[Opendnssec-announce] SoftHSM 1.3.0

Rickard Bellgrim rickard at opendnssec.org
Fri Aug 12 14:12:18 UTC 2011


Hi

Version 1.3.0 of SoftHSM has now been released.

* Can now read CKA_ALWAYS_AUTHENTICATE but does not use it.
* Encryption and decryption using CKM_RSA_PKCS.
* Support X.509 certificates. (Patch from Thomas Calderon)
* Updated backup instructions.
* Only a Security Officer can set CKA_TRUSTED to true.
* The softhsm tool can set the value of CKA_TRUSTED.
* Support Botan 1.10.0.
* Better signing performance with a single element cache for the
PK_Signer object.
* Document README.MinGW describes how to build on Windows. (Text and
patches contributed by Jaroslav Imrich)

Bugfixes:
* API changes in Botan created a namespace collision.
* API changes in Botan’s state handling.
* BigInt::to_u32bit was accidently dropped in Botan. Adding it as a
compatibility function to SoftHSM.
* Better exception handling.
* CKF_USER_PIN_COUNT_LOW and CKF_SO_PIN_COUNT_LOW must be set if an
incorrect PIN has been entered at least once.
* Windows: Detect LoadLibrary.
* Windows: Set CRYPTOKI_EXPORTS.
* Windows: Load library correctly in softhsm.
* Windows: Compatibility function for getpass.
* Windows: Use _putenv and not setenv.
* Windows: Generate the DLL file.
* Windows: The softhsm tool will use the DLL file by default.
* Windows: Log to EventLog.
* Windows: Fix parsing of configuration file.
* Windows: The check program now links with a shared libgcc in order
to make the exceptions work.

Known issue:
* Firefox does improper setting of CKA_DERIVE attribute during PKCS#12
import. See https://bugzilla.mozilla.org/show_bug.cgi?id=515663

Download the tarball from:
http://www.opendnssec.org/files/source/softhsm-1.3.0.tar.gz

// OpenDNSSEC team



More information about the Opendnssec-announce mailing list