Disabled duplicate context for CSP.

  • Added Gemalto default test key for secure messaging.

  • Fixed read file problem GemSAFE v1/v2.

  • Fixed get pin attempts left for RPS card.

  • Fixed read ISO7816-15 PrKDF with private access.

  • Fixed .Net smart card signature pin enrollment for second key.

  • Added MiniDriver parameter DisablePinCache=0/1 and DisableFileCache=0/1 to avoid Microsoft caching problem. Both have default value 0 (cache active).

  • Updated SSO push logon information.

  • Fixed support CRYPT_NOHASHOID for CryptVerifySignature in CSP.

  • Fixed custom card name for CSP/MiniDriver. Add entry NamePrefix for respective component.

  • Fixed problem with secondary certificates for MiniDriver.

  • Fixed problem with secondary PIN for MiniDriver.

  • Fixed problem with enroll via MMC, will not delete "default" keys.

  • Fixed problem for minidriver with too long key id.

  • Fixed PIN pad problem with BCD coding (Nordea VISA card).

  • Added language support for Credential/Certificate Provider. Prefix title, subtitle, textabove or textbelow with language short name to get different strings depending on langauage.

  • Updated handling of multiple PINs for PKCS#15 profile.

  • Fixed detect card immediately after detect new reader.

  • Fixed Watch shutdown immediately if no event commands available.

  • Fixed win32/win64 dual service support.

  • Utf8 and unicode support rewritten for Linux/MacOSX.

  • Updated support for reading/writing IClassID cards.

  • Fixed configuration parameter [SingleSignOn]>Disable will also disable SSO2, only SSO earlier.

  • Fixed limitation in configuration file, will handle parsing of bad encoded data object.

  • Added command line tool for change/unlock pin.

  • Added support for dual uninstall. Will extract and run silent uninstall for all packages included in the installation package.

  • Added support Gemalto .NET smart card.

  • Added support loading zlib library for compression of certificate for interopability with Gemalto .NET smart card minidriver. Will always try to load library zlib.dll/libzlib.so/libzlib.dylib, but file to load may be configured using Compress>Library.

  • Added support for using hexadecimal values for PIN/PUK. Needed when PUK value is not a string, i.e. 2DES key. All values beginning with '0x' and containing only hexadecimal digits '0'-'9' or 'A'-'F' will be converted.

  • Added support for dual uninstallation. Using dual installation package to uninstall will uninstall both packages.

  • Added configuration parameter [CredentialProvider]>BMP(InsertCard) to specify image for insert card prompt.

  • Changed behavior, will always set root CA certificates as trusted for PKCS11 library. The result is root CA certificates may be trusted by Firefox.

  • Added reading of mifare and iclassid for Watch/Connector.

  • Added Certificate Provider for customized certificate selection dialog.

  • Added Change Credential Provider for customized Ctrl-Alt-Del change PIN dialog.

5.4.1.34

  • Fixed uninstall local configuration for Linux/MacOSX.

  • Added possiblity for install pkcs11 in Firefox profiles for MacOSX/Linux.

  • Fixed certificate select dialog for MacOSX.

  • Fixed show pin attempts for SSO2.

  • Added ATR for Buypass card.

  • Added configuration parameter to limit the available certificates. Set allowed issuers with [License] > Issuers. All issuers allowed if nothing specified.

  • Added [Smart Card] > PinType = 4, for only digits allowed. Will be used by card profiles not storing pin information on card, i.e. Buypass.

  • Enhanced support for sending SSO username/password stored on card to different windows. Will handle edit boxes with any class name as long as test "edit" is part of name. Will also send "enter" to main window if OK button not found.

  • Updated Setec SetCOS 4.4.1 card, Instant EID IP2 profile, to erase key files before generating new key pairs.

  • CheckSoftExpire introduced, same behavior as CheckCardExpire, but for soft tokens instead of smart cards.

  • Possibility to limit the number of supported languages.

  • Property InvokeWait introduced for plugin, tells number of seconds plugin should wait for eventual refreshing before returning, i.e. certificate mover at WriteCertificate.

  • Enhanced performance for credential provider.

5.4.0.26

  • Fixed support tracesplit/traceparse Linux/MacOSX

  • Only start dual installation on win64. Will allow single setup containing both win32 and win64. The installation will install win32 for win32 and both win32 and win64 for win64.

  • Fixed create/destroy SO pin objects for PKCS#11.

  • Fixed parallel execute of Watch commands.

  • Fixed background image for Watch.

  • Credential Provider may use Minidriver instead of CSP. Will be able to load bitmap based on certificate, but no unlock or pin attempts functionality.

  • Fixed PKCS#11 token flag for pin status with any pin reference, to solve problem with pin status for 2 CIA card.

  • Fixed minidriver problem with card only supporting T=1.

  • Fixed create private key for SetCOS 4.4.

  • Updated card handler locking. No lock required for asking card status without force update.

  • Added configuration parameter Install>ProductType. Will be appended to product name, i.e. "Net iD OEM"/"Net iD Enterprise".

  • Fixed problem with two readers with inserted cards on win64.

  • Fixed check card expire problem (new 5.4).

  • Fixed Build name with åäöÅÄÖ.

  • Fixed ResetToken/InitToken for RPS card.

  • Fixed ResetToken for local portal.

  • Fixed CSP release context without card access.

  • Fixed PKCS#11 close session without card access.

  • Changed behavior for displaying running type on Windows. Will now never show 64-bit Edition, but will always append 32-bit Edition for all dialogs when running on 64-bit machine.

  • Added file state check for MyEID signature operation. Will require card operational state.

  • Updated Tokend for MacOSX.

  • Updated MacOSX/Linux installation to remove configuration sections specific for Windows.

  • Updated local portal for Safari.

  • Updated Credential Provider filter, will not block standard smart card provider unless supported usage scenario.

  • Fixed Credential Provider issues with pin attempts left

  • Fixed Credential Provider issues with unknown cards.

  • Updated configuration parameter names for Credential Provider.

  • Fixed pkcs#11 visibility issue for PIN2 object created with PIN1. Now will object handles be valid for both PIN1 and PIN2 slots, but will only be returned for object search on correct slot.

  • Added possibility to configure [Smart Card Reader] > Denied. A list of reader names which are not acceptable.

  • Added support for Credential Provider: presenting PIN attempts left, unblock PIN with PUK and possible to configure presentation for all text fields.

  • Updated PIN dialog behavior for Plugin/CSP. Generating/importing key pairs or writing certificates for PIN2 will always show both PIN1 and PIN2 dialog (if needed). Both PINs are usually required for updating PIN2 objects. Will not affect when PIN are supplied to CSP/Plugin by caller.

  • Updated ChangePIN behavior. Will not be able to abort pin change when change required.

  • Update NetControl. Will show application window name instead of application process name for close question dialog.

  • Added initial Credential Provider support. Possible to configure different Tile images depending on subject and/or issuer from the certificate.

  • Added initial Apple Tokend support.

  • Added support for environment variables for installation directory.

  • Added possibility to configure CSP friendly name.

  • Fixed environment variables for Watch command.

  • Fixed check of key id when adding keys for PKCS#15 profile.

  • Added package section to configuration for installation of custom packages.

  • Added fingerprint for plugin EnumProperty CertificateEx.

  • Added possiblity to configure default certificate for CSP.

  • Fixed CSP release context without card access.

  • Fixed PKCS#11 close session without card access.

  • Fixed problem with dynamic create/destroy for PKCS#15 profile.

  • Fixed problem with environment variables for GINA.

  • Added configuration for enable card cache for Minidriver, default false (disabled).

  • Fixed CertMover problem when looking for current user.

  • Fixed Net iD Watch for combining 'match', 'message' and 'term' parameters.

  • Fixed problem searching for first DF when adding new entries for profile PKCS#15.

  • Fixed NetControl for Firefox with SSO.

  • Fixed CSP friendly name for certificate.

  • Fixed initial access problem for reading PIN2 certificates written with PIN1.

  • Added support for dynamic create/destroy for PKCS#15 profile. For cards without EF(UnusedSpace).

  • Updated default key usage behavior when generating new key pairs with plugin: PIN1 all (same) and PIN2 non-repudiation (changed).

5.3.0.28

  • Net iD Watch may handle insert/remove events for unknown cards.

  • Net iD Watch may use environment variables for most commands.

  • Net iD taskbar can handle more custom links

  • Net iD plugin have full support for non-ascii characters, independed of strange web browser behavior.

  • Added workaround to handle Microsoft VPN client

  • New local admin portal for Windows/Linux/MacOSX

  • Added Net iD Wrapper GINA

  • Added NetControl close for Firefox 3, Internet Explorer 8

  • Added card token label to dynamic strings. May change default names to more user friendly names, i.e. "Instant IP2" > "Tjänstekort".

  • Added special license agreement for Under Development/Release Candidate

  • Added license may be issued for specific CA certificates.

  • Added support for RFID read/write

  • Added new advanced dialog for certificate selection on Windows

  • Added support for more extensions for PKCS#10 certificate request

  • Added soft token support for Safari on MacOSX

  • Added Apple keychain as new soft token format

  • Added PIN expire policy

  • Added PIN history policy

5.2.2.32

  • Fixed problem with update counter for SSO2

  • Fixed verify pin for PKCS#15 cards with no directory in AODF

  • Fixed problem with SSO2 and win2003

  • Fixed problem with pin case sensitive and utf8 encoded

  • Fixed write of BID certificates for BEID cards

  • Fixed UPINO write for BEID card

  • Added sorting for certificate objects: newest returned first

  • Fixed write certificate with plugin when wrong slot specified

  • Fixed enable/disable of multiple network devices

  • Fixed problem for Microsoft wireless access with soft tokens

5.2.0.26

  • File operation Encrypt/Sign will only show valid certificates

  • Fixed problem with expired certificate for CSP

  • Fixed problem with validate for non-installed components

  • Fixed problem with Watch and lock workstation

  • Added Watch config set command (config/registry)

  • Added Connector fast match command

  • Fixed problem with key generation on card

  • Added plugin invoke ValidateInstallation. Will verify installation is not modified, i.e. components removed/added/updated or configuration updated

  • Added validate functiontionality for -loadconfig. Will add checksum for all components when called

  • Added Watch for linux

  • Fixed problem with key generation on card

  • Fixed problem with InitToken

  • Fixed MIME encoding for AdmUtil

  • Fixed AES encoding for PKCS#7 (compatible Vista)

  • Fixed SSO service install win64

  • Fixed protected mode for update soft tokens

  • Fixed problem with Watch and lock workstation (card removed and generated lock event before logged in).

  • Changed behavior on Windows platform. For rsa key generation will pkcs11 library first try to use CryptoAPI, second OpenSSL and third internal.

  • Apply configuration for Transport will move local soft tokens to global

  • Added all cards for minidriver

  • Added OAEP support for CSP

  • Increased load perfomance for plugin

  • Changed to global only configuration for NetControl

  • Updated NetControl to handle minidriver

  • Updated Transport

  • Fixed VPN problem with soft tokens

  • Increased speed performace CSP

  • Added some SSO support for minidriver

  • Updated soft tokens to enable default password.

  • Updated Transport to both decrypt and verify files (DecryptData/VerifyData).

  • Added SSO as service

  • Updated Crypt to handle removable devices

  • Updated Crypt to handle any drive

  • Updated traceparse (relative path)

  • Updated traceparse (calculate execution time)

  • Updated traceparse (handle incomplete file)

  • Added config entry CallTrace for CSP/PKCS11. A new trace functionality, will only trace function entry and result, so less impact on speed performance.

  • Added Microsoft standard Save/Open dialogs for plugin

  • Added generic Run command for plugin

  • Added new component Transport

5.1.2.16

  • Updated RegUtil to handle Template/SubjectAltName extensions

  • Fixed disable duplicate for CSP

5.1.0.16

  • Updated RegUtil to handle Template/SubjectAltName extensions

  • Added close of specific window classes for Watch

  • Changed behavoir for Net iD Connector, will now accept certificates without smart card logon extended key usage.

  • Added support for start of SSO server

  • Moved all SSO config parameters to new section (SingleSignOn).

  • Added support for username/password SSO with credentials stored on card.

  • Added support for local pages for Net iD Web

  • Added support for custom shortcuts during install

  • Changed CSP behavior. CSPDestroyKey and CPDetroyHash will always return success, to handle applications not prepared for smart cards.

  • Updated GINA netcard functionality

  • Added post data functionality for core library

  • Fixed update of slot list for AdmUtil at Refresh (F5)

  • Fixed matching of key pair for generating new key pairs on smart cards

  • Fixed problem with SSO and soft tokens

  • Changed behavior for Pkcs11 already logged in. Will only return already logged in case correct PIN given.

  • Added AdmUtil change PIN for soft tokens (right click in list).

  • New version of Net iD Crypt, Net iD Watch

  • Added post data functionality for core library

5.0.0.31

  • Added configuration parameter to disable setting of friendly name when register certificate for CryptoAPI

  • Added duplicate certificate handling in Pkcs11/CSP

  • Added certificate request attribute for plugin

  • Added publisher to uninstall info

  • Trace registry virtualization limited to 10 keys/entries

  • For duplicate certificates (same issuer/subject) will our select certificate dialog only show newest.

  • The newest certificate will be default for our select certificate dialog

  • Soft tokens will get a unique number

  • Moved some functionality from main library to CSP, to allow CSP to work without loading main library.

  • Removed admin access warning for Vista when running as administrator

  • Changed configuration extension: ini ⇒ cfg

  • Added support for SHA-256 for pkcs11/CSP/minidriver (CSP/minidriver require Vista or later)

  • 64-bit port GINA/SSO/Crypt

  • Added support for AES-128/192/256 for CSP/PKCS11

  • Added support for RSA OAEP for CSP/PKCS11 (AES key wrapping)

  • Upgrade will copy new config and merge old config entries

  • Added support for CryptoAPI keypair generation for PKCS11

  • Added support for OpenSSL keypair generation for PKCS11

  • Added support for CryptoAPI random seed for PKCS11

  • Added support for OpenSSL random seed for PKCS11

  • Fixed start iidxadm.exe from Taskbar, when installed Program files folder

  • Fixed support for SSO with soft tokens

  • Added configuration parameter Install>Special

  • Fixed SSO encrypt/decrypt with data >1MB

  • Fixed SSO sign/verify with data >1MB

  • Added config parameter Smart Card Reader>KeepLoggedInLocked=0/1. When enabled will the behavior be the same as PIN pad ⇒ no pin cache at all.

  • Added PIN pad entry with feedback

  • Changed password charcter from "star" to "ball" for WinXP or later

  • GINA extra window for ctrl-alt-del

  • SSO may be disabled for applications

  • Added Net iD Web — iidxweb.exe

  • Trace print to always include all seconds

  • Added new config parameter: CSP > KeepSessionAlive=0/1

  • Moved global configuration file to install directory

  • Added config parameter Pkcs11 > ReportWrite

  • Auto lock of PIN for unlock on Setec SetCOS

  • Default values always set in config file

  • Changed behavior, SSO will not auto logout at refresh/finalize

  • Release library for default certificate when unloading

  • Updated auto cleanup for CSP/PKCS11

  • Trace print to always include all seconds

  • Added new config parameter: CSP > KeepSessionAlive=0/1