JCAPI version info: Version 1.0.0 (2005-05-30): --------------------------- First release. Version 1.0.1 (2005-06-30): --------------------------- ENHANCEMENT: JCAPI is now signed with a qualified code signing certificate. Version 1.1.0 (2006-03-14): --------------------------- ENHANCEMENT: Supporting three new CSPs: "SI_CSP", "SafeSign CSP Version 1.0" and "AR Base Cryptographic Provider". ENHANCEMENT: Extended SSL plugin now supporting PKCS#11 from Java 5. ENHANCEMENT: Supporting removal of PKCS#11 CSPs (both natively supported and user-added). ENHANCEMENT: Get and set friendly names for certificates in MS CAPI. ENHANCEMENT: Get friendly names for system stores in MS CAPI. ENHANCEMENT: Added support for cipher wrapping/unwrapping of asymmetric keys. ENHANCEMENT: New class available for gathering data about a hardware PKCS#11 token. ENHANCEMENT: Introduced new exception class 'JCAPIUnknownAliasException'. ENHANCEMENT: JCAPI can now be fully utilized with limited user accounts. Note: the JCAPI dll is now stored in the user's temporary directory instead. Also, the default JCAPI installation directory has been changed to 'C:\JCAPI'. BUGFIX: Better handling of 'out of memory' errors (malloc, calloc) in JCAPI DLL. BUGFIX: Removed a memory leak when an exception was thrown from the JCAPI DLL. BUGFIX: Removed a memory leak when method Util.getCSP() was invoked in the JCAPI DLL. BUGFIX: Removed a memory leak when method KeyStore.getCertificateChain() was invoked in the JCAPI DLL. BUGFIX: Removed a memory leak when a signature was verified in the JCAPI DLL. BUGFIX: Certificate entries (i.e. certificates with no associated private key) stored in the key entry store (i.e. the "MY" system store) was filtered out due to their missing keys. BUGFIX: Method KeyStore.getKey() threw a JCAPIJNIRuntimeException when the user cancelled the access to a protected private key. Now it throws a JCAPIJNIOperationCancelledException. BUGFIX: Method KeyStore.getKey() threw a JCAPIJNIRuntimeException when the user gave an incorrect PIN code to access a protected private key. Now it throws a JCAPIJNIInvalidPINCodeException. Version 1.1.1 (2006-07-26): --------------------------- BUGFIX: Existing system (certificate) stores that could not be opened was considered valid stores in jCAPI. BUGFIX: Method KeyStore.getKey() threw a JCAPIJNIRuntimeException with message "JCAPIKeyStore_getKey() - Could not get private key blob length." when a private key could not be exported (only NTE_BAD_KEY_STATE was considered legal). Now it returns a JCAPIRSAPrivateKey instance instead. BUGFIX: The JCAPI SSL plugin sometimes generated aliases for PKCS#11 tokens that was considered illegal (contained spaces etc) by SUN's PKCS#11 provider. Now, a hexadecimal unique value for the current provider is used instead. BUGFIX: When a non-existing system (certificate) store was opened, the JCAPI DLL automatically created it. Version 1.1.2 (2006-08-18) -------------------------- BUGFIX: During method calls 'Signature.verify(byte[] signature)' and 'Signature.verify(byte[] signature, int offset, int length)', JCAPI reversed the content of the 'signature' parameter from big-endian to little-endian, meaning that the signature was changed after these calls. Version 1.2.0 (2007-02-10) -------------------------- ENHANCEMENT: Implemented new MS CAPI based SecureRandom provider. ENAHNCEMENT: JCAPI now automatically extracts the JCAPI.dll from inside the JCAPI.jar file and replaces an existing JCAPI.dll if they are not identical, meaning that you do not have to call 'JCAPIDLL.getInstance().setAlwaysOverwrite(true)' any more. You can override this behaviour by calling 'JCAPIDLL.getInstance().setAlwaysOverwrite(false)'. ENHANCEMENT: New class 'JCAPISystemStoreRegistryLocation' was introduced to be used with new system store registry location methods in class JCAPIUtil. ENHANCEMENT: New methods in JCAPIUtil for handling system (certificate) store registry locations in JCAPI when opening an MS CAPI system store. Default registry location used by JCAPI is 'current user'. ENHANCEMENT: New method 'setExclusiveMSCertStore(KeyStore, String)' in class JCAPIProperties to be used when you want a JCAPI KeyStore instance to operate on a specific MS CAPI certificate store regardless of other JCAPI KeyStore instances. Can be used for assigning a MS CAPI based trust store in SSL. ENHANCEMENT: The JCAPI SSL plugin now uses the new JCAPI SecureRandom provider as its default provider. ENHANCEMENT: More JCAPI example programs and extended SSL examples available, ENHANCEMENT: JCAPI is now supported on Windows Vista. ENHANCEMENT: JCAPI is now supported on Java 6. BUGFIX: The methods 'Signature.sign()' and 'Cipher.doFinal()' did not throw a 'JCAPIJNIInvalidPINCodeException' instance when an incorrect PIN code was given during access to a private key through PKCS#11. Instead, the PIN callback was invoked again. BUGFIX: JCAPI did hang when a user-defined PIN callback instance accessed the PKCS#11 token inside the 'getPINCode(...)' method. The second access did cause the token to finalize prematurely and thus closing all resources for the JCAPI PKCS#11 layer thread invoking the callback method. BUGFIX: A PKCS#11 DLL could not be found/loaded when its file name, or directory path, contained non-ASCII characters (locale support). BUGFIX: Method 'JCAPIUtil.getPKCS11TokenInfo(String)' threw a JCAPIJNIRuntimeException saying "JCAPIUtil_getPKCS11TokenInfo() - Could not get info about the PKCS#11 hardware token. Error code: 20" when a certificate stored on a PKCS#11 token had been copied into a MS CAPI system store, but the token itself was later removed/detached. Now the method returns null instead. BUGFIX: Method 'JCAPIUtil.setCertificateFriendlyName(String,String)' stored the friendly name in MS CAPI without proper Unicode EOS character. BUGFIX: Patched the JCAPI SSL plugin for Java v1.3 since JSSE did create incorrect issuer distinguished names for some certificates. BUGFIX: JCAPI, just like MS CAPI, now handles the system store names in a case insensitive manner to avoid problems when accessing stores such as ADDRESSBOOK/addressbook. Version 1.2.1 (2007-04-13) -------------------------- ENHANCEMENT: JCAPI is now re-signed with a new code signing certificate. BUGFIX: The list of available MS CAPI system stores was not updated to include the 'ADDRESSBOOK' store after JCAPI created it. This caused an exception to be thrown saying that the store did not exist even though it was successfully created by JCAPI. Version 1.2.2 (2007-05-20) -------------------------- BUGFIX: Non-administrator users could not access certificates (and allotted private keys) imported by administrators into the LOCAL_MACHINE system store registry location. Version 1.2.3 (2007-12-10) -------------------------- BUGFIX: Signatures made by PKCS#11 providers through JCAPI's PKCS#11 layer was built upon a raw hash value instead of a ASN.1/DER encoded DigestInfo structure (containing the hash value and its associated algorithm identifier) as specified by the RSA PKCS#1 standard. Version 1.2.4 (2009-05-18) -------------------------- ENHANCEMENT: JCAPI is now re-signed with new code signing certificates issued by SUN Microsystems and Thawte since the old ones are about to expire. ENHANCEMENT: JCAPI is now verified and supported on Windows 7. BUGFIX: Wrong error code was caught when a signing operation failed in the PKCS#11 layer. Now the signing method throws an expected SignatureException when the operation fails. Version 1.2.5 (2009-11-18) -------------------------- ENHANCEMENT: Added new class JCAPIPKCS7 which supports encoding and decoding of PKCS#7 envelopes. BUGIX: Method 'JCAPIUtil.getCSP(String)' returns null for certificate entries. Now the name of the MS CAPI CSP used for encryption and signature verification is returned. BUGFIX: Backwards compatibility was broken on legacy systems Windows 98/98SE/ME. Version 1.2.6 (2011-04-03) -------------------------- ENHANCEMENT: JCAPI is now re-signed with a new code signing certificate. The new certificate is valid until 4th of June 2014. Version 1.2.7 (2012-04-22) -------------------------- BUGFIX: The jcapi.dll file failed to be loaded into the JVM on Windows 2000 with IE 6 and JRE 6 Update 31. Version 1.2.8 (2013-10-30): --------------------------- ENHANCEMENT: Added property Trusted-Library into the JCAPI manifest file to allow mixing privileged code and sandbox code. ENHANCEMENT: Added properties Permissions, Codebase and Application-Name into the JCAPI manifest file to avoid security warnings with Java 7u45 and higher. ENHANCEMENT: JCAPI is now re-signed with a new code signing certificate from DigiCert. The new certificate is valid until 13th of December 2016. ENHANCEMENT: JCAPI is now re-signed with a new JCA code signing certificate from Oracle. The new certificate is valid until 28th of October 2018. BUGFIX: Private keys was stored in CERT_SYSTEM_STORE_CURRENT_USER location even though JCAPI was configured to store them in CERT_SYSTEM_STORE_LOCAL_MACHINE. Version 2.0.0 (2011-04-25): --------------------------- Public release of version 2.0. For a full list of enhancements made, please read the document JCAPI v2.0 Delta Description: http://pheox.com/products/jcapi/2.0.0/JCAPI_v2_Delta_Description.pdf Version 2.1.0 (2011-11-28): --------------------------- ENHANCEMENT: Added new helper methods in class JCAPIKeyStoreProperties to support setting of exportable and/or protected private keys when they are imported into MS CAPI. ENHANCEMENT: JCAPI can now be executed on Windows Server 2008 (32-bit) without disabling the Data Execution Prevention (DEP). BUGFIX: JCAPI caused 'Invalid access to memory location' error when started on 32-bits platforms with Java 7. Version 2.1.1 (2012-01-19): --------------------------- BUGFIX: JCAPI crashed the JVM inside Internet Explorer 8 on some x86 platforms when used in an applet. Version 2.2.0 (2013-09-11): --------------------------- ENHANCEMENT: Added property Trusted-Library into the JCAPI manifest file to allow mixing privileged code and sandbox code. Version 2.2.1 (2013-11-03): --------------------------- ENHANCEMENT: Added properties Permissions, Codebase and Application-Name into the JCAPI manifest file to avoid security warnings with Java 7u45 and higher. ENHANCEMENT: JCAPI is now re-signed with a new code signing certificate from DigiCert. The new certificate is valid until 13th of December 2016. ENHANCEMENT: JCAPI is now re-signed with a new JCA code signing certificate from Oracle. The new certificate is valid until 28th of October 2018. BUGFIX: Private keys was stored in CERT_SYSTEM_STORE_CURRENT_USER location even though JCAPI was configured to store them in CERT_SYSTEM_STORE_LOCAL_MACHINE. BUGFIX: The JCAPI DLL was extracted every time from the jcapi.jar file even though the exact same DLL had been extracted before. Version 2.2.2 (2016-11-17): --------------------------- ENHANCEMENT: JCAPI is now re-signed with a new code signing certificate from DigiCert. The new certificate is valid until 17th of January 2020. Version 2.2.3 (2018-09-16): --------------------------- ENHANCEMENT: JCAPI is now re-signed with a new JCA code signing certificate from Oracle. The new certificate is valid until 10th of September 2023. BUGFIX: Hash algorithms failed to be created when using Java 9 in 64-bit environments. Due to wrong datatypes used in JNI. BUGFIX: Signatures failed to be created when using Java 9 in 64-bit environments. Due to wrong datatypes used in JNI. BUGFIX: PKCS#7 envelopes failed to be created when using Java 9 in 64-bit environments. Due to wrong datatypes used in JNI. Version 2.2.4 (2019-11-19): --------------------------- ENHANCEMENT: JCAPI is now re-signed with a new code signing certificate from Sectigo. The new certificate is valid until 18th of November 2022. Version 2.2.5 (2025-05-23): --------------------------- ENHANCEMENT: JCAPI is now re-signed with a new JCA code signing certificate from Oracle. The new certificate is valid until 22nd of May 2030. ENHANCEMENT: JCAPI is now re-signed with a new code signing certificate from Certum. The new certificate is valid until 11th of May 2028.