Spotlights:

SecretAgent DAS

 

 

  Summary of Recent Code Changes in SecretAgent® Java

 

This page summarizes the product enhancements and bug fixes that have been applied to SecretAgent 5.7/Java leading to the release of version 5.9.1 on the Solaris platform. (The Java GUI release for Mac OS X and other UNIX-based platforms are similar.)

Enhancements and changes in SecretAgent 5.9.1

  • Added support for Entrust Profiles for private key operations
  • Added support for server-mediated decryption of documents encrypted for communities of interest; requires access to a properly configured SecretAgent Document Access Servlet (DAS)
  • Added to the Preferences dialog a function that exports the user's encrypting certificate chain to a .p7c file
  • Recipient selection dialog changes:
    • the 'Add All' button has been relabeled ''Add Group'
    • a list of recipients can be saved as a group for future use
  • Re-addressing encrypted archives: any designated recipient can remove the current recipient list and replace it with a new one -- without having to decrypt the archive!
  • Added refresh function for Certificate and LDAP stores in Certificate Explorer
  • The Advanced Encryption dialog now allows you to remove entries from the list of files to be encrypted: click the paper clip icon and delete the files you no longer want to be included in the archive
  • Plaintext disposition dialog: when you close the Decryption Progress dialog, a new dialog will appear asking you what to do with the plaintext files that were just created. You may choose to re-encrypt, zap, or keep them.

Enhancements in SecretAgent 5.8.0

  • New features and functions:
    • added PKCS#12 support
    • added an option to delete ciphertext files after they are decrypted
    • added an option to overwrite read-only files during auto-encryption or auto-decryption
  • Improved certificate handling and key management:
    • SecretAgent's built-in certificate path validation is now a Federal Bridge-enabled PVM according to NIST's Recommendation for X.509 Path Validation version 0.5. SecretAgent’s path building and validation routines support CRL distribution points and Authority Information Access if configured by PolicyAgent to support these options. This means that CRLs and CA certificates will be retrieved via the network based on URLs stored in CRL DPs, and AIAs.
    • added key history support for all token types. (Regardless of the certificate selected in the configuration dialog, the software will use any private key in the key store to perform decrypt operations so that key rollover no longer requires the management of separate profiles.)
    • added a key store to keep track of all private keys in the user's profiles. (All private keys are now protected with a single master password which the user is prompted to specify the first time a software profile is used. It is recommended that the current private key password be used as the initial master password, but it may be changed at any time.)
    • added CRL store to manage all CRLs.
  • LDAP changes:
    • the handling of LDAP URLs for CRLs is now more forgiving with missing components now supplied automatically.
    • parameterized LDAP queries no longer allow the user to specify "begins with," "ends with," or "contains" clauses. Rather, the query must be entered with asterisks in appropriate locations. On the Encryption dialog, a pop up box no longers appears when accessing one of these queries but an edit box with instructions becomes active in the upper left corner of the dialog so that users may more easily enter multiple searches.
    • when multiple CRLs are returned by an LDAP query, only the latest one is retrieved and installed.
    • added support for certificate retrieval via LDAP (or from Microsoft AD) using the UserSMIMECertificate attribute
  • Security Policy related changes:
    • added supports for security policies generated by PolicyAgent 5.8.0
    • the default behavior for the Master Password and passwords for self-decrypting archives has been changed: the minimum length is now 1 instead of 8 and alphabetic characters are no longer required. Stricter password requirements may be enforced using PolicyAgent.
    • policy files may now be located in the installation folder rather than in the root directory, although the root directory placement is still supported.
    • if the security policy is set to enforce"Include Me as a Recipient" and the user's certificate is missing or invalid, encryption of files is not permitted.
    • the Policy dialog only displays customized policy settings
    • the View->Policy menu item is removed if no security policy has been installed.
  • Other improvements:
    • zapping is now significantly faster on UNIX systems
    • users are now allowed to select a file that is outside their home directory in the Select File Dialog
    • the New Profile Wizard has been simplified
    • dialogs that normally display a certificate's CN will choose another reasonable RDN if no CN is found
    • default settings are now always applied when signing and all options have been removed from the password dialog
    • added toggle button to hide or show advanced features in the Encryption dialog
    • the Import Certificate wizard now supports certificates with .crt and .der file extensions
    • fixed the proper restoration of file date and time stamps
    • files and folders are now sorted in (case-insensitive) ascending order in the file panel
    • all password related events are now logged and the option to disable this feature has been removed
     
           
   
Products | News | Support | Company | Terms of Use | Copyright
© 2004-2007 Information Security Corporation. All rights reserved.