kaikramer.github.io/release53.html at main · kaikramer/kaikramer.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
---
layout: default
title: KeyStore Explorer - Release Notes
---

<div class="page-header">
    <h1>Release 5.3.2 <small class="text-muted">19 Dec 2017</small></h1>
</div>
<div class="row">
    <div class="col-md-6">
        <p>
            This release fixes the following bugs:
            <ul>
                <li>Fixed errors caused by some encryption algorithms for PKCS#8 private key files (reported by Osys)</li>
                <li>Fixed bug in certificate extension viewer (unknown OID caused an error)</li>
                <li>Fixed update check interval</li>
                <li>Fixed default DN could not include empty RDNs</li>
                <li>Fixed bug that caused an error when trying to access a PKCS#11 keystore under Java 9</li>
            </ul>
        </p>
    </div>
    <div class="col-md-6">
    </div>
</div>

<div class="page-header">
    <h1>Release 5.3.1 <small class="text-muted">01 Nov 2017</small></h1>
</div>
<div class="row">
    <div class="col-md-6">
        <p>
            This release includes the following bug fixes and enhancements:
            <ul>
                <li>Java 9: Fixed ECDSA signature problem with Brainpool curves (reported by Davyd Santos).</li>
                <li>Java 9: Unable to launch on MacOS (reported by Nicolas Henneaux, partial fix by Frank Dietrich).</li>
                <li>Certificate Extension Viewer: When an extension contained multiple URIs, everything after the first URI was not displayed.</li>
                <li>Mac OS version: Removed version number from application name (requested by Don Montalvo).</li>
                <li>The included Bouncy Castle library has been updated to version 1.58.</li>
            </ul>
        </p>
    </div>
    <div class="col-md-6">
    </div>
</div>


<div class="page-header">
    <h1>Release 5.3.0 <small class="text-muted">01 Aug 2017</small></h1>
</div>
<p>
    This release includes the following new features, enhancements and bugfixes:
</p>

<h2 class="h3">New Flexible DN Chooser</h2>
<div class="row">
    <div class="col-md-6">
        <p>
            In older versions of KSE the dialog for entering the Distinguished Name (DN) had a strict scheme of 7 commonly
            used name components (CN, OU, O, L, ST, C, E) in the commonly accepted order. It was not possible to use other
            name components like for instance SerialNumber (SN). Also, it
            was not possible to create a DN with more than one occurrence of the same attribute (especially OU is often used more
            than once in a DN).
        </p>
        <p>
            The new DN chooser dialog allows to add and remove RDNs (relative distinguished names) at any position by
            clicking on the "+" and "-" buttons. For every RDN you can select one of the following name components:
            <ul>
                <li>Common Name (CN)</li>
                <li>Organizational Unit (OU)</li>
                <li>Organization (O)</li>
                <li>Locality (L)</li>
                <li>State (ST)</li>
                <li>Country (C)</li>
                <li>Email Address (E)</li>
                <li>SerialNumber (SN)</li>
                <li>GivenName (GN)</li>
                <li>Surname (SURNAME)</li>
                <li>DomainComponent (DC)</li>
            </ul>
        </p>
        <p>
            The new DN chooser dialog defaults to almost the same scheme as before (CN, OU, O, L, ST, C) with only
            email address removed (according to RFC 5280 it belongs in the SubjectAlternativeName extension).
        </p>
    </div>
    <div class="col-md-6">
        <p>
            <img src="images/releases/release53/rel53_dnchooser.png" class="img" align="top" border="0" />
        </p>
    </div>
</div>

<h2 class="h3">Flexible Validity Date Selection</h2>
<div class="row">
    <div class="col-md-6">
        <p>
            The validity of a certificate generated by KSE used to start at the point of time when it was issued.
            The certificate generation dialog only provided a setting for a validity period in years, months, weeks or days
            and the validity end date was calculated by adding this period to the current date and time. Most of the times
            this is sufficient. However, there are scenarios where it is necessary to create a certificate with a
            <em>notBefore</em> that lies in the past or in the future.
        </p>
        <p>
            KSE 5.3 allows to freely select both validity start ("<em>notBefore</em>") and validity end ("<em>notAfter</em>").
        </p>
        <p>
            The validity start defaults to the current date and time. Therefore the old behavior can now be achieved by
            selecting the wanted amount of years/months/weeks/days like before and then clicking the apply button.
            This sets the end date accordingly.
        </p>
        <p>
            This new feature is a contribution by Michele Mariotti.
        </p>
    </div>
    <div class="col-md-6">
        <p>
            <img src="images/releases/release53/rel53_validity.png" class="img" align="top" border="0" />
        </p>
    </div>
</div>

<h2 class="h3">Other Enhancements</h2>
<div class="row">
    <div class="col-md-6">
        <p>
            <ul>
                <li>Added support for QcStatements OID 0.4.0.1862.1.5 (PKI Disclosure Statements) and OID 0.4.0.1862.1.6 (Type) for eIDAS certificates in certificate viewer (contributed by Jordi Pinzón)</li>
                <li>Windows installer: Silent installation now possible (contributed by shivan)</li>
                <li>Maximum key length for DSA keys is now 2048 (contributed by Luís Câmara)</li>
                <li>Export certificate chain in PEM format (requested by several users)</li>
                <li>Improved file name suggestions for OpenSSL key export in order to avoid name collisions (suggested by Daniel Mota Leite)</li>
                <li>Improved German translation (mostly by Frank Dietrich)</li>
                <li>Compatible with Java 9 now</li>
                <li>Updated included Bouncy Castle library to 1.57</li>
            </ul>
        </p>
    </div>
    <div class="col-md-6">
        <p>
        </p>
    </div>
</div>

<h2 class="h3">Bugfixes</h2>
<div class="row">
    <div class="col-md-6">
        <p>
            <ul>
                <li>DNs with other components than CN, OU, O, L, ST, C, E and/or several occurences of the same
                    name attribute are now properly displayed (reported by Tom Van Oppens)</li>
                <li>Fixed EC private key export (reported by Karsten Ohme)</li>
                <li>Serial number not limited to 32bit anymore (reported by Luís Câmara)</li>
                <li>Fixed NPE when exporting a private key in MSCAPI keystore with DnD (reported by dmatob)</li>
            </ul>
        </p>
    </div>
    <div class="col-md-6">
        <p>
        </p>
    </div>
</div>


<div class="page-header">
    <h1>Older Release Notes</h1>
</div>
<p>
    <a href="release52.html">KeyStore Explorer Release 5.2.0, 5.2.1 and 5.2.2</a>
</p>
<p>
    <a href="release51.html">KeyStore Explorer Release 5.1.0 and 5.1.1</a>
</p>
<p>
    <a href="release50.html">KeyStore Explorer Release 5.0.0 and 5.0.1</a>
</p>