Summary of Recent Code Changes in SecretAgent® for Windows

This page summarizes the product enhancements and bug fixes that have been applied to SecretAgent 5.7 leading to the release of version 5.8.4 on the Windows platform.

Changes and bug fixes in SecretAgent 5.8.4

  • Valid profile names are now generated during profile creation even when the user fails to select a signing certificate
  • CAPI usage has been improved:
    • certificate chains are now included when e-mailing or exporting certificates
    • fixed support for hardware tokens that cannot handle 256-bit session keys so that ciphers with smaller key sizes can be used
    • added CRL checking to CAPI path validation
    • path validation now works with base64-encoded certificates in Certificate Explorer
  • Certificate Explorer improvements:
    • added ability to import base64-encoded PKCS#8 (.prv) files
    • certificate replacement is no longer allowed during import; old certificates must be explicitly deleted (this guards against users inadvertently overwriting a certificate required to decrypt CMS archives or to mount SpyProof! disks)
    • the target profile list is now restricted to PKCS#11 profiles when importing certificates from a PKCS#11 token
    • receiving an error page in response to an attempt to retrieve a CRL via a URL now results in an error message stating that the URL is invalid
    • gracefully handles a failure to create a personal certificates database during initial startup
  • Users can no longer initiate auto-encrypting during auto-decryption
  • .saa files are now treated the same way as .sa5 files

Changes and bug fixes in SecretAgent 5.8.3

  • Multiple private keys can now be imported from a single PKCS#12 file.
  • Name constraint violations are now detected in a self-issued certificate which is the end-entity (in compliance with NIST PKITS test 4.13.20).
  • Correct user notice qualifiers are now displayed (in compliance with NIST PKITS test 4.10.13 and 4.10.14).
  • Importing, or accessing via a URL, a zero-byte CRL no longer causes an exception.
  • Outlook 2000 no longer crashes during certificate validation when composing and sending, or validating, a SecretAgent message with a non-self-signed certificate.

Changes and bug fixes in SecretAgent 5.8.2

  • A Certificate Explorer database containing certificates with previously unsupported subject RDNs (those that earlier software releases rendered as Unknown=) can be "updated" to correct certificate validation errors due to mismatched DNs. After upgrading from 5.8.1 to 5.8.2, a user must change their master password to trigger the database update process. When upgrading from 5.7.X to 5.8.2, establishment of a master password automatically updates the database.
  • Mutliple files may now be cut or copied using the context menu in SecretAgent's Explorer view.
  • A common name containing a comma no longer gives rise to a truncated profile name terminated with a backslash.
  • The upgrade setup program now says it is updating to 5.8 rather than 5.7.1.
  • The Profile Preferences dialog's Policy tab now displays detailed information for an OCSP server certificate specified in the active security policy and displays a textual description of the start-up view setting.
  • The Profile Manager's Help Online button opens the 5.8, rather than the 5.7, support pages.
  • Path validation with security policies containing CRL URLs and involving CRLs containing authority key identifiers no longer causes a stack overflow.
  • A "COM Server Warning" message no longer appears when using a profile configured to close progress dialogs on success and to close SecretAgent when started from the Explorer context menu.
  • PolicyAgent's start-up view setting no longer causes SecretAgent to enter the toolbar view when the system tray view is selected and vice-versa.

New Features and Changes in SecretAgent 5.8.1

  • All private key storage modules (except the FORTEZZA one) now provide automated private key history management. Regardless of the encryption certificate associated with the user's active profile, the software will find and use the appropriate private key in the selected module when decrypting.
  • All private keys stored in a user's personal certificate database are now protected with a single master password. Optional challenge/response or administrative password recovery features have been added.
  • In the absence of a security policy, the minimum password length is now 1 instead of 8, and passwords are no longer required to contain characters. A security policy can be used to enforce stricter password requirements.
  • Added an integrated OCSP client supporting a single OCSP responder.
  • SecretAgent's certificate path validation module (PVM) is now a 'Bridge-enabled PVM' in compliance with NIST's Draft Special Publication for X.509 Path Validation Version 0.5. SecretAgent's path building routines and validation routines support CRL distribution points, Authority Information Access, and OCSP when a security policy allowing the use of these features is installed. This means that CA certificates and CRLs can be retrieved, when necessary, via URLs in AIA extensions and via CRL DPs.
  • Optional CAPI path validation is now supported for every private key storage module except FORTEZZA. Use of CAPI for path validation can be configured by a security policy.
  • Reorganized and simplified profile creation wizard.
  • Added support for 'UserSMIMECertificate' attributes in LDAP and Active Directory queries.
  • Added an advanced option to delete ciphertext files after they are decrypted.
  • Added the ability to move files to an alternate directory on the same target drive from within the Progress dialog.
  • Progress dialog output has been reordered to place error messages at the top.
  • An item has been added to the View menu to allow the user to toggle on and off various components of Explorer View.
  • Added an 'E-mail My Certificate' item to the Tools menu to ease certificate exchange between users.
  • Parameterized LDAP queries no longer allow the user to specify "begins with," "ends with," or "contains" clauses. Rather, the complete query must be entered with asterisks in appropriate locations. On the Encryption dialog a pop up box no longer appears when accessing one of these queries. An edit box with instructions becomes active in the upper left corner of the dialog so that users may more easily enter multiple successive queries.
  • Added a 'Create Certificate Group' item to the Certificates menu in Certificate Explorer to make it obvious how to create groups of recipient certificates.
  • Certificate Explorer's import wizard now supports multiple selection so that several certificates can be imported at a time.
Current release:
  • {version}