Changes in earlier versions

CryptoSys PKI Toolkit Manual

Changes in earlier versions

Changes in version 3.3:

Compiled using VS2008 for both Win32 and X64.
Added the ability to include more extensions and other features to new X.509 certificates when using the X509_MakeCert and X509Make_CertSelf functions, and added more options for distinguished names.
Added the PEM_FileFromBinFile and PEM_FileToBinFile functions to enable you to convert files between ASN.1 DER/BER binary format and PEM format.
Incorporated a faster BigDigits mathematics algorithm to speed up RSA modular exponential calculations.
Improved the performance of the WIPE_File function - up to three times faster for large files.
Amended the RSA_FromXMLString function to allow the import of a restricted RSA private key from XML data consisting only of the <Modulus>, <Exponent> and <D> fields. The resulting "internal" key string can be used to sign raw data but cannot be saved in a private key file. This is useful to reproduce certain test vectors.
Added specialist options to enable users to create digital signatures suitable for use in an AUTACK message. See AUTACK messages and ISO/IEC 9796-1 signatures. In particular, this includes
- Adding a PKI_EMSIG_ISO9796 option to the RSA_EncodeMsg and RSA_DecodeMsg functions to enable the user to encode and decode a message according to ISO/IEC 9796-1.
- Adding a specialist option to the RSA_RawPrivate and RSA_RawPublic functions to sign and decrypt RSA signatures using the "RSA2" method used in ISO/IEC 9796-1, ANSI X9.31 and P1363.
Changed the value of PKI_KEYGEN_INDICATE option in RSA_MakeKeys() so it does not clash with the des-EDE3-CBC block cipher option.

Changes in version 3.2:

Added a new generic block cipher function with AES and Triple DES. See CIPHER_Bytes, CIPHER_Hex, and CIPHER_File.
Added SHA-224 to the selection of message digest hash functions and added the HASH_HexFromHex and HMAC_HexFromHex functions.
Added the option to use the newer PKCS#1 signature algorithms "shaXXXWithRSAEncryption" with SHA-224/256/384/512 for X509_MakeCert[Self] and X509_CertRequest.
Added the ability to make, read and verify CMS signed-data objects using message digest algorithms SHA-224/256/384/512. See CMS_MakeSigData[FromString].
Added the ability to make and read CMS enveloped-data objects using the AES-128/192/256 content encryption algorithms. See CMS_MakeEnvData[FromString].
Added [provisionally in this release] the ability to make and read CMS enveloped-data objects using the RSA-KEM ("Simple RSA") key encryption algorithm. [Withdrawn in v3.4].
Added the primitive functions RSA_KemWrap and RSA_KemUnwrap which will wrap (encrypt) and unwrap (decrypt) secret keying data for a recipient with the recipient's RSA key using the RSA-KEM ("Simple RSA") algorithm; and added the block cipher key wrap functions CIPHER_KeyWrap and CIPHER_KeyUnwrap using AES-wrap and Triple DES wrap. (Note that the function name is [was] RSA_KemWrap, not KeyWrap.)
Added options to save and read encrypted private keys with improved security using AES-128/192/256 and SHA-224/256/384/512 when using the RSA_SaveEncPrivateKey and RSA_ReadEncPrivateKey functions.
Added the ability to pass both X.509 certificate data and RSA private and public key data to the X.509 and RSA functions using a PEM-encoded string instead of a file.
Improved the handling of enveloped-data objects by adding the CMS_QueryEnvData function, and included the ability to pass a base64- or PEM-encoded certificate list to CMS_MakeEnvData and CMS_MakeSigData.

Changes in version 3.1:

Added the ability to specify any valid UTF-8 characters in a distinguished name, including CJK characters, when creating an X.509 certificate with X509_MakeCert or X509_MakeCertSelf. See Specifying Distinguished Names for more details.
Added the RSA_KeyMatch function to verify that a pair of RSA private and public key strings are matched.
Added the functionality to all the X.509 certificate functions to allow the user to specify an input X.509 certificate as a base64 string instead of using a file.
Improved the functions that read ASN.1 data to avoid security issues arising from badly-formed data.
Increased the speed when encrypting large files using TDEA_File. To prevent accidental misuse, if an error occurs when using this function, the output file will now not exist.
Specialist Option: Added an alternative TeleTrusT content encryption algorithm to the CMS_MakeEnvData function to conform with the PKI requirements of the German Health System.

Changes in version 3.0:

Introduced a new, more secure, random number generator (RNG) based on NIST SP800-90 [SP80090] and Ferguson and Schneier's "Fortuna" method from Practical Cryptography [FERG03]. See Random Number Generator.
Incorporated extra security by encrypting "internal" RSA key strings to prevent security breaches by accidental disclosure - see Internal key strings. Added the RSA_KeyHashCode function to allow comparison of internal key strings.
Added the SHA-384 and SHA-512 message digest algorithms to the HASH functions.
Added the HMAC functions to compute a keyed hash value, HMAC_HexFromBytes and HMAC_Bytes.
Added functions to query an X.509 certificate file X509_KeyUsageFlags and X509_QueryCert.
Added functions to read in a X.509 certificate file directly as a base64 string and save the string as a file X509_ReadStringFromFile and X509_SaveFileFromString.

Changes in version 2.9:

Introduced the .NET class library as a more convenient and safer interface for C# and VB.NET programmers. Interface source code in C# is included.
Added the CMS_MakeSigDataFromSigValue function to create a SignedData object directly from a pre-computed signature value.
Added the CNV_CheckUTF8 function to check whether a string contains only valid UTF-8 characters.
Added CFB, OFB and CTR modes for the Triple DES block cipher. See, for example, TDEA_BytesMode.
Added the RNG_Number function to generate a random number in a given range.
Various minor improvements in error handling and thread local storage.

Changes in version 2.8:

Added SHA-256 algorithm to Message Digest Hash functions.
Added functions to extract X.509 certificates from other file formats: see X509_GetCertFromP7Chain and X509_GetCertFromPFX.
Improved handling of CMS SignedData objects including new CMS_VerifySigData and CMS_QuerySigData functions.
Added support to verify DSA signatures as well as RSA in CMS signed data objects.
Removed 'ByRef' parameters nMajor and nMinor in PKI_Version.

Changes in version 2.7:

Added syntax for VB.NET and C# to this manual.
X509_VerifyCert() can now verify certificates signed using DSA.
Added ability to RSA_ReadEncPrivateKey() to read PKCS#8 files encrypted with RC2.
Made minor changes to make CMS_ReadEnvData() and CMS_ReadEnvDataToString() more tolerant of different input formats, including adding support to read data encrypted with RC2.
Added support for PBES2 password-based encryption for RSA_MakeKeys() and RSA_SaveEncPrivateKey().
Added ability to save RSA keys directly in PEM or OpenSSL format when using RSA_MakeKeys().
Added option to save new X.509 certificates in PEM base64 format when using X509_MakeCert() and X509_MakeCertSelf()
Added option to encode distinguished names as UTF8String and to decode multi-byte distinguished names into 8-bit ASCII, if possible.

[Contents] [Index]

[HOME] [NEXT: Conventions in this document...]