Chilkat v188.8.131.52 Release Notes
Previous Version: https://cknotes.com/chilkat-v9-5-0-95-release-notes/
Chilkat v184.108.40.206 Release Notes
- DNS: Created a new Dns class for managing DNS nameservers to be used by Chilkat, and for doing DNS queries. It is a singleton class that allows an application to select
the DNS nameservers used throughout Chilkat. The term “singleton” means that all Chilkat DNS object instances work with a single copy of internal DNS settings that are application wide. This allows for applications to use reliable and high-speed public DNS servers such as Cloudfare, Google, and others. It also allows for DNS over TLS (DoT), and the option to require all DNS queries to use TLS. Also provides for a uniform way to do DNS queries over many DNS record types.
- PKCS11: Significantly expanded PKCS11 functionality. See the following bullet points.
- Remote Signing Services: Added functionality to utilize remote signing services, such as AWS KMS, Azure Key Vault, and Aruba Remote Signing Service (ARSS). This allows all signing functionality in Chilkat, such as PDF, XAdES, CAdES, etc. to use a remote signing service. The design allows for the easy expansion to support additional signing services as needed.
- PrivateKey: Added the UploadToCloud method to make it easy to upload a private key to various cloud services. The design allows for the easy expansion to support other cloud services. (Let us know if you have suggestions.)
- Cert: Added the SetCloudSigner method to link a certificate with a cloud service for any type of signing, such as PDF, XML Digital Signatures, CAdES (i.e. p7m/p7,), etc. For PAdES, XAdES, CAdES, etc., the certificate is still needed locally. This is because the certificate related information that goes into the PDF Signature, XML Signature, etc. is constructed by Chilkat, and it is only the RSA or ECDSA signing of a hash, deep within the internals of Chilkat, where the REST API call is made to the cloud signing service. Thus, your private key can exist only in the cloud.
- Cert: Added the UploadToCloud method to make it easy to upload a certificate to various cloud services. Examples are included for Azure Key Vault and Amazon KMS. The design allows for the easy expansion to support other cloud services. (Let us know if you have suggestions.)
- Cert: Added the LinkPkcs11 method to allow for a certificate to be linked to a private key located on an HSM (smartcard or token). This is needed for cases where the private key is on the HSM, but not the certificate. One use case for using this function is with AWS CloudHSM, where the PKCS11 driver, cloudhsm_pkcs11.dll on Windows, or libcloudhsm_pkcs11.so on Linux, could be used to link your certificate with the private key stored in the cloud on Amazon’s CloudHSM. Note: In this case, the communication with AWS CloudHSM happens within the PKCS11 driver and thus Chilkat does not directly communicate with AWS CloudHSM (as opposed to AWS KMS, which is key storage in the cloud where Chilkat communicates directly via the AWS KMS API). Note: The difference between AWS CloudHSM and AWS KMS is that one is literally a hardware token in the cloud, and the other is your private keys in the cloud, but not in hardware. AWS CloudHSM (hardware in the cloud) can be very expensive.
- SshKey: Added the UsePkcs11 method to allow for SSH public key authentication to use an HSM (smartcard or token) for the private key signing operation. This allows for the Ssh, SFtp, and SshTunnel classes, or anywhere SSH is used in Chilkat, to be able to use a private key located on an HSM and accessed via PKCS11 (because the private key for authentication is passed in an SshKey object, and if the SshKey is using a PKCS11 session, then it will be used for signing).
- PKCS11: Added the FindAllKeys method, which returns JSON with information for all keys of a particular type: private, public, secret, or otp.
- PKCS11: Added the GenSecretKey method, to provide the ability to generate a symmetric encryption key, such as AES, on the HSM.
- PKCS11: Added the GenRsaKey method, to provide the ability to generate an RSA key on the HSM.
- PKCS11: Added the GenEcKey method, to provide the ability to generate an ECDSA key on the HSM.
- PKCS11: Added the CreatePkcs11Object method, to provide a generalized method for creating an object on the HSM. This is a way to import non-sensitive material such as a session-only AES key-wrapping key, or a public key.
- PKCS11: Added the QuickSession method, to make it shorter and simpler in code to establish a PKCS11 session.
- PKCS11: Added the ImportPrivateKey method, to make it easy to import an RSA or EC private key on to the HSM. (It can be tricky though, because much depends on the capabilities of the HSM, the details of the template, and the security restrictions of the HSM.)
- PKCS11: Added the DestroyObject method, to make it possible to remove objects from the HSM.
- PKCS11: Added the FindObject method to provide a generalized way to find an object on the HSM.
- PKCS11: Added the ImportSshKey method. This is the same as ImportPrivateKey, but accepts a Chilkat SshKey object instead of a Chilkat PrivateKey object. (An SshKey *is* a private key, but for some foolish reason in the past, Chilkat decided to create a separate class for SSH keys.)
- PKCS11: Added the ExportPublicKey method to make it easy to export a public key from the HSM directly into a Chilkat PublicKey object. Note: There is no method to export a private key. It’s because private keys are meant to stay on the HSM. They are either generated on the HSM, or imported onto the HSM, but once on the HSM, a *private* key just stays there. It’s one of the main reasons for having an HSM — you cannot export the private key, and the signing happens on the HSM.
- CkDateTime: Added the SetFromNtpServer method to load the current date/time from an NTP server.
- Crypt2: Added the AesKeyWrapWithPadding and AesKeyUnwrapWithPadding methods. These methods implement the AES Key Wrap with Padding Algorithm (RFC 5649) for wrapping and unwrapping
- JsonArray: Added methods for unsigned integers: UIntAt, AddUIntAt, and SetUIntAt
- JsonObject: Added methods for unsigned integers: UpdateUInt and UIntOf
- JsonObject: Added the StringOfEquals method, to make it more convenient to check of a JSON value equals a particular value.
- PDF: Added the HasCertificationSig property to make it easy to see if a PDF’s signature is a certification signature.
- StringBuilder: Added the AppendRandom method to make it more convenient to add random data to a string.
- Zip: Added the MaxUncompressSize property. An application can set this property to prevent unzipping any files larger than a max size uncompressed.
- Zip: Added the GetMaxUncompressedSize method. After opening a .zip, the application can call this method to return the size of the file contained within the Zip that has the largest uncompressed size.
- Cert: Added the GetExtensionBd method to return binary extension data by OID.
- StringArray: Improved performance.
- SSH/SFTP: Fixed possible RSA public key authentication problem for the Azure SSH server.
- XML: The NewChild/NewChild2 methods would convert hex entities incorrectly. For example, if the content passed in is “Bührmann”, the the content in the XML would become “Bührmann”. This is now fixed. When re-emitting the XML or saving, the content remains “ü”.
- XmlDSigGen: Added the “NoTimestampBias” keyword to emit signing times without the timezone bias. For example, “2023-08-06T15:36:29”. This is needed for certain picky Turkish government validators.
- Cert: Added the GetExtensionBd method to provide a way to get binary certificate extension data.
- Xml: Fixed the bmethod. The “skipTags” argument was getting ignored.
- PDF: Added the read-only HasCertificationSig property to determine if a PDF already has a certification signature.
- PDF: Added encryption and permissions information to the Pdf.LastJsonData for the call to Pdf.LoadFile and Pdf.LoadBd. See https://www.example-code.com/csharp/pdf_get_encryption_and_permissions.asp.
- Smartcards: Added support for the Watchdata PROXkey USB token. Chilkat should automatically recognize the USB token
and use the PKCS11 driver at C:\Windows\System32\SignatureP11.dll. (This is also supported on Linux, assuming the shared lib is at /usr/lib/WatchData/ProxKey/lib/libwdpkcs_SignatureP11.so)
- CSV: Added the keywords “QuotedCells” and “QuotedColumnNames” to force double-quoted cells and column names when emitting CSV to a file or string buffer.
- PDF: Greatly improved the appearance of non-English text in visible PDF signatures.
- JsonObject: Added the UIntOf and UpdateUInt methods
- JsonArray: Added the UIntAt, SetUIntAt, and AddUIntAt methods.
- HTTP: Fixed the PFile method. The body of the request was 0 bytes if the gzip argument was true. Fixed to correctly send the gzipped file as the body of the HTTP request.
- Email: If the file path passed to AddFileAttachment or AddRelatedFile contained both forward and backward slashes, then the filename part of the path, which is what appears in the “filename” attribute within the MIME sub-header, could include part of the file path. This was fixed.