v7.1.8 ***************************************************************************** General - Aligned TLS server certificate validation with CA browser forum guidelines Signature creation and validation - Support configuration of field appearance for new signature fields when signing with wizard - Identify and display advanced D-Trust seal as seal, not as signature - Allow modifications on InfoDict in PDF MDP validation - Accept changes to default resources in PDF MDP validation - Fixed: Signature qualification check does not enforce use of QSCD - Fixed: XML-References passed to the XMLDocumentSignerWizard by API are overwritten by wizard - Updated trusted lists PDF - Support Adobe V5/V6 PDF encryption algorithm in encryption and decryption - Identify PDF version from header even if directly followed by binary characters - Do not allow modification of changed annotations - Fixed: RandomAccessViewport reads beyond its bounds - Fixed: Font entries directly contained in default resources cannot be reused Services and interfaces - Provide usability of PKCS#11 call-in interface with ERiC - Support Ghostscript version gs9.54.0 - Fixed: Sign Live API queries user for PDF validation report file location v7.1.7 ***************************************************************************** General - Increase readability of dialog tabs on MacOS - Updated product activation help to match current processes - Fixed: Rendering issues on macOS when scrolling Signature creation and validation - Support D-Trust eHBA Generation 2 - Increase approximated signature size for AIS signatures - Increase approximated signature size for gears signatures - Support further identity verification types with D-Trust sign-me - Reject signatures on certified PDF document if modifications aren't allowed - Disallow PDF signature creation on certified documents where no modifications are allowed - Support cancellation of ongoing gears process using the wizard cancel button - Configurable browser for use with out-of-band redirect stage from gears - Renew intarsys TL signer certificate - Fixed: Cannot update Trusted Lists since UK has closed their TL - Fixed: Signature is still considered valid after adding a page - Fixed: Handle anyPolicy OID found e.g. in Polish qualified certificates - Fixed: Cannot identify document changes in signature validation if annotations are directly referenced - Fixed: Digest mismatch in trusted batch if signing opened documents - Fixed: Qualified Signatures are shown as Qualified Seals - Updated trusted lists Services and interfaces - Improved signature validation HTTP demo client - Fixed: service argument declarations of validation service aren't properly editable after changing service settings via UI controls - Fixed: Attaching the signature validation report to the source document not possible in service scenarios - Fixed: Signature validation report cannot be returned binary by HTTP validation service v7.1.6 ***************************************************************************** Signature creation and validation - Added support for D-TRUST 4.1 smartcard - Added support for D-TRUST 4.4 smartcard - Fixed: External XML signature uses non-schema-compliant IDs when embedding content - Fixed: External XML signature with with embedding of to-be-signed document leads to invalid digest - For PDF signatures, accept changes to Strings if the content remains unchanged - Updated trusted lists v7.1.5.1 ***************************************************************************** Signature creation and validation - XMLDSig: X509SubjectName should be converted to RFC 2253 - Resist PDF shadow attacks by RUB - Fixed: Reuse of XRefStream object id may lead to signature-compromising change - Accept changes to XRefObjectStream indirect object in signature validation - For PDF signatures, accept changes to Strings if the content remains unchanged Services and interfaces - Removed MacOS tokend integration - Remove application integrity check on MacOS PDF - Prevent replacement text strings to be encoded as UTF-16BE v7.1.5 ***************************************************************************** General - Support startup cancellation if profile directory is already in use by a different application instance - Improved client-side TLS handling - Fixed: Cannot print on macOS Catalina - Fixed: Proxy setting "use system settings" doesn't work with Java 11 Signature creation and validation - Support signature creation with configured Sign Live! cloud suite gears endpoints - Support configuration of Sign Live! cloud suite gears endpoints and settings - Preferably display pseudonym / given name + username for certificates - Support creation of XAdES-B-T signatures by adding timestamps - Support creation of multiple XAdES signatures using the XML signature creation wizard - Identify qualified seal and reflect this in validation result UI and PDF/HTML/text report - Improve validation path detection in case of expired / not yet valid CA certificates (experienced with MyCard) - Accept changes to StructTreeRoot in MDP signature validation - Updated trusted lists - Fixed: Removing the byte range from a PDF signature may lead to positive validation result - Fixed: When validating a password-protected PDF with multiple signatures, the user is prompted sevaral times for password input. - Fixed: Timestamp service selection page shows invalid character encoding Services and interfaces - Disable TRACE HTTP method in Jetty - Fixed: XMLRPC serialization messes up non-ASCII PDF - Support signature creation on PDFs larger than 2 GB - Fixed: When saving an encrypted PDF document, an existing /Lang entry gets modified, potentially leading to signature rejection v7.1.4 ***************************************************************************** General - Fixed: After saving a PDF file to a new location, the previous file is still locked. Signature creation and validation - Updated trusted lists. - Support alternative validation rule in validation service: Accept documents if all signatures render valid. - Integrated the Bundesdruckerei sign-me signature service with short-lived certificate support. - Fixed: Error in signature wizard if pageRange in preferences contains a page number that is not available in the current document. v7.1.3 ***************************************************************************** General - Fixed support for TLS 1.2. - Updated bouncycastle libraries to v1.62. - Fixed: Log viewer doesn't show the existing log files. - Fixed: Developers guide contains wrong text Signature creation and validation - Updated trusted lists. - Ignore invalid trusted lists during validation. - Improved certificate path selection during signing process. - Fixed: Rollback is not performed completely in case the trusted list update fails due to unknown TL signers. - Display ExpiredCertsOnCRL extension of CRLs - Make sure changes to a PDF are investigated in deterministic order during MDP signature validation. Scan Support - Fixed: In some circumstances, PDF MDP validation rejects a new signature field, but should accept it. Services and interfaces - Fixed: Signature validation service fails if no report is created. - Fixed: sdk\HTTP\dev\lib3rd contains redundant versions of libraries v7.1.1 ***************************************************************************** General - Support Java 11. - Updated supported operating systems. - Improved logging. - Assigned .ctif file extension to TIFF document type. Signature creation and validation - Improved smartcard connection keep-alive handling. - Refuse signature with pooled smartcard in case of expired certificate if configured correspondingly. - Emit JMX event if errors occur while validating a pooled smartcard's certificate. - Continue signature validation if revocation data is erroneous. - Escape filenames within HTML signature validation reports. - Assigned file extensions .s2, .s8, .s9 to PKCS#7 signature type. - Removed outdated CRL definitions. - Updated trusted lists. - Fixed: Cannot import Telesec smartcard identification data into smartcard pool. Scan Support - Fixed: Attachments are not processed within nested directories. Services and interfaces - Added explicit control over the validation of enveloped and detached signatures. PDF - Fallback handling for implausible tiling pattern values. v7.0.7 ***************************************************************************** General - Display license acocunt balances in license view dialog. - By default, don't open TCP port when starting the embedded database. - Added demo options enabling authentication tunneling for all schemes. Signature creation and validation - Support D-Trust 3.1 card. - Updated validation demo data. - Improved certificate lookup for cases where no certificate is passed within a signature. - Always accept changes to the DSS for signed PDF documents. - Improved traceability of validation process. - Defensive handling of non-spec-conformant X509 extensions. - Fixed: Cannot import certificate from Telesec card into pool configuration. - Fixed: Deadlock if multiple service containers a concurrently accessing the same smartcard pool. - Fixed: Cannot validate incremental changes to a linearized signed PDF document if the first revision is missing a trailer. - Fixed: Smartcard connections may remain open when cancelling the signature wizard. - Fixed: Cannot verify signature of OCSP responses signed using the RSASSA-PSS algorithm. - Fixed: Signature SubFilter pkcs7.sha1 not handled correctly. - Updated trusted lists. - Updated certificates. Services and interfaces - Sort service containers in alphabetical order - Sign Live! API: Pass encoded certificate in validation result. v7.0.6 ***************************************************************************** General - Fixed: Cannot call application via shell extensions if the installation path is longer than 130 characters. - Fixed: Preference files are corrupted if Linux service is stopped during startup phase. - Fixed: Inconsistencies when updating from version 7.0.0. Signature creation and validation - Support D-Trust officer card. - Accept signatures as LTV-compliant if revocation info is embedded up to thr trust anchor, not necessarily the root. - Support interactive entry of DN attributes newly required by AIS policies. - Use XAdES property SigningCertificateV2 in signature creation to meet ETSI TS 319 132 requirements. - Validate signed XAdES property SigningCertificateV2. - Improved change detection for PDFs with embedded LTV info. - Fixed: Stacktrace in log file if Thales middleware is not installed. - Fixed: Cannot change PIN with class 1 card reader. - Fixed: Certificate store shows error if Thales nCipher middleware is installed, but not HSM is connected. - Fixed: Cannot save signature batch preferences. - Fixed: Digest is not shown in signature validation result directly after creating an external XML signature. - Fixed: PKCS#1v1.5 padding of signature is rejected if signature is created using a key pair issued before 07/29/2017. - Fixed: Cannot parse CRL if delivering HTTP server provides no content-type header (observed with Adobe CRL). - Fixed: Unprecise error message if D-Trust PIN is locked. - Fixed: Signature validation results shows a PKCS#1v1.5 encoding for ECDSA signatures. - Fixed: Cannot complete signature validation for linearized PDFs with multiple signatures. - Updated trusted lists. Services and interfaces - Add audit entries only to audit log, not the application or servicer log. - Added possibility to circumvent maxPayloadSize restriction for SOAP requests. - Added certificate monitoring service sending JMX events 'certificate.expired' and 'certificate.willexpire'. - Fixed: Error when cancelling batch save process - Fixed: When called from Cloud Suite Bridge, no card reader is found. - Fixed: After opening a file through the command line, any further actions require an automation license. - Fixed: File I/O - Unsigned file is moved to output directory if service is stopped while waiting for pooled smartcard. - Fixed: Sign on 'current page' not working from signature wizard, if viewer was closed during wizard processing (e.g. when called through the API). - Fixed: When called through the API, API args and preference args are not properly merged. v7.0.5 ***************************************************************************** General - Set default proxy setting to 'system'. - Added boolean argument 'replaceLocator' to report renders. Signature creation and validation - Added support for the Thales nCipher HSM. - Accept timestamp certificates without key usage extension (e.g. from DGN). - Updated trusted lists. Services and interfaces - Fixed: SharedLib not working due to classpath error. - Support wildcard-based loading of JAR files using .lcnf files. v7.0.4 ***************************************************************************** Signature creation and validation - Support caching of smartcard PIN - Updated TR-RESISCAN documentation. Services and interfaces - Fixed session-based signing. v7.0.3 ***************************************************************************** General - Fixed: Service communication fails when proxy settings active Signature creation and validation - Updated EU trusted lists - Support new D-Trust eSeal smartcard with 3072 bit keys. - If validation profile 'auto' is active, do not apply SigG profile to certificates issued in the eIDAS domain. - Fixed: Cannot reset D-Trust 3.0 EU card. - Fixed: Cannot read Telesec OCSP response. - Fixed: OCSP requests for newly generated Telesec certificates result in state 'unkown'. Services and interfaces - Improved IBMMQ connection handling PDF - Fixed: ImageMask with embedded color space causes rendering issues v7.0.2 ***************************************************************************** General - Publish license accounts via JMS (allows balance inspection) - Fixed: possible exception at startup - Support definition of HTTPS proxy in internet connection settings. - Fixed: Trusted Mode validation references legacy device 'Signtrust'. - Fixed: missing texts Signature creation and validation - Updated certificates and Trusted Lists. - Show subject DN title attribute in signature info. - Support SSL client authentication when contacting timestamp services. - Follow HTTP redirect when updating trusted lists. - Stream data when calculating hashes for timestamp procedures. - Consider intermediate certificates from OCSP responses. - Fixed: possible deadlock when initializing the certificate database - Fixed: possible exception when moving certificate store entries via Drag & Drop - Fixed: Missing GUI update after creation of new certificate store entry. - Fixed: Certificate DB sometimes gets locked during setup. - Fixed: Wrong presentation of country in procuration attribute. - Fixed: Possible Out-of-memory exception in special smartcard use case. Services and interfaces - Fixed: possible exception during service creation - Fixed: PDF/A concurrency problem if document name is static throughout service calls - Added configuration UI for report rendering in PDF/A validation service - Improved JMS connection error handling - Support argument augmentation using JMS message properties - Support UTF-8 files with BOM as commandfile input to SignLiveAPI. PDF - Improved attachment handling - Suppress /Encrypt entry in trailer dictionary of unencrypted documents. - Fixed: Exception when saving document without /Fields entry in AcroForm v7.0.0 ***************************************************************************** General - Update notification feature - Improved notification preference page - logging configuration enhanced (see classes/config/logback.xml) - Limited log size - Fixed error when opening file association dialog - Use TLS-secured connection for online activation. - Optimized for deplyoment without base directory - Added service scripts for running as SystemD service. - Include version specification into JAR file names. - Reduced toolbar, focus on core functionality - Support macOS Sierra - Show 'time-to-wait' if action is delayed due to a license restriction. Signature creation and validation - Use PSS padding for RSA signatures with PSS-enabled smartcards. - Updated algorithm validation in accordance with current algorithm catalog draft for 2017. - Redesigned signature creation licensing - Usage of soft certificates is bound to the availability of a signature creation license - Activate signature info at startup and when a document is opened. - Updated certificates and Trusted Lists. - Replaced references to 'GoPdU/GoBS' by 'GoBD' - Respect trust anchors of the running Java installation in TLS handshake. - Added a scheduler service for automatic update of Trusted Lists. - Support cancellation of Trusted List update procedure. - Improved certificate store access from signature validation result dialog. - Added SwissGov root certificates to trust anchors - Improved association of external PKCS#7 signatures and related documents - Support creation and validation of RSA-PSS signatures n XMLdSig / XAdES - Centralized Trusted List Management using an intermediary intarsys trusted List. - Added Swiss root certificates to trust anchors. - Accept advanced timestamp in qualified signatures without invalidating the 'qualified' aspect. - Include PDF LTV data when validating signature timestamps within PDF signatures. - Improved logging of PC/SC events - Demo key now gets imported without absolute reference to the installation directory. - Improved open/close bahavior of document analysis sidebar. - Improved handling of signature sessions. - The audit log did not write an entry in case of service error. Now a entry is created. One can differentiate failure/success using the "record.success" field wich is either "T" (true) or "F" (false) - Configurable default sidebar - Added preconfigured Trusted List update service. - Split profile configuration for signature creation and signature validation - Improved presentation of unauthenticated OCSP requests - Validate LTV status of signature. - Support creation of SigningCertificate CMS attribute when signer certificate itself is not embedded. - Fixed: Advanced certificate is rejected in validation if positive statement is missing in OCSP response. - Fixed: Cannot exclusively embed CRLs for all certificates during signature creation. - Fixed exception when handling cancellation of MobileID authentication in AIS. - Fixed: Revocation info for signature timestamps is not embedded when creating LTV signatures. - Fixed typo in signature validation report. - Fixed: SwissSign Qualified Platinum CA derived certificates are not identified as qualified - Fixed: Signature info is not being updated when external CMS signatures are appended. - Fixed: Changes to a PDF's VRI dictionary compromise the validity of embedded signatures - Fixed: AIS SSL certificate is reset to when certificate browsing is cancelled. - Fixed PKCS#7 signature file naming for cases where some wizard pages are hidden. - Fixed: JPL files contain wrong application version - Fixed: Attribute certificate page cannot be skipped from signing wizard - Fixed: certificates stored on smartcards are automatically trusted while the card is inserted - Fixed: Revocation check is performed for trustworthy non-root certificates - Fixed: Sometimes an exception occurs when starting Sign Live! CC in headless mode due to automatic signature info activation. Encryption and decryption - Support decryption of RSAES-OAEP-encrypted data - Streamlined decryption preferences Services and interfaces - Improved audit log access to service arguments - Cosima: File system archiver now supports interactive file selection. - Fixed: Service GUI produces garbage in instrument.xml - Fixed: Webservice classes are contained in multiple JARs. - Fixed: wrong display of special characters in the service container console - Fixed inconstency in signature settings of Cosima service. v6.3.2 ***************************************************************************** General - Show warning on startup if profile directory is already in use by a different Sign Live! process. - Increased max. memory allocation (default) to 512 MB. Signature creation and validation - Updated trusted list support to comply with ETSI TS 119 612 v.2.2.1 - Updated EU trusted list signers according to EU notification 2016/C 233/01 - Updated EU trusted lists - Fixed: AIS calls result in ClassCastException since 03/20/2016 - Fixed: PDF MDP signature fails with NPE if a pre-signature revision contains an XRef entry marked as free which is reused for the signature object lateron - Fixed: SwissSign Qualified Platinum CA derived certificates are not identified as qualified - Fixed: Changes to a PDF's VRI dictionary compromise the validity of embedded signatures - Include PDF LTV data when validating signature timestamps within PDF signatures. - Extended / updated algorithm support within XML signature validation. - Activate signature info at startup and when a document is opened. - Fixed: certificates stored on smartcards are automatically trusted while the card is inserted - Fixed: Defective FI-TSL leads to inconstent Trusted List database after TSL update. Services and interfaces - File I/O service container: Optionally lock monitored directories for exclusive processing. - Fixed return type handling in interactive SharedLib demo for 64-bit Windows - Fixed: In File I/O based pool signature scenarios, all input files are moved to the error dir if pool is stopped. PDF - Fixed: Incremental update to a PDF document must add a preceding line separator if not already present. v6.3.1 ***************************************************************************** Signature creation and validation - Fixed expiration date issue with ECDSA 256 bit - Support pooling of signature devices accessible via signIT easy Services and interfaces - Enhanced PKCS#11 device support - Added TCP-based RFC3161 protocol (server-side) - New default locations for windows / linux service profiles - Added Windows shortcut for service admin configuration v6.3.0 ***************************************************************************** General - Bundled with Java 1.8 - Added NTP authentication support (MD5, SHA1) - Improved instrument ordering on startup - Changed logging API to Logback - Extended Mime Type Handling Signature creation and validation - Support EU trusted lists in signature verification process - Support creation of LT/LTA signatures - Support augmentation of existing signatures to achieve LT/LTA level - Support recovery in file I/O based validation process - Support usage of ECC-based certificates with signIT easy - Support generation of ECC-based certificates in certificate store - Database-based certificate storage - Improved GeneralName interpretation in appearances - Improved parsing of PKCS#15 file structures - Fixed feature check for ACS reader - Support handling of evidence records using bad (explicit) tagging - Support RSASSA-PSS padding in PKCS#7 signatures - Improved PIN resetting for Telesec smartcards - Optional rotation adjustment in signature field creation - Extended HTTP timeout for timestamp services - Optionally synchronize HTTP requests to timestamp service - DGN card enhancements - Improved Windows Certificate Store Integration - Support current QuoVadis ElDIV card - Improved certificate parsing - Set Default hash algorithm for signIT easy to SHA-512 - More flexible naming scheme for CMS signatures - Renamed Signtrust NET Signer to Multisign Signer - Respect page rotation when placing signature fields within services - Check for certificate expiration in mass signature processes - Fixed: Sign Live! CC offers certificates from Windows Certificate Store after deletion - Fixed: PDF signature appearance not created within some forms - Fixed: Warnings on behalf of attribute certificate in QuoVadis' timestamps - Updated certificate store Scan Support - Support wildcards in certificate selectors Services and interfaces - ActiveX: Support service container lifecycle - ActiveX: Extended logging - ActiveX: Fixed relaunch behavior - ActiveX: Fixed demos - PKCS#11: Fixed PKCS#11 support on Linux PDF - Improved default CSS applied within HTML import - Log XSLT conversion events (warnings, errors) - fixed system font lookup for MacOS X - Fixed: viewer default view settings are ignored - Fixed: Erroneous PDF files are not released after opening in viewer v6.2.1 ***************************************************************************** General - Support online activation through proxies requiring authentication - Support audit log creation - Added possibility to log JMX notifications - Scrollable JMX notification editor - Fixed: Instrument SecurityAppEANV may not properly install extensions - Fixed integration into Workshop Software GV B�ro - Fixed integration into d.velop products - Placed index file in doc directory - Support logging to UNC paths - New supported operating systems: Mac OS X 10.10, Ubuntu 14.04 Signature creation and validation - Extended smartcard signer label by certificate serial - XML signer now makes sure that any element within the signature element uses an explicit namespace prefix - XML signer now combines X509Data elements - Interactive creation of external XML signatures - Added support for the new Bundesnotarkammer signature card - Fixed PIN initialization description - Fixed PIN init / reset dialog width - Fixed digest comparison algorithm to match the encoding scheme now used by D-Trust - Mark CertGen extension as processed if critical - Process ICCSN extension - Included ArchiveCutoff extension processing into Common PKI core profile implementation - Implemented fallback lookup of CertHash extension in OCSP ResponseObject - Filter duplicate messages in reports for same aspects - No hierarchical message aggregation in validation state dialog - Explicitly set content type in RFC3161 protocol timestamp service - Support integrated SSL environment contacting a remote Sign Live! server - Improved evidence record interoperability with 3rd party systems - Support CMS-based document encryption and decryption using ECC-based smartcards (e.g. Telekom) - Process AdES attribute 'SigningCertificate' event when signer identifier is missing - Support report name templates for verification reports - Major certificate update - Deactivate windows certificate store by default Scan Support - Adjusted default values for sampling parameters to match current legal constraints Services and interfaces - Extended service accounting - Fixed AIS on-demand service description (en) - Preserve result files when FSM setting 'discard input' is selected - Added certificate validation service PDF - When created from scratch, PDF documents will get a correct producer entry in the initial XMP data - Fixed: Printer settings are not saved - Render embedded JPEGs with ColorKeyMask - Fixed: system fonts are not loaded on some Windows systems - Fixed: system fonts are not loaded on Mac OS X systems v6.2.0 ***************************************************************************** General - Trusted Mode: Table 'Messages' is now resized according to Window size - Documentation updated - Fixed: NullPointerException when saving a modified batch definition - Fixed: include/exclude filter in stage config files ignored - Fixed: Selection on notification preferences page gets lost if page is left and revisited - Fixed: Exception possible when decrypting stored passwords - Fixed: Mac OS X claims installed version of Apple JDK if when application is run with embedded JRE Signature creation and validation - Major performance improvements when validating signatures - Internal Time Stamping Authority with RFC3161-compliant service interface - Integration of NTP-Servers for time retrieval - Generation of SSL client and server certificates as well as timestamp service certificates possible - Preference-based configuration, whether storage of passwords is available in signIT easy wizard - PDF/PAdES-compliant embedding and extraction of OCSP responses into/from CMS attributes - Selectable PDF signature profile (PAdES-Basic, PAdES-BES) - Selectable CMS signature profile (CMS, CAdES) - Creation and validation of ECC-based signatures in XML based on XMLDSig 1.1 and RFC4050 - Support for PAdES-EPES, CAdES-EPES, XAdES-EPES when creating signatures - Processing of OCSP nextUpdate - Improved validation of PDF-LTV signatures - Automatically show document assessment when opening a tif or txt file in Trusted Viewer - Verification of RSASSA-PSS-signed certificates - Improved support for cross certificates - Summary page may be skipped in signature wizard - Foreign TSAs are accepted within German QES - Timestamp signatures are accepted, even if the TSA certificate's KeyUsage contains digitalSignature only (non-repudiation not required) - Signature verification can proceed even if the decoding of cert-values and revocation-values attributes fails (e.g. because auf bad encoding by signing party) - Unified report file names in signature service and batch - Application-assignable file extensions ers, tsr and avd - Extended acceptance of OCSP responder certificates - Improved logging of OCSP communication errors in signature report - Added signature device Swisscom AIS - No re-digesting of single-digest hash trees in evidence records - CRL export from CRL store - Show exception in validation error messages - Profile change in D-Trust smartcard is considered - Certificate Update DGN / medisign - TASP demo data updated - Fixed: in signature pool with multiple cards only a single one gets initialized - Fixed: Report format selection is empty when accessed using menu entry 'Signatures > ...' - Fixed: Verification of evidence records uses explicit tagging instead of implicit tagging - Fixed: Cannot show contents of admission attribute without profession OIDs (primary concerns OGV profession) - Fixed: Signature and validation may block each other when clicking into a PDF signature field - Fixed: Long attribute values are cut off in PDF signature reports - Fixed: Last PDF revision might not get recognized by PDF comparison algorithm - Fixed: PDF change detection routine delivers invalid result if document contains compressed XRef sections - Fixed: Potential exception when establishing TCOS 3 secure messaging Scan Support - Default value for setting 'Check input directory before publishing' is 'true' now - User is logged in PackageLog - Setting max. page count per batch - Improved file handling - Fixed file monitoring - Added .jpl as attachment extension - Fixed: Setting 'Change monitoring interval' not always respected Services and interfaces - Default file encoding is forced to be UTF-8 on Mac OS X - Print functor / service returns PDF document as result - Assign custom labels to functional units within a macro block - Cosima now supports the preparation of PDF signature fields without actually performing a signature - Extended smartcard pool monitoring using JMX notifications - Fixed: Macro editor: Copying of actions not possible - Fixed: Macro: Functor/Service scripts might not be found after deserialization - Fixed: Possible conversion error using the Cosima service, if output name is changed PDF - Improved support for incorrect documents - Return / space triggers MouseUp event of PDF pushbuttons when active - First tab usage now activates first form element on current page - Optimized presentation of PDF text field editor (wrapping, scrollbar) - Fixed: Generated XMP is not accepted by PDF-Tools - Fixed: Extended editing and shortcuts not working in PDF text field editor - Fixed: Unexpected exception if content stream contains operation without operator token v6.1.0 ***************************************************************************** General - Support for new OS: Windows 8, Ubuntu 12.04, OpenSuse 12.3 - Runs with Java 7 - JRE comes embedded with all distributions (formerly Windows only) - Improved control of SSL communication (HTTP, SMTP) - Fixed: Option -itdirs and config conflict - Improved proxy support (Credential persistence, exclusion list, bugfixes) - SDK demo cleanup - SDK demos write their output files to the user's profile dir Signature creation and validation - Interactive creation of document timestamps - Creation of PDF-internal document timestamps (PAdES-4) - Creation of external XML signatures - Support for the new Signtrust signature card (Starcos 3.5) in single and multi signature operations - Support for the Telesec 2.0 multi signature card in multi signature operations - PIN reset for D-Trust 3.0 signature cards - Improved support for Telesec TCOS 3.0 SBCA - PIN management: Improved exception handling - PIN management: Improved messages - Fixed placement of PDF signature fields - Improved password handling when signing with PKCS#11 devices or elements from the Windows certificate store - Redesigned signer session concept - Hide PIN initialization for NPa - Improved messages if no certificates are available in the signature wizard - Hash algorithm SHA-512 supported for smartcard-based signatures (default) - Validation of evidence records (RFC 4998) - Validation of ArchiveValidationData XML documents (TASP) - Validation of PDF-internal document timestamps (PAdES-4) - Automatic selection of Common PKI profile used to validate signatures - validation result presentation with new icons - The prolonged max. validity period of 10 years for qualified certificates (SigV) is taken into account - Adjustable timeout for OCSP HTTP communication - Updated certificate inventory - Improved integration of Windows certificate store certificates Scan Support - Major performance improvements when rendering PDF samples - Filter for files not to be processed - Improved error handling Services and interfaces - Flexible combination of services using the new macro editor - New signature service creating CMS signatures over web-delivered hash values - Customizable error handling in scripted services - ActiveX: Query application properties using operation "evaluate" - ActiveX: improved error handling using "GetLastErrorMessage" and "GetLastErrorTrace" - Show restrictions from attribute certificates within structured validation result - File system monitoring: Detailed logging of file operations - File system monitoring: Process files only if they can be locked exclusively - File system monitoring: Possibility to prevent the original file from transport into output directory - ULS container control (P9100 printing etc.) removed from preferences dialog (use from service console) - Fixed problem with scheduling service when selecting dedicated day for execution - ELSTER - Fixed timing problems - Log SOAP communication PDF - Improved handling of PDF file attachments (Metadata, Save, ...) to meet PDF/A-3 requirements - JavaScript Named Action "Quit" minimizes window upon viewer close event v6.0.2 ***************************************************************************** - Added support for Telesec TCOS 3.0 Signature Card v2 (multi / single signature, initialization, pin change) - Improved identification of QuoVadis ElDI-V smartcards - Extended PKCS#15 key property processing - Added default destination for smartcard certificate export - Remember load / save locations for certificate import / export - Prefix '+' defines attachments as mandatory - Reordered PINs in pin change dialog (PIN/PUK for qualified signature comes first) - DER-encode EC signatures in PKCS#7 - Automatically delete dangling lock files in scan support - Reauthenticate with TCOS smartcard when usage limit is reached - Accept qualified certificates with a validity period of up to 10 years - Added (API-based) creation of external XML signatures - Improved error message if license check during pin change fails - Certificate validity period is checked during signature creation by default - Added direct certificate export from smartcard to file - Improved error handling in scan support concerning file collisions - Updated CA certificates - Added operating system support for OS X 10.8 - Fixed: Cannot initialize Telesec v1 smartcards due to error 0x69f0 - Fixed: Application wants to authenticate repeatedly during pool-based signature creation with QuoVadis ElDI-V smartcards - Fixed: Exception when trying to export a smartcard certificate without destination selection - Fixed: PIN change message is incomplete when using a KOBIL card reader. - Fixed: use correct default signature method ('Standard') in scan support - Fixed: wizard pages cannot be reactivated if deactivated by application scope preferences - Fixed: signature wizard doesn't remember the previously selected attribute certificate - Fixed: cannot use Signtrust card in ELSTER portal - Fixed: cannot import EC-based certificates into local certificate store - Fixed: on Ubuntu 12, application window is empty if not started in full screen mode v6.0.1 ***************************************************************************** - Improved / updated support for Swisscom smartcards (single and multi) - Added support for QuoVadis ElDI-V smartcards - Added support for SwissSign SuisseID smartcards - Improved rendering of incorrect PDF files - PDF document attachments are displayed even in trusted viewer mode - improved ActiveX support - Extended validation information returned by SignLiveAPI (disposition, timestamps, attribute certificates) - updated scan support demos - accept subject DN parts as certificate filter - Updated integrated JRE to version 1.6.0_35 - Updated root / CA certificates - Fixed: Cannot sign with key / certificate, which was imported from a PKCS#12 file by reference - Fixed: KOBIL KAAN Advanced sometimes blocks Windows PC/SC service - Fixed: New signature field is always created on the current page, regardless of wizard choice - Fixed: Cannot use native interfaces (ActiveX, PKCS#11, ...) with Java 1.6.0_31 or newer - Fixed: Log settings applied in preferences dialog are not used by Windows / Linux service - Fixed: Setting a proxy in preference dialog leads to exception when pressing OK - Fixed: Cannot register minidriver on Windows XP - Fixed: Warning when starting Sign Live! CC because of missing widget - Fixed: Cannot sign with key stored in windows certificate store - Fixed: JMS demo not working because of incomplete classpath v6.0.0 ***************************************************************************** - new, improved PIN / PUK management - improved creation of signature validation reports - new report creation wizard - improved configuration of signature validation service (added option to selection report format and PDF/A conformity) - integrated validation of external RFC 3161 timestamps - service-based creation of external RFC 3161 timestamps - improved import of PEM key / certificate pairs - added PDF attachment support (creation, modification, viewing) - updated certificate base - Mailtemplate missed BOM support, fixed - Deleting files from input folder no longer results in listener getting inresponsive - windows service uses same configuration as gui application - changed license restriction defaults for API and commandline calls - sampling: possibility to validate package before publishing it in order to prevent from errors based on slowly scanned files - sampling: fixed error when marker file contains a dot character (.) - service parameters are sorted alphabetically - signing wizard prohibits early finishing if there are warnings to be attended to - fixed: Missing error message CantExtractDocument when extracting signature - improved change detection for subsequent PDF signatures - fixed combined definition of expiration conditions - added font embedding for Flying Saucer based HTML-to-PDF conversion - changed default name of xml signature reports to .valreport.xml - fixed file timestamp handling for filesystem-based services - improved error handling for filesystem-based services - added support for SSL ServerAuth and HTTP Basic Authentication to Jetty-based services (HTTP, XMLRPC, SOAP) - fixed: error when viewing XMP data of pdf file with empty text - added PDF page management tools (rotate, import, export, ...) - added JMS service container allowing ActiveMQ integration v5.1.4 ***************************************************************************** - extended sampling - extended Sign Live! API - fixed certificate validation from certificate store dialog - revised error states returned by signature validation - fixed OCSP issue - fixed attribute certificate lookup - enabled validation of PKCS#7 signatures without signed attribute structure - signer certificate digest is respected within XML signature creation - added new rendering engine for HTML-to-PDF conversion - updated certificates (BNetza Root, Telesec, S-Trust, ...) - support for mass signature using DGN / medisign smartcards - sampling viewer stores zoom mode - exclusive sampling of odd pages available - fixed initial settings presentation v5.1.3 ***************************************************************************** - TCOS 3.0 CV Certificate support - TCOS 3.0 Shared Business CA certificate support - Fix certificate export - instrument preprocessing features added - JMX support - Shell position and size in multi monitor environment - Cosima archive features - Cosima user interfaces - Fix message dialog race condition - Builtin jetty support - Lazy PCSC resources shutdown - ActiveX thread resource leak fixed - ActiveX license check fixed - Stage servlet environment must wait for launch callback - Servlet error handling review and cleanup - PKCS#11 getAttribute buffer overflow fixed - New Signature Applet features v5.1.2 ***************************************************************************** - Support GUI-based signature appearance definition in sampling and batch processes - Keep sampling packets open upon errors event if preference 'close packet automatically' is set - When publishing sampled files, attachments are written first - Modified sample calculation concerning envelope handling - handle .log files as packet attachments by default - Improved node name definition in certificate importer wizard - Support MAPI on Windows 64-bit systems - Support scheduling of service executions - Support scheduling of CRL updates - Updated S-Trust certificates - Support .cms files as PKCS#7 - Add suffix .valreport to signature validation reports by default - Fixed: Batch arguments are not displayed in batch GUI - Fixed: signature validation within sampling processes not possible - Fixed: file name determination is incorrect if PDF documents are signed internally within sampling processes - Fixed: select file extension in service parameter using arg.locatorExtension - Fixed: handling of cascaded PKCS#7 structures inconsistent - Fixed PIN initialization issues when using a Telesec smartcard with a ReinerSCT secoder card reader v5.1.0 Patch 1 ***************************************************************************** - Suppport OASIS-compliant XML signature validation report - Added further demo signature validation services and clients - Fixed: Signature services won't run on Linux / Mac OS X systems - Fixed: Built-in JavaScript calculation functions defined in LibAcroForm fail - Fixed: No assessment report creation possible - Fixed: Batch arguments are ignored when the GUI is used - Fixed: RSA key size of 1976 bit is rejected v5.1.0 ***************************************************************************** - Major API improvements - Support for mixture of PKCS7 signature and encryption within a single file - Added warning if validated signature indicates a signature date that lies in the future - Improved import of certificates and keys - Improved certificate management - Support counter-signing of certificates, i.e. creation of certificate chains - Support key and certificate export to common keystore formats. - Support deletion of invisible PDF signatures - Extended logging in early startup phase - ScanSupport demo extended - Fixed: When importing images into existing documents, the image objects may not always been saved. - Fixed: If running as service, some preference files may have been corrupted. From now on the service will not write preferences on shutdown. - Fixed: After timeout, a signature card will not be shown in signatur pool - Fixed: Multithreading issues - Fixed: Missing hash value in pkcs7 validation result if signed data does not exist. - Fixed: If the timestamp provider is not available, an error message will show details. - Documented: Need to restart application if preferences of monitoring has been changed. v5.0.5 ***************************************************************************** - Added support for secure PUK activation for Telesec cards with Cherry ST-2000 card readers with firmware version 5.11 - Certificates stored in the windows certificate store's 'Other People' category will be integrated now. - Changed generic webservice interfaces and implementations. The previous interfaces will still run, but are deprecated now. - Fix: Error when accessing the signature wizard's 'Trusted Viewer' page within window-less ActiveX context. v5.0.4 ***************************************************************************** - Updated S-Trust certificates - Fixed OID of PKCS#7 attribute 'signer certificate' - Additional document JavaScript / action support - Fixed JavaScript scope issue - Fixed reference of external PKCS12 files v5.0.3 ***************************************************************************** Installation notes: - When updating from a previous 5.0.x release to 5.0.3 using a non-installer distribution (e.g. ZIP, DMG), please delete the following files in your installation directory: - lib/secsmartcard.js - instrument/ReportPDFSignatureValidation/scripts/reportData.js Changes: - Extended service console by SOAP webservices - Allow validation reports for PKCS#7 signatures without referenced content - Support import of PKCS#12 files with multiple aliases - Added login support to PKCS#12 libraries - Extended documentation - Fixed signature wizard inconsistency. - Improved variable resolution for dynamic signature appearances - Enabled import of PKCS#12 key files useing the .der file suffix v5.0.0 ***************************************************************************** - Signature pools released - Service container framework released - CSP support for Windows XP released - Windows 64 bit released - Fixed some ActiveX installation issues - Switch PIN entry sequence for PIN change - Improved eANV XML Signature - Fixed error when including attribute certificates - Improved card terminal / card identification in GUI - Support signature validation at user defined date - Improved PKCS7 signature file collision handling - Added support for secure PIN change on class 2/3 card readers - Added support for secure PIN initialization on class 2/3 card readers - Removed support for old cards - Added support for new card generations - Scan support GUI handling improvements - More defensive handling of some non compliant PDF files - Added support for PDF signature filter 'asign.ECDSA' (A-Trust) - Fixed some rendering issues for GUI and printing - Improved rendering for 1 pixel lines - Fix error when serializing preferences - Fix modal dialog handling v4.2.2 ***************************************************************************** - Proper reset for document after failed signature - Scan support can handle directories recursive - Scan support improved sample selection - Improved eANV XML Signatur v4.2.1 ***************************************************************************** - fix: changing a smartcard's transport PIN was not possible - fix: Signtrust M-Card (Starcos 3.2) is now recognized as a mass signature card - added support for medisign's HBC Generation 1 v4.2.0 ***************************************************************************** - added online activation - improved ActiveX / Internet Explorer compliance - added PKCS#11 interface for seamless smartcard integration with third-party apps (e.g. Thunderbird) - added sampling-based signing (important for scan service providers) - added support for A-Trust smartcards - added support for Swiss EIDI-V certificates (Swisscom) within mass signature scenario - algorithm validity (SigG) is checked during signature creation - improved XMLDSig support - added PIN resetting for Swisscom smartcards - added Swiss and Austrian CA/root certificates to default certificate store content - check whether signatures are qualified is deactivatable - fixed certificate import from PKCS#7 (p7b) files - fixed storage of pre-selected encryption certificates v4.1.2 ***************************************************************************** - extended card reader support - smarcard / token access via PKCS#11 - minor bugfixes v4.1.1 ***************************************************************************** - fixed some instabilities on Windows Vista - minor bugfixes v4.1.0 ***************************************************************************** - smartcard access rewritten to be more compatible with other concurrent clients - PDF certification signature support - fail safe signature session support (file system monitoring, batch signing) - sophisticated signature appearance creation for PDF documents - wintab image integration in appearance for smartcard signatures - improved receiver selection within encryption wizard - preferences for preselecting encryption certificates - added customizable caching of OCSP responses - extended SigG compliance checks concerning the use of outdated digesting and signature algorithms - new performant shell extension implementation (explorer integration) - file system monitoring with result values, attachments and collision strategies - more flexible string expansion, user defined variables - license expiration warning - PDF rendering improvements and bug fixes - PDF annotation rotation fixed - PDF bookmarks added - improved PDF/A compliance - pdf documentation set rendered with table of content, bookmarks and active links - as always a lot of minor changes, fixes and improvements v4.0.8 ***************************************************************************** - Updated S-Trust root / CA certificates for 2009 - FIX: The application sometimes refuses window startup due to invalid stored coordinates. - FIX: Form fields are (sometimes) not displayed. - FIX: The signature label is not expanded. - FIX: PDF printer leaves an open registry handle after ghostscript lookup. - FIX: Toolbar items missing after installation of Sign Live! PDF - FIX: Signature validation fails when the signature's signing time attribute contains a generalized time object. v4.0.6 ***************************************************************************** - fixed exception when signing on class 1 card reader from explorer context menu v4.0.5 ***************************************************************************** - fixed appearance creation when signing a document using multiple widgets v4.0.4 ***************************************************************************** - added mime type and file association support - improved Internet Explorer integration (surrounding IE is used for submit processing) - fixed handling of OCSP validation depth setting - fixed calls to the Signtrust OCSP responder v4.0.3 ***************************************************************************** - fixed rendering bug with strange appearance definitions - fixed concurrency issues in multi threaded validation - fixed concurrency issues getting signing PIN via internal PIN entry dialog - fixed problem with inconsistent document after cancelling signature - "Create new visible Field" decision can now be safely hidden from wizard. - fixed checking properties in multiple licenses - fixed checking unlimited licenses - fixed creating new signature field on pages other than first - allow for multiple signatures in PKCS#7 container - fixed problem with wizard parameter handling - improved validation report - fixed non ascii character handling in signature appearances - fixed bug report handling - added "open" batch mode for signing - reviewed online help - reviewed tutorials and manuals - ActiveX improvements - added commandline options for embedded use - fixed shell placement in multi monitor scenarios - as always: some minor fixes and extensions v4.0.1 ***************************************************************************** - changed default for OCSP validation depth to "full validation" - fixed execution of PDF-embedded formatting and calculation scripts - fixed signature field resetting using JavaScript - improved PPK encryption wizard - improved font lookup - added installation verifier documentation - release lock on unparseable PDF files - fixed addition of script files to the script manager v4.0.0 ***************************************************************************** Version 4.0 comes along with a lot of fundamental changes and enhancements. First of all, Sign Live! CC is now based on a certified (Common Criteria) product. This is a prove of quality and we are going to keep this high level in all our releases. Second, with 4.0 we strived for a lean product mainly concerned with security applications. While there is still a sound PDF background, lots of PDF related functions that distracted the user from the security features were dropped, leading to a more usable and less expensive application. You still can add the PDF related features if you want to as plugins. The main functional enhancements are: * PPK Encryption * PPK Decryption * Additional card readers * Additional smartcards * Timestamp support The main non functional enhancements: * Documentation set of over 500 pages for advanced use and integration * More flexible, more customizable * Improved ActiveX * Vista support * Shell integration (context menus) * Improve usability (rendering, wizards) * Reduced memory footprint Internal highlights * No more coroutine (Java native interface) dependencies, switch to JNA * Improved PDF rendering (will be open source released) After that, there remain literally hundreds of resolved tasks unmentioned. They are all concerned with fixing issues, improving quality and usability and adding nifty tricks and helpful tools to already existing features. v3.2.7 ***************************************************************************** - fixed problem causing tooltips to follow the mouse cursor on Linux systems - fixed problem considering page positioning when printing on Linux systems - threading problems when validating fixed - problem when validating PKCS7 signature without certificate set fixed - added sampling instrument v3.2.6 ***************************************************************************** - deadlock problems when signing fixed - deadlock problems when validating fixed - deadlock when starting application via CLI with complex CodeExit fixed - ActiveDoc has no more limitations for synchronous calls (ActiveDoc code can open windows) - flatten problem with strange content streams fixed - flatten problem with clipping fixed - fix problem when assigning emtpy field name to acro form field - fix NPE with special TIFF documents - preferences can be imported using .pref documents - signature annotations are conformant to PDF/A - commandline option -perform can access processor stack for its arguments - fixed wintab bug: Sometimes the certificate has been shown instead of the signature image (using back and ready button). v3.2.5 ***************************************************************************** General - fix windows font registration. Some font family declarations clash and will result in poor rendering / font replacement - fix PDF pages traversal - fix decoding of doc's containing crypt filter entries - fix newline handling in COSString - fix import of rotated pages. - fix problem with trusted viewer using linux. - fix error saving signed file using linux (EOL error). - representation of text annotations corrected, conforming to the PDF specification. - new instrument "ConnectionSettings" for internet proxy. - more configurable OCSP check Instrument Markup - extended icon support for text / fileattachment annotations Signature Method signIT smartcard CC - added D-Trust signature card (CardOS RSA 2048 bit) - added prototype A-Trust signature card (ACOS ECDSA 192 bit) Sign Live! Linux - fix: error saving signed file (EOL error) v3.2.4 ***************************************************************************** General - added ULS to Unix deployment - fix memory leak with content rendering - fix endless loop with trusted viewer - fix parameter forwarding with unix shell script - fix bounding box for text based stamps - ease live of garbage collector by nulling references - demo validationreport via http added v3.2.3 ***************************************************************************** - online documentation updated - root certificates updated, signature bases on certificate only - intermediate certificates updated, signature removed - list of crls addresses: signature removed - gdi.dll is allowed in bin directory - default hash algorithm in batch definitions updated to SHA-256 v3.2.2 ***************************************************************************** initial Release basing on CABAReT Stage 3.2.2 and Sign Live! 3.2.2 additional Features: - Trusted Mode - additional identification of the application by certification and confirmation ID - verify installation's integrity - verify installation's configuration - safeguard documents against changes on file system