Detailed release information

New parameters to allow/deny mechanisms for PKCS#11 library.

List mechanisms for tokens in Net iD Command (earlier only dev-license).

Command to write parent processes to trace for a specific process.

Possibility to ask Net iD Service about who is parent process.

More trace for remote proxy connections.

Cleanup of dead remote proxy connections.

Optional hexadecimal encoding for communication with web-extension.

Connection type for connection status trace.

Configuration condition based on Registry values.

Sorting of sections and entries in the configuration file.

Internal date-time-format support.

Configuration variable {config-empty:<section>:<entry}.

Configuration variable {config-empty:<name>}.

Divider between tokens for Taskbar>CertificateList.

Link action support for Credential Provider.

Cleanup message for remote connections.

Support for soft token from NiE 7.0 (VSC 7.0).

Some trace for failure at remote component communication.

"Windows 11" for machine info string.

"Windows Server 2022" for machine info string.

Potential check of parent process for Plugin when called using I/O-API.

SCS parameter Service SCS>PluginSingleUse=1/0, default 1. Will create a new plugin object for each signature when active (=1).

Some trace information for Plugin write/delete certificate.

Unique installation id for shared memory communication.

Internal variable {certificate-auth-id} (authority key id from certificate).

Internal variable {certificate-key-id} (subject key id from certificate).

Remember last used credential in CP based on usage scenario.

KSP container/key name support for all CSP container names (KSP alias CSP).

Variables for Dialog>Image file name parameter.

Timestamp in the presentation of each line in trace parse.

New config parameter KSP>AliasList for CSP aliases for KSP registration.

Support for multiple web-extension IDs during install and use.

CSP name as alias for KSP registration.

Eventual deminiturize for WebAPP on macOS if application started and miniturized when another activation is initiated.

Plugin access level "always" for parameters that may be accessed even when normal access is blocked. Default will properties "AccessLevel", "Version" and "ProductInfo" have this access.

Report function for PKCS11 Sign/Verify/Encrypt/Decrypt.

Configuration variable License>Path, may specify another configuration path to retrieve License>Name/Company/Value.

Initial updated for IDPrime 930/3930. May read/use smart card, but not update, since unknown secure messaging keys.

Reading of FIPS information for YubiKey. Use SmartCard PIV>CheckFIPS=0/1/3, default 0.

Net iD Enterprise compability package.

PKCS#11 key attribute CKA_ALWAYS_AUTHENTICATE.

Exception handling for all dynamic loaded libraries.

Parameter KSP>IgnoreLogout=0/1.

Virtual Channel component for Citrix Workspace App Linux.

Parameter PKCS11>IgnoreLogout=0/1.

Updating of xml-configuration.

Install/uninstall PKCS11 and Virtual Channel for Citrix Workspace App Linux.

Support CSP parameters PP_USER_CERTSTORE/PP_ROOT_CERTSTORE for Linux/macOS.

Support image/svg+xml for dialogs.

arm64 architecture for macOS.

Matching condition for Watch startup/shutdown actions.

Possibility for infinite timeout for remote components.

Remote connection status time in trace from GMT/UTC to local time.

Most internal process communication trace only available during debugging will now always be available for Shared Memory and Network communication. Same behavior as communication using ICA/WTS.

Default value for CSP>AllowEmptyMemoryStore from 0 to 1.

Several places that used expand environment string to expand file path will now use the internal function expand full path to allow for internal variables like %ProgramFiles32% or %ProgramFiles64%.

Default access level for Plugin GetProperty 'Algorithm' and 'CertificateChain' from "use" to "low".

Upgraded Linux build environment to 18.04.

Upgraded Citrix VDAPI SDK 21.4.0.11(2104).

Command Utility reset update counter for minidriver type of counters, will increase counter values for pin/container/object with one. Earlier only object counter value.

Resource load/extract/get/set command. Both argument -file and -path can be used (same meaning).

Plugin configuration for SiteAccessUnknown.

Improved trace for running in an unsafe location.

Improved trace for redirected commands, that is, I/O-API calls.

Improved trace for Plugin calls when used by SCS.

Extended trace for Cache component.

Improved trace for Plugin calls.

Internal PIN dialog behavior for write/remove certificate.

Improved trace for Plugin calls using STDIO/NPAPI/ActiveX.

Moved configuration Action>ServiceMonitor to Service>ActionMonitor.

Moved configuration Action>ServiceStart to Service>ActionStart.

Default KSP implementation type: hardware/software/removable.

Default certificate name for Command Utility > Utility > List CAPI to use friendly-name from CAPI MY store.

Safe locations for Windows. Allows a mix of 32-/64-bits locations with 32-/64-bits applications.

Some adjustments for PIN PAD with Credential Provider.

IDPrime MD profile model name. Read both attribute 80001101/80001102 from file EF(0025).

Invalid license behavior, some commands allowed.

IDPrime MD profile, will check only delete certificates for read-only keys when marked as read-write (new flag in profile documentation).

IDPrime MD profile, will try to delete certificates for read-only key, but only remove reference on delete success.

Merge configuration, will allow both files and Registry, earlier only files.

IDPrime MD profile, will block delete of objects related to read-only key.

Extract PIN from PKCS11 will use internal store instead of SSO cache.

Return value to CKR_OK instead of CKR_USER_ALREADY_LOGGED_IN for call to C_Login when PKCS11>IgnoreLogout=1.

Configuration till allow enviroment-variabler for file path.

SCS to always use local machine PKCS#11 implementation (even in TS/Citrix).

Configuration by ATR to allow card model instead of ATR.

Challenge/response configuration to be more automatic.

IDPrime 940 SIS smart card support for interop Thales minidriver.

Plugin trace for blocked parameters.

Build environment for macOS/iOS.

Minor trace text updates.

Exception handling for Windows.

System name for Windows Server to include Server.

Autologon for wrapped CP.

Some minor trace text adjustments.

Enhanced debugging for Linux Virtual Channel component.

Prepared porting Virtual Channel component to macOS (not finalized).

Safe location for Windows.

Variable TemporaryValidity, may specify days or seconds. Available for all token sections.

Trace server, will trace itself more often.

Configuration using ini-format. Keep comments and extra whitespace.

Configuration using ini-format. Allow extra whitespace between entry/value.

Setting of Registry files during install/uninstall.

Wild-card matching to allow wild-card in middle, that is "i*.reg".

Default remote trace timeout.

Timeout handling for remote components using shared memory.

Format html images.

Install of NPAPI plugin for Windows.

Extra access check added with "always" access.

Write of public key at generate key pair for IDPrime MD 4.2 and earlier. Was added for compability with Thales minidriver (QJO-445-81994).

Automatic pause/continue for Net iD User Service at session event RemoteDisconnect/RemoteConnect. Register as normal Watch events if the functionality is needed.

Translation of symbolic links for Linux/macOS.

stdin/stdout mode for web-extension (always binary).

Write token number for YubiKey.

Resource get command (can now handle compressed).

Upgrade installation (uninstall followed by new install).

Error handling for communication with web-extension during write.

PIN expire for PKCS#15 smart cards with object-only update-counter.

Plugin access 'as-parent-app' for macOS.

Minor configuration error for remote proxy connections.

Remove of remote proxy connections during disconnect.

Reconnect of remote proxy connections during disconnect.

Global mutexes for remote connections (unique per desktop).

IDPrime 940 SIS. Encoding of first element in file-list-file (0101h).

IDPrime 940 SIS. Check for file existence at write certificate to handle inconsistence in content of file-list-file (0101h).

IDPrime 940 SIS. Will remove all elements with the specified id in file-list-file (0101h) at add of new element to avoid duplicates.

Remote component cleanup message when using proxy.

Autoclose of remote PKCS11/CSP session/context when used with proxy.

Trace split broken by update.

Link action support for Credential Provider.

SCS parameter PluginSingleUse=1.

Broken PIN PAD check for PIN expire update.

Potential crash when calling CryptoAPI to free certificate from store.

Problem with retrieve SCS version.

Presentation of Net iD Command UpdateCount time (correct timezone).

SmartCard>PinExpire=X/0. Will now always be inactive (=0) for smart card profiles without PinExpire support.

PIN expire handling. Will autoswitch between different UpdateCounter objects if needed when PIN expire is active/inactive.

PIN expire handling. Will not show dual UpdateCounter object á la PKCS#15 profile LastUpdate when stored with relative path.

Soft token storage in Registry with "big" content.

Potential dead-lock while updating soft tokens.

Token present event after PKCS#11 InitToken when number of PINs changed.

Initialize token for Aventra MyEID 4.0.1.

Smart card support Aventra MyEID 4.0.1.

Plugin EnumProperty Token after token updated.

Plugin STDIO interface with empty SetProperty value.

Uninitialized variable for Plugin signature.

Plugin access for "low" level items when site is "block".

Plugin access for "full" level items when site is "ask" (blocked without asking).

Plugin access for "file://" (will never be allowed to update).

Configuration Plugin > AllowURL when using "file://".

PIN PAD with Thales smart cards.

Problem with show-multiple-empty for CP.

Install on Linux with trace disabled.

Installation message for Net iD Application.

Plugin enum components description for Citrix extension on Linux.

Typo for Watch "ConsoleDisconnect" event.

SCS with IE when site is refreshed.

Case-insensitive compare for safe locations (applications that may use SSO).

Extract PIN from PKCS11 now working with TPM and soft tokens.

InitToken/ResetToken data "blob" from Plugin.

Command for logout all tokens.

Import of registry file with unknown environment variables.

Smart card key generation for IDPrime MD.ODD.

Key usage for PIN3 enrollment on IDPrime MD smart cards.

Net iD Enterprise compability package.

Unlock PIN for Credential Provider with ModeTokenEvent=0x02.

Remove of smart card reader for Credential Provider.

Credential Provider Filter problem.

Problem with monitoring processes for Net iD Service.

Problem with remote components using shared memory.

Unlock challenge/response for smart card MD830B level 3.

User service crasch for temporary certificates.

Windows scale 225% when using dpi-aware manifest.

Credential Provider when both mode flag TileAlwaysPresent and flag ShowMultipleEmpty are active.

system-name for Windows Server 2019.

National characters (åäö) for Shell Extension (aka ExplorerMenu).

Remember Watch execute-once-list between restart.

Duplicate credentials for Credential Provider.