1089 lines
43 KiB
Plaintext
1089 lines
43 KiB
Plaintext
NEWS for OpenSC -- History of user visible changes
|
|
|
|
# New in 0.20.0; 2019-12-29
|
|
## General Improvements
|
|
* fixed security problems
|
|
* CVE-2019-6502 (#1586)
|
|
* CVE-2019-15946 (a3fc769)
|
|
* CVE-2019-15945 (412a614)
|
|
* CVE-2019-19480 (6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7)
|
|
* CVE-2019-19481 (b75c002cfb1fd61cd20ec938ff4937d7b1a94278)
|
|
* CVE-2019-19479 (c3f23b836e5a1766c36617fe1da30d22f7b63de2)
|
|
* Support RSA-PSS signature mechanisms using RSA-RAW (#1435)
|
|
* Added memory locking for secrets (#1491)
|
|
* added support for terminal colors (#1534)
|
|
* PC/SC driver: Fixed error handling in case of changing (#1537) or removing the card reader (#1615)
|
|
* macOS installer
|
|
* Add installer option to deselect tokend (#1607)
|
|
* Make OpenSCToken available on 10.12+ and the default on 10.15+ (2017626ed237dbdd4683a4b9410fc610618200c5)
|
|
* Configuration
|
|
* rename `md_read_only` to `read_only` and use it for PKCS#11 and Minidriver (#1467)
|
|
* allow global use of ignore_private_certificate (#1623)
|
|
* Build Environment
|
|
* Bump openssl requirement to 0.9.8 (##1459)
|
|
* Added support for fuzzing with AFL (#1580) and libFuzzer/OSS-Fuzz (#1697)
|
|
* Added CI tests for simulating GIDS, OpenPGP, PIV, IsoApplet (#1568) and MyEID (#1677) and CAC (#1757)
|
|
* Integrate clang-tidy with `make check` (#1673)
|
|
* Added support for reproducible builds (#1839)
|
|
## PKCS#11
|
|
* Implement write protection (CKF_WRITE_PROTECTED) based on the card profile (#1467)
|
|
* Added C_WrapKey and C_UnwrapKey implementations (#1393)
|
|
* Handle CKA_ALWAYS_AUTHENTICATE when creating key objects. (#1539)
|
|
* Truncate long PKCS#11 labels with ... (#1629)
|
|
* Fixed recognition of a token when being unplugged and reinserted (#1875)
|
|
## Minidriver
|
|
* Register for CardOS5 cards (#1750)
|
|
* Add support for RSA-PSS (263b945)
|
|
## OpenSC tools
|
|
* Harmonize the use of option `-r`/`--reader` (#1548)
|
|
* `goid-tool`: GoID personalization with fingerprint
|
|
* `openpgp-tool`
|
|
* replace the options `-L`/` --key-length` with `-t`/`--key-type` (#1508)
|
|
* added options `-C`/`--card-info` and `-K`/`--key-info` (#1508)
|
|
* `opensc-explorer`
|
|
* add command `pin_info` (#1487)
|
|
* extend `random` to allow writing to a file (#1487)
|
|
* `opensc-minidriver-test.exe`: Tests for Microsoft CryptoAPI (#1510)
|
|
* `opensc-notify`: Autostart on Windows
|
|
* `pkcs11-register`:
|
|
* Auto-configuration of applications for use of OpenSC PKCS#11 (#1644)
|
|
* Autostart on Windows, macOS and Linux (#1644)
|
|
* `opensc-tool`: Show ATR also for cards not recognized by OpenSC (#1625)
|
|
* `pkcs11-spy`:
|
|
* parse CKM_AES_GCM
|
|
* Add support for CKA_OTP_* and CKM_*_PSS values
|
|
* parse EC Derive parameters (#1677)
|
|
* `pkcs11-tool`
|
|
* Support for signature verification via `--verify` (#1435)
|
|
* Add object type `secrkey` for `--type` option (#1575)
|
|
* Implement Secret Key write object (#1648)
|
|
* Add GOSTR3410-2012 support (#1654)
|
|
* Add support for testing CKM_RSA_PKCS_OAEP (#1600)
|
|
* Add extractable option to key import (#1674)
|
|
* list more key access flags when listing keys (#1653)
|
|
* Add support for `CKA_ALLOWED_MECHANISMS` when creating new objects and listing keys (#1628)
|
|
* `pkcs15-crypt`: * Handle keys with user consent (#1529)
|
|
## CAC1
|
|
New separate CAC1 driver using the old CAC specification (#1502)
|
|
## CardOS
|
|
* Add support for 4K RSA keys in CardOS 5 (#1776)
|
|
* Fixed decryption with CardOS 5 (#1867)
|
|
## Coolkey
|
|
* Enable CoolKey driver to handle 2048-bit keys. (#1532)
|
|
## EstEID
|
|
* adds support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 (#1635)
|
|
## GIDS
|
|
* GIDS Decipher fix (#1881)
|
|
* Allow RSA 4K support (#1891)
|
|
## MICARDO
|
|
* Remove long expired EstEID 1.0/1.1 card support (#1470)
|
|
## MyEID
|
|
* Add support for unwrapping a secret key with an RSA key or secret key (#1393)
|
|
* Add support for wrapping a secret key with a secret key (#1393)
|
|
* Support for MyEID 4K RSA (#1657)
|
|
* Support for OsEID (#1677).
|
|
## Gemalto GemSafe
|
|
* add new PTeID ATRs (#1683)
|
|
* Add support for 4K RSA keys (#1863, #1872)
|
|
## OpenPGP
|
|
* OpenPGP Card v3 ECC support (#1506)
|
|
## Rutoken
|
|
* Add Rutoken ECP SC (#1652)
|
|
* Add Rutoken Lite (#1728)
|
|
## SC-HSM
|
|
* Add SmartCard-HSM 4K ATR (#1681)
|
|
* Add missing secp384r1 curve parameter (#1696)
|
|
## Starcos
|
|
* Fixed decipher with 2.3 (#1496)
|
|
* Added ATR for 2nd gen. eGK (#1668)
|
|
* Added new ATR for 3.5 (#1882)
|
|
* Detect and allow Globalplatform PIN encoding (#1882)
|
|
## TCOS
|
|
* Fix TCOS IDKey support (#1880)
|
|
* add encryption certificate for IDKey (#1892)
|
|
## Infocamere, Postecert, Cnipa
|
|
* Removed profiles (#1584)
|
|
## ACS ACOS5
|
|
* Remove incomplete acos5 driver (#1622).
|
|
|
|
# New in 0.19.0; 2018-09-13
|
|
## General Improvements
|
|
* fixed multiple security problems (out of bound writes/reads, #1447):
|
|
* CVE-2018-16391
|
|
* CVE-2018-16392
|
|
* CVE-2018-16393
|
|
* CVE-2018-16418
|
|
* CVE-2018-16419
|
|
* CVE-2018-16420
|
|
* CVE-2018-16421
|
|
* CVE-2018-16422
|
|
* CVE-2018-16423
|
|
* CVE-2018-16424
|
|
* CVE-2018-16425
|
|
* CVE-2018-16426
|
|
* CVE-2018-16427
|
|
* Improved documentation:
|
|
* New manual page for opensc.conf(5)
|
|
* Added several missing switches in manual pages and fixed formatting
|
|
* Win32 installer:
|
|
* automatically start SCardSvr
|
|
* added newer OpenPGP ATRs
|
|
* macOS installer: use HFS+ for backward compatibility
|
|
* Remove outdated solaris files
|
|
* PC/SC driver:
|
|
* Workaround OMNIKEY 3x21 and 6121 Smart Card Readers wrongly identified as pinpad readers in macOS
|
|
* Workaround cards returning short signatures without leading zeroes
|
|
* bash completion
|
|
* make location directory configurable
|
|
* Use a new correct path by default
|
|
* build: support for libressl-2.7+
|
|
* Configuration
|
|
* Distribute minimal opensc.conf
|
|
* `pkcs11_enable_InitToken made` global configuration option
|
|
* Modify behavior of `OPENSC_DRIVER` environment variable to restrict driver list instead of forcing one driver and skipping vital parts of configuration
|
|
* Removed configuration options `zero_ckaid_for_ca_certs`, `force_card_driver`, `reopen_debug_file`, `paranoid-memory`
|
|
* Generalized configuration option `ignored_readers`
|
|
* If card initialization fails, continue card detection with other card drivers (#1251)
|
|
* Fixed long term card operations on Windows 8 and later (#1043)
|
|
* reader-pcsc: allow fixing the length of a PIN
|
|
* fixed multithreading issue on Window with OpenPACE OIDs
|
|
## PKCS#11
|
|
* fixed crash during `C_WaitForSlotEvent` (#1335)
|
|
## Minidriver
|
|
* Allow cancelling the PIN pad prompt before starting the reader transaction. Whether to start the transaction immediately or not is user-configurable for each application
|
|
## OpenSC tools
|
|
* `opensc-notify`
|
|
* add Exit button to tray icon
|
|
* User better description (GenericName) and a generic application icon
|
|
* Do not display in the application list
|
|
* `pkcs15-tool`
|
|
* added support for reading ECDSA ssh keys
|
|
* `p11test`
|
|
* Filter certificates other than `CKC_X_509`
|
|
* `opengpg-tool`
|
|
* allow calling -d multiple times
|
|
* clarify usage text
|
|
## sc-hsm
|
|
* Implement RSA PSS
|
|
* Add support for SmartCard-HSM 4K (V3.0)
|
|
## CAC
|
|
* Remove support for CAC1 cards
|
|
* Ignore unknown tags in properties buffer
|
|
* Use GET PROPERTIES to recognize buffer formats
|
|
* Unbreak encoding last tag-len-value in the data objects
|
|
* Support HID Alt tokens without CCC
|
|
* They present certificates in OIDs of first AID and use other undocumented applets
|
|
* Inspect the tokens through the ACA applet and GET ACR APDU
|
|
## Coolkey
|
|
* Unbreak Get Challenge functionality
|
|
* Make uninitialized cards working as expected with ESC
|
|
## OpenPGP
|
|
* add serial number to card name
|
|
* include detailed version into card name
|
|
* define & set LCS (lifecycle support) as extended capability
|
|
* extend manufacturer list in pkcs15-openpgp.c
|
|
* correctly parse hist_bytes
|
|
* Make deciphering with AUT-key possible for OpenPGP Card >v3.2 (fixes #1352)
|
|
* Add supported algorithms for OpenPGP Card (Fixes #1432)
|
|
## Starcos
|
|
* added support for 2nd generation eGK (#1451)
|
|
## CardOS
|
|
* create PIN in MF (`pkcs15init`)
|
|
## German ID card
|
|
* fixed identifying unknown card as German ID card (#1360)
|
|
## PIV
|
|
* Context Specific Login Using Pin Pad Reader Fix
|
|
* Better Handling of Reset using Discovery Object
|
|
|
|
# New in 0.18.0; 2018-05-16
|
|
## General Improvements
|
|
* PKCS#15
|
|
* fixed parsing ECC parameters from TokenInfo (#1134)
|
|
* Added PKCS#15 emulator for DIN 66291 profile
|
|
* Cope with empty serial number in TokenInfo
|
|
* Build Environment
|
|
* Treat compiler warnings as errors (use `--disable-strict` to avoid)
|
|
* MacOS
|
|
* optionally use CTK in package builder
|
|
* fixed detection of OpenPACE package
|
|
* macOS High Sierra: fixed dmg creation
|
|
* fixed DNIe UI compatibility
|
|
* Windows: Use Dedicated md/pkcs11 installation folders instead of installing to System32/SysWOW64
|
|
* fixed (possible) memory leaks for PIV, JPKI, PKCS#11, Minidriver
|
|
* fixed many issues reported via compiler warnings, coverity scan and clang's static analyzer
|
|
* beautify printed ASN.1 data, add support for ASN.1 time types
|
|
* SimpleTLV: Skip correctly two bytes after reading 2b size (#1231)
|
|
* added support for `keep_alive` commands for cards with multiple applets to be enabled via `opensc.conf`
|
|
* added support for bash completion for arguments that expect filenames
|
|
* added keyword `old` for selecting `card_drivers` via `opensc.conf`
|
|
* improved documentation manuals for OpenSC tools
|
|
* use `leave` as default for `disconnect_action` for PC/SC readers
|
|
## PKCS#11
|
|
* Make OpenSC PKCS#11 Vendor Defined attributes, mechanisms etc unique
|
|
## Minidriver
|
|
* added CNS ATR (#1153)
|
|
* Add multiple PINs support to minidriver
|
|
* protect MD entry points with `CriticalSection`
|
|
## Tokend
|
|
* Configuration value for not propagating certificates that require user authentication (`ignore_private_certificate`)
|
|
## CryptoTokenKit
|
|
* Added support for PIN pad
|
|
* fixed codesigning of opensc tools
|
|
* Added complete support for system integration with https://github.com/frankmorgner/OpenSCToken
|
|
## OpenSC Tools
|
|
* `cardos-tool`
|
|
* List human-readable version for CardOS 5.3
|
|
* `pkcs11-tool`
|
|
* fixed overwriting digestinfo + hash for RSA-PKCS Signature
|
|
* Enable support for RSA-PSS signatures in pkcs11-tool
|
|
* Add support for RSA-OAEP
|
|
* Fixed #1286
|
|
* Add missing pkcs11-tool options to man page
|
|
* allow mechanism to be specified in hexadecimal
|
|
* fixed default module path on Windows to use opensc-pkcs11.dll
|
|
* `pkcs11-spy`
|
|
* Add support for RSA-OAEP
|
|
* Add support for RSA-PSS
|
|
* `pkcs15init`
|
|
* Fix rutokenS FCP parsing (#1259)
|
|
* `egk-tool`
|
|
* Read data from German Health Care Card (Elektronische Gesundheitskarte, eGK)
|
|
* `opensc-asn1`
|
|
* Parse ASN.1 from files
|
|
* `opensc-tool`/`opensc-explorer`
|
|
* Allow extended APDUs
|
|
## Authentic
|
|
* Correctly handle APDUs with more than 256 bytes (#1205)
|
|
## Coolkey
|
|
* Copy labels from certificate objects to the keys
|
|
## Common Access Card
|
|
* Fixed infinite reading of certificate
|
|
* Added support for Alt token card
|
|
## MyEID
|
|
* support for RAW RSA signature for 2048 bit keys
|
|
## IAS/ECC
|
|
* Support for new MinInt agent card
|
|
## PIV
|
|
* Get cardholder name from the first certificate if token label not specified
|
|
* implemented keep alive command (#1256)
|
|
* fixed signature creation with `CKA_ALWAYS_AUTHENTICATE` (i.e. PKCS#11 `C_Login(CKU_CONTEXT_SPECIFIC)`)
|
|
## CardOS
|
|
* fixed card name for CardOS 5
|
|
* added ATR `"3b:d2:18:00:81:31:fe:58:c9:02:17"`
|
|
* Try forcing `max_send_size` for PSO:DEC
|
|
## DNIe
|
|
* DNIe: card also supports 1920 bits (#1247)
|
|
## GIDS
|
|
* Fix GIDS admin authentication
|
|
## epass 3000
|
|
* Add ECC support
|
|
* Fix #1073
|
|
* Fix #1115
|
|
* Fix buffer underrun in decipher
|
|
* Fix #1306
|
|
## Starcos
|
|
* added serial number for 3.4
|
|
* fixed setting key reference for 3.4
|
|
* added support for PIN status queries for 3.4
|
|
## EstEID
|
|
* ECDSA/ECDH token support
|
|
* Fix crash when certificate read failed (#1176)
|
|
* Cleanup expired EstEID card ATR-s
|
|
* Fix reading EstEID certificates with T=0 (#1193)
|
|
## OpenPGP
|
|
* Added support for PIN logout and status
|
|
* factory reset is possible if LCS is supported
|
|
* Added support for OpenPGP card V3
|
|
* fixed selecting Applet
|
|
* implemented keep alive command
|
|
* Retrieve OpenPGP applet version from OpenPGP applet on YubiKey token (#1262)
|
|
## German ID card
|
|
* fixed recognition of newer cards
|
|
## SC-HSM
|
|
* Don't block generic contactless ATR
|
|
* changed default labels of GoID
|
|
* added PIN commands for GoID 1.0
|
|
## Starcos
|
|
* Added Support for Starcos 3.4 and 3.5
|
|
## MioCOS
|
|
* disabled by default, use `card_drivers = old;` to enable; driver will be removed soon.
|
|
## BlueZ PKCS#15 applet
|
|
* disabled by default, use `card_drivers = old;` to enable; driver will be removed soon.
|
|
|
|
# New in 0.17.0; 2017-07-18
|
|
## Support for new Cards
|
|
* CAC (Common Access Card)
|
|
* GoID (SC-HSM with built-in PIN pad and fingerprint sensor)
|
|
* Coolkey
|
|
* JPKI (Japanese Individual Number Card)
|
|
* nPA (German ID card, eSign Application)
|
|
## General Improvements
|
|
* PKCS#15
|
|
* Implemented file caching based on card's contact-less UID
|
|
* Cache EF.ODF and EF.TokenInfo
|
|
* File caching is done transparently when the user sets the config option.
|
|
* `opensc.conf`
|
|
* Added `disable_popups` for disabling internal UI
|
|
* All Windows specific reader configuration is handled by the pcsc driver (cardmod driver was removed)
|
|
* Build Environment
|
|
* Allow setting `PKG_CONFIG_PATH` for macOS build
|
|
* Added compatibility with Visual Studio 2015
|
|
* Allow building against LibreSSL
|
|
* Allow building against OpenSSL 1.1.0
|
|
* Allow building against WiX 3.11
|
|
* Allow building minidriver with MinGW
|
|
* Include OpenPACE library by default
|
|
* Removed `BUILD_ON`/`BUILD_FOR` variable
|
|
* Simplified installer on macOS and Windows
|
|
* Added support for PIN commands via PC/SC escape commands
|
|
* Added support for card reader access via CryptoTokenKit
|
|
* Added support for PIN entry on card for verification/unblock/change
|
|
* Recognize T=0 limitation of sending 255 bytes
|
|
* Force T=1 for contactless cards
|
|
* Allow setting driver via `OPENSC_DRIVER` environment variable
|
|
* Fixed many bugs
|
|
* Fixed many compiler warnings
|
|
* Fixed possible issues (memory corruptions, memory leaks, double free, ...)
|
|
* Internal refactoring and cleanup
|
|
## PKCS#11
|
|
* Move PIN type label front of description
|
|
* `C_GetTokenInfo` read the login status from the card if possible
|
|
* Don't use ':' in the token name (#849)
|
|
* Install `opensc-pkcs11.pc` for usage with `pkg-config`
|
|
* Don't shrink the number of slots (#629)
|
|
* Add session handle uniqueness check to PKCS#11 `C_OpenSession()`
|
|
* Activate functionality of `C_WaitForSlot()` for pcsc-lite >= 1.8.22
|
|
## Minidriver
|
|
* Support PIN unblocking in minidriver via PUK as response
|
|
* Added support for Session PIN
|
|
## Tokend
|
|
* Allow usage of readers PIN pad by entering an empty PIN
|
|
## OpenSC Tools
|
|
* Fixed Bash completion (#782)
|
|
* `opensc-tool`
|
|
* Added `--reset` option
|
|
* `opensc-explorer`
|
|
* Show tag 0x82 for unknown files
|
|
* `pkcs15-tool`
|
|
* Fixed `--read-ssh-key` crash (#788)
|
|
* Added `--clear-cache`
|
|
* Fixed locking the card on Windows (#868)
|
|
* Add `--list-info` option
|
|
* Make `--list-...` messages consistent
|
|
* Add `--short` option
|
|
* `--read-data-object`: Do not print data to terminal when output file is given
|
|
* Reword `--no-prompt` to `--use-pinpad`, old option still available as alias
|
|
* Added `--test-session-pin` option
|
|
* `pkcs15-init`
|
|
* Fix using PINPAD to verify PIN (#856)
|
|
* Fixed locking the card on Windows (#868)
|
|
* Added `--secret-key-algorithm` option
|
|
* Print more detailed secret key information
|
|
* `pkcs11-tool`
|
|
* Added `keygen` for secret key generation
|
|
* Better handling of PIN (re-) validation
|
|
* Fixed --id for `C_GenerateKey`, DES and DES3 keygen mechanism (#857)
|
|
* Added `--derive-pass-der` option
|
|
* Added `--generate-random` option
|
|
* Add GOSTR3410 keypair generation
|
|
* `npa-tool` (new)
|
|
* Allows read/write access to EAC tokens
|
|
* Allows PIN management for EAC tokens
|
|
* `gids-tool`
|
|
* Fixed entering SN via command line
|
|
* `sc-hsm-tool`
|
|
* Added `--print-dkek-share` (hidden from the user)
|
|
* Fixed locking the card on Windows (#868)
|
|
## CardOS
|
|
* Better support for CardOS 5.3
|
|
## DNIe
|
|
* Fixed interaction with DNIe UI
|
|
* Added support for DNIe 3.0
|
|
## ePass2003
|
|
* Add new ATR for entersafe PKI card
|
|
* Solved Incorrect PIN raise wrong CKR error
|
|
## GemsafeV1
|
|
* PTeid: add objects (SOD, TRACe, CA) and fix flags
|
|
* PTeid: Support PIN max tries and tries left report
|
|
* PTeid: Properly report cards with 2048b keys.
|
|
## MyEID
|
|
* Fix to ECDH implementation (#756)
|
|
* Added support for symmetric keys
|
|
## OpenPGP
|
|
* Improve handling of OpenPGP card PIN change and unblock commands
|
|
## PIV
|
|
* Some workarounds for PIV-alike cards (e.g. Yubikey)
|
|
* Change driver's short name to 'PIV-II'
|
|
* Use certificate's keyUsage to set PKCS#11 key attributes
|
|
## SC-HSM
|
|
* Use PKCS#15 file cache
|
|
* Prevent unnecessary applet selection and state resets
|
|
* Added support for session pin
|
|
* Fixed forcing a card driver via opensc.conf
|
|
## STARCOS
|
|
* Read the maximum transcive sice from the card's ATR (#765)
|
|
|
|
New in 0.16.0; 2016-05-15
|
|
* build
|
|
link OpenSSL in static
|
|
option: enable PKCS11 thread locking
|
|
* configuration
|
|
use one configuration file for all systems
|
|
* tools:
|
|
package revision as version
|
|
** pkcs11-tool
|
|
keygen mechanism in pkcs11 tools
|
|
write GOST public key
|
|
fix CKA_SENSITIVE attribute of public keys
|
|
** opensc-explorer:
|
|
added command find_tags
|
|
allow ASN.1 decoding if the file seems incomplete
|
|
** pkcs15-tool:
|
|
handle record-based files when doing file caching
|
|
option to prine raw data
|
|
** sc-hsm-tool:
|
|
status info support for SmartCard-HSM V2.0
|
|
** doc: some missing options are documented, added documentation
|
|
for gid tool
|
|
* minidriver:
|
|
support for ECC
|
|
Windows x509 enrollment
|
|
first implementation of CardDeleteContainer
|
|
MD logs controlled by register and environment variable
|
|
* reader-pcsc
|
|
fixed unreleased locks with pcsc-lite
|
|
honour PC/SC pt 10 dwMaxAPDUDataSize
|
|
added call back for getting vendor/product id
|
|
restrict access to card handles after fork
|
|
SCardGetAttrib is used to initialize reader's metadata
|
|
by default only short APDUs supported
|
|
* pkcs11
|
|
no slot reserved for hot plug
|
|
no more slot created 'per-applications'
|
|
atomic operation (TODO: expand)
|
|
export all C_* symbols
|
|
metadata initialized from package info
|
|
fix registering pkcs11 mechanisms multiple times
|
|
sloppy initialization for C_GetSlotInfo
|
|
* pkcs15
|
|
cache of on-card files extended to application paths
|
|
configuration option to enable/disable application
|
|
make file cache dir configurable
|
|
in key info data type introduced 'auxiliary data' -- container
|
|
for the non-pkc15 data.
|
|
* OpenPGP
|
|
support for Gnuk -- USB cryptographic token for GNU Privacy Guard
|
|
build without OpenSSL
|
|
implemented 'erase card'
|
|
additional manufacturers
|
|
* MyEID
|
|
support for 521 bit ECC keys
|
|
ATRs for the new cards
|
|
* sc-hsm
|
|
read/write support in minidriver
|
|
* rtecp
|
|
delete keys
|
|
* GemSafeV1
|
|
support for European Patent Office smart card
|
|
sign with SHA256
|
|
* Gids
|
|
first support for Gids smart card
|
|
* dnie
|
|
* Feitian PKI card
|
|
new ATRs
|
|
* IsoApplet
|
|
(fixes)
|
|
* starcos
|
|
initial support for STARCOS 3.4 (German D-Trust cards)
|
|
* macosx
|
|
install tokend to /Library/Security/ instead /System/Library/Security/
|
|
fixed locking issue in pcsc reader
|
|
* PIV
|
|
allow using of cards where default application in not PIV
|
|
support for the Yubikey NEO
|
|
* italian-CNS
|
|
italian-cns reg file for minidriver
|
|
|
|
New in 0.15.0; 2015-05-11
|
|
* new card drivers
|
|
AzeDIT 3.5
|
|
IsoApplet
|
|
MaskTech
|
|
* libopensc
|
|
allow extended length APDUs
|
|
accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
|
|
fixed sc_driver_version check
|
|
adjusted send/receive size accoriding to card capabilities
|
|
in iso7816 make SELECT agnosting to sc_path_t's aid
|
|
* asn1
|
|
support multi-bytes tags
|
|
* pkcs15
|
|
reviewed support and tool functions for public key
|
|
public certs and pubkeys with an auth_id are treated as private
|
|
* pkcs11
|
|
introduced default PKCS#11 provider
|
|
fetched real value of CKA_LOCAL for pubkey
|
|
removed inconsistent attributes
|
|
C_Digest issues
|
|
no check if buffer too small before update
|
|
* added support for Travis CI
|
|
* updated support of EC in libopensc, pkcs15 and pkcs11
|
|
* fixed number of warnings, resource leaks, overity-scan issues
|
|
* macosx
|
|
target minimum OSX version to 10.7
|
|
update the minimal building instructions.
|
|
locate and target the latest SDK to build against.
|
|
locate the best newest SDK present on the computer.
|
|
* build
|
|
disable Secure Messaging if OpenSSL is not used
|
|
* tools
|
|
util_get_pin helper function
|
|
* PIV
|
|
Add AES support for PIV General Authenticate
|
|
fixed invalid bit when writing PIV certificate object with gzipped certificate
|
|
fixed bad caching behavior of PIV PKCS15 emulator
|
|
* ePass2003
|
|
fixed failure due to re-authenticate of secure messaging when card is accessed
|
|
by multiple PKCS11 sessions
|
|
* MyEID
|
|
EC support for MyEID-v4 card
|
|
* openpgp
|
|
extended options for openpgp-tool
|
|
* asepcos
|
|
fixed puk handling
|
|
* sc-hsm
|
|
support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
|
|
improved error detection and reporting in sc-hsm-tool
|
|
fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
|
|
fix certificate delete bug
|
|
* IAS/ECC
|
|
fixed PKCS#11 compliance issues
|
|
support for Morpho IAS Agent Card
|
|
* cardos
|
|
overwrite content of deleted private key
|
|
* win32
|
|
setup improuvement
|
|
look & feel
|
|
custom actions with card registration
|
|
minidriver impouvement
|
|
fixed errors and warnings returned by Microsoft quality tool
|
|
pin-pad support
|
|
|
|
New in 0.14.0; 2014-05-31
|
|
* new card driver DNIe
|
|
* extended existing drivers by support of
|
|
Swedish eID card (gemsafeV1)
|
|
EstEID 3.5 (mcrd)
|
|
* bogus javacard driver removed
|
|
* build
|
|
return to the standard use of 'autoconf'
|
|
CI specific bootstrap script: git commit stamp for the built packages
|
|
windows friendly compile settings
|
|
fixed a ton of compiler warnings
|
|
fence against using EVP_sha256 mech
|
|
debian packaging templates
|
|
compile without OpenSSL and without SM
|
|
enable compiler warnings by default
|
|
win32
|
|
add 'VarFileInfo' block to version-info
|
|
include to MSI package 'openpgp-tool.exe'
|
|
'version-info' resource for each target
|
|
* macOSX
|
|
"graphical uninstaller" to distribution DMG
|
|
update package building to modern tools
|
|
new tool and SDK paths for OS X 10.8
|
|
improved opensc-installer from distribution
|
|
osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
|
|
build 'fat' binaries i386
|
|
* common
|
|
added getpass implementation for non windows
|
|
* libopensc
|
|
allow for the pin to be entered on the keypad during issuing
|
|
introduce 'encoded-content' to the sc_file data
|
|
general usage method to allocate generalized time
|
|
* minidriver
|
|
implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
|
|
improved management of GUID
|
|
use reader pin pad if available and allowed
|
|
configuration options for
|
|
compose GUID
|
|
refuse create container mechanism
|
|
add registers file for feitian cards
|
|
fixed
|
|
return code in 'CardGetContainerInfo'
|
|
returned 'tries-left' for blocked card
|
|
length of stripped data in RSADecrypt
|
|
* pkcs#11
|
|
bind non-recognized card, generic 'init-token' procedure
|
|
fixed
|
|
CKA_VALUE of 'public-key' object
|
|
fix ASN1 encoding issues
|
|
PIN-NOT-INITIALIZED for the non-user PINs
|
|
buffers overflow
|
|
segfault due to the undefined 'application-file'
|
|
* pkcs15
|
|
'direct' public key in PuKDF encoding
|
|
implement SPKI public key encoding
|
|
include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
|
|
fixed
|
|
encoding of 'SubjectPublicKeyInfo'
|
|
DER encoding of 'issuer' and 'subject'
|
|
PIN validation in 'pkcs15-verify'
|
|
public key algorithm
|
|
ECC public key encoding
|
|
ECC ecpointQ
|
|
* pkcs15init
|
|
introduce 'max-unblocks' PIN init parameter
|
|
keep cert. blob in cert-info data
|
|
file 'content' and 'prop-attrs' in the card profile
|
|
in profile more AC operations are parsed
|
|
fixed
|
|
NULL pointer dereference error
|
|
NULL 'store-key' handle
|
|
ignore if no TokenInfo file to update
|
|
set EC pubkey parameters from init data
|
|
* reader-pcsc
|
|
fixed
|
|
implicit pin modification
|
|
pin checking when implicitly given
|
|
verify/modify pinpad commands
|
|
* SM
|
|
common SM 'increase-sequence-counter' procedure
|
|
move SM APDU procedures to dedicated source file
|
|
move SM common crypto procedures to the dedicated library
|
|
* doc
|
|
documentation for --list-token-slots
|
|
* default driver
|
|
do not send possibly arbitrary APDU-s to an unknown card.
|
|
by default 'default' card driver is disabled
|
|
* sc-hsm
|
|
Added support for
|
|
persistent EC public keys generated from certificate signing requests
|
|
token label to be set via C_InitToken or sc-hsm-tool
|
|
unblock PIN using C_InitPIN()
|
|
initialize EC key params
|
|
fixed
|
|
bug that prevents a newly generated 2048 key to show up at the PKCS#11 interface
|
|
bug when changing SO-PIN with opensc-explorer sc-hsm-tool
|
|
memory checking and removed warning
|
|
problem deleting CA certificates sc-hsm
|
|
public key format returned when generating ECC keys
|
|
sc-hsm-tool
|
|
better error handling for non-SmartCard-HSM cards
|
|
support for DKEK password sharing scheme
|
|
threshold scheme parameters to manpage
|
|
crash on Windows when --wrap-key frees memory allocated in opensc.dll
|
|
* ias
|
|
simplify the compute signature operation
|
|
* PIV
|
|
use SPKI encoding for public key data
|
|
extract public key from cert if no object on card
|
|
fix
|
|
segfault and valgrind issue
|
|
gen_key to expect the proper PIV Key references
|
|
* CardOS
|
|
build for Windows
|
|
use information from AlgorithmInfo
|
|
supported CardOS V5.0
|
|
* epass2003
|
|
key generation allows stricter privkey/pubkey ACLs
|
|
list_files implemented
|
|
properly disable padding
|
|
allow exponents other than 65537
|
|
* myeid
|
|
fixed file-id in myeid.profile
|
|
* entersafe
|
|
fix a bug when writing public key
|
|
* EstEID
|
|
match card only based on presence of application.
|
|
* pteid
|
|
do not call the iso7816 driver get_response operation
|
|
* myeid
|
|
support of EC key is broken
|
|
|
|
New in 0.13.0; 2012-12-04
|
|
* New card driver ePass2003.
|
|
* OpenPGP card:
|
|
greatly improved card driver and PKCS#15 emulation;
|
|
implemented write (pkcs15init) mode;
|
|
greatly enhanced documentation and tools.
|
|
* ECDSA keys supported in 'read' and 'write' modes by
|
|
internal PKCS#15 library, PKCS#11 and tools.
|
|
* Minidriver in 'write' mode.
|
|
* SM: secure messaging in GlobalPlatform-SP01 and CW14890 specifications;
|
|
supported by ePass2003, IAS/ECC and AuthentIC cards;
|
|
"ACL" and "APDU" modes to trigger secure messaging session;
|
|
'local' version of the external secure messaging module.
|
|
* PKCS#15: support of 'secret-key' PKCS#15 objects
|
|
support of 'authentication-object' PKCS#15 objects
|
|
support of 'algReference' common key PKCS#15 attribute
|
|
support of 'algReference' common key PKCS#15 attribute
|
|
support of 'subjectName' common public key PKCS#15 attribute
|
|
* PKCS#11: removed 'onepin' version of pkcs#11 module
|
|
configuration options to expose slots for PINs and present on-card applications.
|
|
support GOSTR3410 generate key mechanism
|
|
* Support of PACE reader.
|
|
* Remove libltdl reference.
|
|
* ECDSA supported by MyEID card
|
|
* New card driver for the SmartCard-HSM, a light-weight hardware security module
|
|
* New useful commands in 'opensc-explorer' tool: 'find', 'put-data', ...
|
|
* fixed SIGV issue due to the unsupported public key format
|
|
* fixes for the number of documentation issues
|
|
|
|
New in 0.12.2; 2011-07-15
|
|
* Builds are now silent by default when OpenSC is built from source on Unix.
|
|
* Using --wait with command line tools works with 64bit Linux again.
|
|
* Greatly improved OpenPGP card support, including OpenPGP 2.0 cards
|
|
like the one found in German Privacy Foundation CryptoStick.
|
|
* Fixed support for FINeID cards issued after 01.03.2011 with 2048bit keys.
|
|
* #256: Fixed support for TCOS cards (broken since 0.12.0).
|
|
* Added support for IDKey-cards to TCOS3 driver.
|
|
* #361: Improved PC/SC driver to fetch the maximum PIN sizes from the open
|
|
source CCID driver. This fixes the issue for Linux/OSX with recent driver.
|
|
* WindowsInstaller now installs only static DLL-s (PKCS#11, minidriver) to
|
|
system folder.
|
|
* Fix FINeID cards for organizations.
|
|
* Several smaller bugs and compiler warnings fixed.
|
|
|
|
New in 0.12.1; 2011-05-17
|
|
* New card driver: IAS/ECC 1.0.1
|
|
* rutoken-tool has been deprecated and removed.
|
|
* eidenv and piv-tool utilities now have manual pages.
|
|
* pkcs11-tool now requires the use of --module parameter.
|
|
* All tools can now use an ATR as an argument to --reader, to skip to the
|
|
card with given ATR.
|
|
* opensc-tool -l with -v now shows information about the inserted cards.
|
|
* Creating files have an enforced upper size limit, 64K
|
|
* Support for multiple PKCS#15 applications with different AID-s.
|
|
PKCS#15 applications can be listed with pkcs15-tool --list-applications.
|
|
Binding to a specific AID with PKCS#15 tools can be done with --aid.
|
|
* Hex strings (like card ATR or APDU-s) can now be separated by space, in
|
|
addition to colons.
|
|
* Pinpad readers known to be bogus are now ignored by OpenSC. At the moment
|
|
only "HP USB Smart Card Keyboard" is disabled.
|
|
* Windows installer is now distributed as a statically built MSI, for both
|
|
x86 and x64.
|
|
* Numerous compiler warnings, unused code and internal bugs have been
|
|
eliminated.
|
|
|
|
New in 0.12.0; 2010-12-22
|
|
* OpenSC uses a single reader driver, specified at compile time.
|
|
* New card driver: Italian eID (CNS) by Emanuele Pucciarelli.
|
|
* New card driver: Portuguese eID by João Poupino.
|
|
* New card driver: westcos by François Leblanc.
|
|
* pkcs11-tool can use a slot based on ID, label or index in the slot list.
|
|
* PIN flags are updated from supported cards when C_GetTokenInfo is called.
|
|
* Support for CardOS 4.4 cards added.
|
|
* Feature to exclude readers from OpenSC PKCS#11 via "ignored_readers"
|
|
configuration file entry.
|
|
* #229: Support semi-automatic fixes to cards personalized with older and
|
|
broken OpenSC versions.
|
|
* Software keys removed from pkcs15-init and the PKCS#11 module. OpenSC
|
|
can either generate keys on card or import plaintext keys to the card, but
|
|
will never generate plaintext key material in software by itself.
|
|
All traces of a software token (PKCS#15 Section 7) shall be removed.
|
|
* Updates to PC/SC driver to build with pcsc-lite >= 1.6.2
|
|
* Build script for a binary Mac OS X installer for 10.5 and 10.6 systems.
|
|
Binary installer includes OpenSC.tokend for platform integration.
|
|
10.6 installer includes engine_pkcs11.
|
|
* Modify Rutoken S binary interfaces by Aktiv Co.
|
|
* Support GOST R 34.10-2001 and GOST R 34.11-94 by Aktiv Co.
|
|
* CardOS driver now emulates sign on rsa keys with sign+decrypt usage
|
|
with padding and decrypt(). This is compatible with old cards and
|
|
card initialized by Siemens software. Removed "--split-key" option,
|
|
as it is no longer needed.
|
|
* Improved debugging support: debug level 3 will show everything
|
|
except of ASN1 and card matching debugging (usually not needed).
|
|
* Massive changes to libopensc. This library is now internal, only
|
|
used by opensc-pkcs11.so and command line tools. Header files are
|
|
no longer installed, library should not be used by other applications.
|
|
Please use generic PKCS#11 interface instead.
|
|
* #include file statements cleaned up: first include "config.h", then
|
|
system headers, then additional libraries, then headers in opensc
|
|
(but from other directories), then header files from same directory.
|
|
Fix path to reference headers, remove src/include/ directory.
|
|
* Various source code fixes and improvements.
|
|
* OpenSC now depends on xsltproc utility and docbook-xsl to build docs and man
|
|
* Remove iconv dependency. EstEID driver now uses the commonName from the
|
|
certificate for card label.
|
|
* Possibility to change the default behavior for card resets via
|
|
opensc.conf.
|
|
|
|
New in 0.11.12; 2009-12-18; Andreas Jellinghaus
|
|
* Document integer problem in OpenSC and implement workaround
|
|
* Improve entersafe profile to support private data objects
|
|
|
|
New in 0.11.9; 2009-07-29; Andreas Jellinghaus
|
|
* New rutoken_ecp driver by Aktiv Co. / Aleksey Samsonov
|
|
* Allow more keys/certificates/files etc. with entersafe tokens
|
|
* Updates pkcs11.h from scute fixing warnings
|
|
* Small fixes in rutoken driver
|
|
* Major update for piv driver with increased compatibility
|
|
|
|
New in 0.11.8; 2009-05-07; Andreas Jellinghaus
|
|
* Fix security problem in pkcs11-tool gen_keypair (PublicExponent 1)
|
|
* fix compiling without openssl.
|
|
* updated and improve entersafe driver. FTCOS/PK-01C cards are supported
|
|
now, compatible with cards written by Feitian's software on windows.
|
|
|
|
New in 0.11.7; 2009-02-26; Andreas Jellinghaus
|
|
* hide_empty_slots now on by default? small logic change?
|
|
* pinpad supported fixed for Mac OS X.
|
|
* ruToken driver was updated.
|
|
* openct virtual readers reduced to 2 by default.
|
|
* link with iconv on Mac OS X for i18n support.
|
|
* Security issue: Fix private data support.
|
|
* Enable lock_login by default.
|
|
* Disable allow_soft_keygen by default.
|
|
|
|
New in 0.11.6; 2008-08-27; Andreas Jellinghaus
|
|
* Improved security fix: don't match for "OpenSC" in the card label.
|
|
* New support for Feitian ePass3000 by Weitao Sun.
|
|
* GemSafeV1 improved to handle key_ref other than 3 by Douglas E. Engert
|
|
|
|
New in 0.11.5; 2008-07-31; Andreas Jellinghaus
|
|
* Apply security fix for cardos driver and extend pkcs15-tool to
|
|
test cards for the security vulnerability and update them.
|
|
* Build system rewritten (NOTICE: configure options was modified).
|
|
The build system can produce outputs for *NIX, cygwin and native
|
|
windows (using mingw).
|
|
* ruToken now supported.
|
|
* Allow specifying application name for data objects.
|
|
* Basic reader hotplug support.
|
|
* PC/SC library is dynamic linked no longer compile time dependency.
|
|
* PKCS#11 provider is now installed at LIBDIR/pkcs11
|
|
* PKCS#11 - Number of virtual slots moved into configuration.
|
|
* PKCS#11 - Fix fork() compliance.
|
|
* make sign_with_decrypt hack configurable for Siemens cards.
|
|
|
|
New in 0.11.4; 2007-09-10; Andreas Jellinghaus
|
|
* Drop AC_LIB_LINKFLAGS for libltdl and aclocal/lib* files.
|
|
* New configure option to disable building nsplugin.
|
|
* Support Siemens CardOS initialized cards (signing with decryption)
|
|
* Add Siemens CardOS M4.2B support (experimental, don't have such a card)
|
|
* Support for AKIS cards added (partial so far) by Gürer Özen.
|
|
* add aclocal/libassuan.m4 back so developers don't need assuan installed.
|
|
|
|
New in 0.11.3; 2007-07-11; Andreas Jellinghaus
|
|
* added regression test for raw rsa (crypt0007).
|
|
* regression suite can now use installed binaries with --installed.
|
|
* update wiki export script (add images, fix links).
|
|
* look for ncurses and termcap in configure (in combination with readline).
|
|
* make lots of internal functions and variables static.
|
|
* fix 0 vs NULL in many places. fix ansi c style (void).
|
|
* avoid variable names used also as glibc function (random etc.).
|
|
* new code for deleting objects.
|
|
* special hack for firefox.
|
|
* support for Athena APCOS cards added.
|
|
* piv driver now supports bigger rsa keys too.
|
|
|
|
New in 0.11.2; 2007-05-04; Andreas Jellinghaus
|
|
* enabled pin caching by default (needed by regression suite and other apps).
|
|
disable this for highest security (but that breaks some applications).
|
|
* use max_send_size 255 / max_recv_size 256 bytes by default.
|
|
reduce this for some readers (e.g. scm) with t=0 cards.
|
|
* increase pin buffer size to allow longer pin codes.
|
|
* Windows Make.rules.mak improved to work with and w/o openssl and zlib
|
|
* Added --read-ssk-key option to pkcs15-tool (prints public key in ssh format)
|
|
* use pkg-config for finding openct, add --enable/disable-openct option
|
|
* use strlcpy function
|
|
* use new pkcs11.h from scute with an open source license
|
|
* add support for sha2 to pkcs15-crypt
|
|
* add piv-tool for managing piv cards
|
|
* add muscle driver (still work in progress)
|
|
* improved oberthur driver
|
|
* add support for pcsc v2 part10 (reader drivers with pinpad support)
|
|
* convert source files to utf-8
|
|
|
|
New in 0.11.1; 2006-05-30; Andreas Jellinghaus
|
|
* Fix version variable in win32 build files
|
|
* Update for piv pkcs#15 emulation
|
|
* Improved TCOS driver for Uni Giesen Card
|
|
* Handle size_t printf with "%lu" and (unsigned long) cast
|
|
* Add support for d-trust cards / improve micardo 2.1 driver
|
|
|
|
New in 0.11.0; 2006-05-01; Andreas Jellinghaus
|
|
* compile fixes/improvements for windows
|
|
* document pkcs15-tool --unblock-pin option
|
|
* remove old and outdated documentation
|
|
* use "%lu" format for printf of size_t
|
|
* add piv driver and tool by Douglas E. Engert
|
|
* new threading code in pkcs11 module
|
|
* renamed "etoken" driver to "cardos", as it really is a generic
|
|
driver for Siemens CardOS M4, including but not limited to Aladdin eTokens.
|
|
* add code to manage unused space
|
|
* support for swedish nidel cards
|
|
|
|
New in 0.10.1; 2006-01-08; Andreas Jellinghaus
|
|
* use sc_print_path everywhere.
|
|
* silence many warnings.
|
|
* add incrypto34 driver by ST Incard, Giuseppe Amato
|
|
* improved TCOS driver by Peter Koch
|
|
* better PINPAD handling
|
|
* updated infocamere driver
|
|
* updated opensc.conf with new default values
|
|
* fix firefox problems (no real fix, only ugly workaround)
|
|
* add cardos M4.2 support
|
|
|
|
New in 0.10.0; 2005-10-31; Andreas Jellinghaus
|
|
* released rc2 without changes.
|
|
* Add more documentation, fix man page installation.
|
|
* New generic ATR/card matching code with
|
|
atrmask support, used by all card drivers.
|
|
* Much improved and unified ATR handling in
|
|
the configuration file.
|
|
* Support for the next generation FinEID cards
|
|
with ISO/IEC 7816-15 data layout.
|
|
* Preliminary code merge with the Belgian
|
|
Belpic EID project.
|
|
* Experimental multi-slot support for CT-API
|
|
and dynamic loading support for win32.
|
|
Thanks to Bernhard Froehlich <ted@convey.de>
|
|
* Experimental Class 2 pinpad reader support
|
|
via TeleTrust compatible PC/SC interface.
|
|
* Fixed OpenSSL behaviour in the configure
|
|
script.
|
|
* PKCS#15 emulation layer improvements and
|
|
a new driver for the Italian postecert
|
|
card.
|
|
* New API documentation and generic documentation
|
|
structure renovation to base future work on.
|
|
Many thanks to Bert Vermeulen <bert@biot.com>
|
|
* Spanish manual translation from opensc-ceres
|
|
project merged.
|
|
* Several memory leaks and other bugs fixed.
|
|
|
|
New in 0.9.6; 2005-04-25; Andreas Jellinghaus:
|
|
* undo user_content changes to retain compatibility with 0.9.4.
|
|
* add solaris/ files for easier installation on solaris.
|
|
* Makefile.am: require automake 1.5
|
|
* free() fixes in some card drivers.
|
|
* fix autoconf configure code.
|
|
|
|
New in 0.9.5; 2005-01-11; Andreas Jellinghaus:
|
|
* Big rewrite of the autoconf code for openssl. This fixes bugs on Mac OS X
|
|
and we hope it doesn't break any other system. Feedback is very welcome.
|
|
* The flags object attribute changed to a bitfield.
|
|
* Many small bugfixes, including memory leaks.
|
|
* Changes to the etoken and gpk profiles to eliminate overlapping file ids.
|
|
* pinpad code by Martin Paljak
|
|
* add user_consent parameter to pkcs15emu add object/add prkey functions.
|
|
* estid provide user_consent parameter.
|
|
* add fflush to pkcs11-spy.c
|
|
* set version in configure.in, src/pkcs11/pkcs11-global.c,
|
|
win32/version.rc and src/include/winconfig.h
|
|
|
|
New in 0.9.4; 2004-10-31; Andreas Jellinghaus:
|
|
* Library version was broken in 0.9.3.
|
|
* Update library version to 1:0:0, as we are no longer
|
|
compatible with the 0:*:* line, I fear.
|
|
|
|
New in 0.9.3; 2004-10-31; Andreas Jellinghaus:
|
|
* Fix some LDFLAGS/LDADD issues for parallel build.
|
|
|
|
New in 0.9.2; 2004-07-24; Andreas Jellinghaus:
|
|
* This is an beta test version. Please be careful.
|
|
Do not use in production environments.
|
|
* Fix sslengine, link those dynamically with libcrypto
|
|
for openssl 0.9.7d and later.
|
|
* Fixed small bug in pkcs11-tool
|
|
* Link pkcs11-tool and pkcs15-crypt with -lcrypto
|
|
* New driver for estonian ID card.
|
|
* Bumped version number to opensc 0.9.2
|
|
* New card supported: Oberthur AuthentIC v5
|
|
* Pam_opensc's eid module now checks permissions,
|
|
and supports several certificates in
|
|
~/.eid/authorized_certificates
|
|
Thanks to Fritz Elfert <fritz.elfert@millenux.com>
|
|
* Upgrade library version to 0.9, since incompatible changes
|
|
are very likely somewhere.
|
|
* Merged several pkcs15 profiles into one with different
|
|
options.
|
|
|
|
New in 0.8.1; 2003-09-30; Olaf Kirch:
|
|
* Upgrade libopensc versioning, hasn't been
|
|
accidentally upgraded since 0.6.0 release
|
|
* MacOS X specific changes:
|
|
- Allow to compile without PC/SC support
|
|
- Bundle installation fixes
|
|
- OpenSSL engine linking fixed
|
|
- Renamed OpenSC PKCS#11.bundle to
|
|
opensc-pkcs11.bundle
|
|
- CT-API module loading support
|
|
* libopensc:
|
|
- Renamed sysdep_timestamp_t to sc_timestamp_t
|
|
- Renamed debug/error functions to sc_debug/sc_error
|
|
- Don't DER-en/decode the data in a pkcs15 object
|
|
- Portability fixes for the OpenCT reader driver
|
|
* libscconf: Fixed CRLF parsing for UNIX platforms
|
|
* Added PKCS#11 spy module by Mathias Brossard
|
|
* Other minor bug/build fixes and cleanups
|
|
|
|
New in 0.8.0; 2003-08-15; Juha Yrjölä:
|
|
* New and/or improved card drivers:
|
|
Aladdin eToken, MICARDO 2 and STARCOS
|
|
* New reader driver: OpenCT (Olaf's framework)
|
|
* Improved support for win32 and MacOS X.
|
|
* PKCS #11 stuff improved massively
|
|
* Added PKCS #11 and native OpenSC engine drivers
|
|
for OpenSSL
|
|
* Added support for reading the PIN from the PIN keypad
|
|
of a reader
|
|
* New manpages
|
|
* Loads of other improvements and bug-fixes
|
|
|
|
New in 0.7.0; 2002-06-03; Juha Yrjölä:
|
|
* Support for config files
|
|
* Yet another PKCS #15 generation rewrite
|
|
* PAM module rewritten for more flexibility and compatibility
|
|
* OpenSC Signer merged to the main source tree
|
|
* CT-API support
|
|
* Support for non-native RSA and DSA keys
|
|
* Improved support for MioCOS cards by Miotec (http://www.miotec.fi)
|
|
* Semi-working support for Aladdin eToken PRO
|
|
* First version to work with OpenSSH without any patching
|
|
|
|
New in 0.6.1; 2002-03-20; Juha Yrjölä:
|
|
* Fixed certificate downloading in pkcs15-init
|
|
* Improved PKCS #11 module, so it works with Mozilla 0.9.9 and
|
|
is capable of signing and decrypting mails in Netscape
|
|
* Other various small fixes and improvements
|
|
|
|
New in 0.6.0; 2002-03-13; Juha Yrjölä:
|
|
* Many, many new features -- too many to list here
|
|
* New cards supported: Gemplus GPK family, TCOS 2.0, MioCOS
|
|
* Implemented a card reader abstraction layer
|
|
* PKCS #15 generation rewritten by Olaf Kirch. So far generation
|
|
is supported only on GPK and Cryptoflex.
|
|
|
|
New in 0.5.0; 2002-01-24; Juha Yrjölä:
|
|
* PKCS #15 generation support
|
|
* PKCS #11 module almost completely rewritten
|
|
* Implemented opensc-explorer; a tool for browsing and modifying
|
|
the card file system
|
|
* Almost complete support for Cryptoflex 16k; implemented cryptoflex-tool
|
|
* Started writing some API documentation using Doxygen
|
|
* Much improved object handling code in PKCS #15 framework
|
|
* Lots of bugs fixed, lots of new ones introduced
|
|
|
|
New in 0.4.0; 2001-12-29; Juha Yrjölä:
|
|
* Finished migrating to Autotools
|
|
* Rewritten ASN.1 decoder (should work better on all PKCS #15 cards)
|
|
* Abstracted card handling, so adding support for new cards is a whiz,
|
|
'opensc-tool -D' will list all installed drivers.
|
|
* Added colored debug and error output ;)
|
|
* Fixed some memory leaks
|
|
* Support for Swedish Posten eID cards
|
|
* Added very preliminary support for EMV compatible cards and Multiflex
|
|
cards by Schlumberger
|
|
|
|
New in 0.3.5; 2001-12-15; Juha Yrjölä:
|
|
* Now compiles with C++
|
|
* Added card reset detection
|
|
* Fixed PIN code changing
|
|
* Improved certificate caching
|
|
|
|
New in 0.3.2; 2001-11-27; Juha Yrjölä:
|
|
* Converted to Autotools.
|
|
|