Softpedia >Mac >Developer Tools >CERTivity >  Changelog

CERTivity Changelog

What's new in CERTivity 2.0 Build 15

Jul 11, 2017
  • New Features:
  • Added support for Timestamp Information when signing Jar files.
  • Bug Fixes:
  • Keep up with the deprecation of MD5 and SHA1 related algorithms.
  • The wizard for installing Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files works for Java 1.8 as well.
  • For Java 1.8 the type is now correctly identified for PKCS12 KeyStores.

New in CERTivity 2.0 Build 8 (Jan 28, 2014)

  • New Features:
  • Added support for Elliptic Curve (EC) Algorithms in Key Pair generation.
  • Added support for managing and using Elliptic Curve (ECDSA and ECGOST) Algorithms Key Pairs and Certificates.
  • Added an innovative and easy to use wizard for installing Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files via an integrated JavaFX browser.
  • Added an "Advanced Details" option under the "Help" menu, that displays detailed information about system and security properties.
  • Added an "Advanced Details" option under the "Help" menu, that displays detailed information about system and security properties.
  • Interface improvements for certificate extensions management.
  • Added Quick Search feature for application, consisting of a text field in the top right corner of application.
  • The Quick Search feature for an opened KeyStore, triggered when starting to type a search string, having the focus on an opened KeyStore tree, searches through values of all the entry fields (alias, subject, issuer, etc.) not just the entry alias and the visible columns.
  • Added filter to the Options Panel, consisting of a text field in the top right corner of the Options Panel.
  • KeyStore related actions are now displayed in the context menu, when right-clicking on an empty area inside an opened KeyStore.
  • Updated to version 1.49 of the Bouncy Castle library.
  • With the update of the Bouncy Castle library the default BKS KeyStore type is not compatible with older versions of Bouncy Castle.
  • Updated to version 7.4 of NetBeans RPC.
  • Updated to version 5.1.7 of install4j.
  • Added MacOS installer with bundled 64bit Java 7 Runtime Environment.
  • Added new "Advanced Options" category in the options dialog under the "Tools / Options" menu.
  • Bug Fixes:
  • Implemented a separate Security Provider in order to correctly manage the cut/copy/paste actions for PKCS#12 KeyStore type.
  • Changed the way the Generate Key Pair Dialog responds to the Enter key: the default button which responds to Enter Key is the "OK" button.
  • Fixed always showing the warning "Could Not establish trust Path" when signing another Key Pair with a Key Pair selected as CA Issuer, although the current KeyStore is selected in the Trust Path options, or the KeyStore path is explicitly specified.
  • Fixed showing the message "Successfully signed by and Imported its certificate in chain" even when selecting not trusting the root, hence the signature not taking place.
  • Fixed requesting Key Pair password for PKCS 12 which do not have passwords.
  • Fixed Help window displaying behind the main window on Mac OS X.
  • Fixed error when trying to open a certificate chain with 6 or more certificates exported in PKCS#7 format.
  • Fixed incorrect display of certificate chain when generating a new Key Pair in a PKCS#12 KeyStore (only the user certificate was displayed).
  • Made the Secret Key icon transparent.
  • Fixed a focus lost bug when using the persistence option "Persist only KeyStore file name (without password)" and the password was requested for a KeyStore located in a different tab than the one the application started with.
  • Fixed a focus lost bug when using the application Quick Search function which opened the Options dialog. The focus was in the KeyStore panel, not in the Options dialog, and this is now fixed.

New in CERTivity 1.2 Build 1888 (May 10, 2013)

  • New Features:
  • Added support for viewing CRL files - Implemented a CRL viewer that acts as a top component when opening a CRL file.
  • The information contained in a CRL file is displayed as follows: the fields of the CRL file are displayed in the left part of the application window using a tree structure and the content of the CRL fields or tree node selected is displayed in the right part of the application window. The revoked certificates can be viewed individually by clicking on each revoked certificate node, or they can be displayed as a list, by selecting the Revoked Certificates List.
  • Also implemented CRL extensions and CRL entry extensions as defined in the RFC 3280, and the extensions Issuer Alternative Name and Subject Alternative Name which can be used also as CRL or Certificate extensions.
  • Updated the "Open Recent File" option from the "File" menu to also remember URL locations, not just file locations.
  • Added a new feature that allows the user to start viewing a CRL from the certificate details, if the certificate has an associated CRL. For this, a new button was added in the toolbar found at the top of the window section that displays the certificate details. This button is called "View Associated CRL" and it is active only when the certificate contains the corresponding information in the "CRL Distribution Points" extension.
  • Added selective drag and drop - We are now able to open using the drag and drop action the following files: certificates, CRLs, CSRs and KeyStores. This is working on Microsoft Windows and Linux platforms.
  • Added new signature algorithms for Key Pair/CSR generation and for CSR signing. Also updated the Digest algorithms for the Sign Jar action.
  • Added new Key Algorithms for Secret Key generation. The algorithms are defined for 2 providers: for the Bouncy Castle Provider and for the Sun JCE Provider (if it exists on the system where CERTivity is running), allowing the user to select only the supported key sizes for each algorithm depending on the algorithm type and provider. In case the Sun JCE Provider is not available, the Default provider will be used which means that all the Secret Key algorithms (that CERTivity supports) will be displayed with the key sizes starting from 1 for each algorithm. For this case, if the algorithm or the key size is not supported by the Default provider, an error will be displayed.
  • Added support for file type inspection - Implemented a new feature that inspects the type of a chosen file based on a greedy heuristic algorithm. This feature was added in the "File" menu and it is called "Inspect Type".
  • Added support for viewing CSR files - Implemented a CSR viewer that acts as a top component when opening a CSR file and that allows the user to view all the possible fields in a CSR file. This action is called "Open CSR" and can be accessed from the "File/Open" menu.
  • Improved the appearance of the "Certificate Extensions" tab to be more user friendly for adding extensions - Updated the appearance of the "Certificate Extensions" tab found in the "Generate Key Pair" and "Sign CSR File" windows. This was done by adding a self-explanatory text in the right panel from the "Certificate Extensions" tab, to make the interface more user friendly when it comes to adding extensions using the contextual menu that appears when right-clicking on the tree nodes.
  • The text added is the following: "To manage extensions, right-click on the tree nodes (initially the "extensions" root) and follow the contextual menu that appears."
  • As many CAs only return the issued certificate, with no supporting chain, we improved the certificates management in certificate chain.
  • Extended the Fingerprints in all Certificates Details sections - Support was added so that in the Certificate Details sections, the certificate fingerprints to be also available in the following hashes: MD2, MD4, RIPEMD-128, RIPEMD-160, RIPEMD-256, SHA-224, SHA-256, SHA-384 and SHA-512.
  • Added the "Windows Menu Key" as a shortcut for the System/Popup action. Also added the Shift-F10 keys combination as Shortcut for the contextual menu.
  • Support was added to make certificate signing easier. This new feature was also made available for the "Generate Key Pair" action, by doing the following:
  • Added in the "Certificate Info" tab from the "Generate Key Pair" dialog a check-box with the label "Sign By ". This check-box is placed above the "Signature Algorithm" combo-box. When no CA Issuer is selected the "Sign by " is inactive. When a CA Issuer is selected the "Sign by " check-box is active and the "..." string is replaced with the name of the selected CA Issuer.
  • When this check-box is checked and the "OK" button is pressed, a CSR will be generated for the newly created Key Pair. This CSR will be signed by the selected CA Issuer and the CA Reply obtained will be imported in the newly created Key Pair - all these being done automatically.
  • Support was added to detect CSR files and resulting CA Replies signed by/imported in the same Key Pair - In order to prevent CSR files to be signed by the same Key Pair that generated them, we verify each certificate from the ordered chain not to have the same public key as the next certificate in the chain. If we find such a case, the user will be presented with the warning message: "The public key of the CSR file is contained in the Key Pair you are trying to sign it with." and (s)he will be allowed to continue the signing process if (s)he chooses so.
  • Support added to standardize the country code contained in a DN - To make sure that the Country code contained in a DN is a two-letter ISO code, we added a combo-box populated with all the ISO countries, combo-box that has enabled automatic completion. The automatic completion is strict, only items from the combo-box can be selected. Also, if the user does not want to set a country code, the "None" option is available in the combo-box. The combo-box will be active in the "Generate Key Pair" and "Regenerate Key Pair" dialogs.
  • Warning message added when "Esc" key is pressed in the "Generate Key Pair" or "Sign CSR File" dialogs - Pressing "Esc" key when in the "Generate Key Pair" or "Sign CSR File" dialogs closed the dialogs without any notice, thus making possible to accidentally loose the information already filled in many fields contained in the dialog, including the Certificate Extensions. We now added a warning message when "Esc" key is pressed, allowing the user to choose whether to close or not the current dialog.
  • Extended the Options panel to support more settings.
  • Added Trust Path validation - Implemented Trust Path validation for the "Import Certificate" and "Import Ca Reply" actions. Also added an additional column to the KeyStores view, to display if the certificates are trusted or not. This column applies only to Certificate Entries, not to Key Pair entries.
  • Added support for entering a new serial number when extending validity of a self-signed certificate. On the "Extend Validity" dialog, the user can now also see the current serial number of the certificate for which the validity period should be extended, and can enter a new serial number for the new resulting certificate (either by generating one using the "Generate" button, or by entering a custom serial number in the corresponding text box).
  • A Quick Search triggered by the keyboard input is now available in the KeyStore panel allowing selective column search.
  • The main icon of CERTivity KeyStores Manager was facelifted and CERTivity Help has a suitable 32x32 icon as well.
  • Some GUI labels uniformization - We made sure all labels are Title Case when they need to be, also updated some of the labels to be more readable, in order to provide a more uniform view for the application.
  • Bug Fixes:
  • The "SSL Certificates Retriever" option availability - The "SSL Certificates Retriever" option is now always available in the "Toolbars/KeyStore" and in the "Menu/KeyStore", even when no KeyStore is opened. When the active component is not a KeyStore, the "Import to KeyStore" button from the "SSL Certificates Retriever" dialog is not enabled.
  • Comparison of issuer DN and subject DN of the certificates in the certificate chain - In some situations, when validating the certificate chain, the comparison of issuer DN and subject DN of the certificates in the chain failed because of different ways of representing the DN names. We modified the issuer - subject name comparison mechanism, so that the comparison to be done between X500Name objects using the "equals" method which is implemented by Bouncy Castle. To obtain X500Name we wrapped the certificates in X509CertificateHolder objects.
  • Importing PEM certificate chains files issue - When importing a certificate chain from a PEM file where the PEM certificates are separated by white spaces, for example, or the file contains invalid content not within the BEGIN and END sections, the loading of the certificates from the file failed. A workaround was implemented for filtering the content of PEM certificate files, so that the empty lines (and the invalid content not within the BEGIN and END sections of the PEM file) to be ignored.
  • Certificates wrongly labeled as Self Signed - In the "Key Pair details" section (that appearss when the user selects a Key Pair) the certificate was sometimes labeled as Self Signed when the issuer was missing from the chain. This is now fixed.
  • Date validation for "Extend Certificate Validity" action - Implemented date validation for the new expiration date introduced for the selected certificate when using the "Extend Certificate Validity" action.
  • Focus lost on File Chooser for unlocked Key Pairs/Private Keys on Linux - On Linux focus was lost when trying to export an unlocked Key Pair/Private Key and one cannot write anything in the file name field of the File Chooser. This is now fixed.
  • The contextual menu opened with the first time right click in a freshly opened KeyStore showed only the standard options - Support was added so that the contextual menu shows from the beginning the specific options when opened with right click.
  • Full Screen after registering the license - Using View/Full Screen after registering the license resulted in a pop-up error message "License Installation canceled. Application will now exit.". This happened only in the first run when a License Key File was installed. This was fixed and the message shows now only when the License Key installation is indeed canceled.
  • Sporadic NullPointerExceptions are fixed by switching to a newer version of NetBeans RPC, RELEASE721 - the NullPointerException occurred from the DelegateAction class from GeneralAction because in the "removePropertyChangeListener" method, the PropertyChangeSupport object is used without checking if it is null, and apparently somehow it gets null until that step. Other items such as the Quick search for TreeTableView are now available and the bug with Redo label which changed after first Undo is now transparently fixed.
  • Fixed revocation status check when the URL in the certificate extension pointed to a page which redirects to another URL.
  • Fixed opening the same certificate file multiple times in different tabs - Made sure that when opening a certificate file we first check if the file is already opened, and if it is, we switch to it.

New in CERTivity 1.1 Build 1566 (Oct 25, 2012)

  • New Features:
  • Opening the machine's JRE CA TrustStore(s) - Added support for opening the CA TrustStore(s) of the JRE(s) discovered on the current system.If the KeyStore persistence settings in Tools > Options is set to "Fully persist (file name & encrypted password)" the passwords of the TrustStores are saved in the preferences after closing the application.
  • Support for transition to secure RSA keys - As Microsoft announces that the use of certificates that have RSA keys that are less than 1024 bits long will be blocked, and in the future other systems and even Java Virtual Machine may do this as well, we have introduced features to easily spot such certificates, and to warn when generating RSA Key Pairs with less than 1024 bits. Also, we have made the minimum size allowed for generating RSA Key Pairs configurable and it can be set in the Tools > Options. The minimum size can not be less than 1024.
  • The Certificates and Key Pairs which have RSA Keys that are less than the minimum size set are now marked in the KeyStores by having the name and the Key Type / Size colored in red. The Key Type / Size is also colored in red in the certificate panel.
  • Another measure is that the default out of the box RSA KeyPair size is now doubled to 2048, too. This value can, at any moment, be increased by users (from Tools > Options) and it will remain persistent for future uses.
  • Signing APK (Android Application Package) files and verifying signatures on signed APK files - Added support for singing and verifying signatures on APK files in the Sign JAR and Verify JAR actions. By selecting the APK file filter (or by selecting the "All files" file filter), the user is now able to select APK files and sign them in a similar manner as it is done for signing JAR files or for verifying signatures on signed JARs.
  • SSL Certificates Retriever details using HTTPS URLs - Added an additional field to the SSL Certificates Retriever for entering an URL (HTTPS protocol) from which the host and port will be parsed. If the URL does not start with a protocol designator the https:// one will be added automatically. Also, if the URL has no port specified, the default port for HTTPS protocol (443) will be used. The parsed host and port will also be set into the initial fields "Host name" and "Port", which can still be used.
  • Importing certificates from the signature verification results of the verify JAR, PDF and XML actions into the active KeyStore (the active KeyStore tab) - Implemented support to allow importing a selected certificate found in the signature of a JAR, PDF or XML file into the active KeyStore (the active top component), directly from the verification results panels of the verify JAR, PDF and XML actions.
  • Basic display of certificate extensions - added support for identifying and displaying the detailed content of the following certificate extensions: Authority Key Identifier, Basic Constraints, CRL Distribution Points, Extended Key Usage, Key Usage, Netscape Cert Type, Private Key Usage Period, Subject Key Identifier.
  • For the extensions which are not identified, the OID will be displayed and a rough representation of the extension content.
  • ASN.1 display of each certificate extension - added support for displaying the ASN.1 representation of the content of each extension of the certificate (even for the ones for which we display only the rough representation of its content).
  • Extensions for certificates when generating Key Pairs - Implemented support for adding certificate extensions to Certificates when generating Key Pairs using an easy to use tree-like structure for adding and representing the extensions. The following extensions can be added: Authority Key Identifier, Basic Constraints, CRL Distribution Points, Extended Key Usage, Key Usage, Netscape Cert Type, Private Key Usage Period, Subject Key Identifier.
  • The extension structure is validated in real time, as the extensions and their subitems are being added, showing information about the validity status, and details about the validation errors (if any). Also, some values from some extension fields (such as the Directory Name components from the General Name of Auhority Certificate Issuer component of the Authority Key Identifier extension, and others) are filled automatically using the values provided in the certificate fields (if they are not empty). More than this, when adding extension subitems which require some information from the certificate which was not provided yet, for example if the Authority Certificate Serial Number is required and a Serial Number was not provided yet, the information can be generated at that time, and it will also be set for the corresponding certificate field. Also, the mandatory subitems of the extensions are added automatically in the tree structure, to ease the job of the user, and for the optional ones, the user can select which one to use from a context menu.
  • Handling extensions for CA Reply certificates when signing a CSR file - Implemented support for adding certificate extensions to the CA Reply user certificate as well, which will be obtained after signing a CSR file. The mechanism for creating and adding extensions is the same one described for adding extensions when generating a new Key Pair, with the small difference that the information regarding the issuer is now taken from the signer certificate.
  • Viewing extensions structure at creation time as XML - Implemented support for viewing the tree like structure of the extensions in XML format, for easy visualization or for easy copying into other documents. Each extension is a node, and each subitem of an extension is a child node of the extension node.
  • Saving extensions structure at creation time as XML templates for later usage and loading them back into the tree structure - Added support for saving the extensions structure as an XML document into a file as an extensions template for later usage. These templates can be loaded later, when generating a new Key Pair, or when creating a CA Reply, which needs for its Certificate a similar or maybe identical extensions structure.
  • Reopening the last used files (Key Stores, Certificates) - Added "Open Recent File" menu (in the File menu), to allow reopening the last used files like KeyStores and Certificates (and the "Readme" file). For the KeyStore files, if the KeyStore persistence option in the Tools > Options is set to "Fully persist (file name & encrypted password)", the passwords will also be stored, so that the user won't have to re-enter them again when reopening the KeyStores. Otherwise, the user will be prompted to enter the KeyStore password again.
  • Renaming an entry by the F2 key - The F2 key is the default standard for the Windows Users for renaming, so we also use it in CERTivity for renaming entries, to improve usability, besides the existent shortcut Ctrl + R .
  • Generating a new Key Pair using the information from an existing Key Pair - Implemented functionality to allow the user to generate a new Key Pair using some information from an existing Key Pair such as: Key Type (RSA or DSA), Key Size, Certificate Version, Signature Algorithm, Certificate Issuer / Subject Distinguished Name (Common Name (CN), Organization Unit (OU), Organization Name (O), Locality Name (L), State Name (ST), Country (C), Email (E)).
  • Opening Software Publisher Certificate (SPC) Certificate Files.
  • The CA Reply file chooser contains the "All files" filter - This way, the user can open and import a CA Reply even if the file name does not contain the required file extension, if the file really contains a CA Reply.
  • Opening the "Readme.txt" file on the first run of the application - Now the "Readme.txt" file is opened and displayed as a new tab in CERTivity on the first run of the application. This file can also be later opened using the File > Open Recent File menu (if the file is still in the recent files list). This file contains details, such as passwords, related to the samples provided with CERTivity.
  • The "Validity" column from the KeyStore view was renamed to "Validity Status".
  • Bug Fixes:
  • JAR Signature Block compatibility - The Signature Block file (e.g. *.RSA) was bigger than the one produced by JDK's jarsigner for the same jar, the same key because there were two equivalences one at logical level, and one at binary (encoding) level. Although the jarsigner from Sun (Oracle) JDK was OK with these equivalences we are now using really the same, unequivocal productions by involving the Distinguished Encoding Rules (DER) and by using a PKCS7 with a direct signature, without the default signed attributes. This makes CERTivity compatible with other tools than JDK's, such as the Android SDK tools.
  • Focus lost and entry selection issues - Fixed the focus lost and entry selection issues after operations involving KeyStores, including Undo/Redo. Now the focus remains in the Tree Table (allowing navigation through the KeyStore and performing actions using the keyboard) after performing operations such as deleting or adding new entries, converting KeyStore type, Extend Validity period for self signed Key Pairs. Also now the entries remain selected after performing Undo / Redo operations (for example after performing Undo on a delete operation, the entry will be selected).Contextual Help for the Tools > Options panel describing the Options from JavaHelp - Now the Help from the Options panel points to the description of the Options in the JavaHelp, and not to the default help anymore.
  • Line terminator in "${certivity.home}/etc/certivity.conf" configuration file is now platform specific - The line terminator from the file "${certivity.home}/etc/certivity.conf" consisted of only one LF (Line Feed), and this could have been problematic on Windows platforms when trying to edit the configuration file using a simple editor such as Notepad. A fix was made to change the line feeds from the mentioned file to the platform specific type at installation time.
  • Corrections and uniformization for the File Choosers - For some actions such as opening KeyStores or Certificates the default file filter for the file chooser was "All files". This was updated so that the default selected filter to be the one in cause (e. g. for Verifying PDF it must be PDF files, for key store files it must be KeyStore Files).
  • Clipboard shortcuts on Mac OS X - The clipboard shortcuts (Meta-C, Meta-V, Meta-X) on MAC OS X are now correctly functioning in the Tree Table for KeyStore entries.