For the latest version, please use Key Management System 3.12.0!

Release 3.2.0

Bugfixes

  • MTG KMS-Server

    • ApplicationSpecificInformation modify didn’t work.

    • Fixed a bug where the revocation reason code and revocation message weren’t updated after a revocation process.

    • Fixed a bug where the reactivation of revoked entities was allowed.

  • MTG KMS-UI

    • Improved user state handling by updating to the latest version on refresh.

    • Fixed bug of not displaying the reactivate/deactivate/delete buttons for Pre-Active Crypto Objects in KMS Crypto UI.

    • Improvements of the Cryptographic Objects table refresh in KMS Crypto UI.

    • Fixed bug for Keypair details page when no name existed in KMS Crypto UI.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see [MTG_ERS_JAVA].

  • Spring boot version increased to 2.7.18 (includes tomcat 9.0.83).

  • Upgrade Bouncy Castle to 1.77.

  • MTG KMS-Server

    • Implemented/supplemented KMIP-DeriveKey variants PBKDF2, HMAC, AsymmetricKey-ECDH, AsymmetricKey-ECDH-ConcatKDF.

    • Support Locate and Extraction of attributes Secret Data Type and Key Format Type.

    • Update kms004-mtg-kms-kmip-operations.

    • Support of Create, Register and Sign of Edwards curves Ed448 oid: 1.3.101.113 and Ed25519 oid: 1.3.101.112 for KMIP version 2.0 and higher.

    • MTG smartHSM is no longer supported.

    • Description of the default character set for MariaDB inside the installation manual.

  • MTG KMS-Crypto-API

    • Added activation functionality for "Pre-Active" cryptographic objects.

    • Support Edward ED curves keys.

    • Support Secret Data Crypto Object.

    • Support Sensitive attribute.

    • Spring boot version increased to 2.7.18 (includes tomcat 9.0.83).

    • Added revocation functionality for Certificate cryptographic objects.

    • Added support for activation, deactivation, reactivation, deletion of linked cryptographic objects when used for an asymmetric Public Key, Private Key, Key Pair or Certificate.

    • Error handling improvements.

  • MTG Mini-CA

    • Description of the default character set for MariaDB inside the installation manual.

  • MTG KMS-PKCS#11-Server

  • MTG KMS-TTLV-Proxy

  • prepare parameters for the connection pool for the communication to the KMS-Server.

MTG KMS-PKCS#11-Library

  • Added support for PKCS#12 files as key stores for TLS client authentication.

  • Renamed the property client_cert_chain_pem_path to client_cert_pem_path.

  • Upgrade OpenSSL dependency to OpenSSL 3.2.0.

  • The library now supports running on Windows 10 and Windows 11.

  • Support Sign for Edwards curves Ed448 oid: 1.3.101.113 and Ed25519 oid: 1.3.101.112.

MTG KMS-UI

  • Error handling improvements.

  • Added the activation button for the Pre-Active cryptographic objects in KMS Crypto UI.

  • Added support for Edward ED curves Keys in KMS Crypto UI.

  • Improvements in the search form of the Crypto Objects table page in KMS Crypto UI.

  • Added Secret Key generation with 192 bit length in KMS Crypto UI.

  • The language switching is disabled for pages that include critical data.

  • Added HEX validation for the Authenticated Encryption Additional Data in Encrypt and Decrypt pages in KMS Crypto UI.

  • Added support for Secret Data in the KMS Crypto UI.

  • Added support of Sensitive attribute for Cryptographic Objects in the KMS Crypto UI.

  • Enabled file upload for the Sign and Verify in KMS Crypto UI.

  • Smart HSMs is no longer supported in KMS Admin UI.

  • Added linked certificates in the Public Key details page in KMS Crypto UI.

  • Added state’s management for the Certificate cryptographic object in KMS Crypto UI.

  • Added state’s management for linked cryptographic objects for Keypair, Public Key, Private Key, and Certificate in KMS Crypto UI.

Installation instructions

  • MTG KMS-PKCS#11-Library

    • In the kms_pkcs11.conf configuration file in section tls, the configuration parameter client_cert_chain_pem_path must be changed to client_cert_pem_path!