Release Notes

Introduction

This document contains the changes that were done between the different releases of the ERS MTG KMS. It consists of the following Projects:

  • MTG KMS-Server

  • MTG KMIP-SDK

  • MTG Mini-CA

  • MTG Secrets-Protection-Manager

  • MTG KMS-PKCS#11-Server

  • MTG KMS-PKCS#11-Library

  • MTG KMS-TTLV-Proxy

  • MTG KMS-Crypto-API

  • MTG KMS-BYOK

  • MTG KMS-UI

The targeted audience of this document are system administrators.

This page starts with version 3.0.0.

Contact

In case of installation issues, please contact MTG via the MTG-SupportCenter:

willow.mtg.de/supportcenter

or

www.mtg.de/
Email: contact@mtg.de
Voice: +49 61 51 80 00-0
Fax: +49 61 51 80 00-43

Release 3.7.1

Date: 2025-07-21

Bugfixes

  • MTG KMS-SERVER

    • flyway migrations script was wrong, repair script.

    • As wrapping key always the same kek as for the key to be wrapped was used, which is wrong. Now use always the own kek of each key.

Alle MTG Java Application Projekte

  • The last release 3.7.0 was withdrawn due to the flyway migration script error. All Features of Release 3.7.0 are of course also included in Release 3.7.1.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

Supported Operating Systems Operating Systems.

  • Spring boot version increased to 3.4.5 (includes tomcat 10.1.40).

  • none

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see OpenSSL_compatibility.

Supported Operating Systems Operating Systems PKCS11.

  • none

MTG KMS-UI

  • none

Installation instructions

  • none

Release 3.7.0

Date: 2025-07-21

Bugfixes

  • none

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

Supported Operating Systems Operating Systems.

  • Spring boot version increased to 3.4.5 (includes tomcat 10.1.40).

  • MTG KMS-SERVER

    • Allow Locate to use Attributes Archive Data and Certificate Type.

    • Added support for the KMIP Set Attribute operation. If an attribute does not exist, it will be added; otherwise, the existing instance will be modified.

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see OpenSSL_compatibility.

Supported Operating Systems Operating Systems PKCS11.

  • none

MTG KMS-UI

  • Upgraded libraries.

  • Changed the navigation items of the side menu according to ERS template.

  • All object in state compromised, destroyed oder destroyed-compromised can now be deleted.

Installation instructions

  • none

Release 3.6.2

Bugfixes

  • none

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

Supported Operating Systems Operating Systems.

  • MTG KMS-Server

    • There was an error in the Revoke operation where the incorrectly encoded issuerDN was sent to the CMP server. This has now been fixed.

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see OpenSSL_compatibility.

Supported Operating Systems Operating Systems PKCS11.

  • none

MTG KMS-UI

  • none

Installation instructions

  • none

Release 3.6.1

Bugfixes

  • MTG KMS-Server

    • Opaque object register operation with OpaqueDataType enum corrected.

      • The following OpaqueDataType extensions are supported:

Transparent0

0x8DA1C500

Transparent0

0x8DA1C500

Transparent1

0x8DA1C501

Transparent2

0x8DA1C502

Transparent3

0x8DA1C503

Transparent4

0x8DA1C504

Transparent5

0x8DA1C505

Transparent6

0x8DA1C506

Transparent7

0x8DA1C507

Transparent8

0x8DA1C508

Transparent9

0x8DA1C50A

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

Supported Operating Systems Operating Systems.

  • none

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see OpenSSL_compatibility.

Supported Operating Systems Operating Systems PKCS11.

  • none

MTG KMS-UI

  • none

Installation instructions

  • none

Release 3.6.0

Bugfixes

  • MTG KMS-Server

    • If generating an Object with an already existing name, now NonUniqueNameAttribute will be returned as ResultReason instead of InvalidField

    • During the register operation of a certificate, the Activation or Deactivation Date was not handled correctly. The 'Not Before' and 'Not After' date from the certificate is now always used.

    • Compromise Date and Compromise Occurrence Date where set wrong with get Attributes.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

Supported Operating Systems Operating Systems.

  • Spring boot version increased to 3.3.8 (includes tomcat 10.1.34).

  • Updated bouncycastle dependency version to 1.80.

  • MTG KMS-Server

    • Insert new Index managed_object_idx_search for Locate Operation.

    • Added new endpoint for updating a HsmProfile.

    • Improvement of error messages in the event of errors in the CMP configuration, especially with the signer keystore.

    • If the register operation is executed with a certificate, the Cryptographic Usage Mask Verify is set if the Key Usage digitalSignature is set.

    • Mapping table of certificate key usage to cryptographic usage mask inserted in MTG-KMS KMIP Objects & Operations document.

  • MTG Mini-CA

    • Enums for history tables via flyway updated.

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see OpenSSL_compatibility.

Supported Operating Systems Operating Systems PKCS11.

  • none

MTG KMS-UI

  • Upgraded libraries.

  • Enabled the option of editing the name of HSM Profile in KMS Admin UI.

  • Added a tooltip to inform user that in case of renaming HSM-Profile, the name of the already generated KEK in the HSM would not be changed in KMS Admin UI.

Installation instructions

  • none

Release 3.5.0

Bugfixes

  • MTG KMS-Server

    • After a certify operation, a null value was set in the json response when getting the attributes with getAttributes, this is no longer the case.

    • With Get Attribute List, in the case of a custom/vendor attribute, the vendor enum was returned instead of the AttributeReference or for KMIP < 2.0 the AttributeName.

  • MTG KMS-UI

    • Fixed label for empty CMP CA Root certificates table in the KMS Admin UI.

    • Fixed the Certificate Lifecycle Management (CLM) link in the Applications page.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

Supported Operating Systems Operating Systems.

  • Spring boot version increased to 3.3.4 (includes tomcat 10.1.30).

  • MTG Mini-CA

  • Added chapter how to generate Secrets encoded as Base64 strings inside Installation manual.

  • Remove support of MTG smartHSM.

  • MTG Secrets-Protection-Manager

  • Remove support of MTG smartHSM.

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see OpenSSL_compatibility.

Supported Operating Systems Operating Systems PKCS11.

  • none

MTG KMS-UI

  • Upgraded libraries.

Installation instructions

  • none

Release 3.4.0

Bugfixes

  • MTG KMS-Server

    • Vendor Identification with GetAttributeList Operation was missing.

    • Cryptographic Usage Mask fixed Export Tag parsing.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

Supported Operating Systems Operating Systems.

  • Spring boot version increased to 3.3.2 (includes tomcat 10.1.26).

  • MTG KMS-Server

    • Update MTG-KMS-KMIP-Operations document add table Not Supported Attributes.

    • CMP configuration on the Admin REST-API can now store any number of CMP Root CA Certificates.

    • To address different templates at a CA via the Certify operation and CMP (see also inside the document Objects-and-Operations chapter KMIP Attribute Vendor Identification / Custom Attribute), it now accepts a vendor identification with:

      • MTG (Case Sensitive) as VendorIdentification and

      • PolicyID (Case Sensitive) as AttributeName

      • a UUID of the CA as AttributeValue

      • Example:

        {"tag": "VendorIdentification", "type": "TextString", "value": "MTG"},
{"tag": "AttributeName", "type": "TextString", "value": "PolicyID"},
{"tag": "AttributeValue", "type": "TextString", "value": "be05650a-06a0-4cea-a850-d42954f8278b"}

    • For audit logging, a self-defined key for signing in sizes 128 or 192 or 256 bit can be used and specified in the logback.xml file with the tag: <secretKey> and the applicationName: OwnSecret (see also chapter Audit Configuration in the Installation manual).

MTG KMS-PKCS#11-Library

Support of OpenSSL versions, see OpenSSL_compatibility.

Supported Operating Systems Operating Systems PKCS11.

  • none

MTG KMS-UI

  • Changed the CMP Configuration to accept multiple root certificates in the KMS Admin UI.

Installation instructions

  • none

Release 3.3.0

Bugfixes

  • MTG KMS-Server

    • Fixed operations that threw Exception when the object was destroyed and according to KMIP specification they should not.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Spring boot version increased to 3.2.6 (includes tomcat 10.1.24).

  • The following configuration properties have been renamed:

    • management.metrics.export.elastic.enabled to management.elastic.metrics.export.enabled

    • management.metrics.export.elastic.host to management.elastic.metrics.export.host

    • management.metrics.export.elastic.user-name to management.elastic.metrics.export.user-name

    • management.metrics.export.elastic.password to management.elastic.metrics.export.password

  • MTG KMS-Server

    • Update MTG-KMS-KMIP-Operations document in chapter Time window tolerance.

    • Connection provider parameterized to keyclaok and pendingacquiremaxcount and maxconnections set to 5

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • Upgrade der OpenSSL Bibliothek auf Version 3.2.2.

  • Der Aufruf mit OpenSSL + Libp11 zum Signieren schlägt in dieser Kombination fehl unter Windows mit: Exit mit Fehlercode -1073740791 / 0xc0000409. Dabei ist der eigentliche Aufruf erfolgreich und die Signatur wird erzeugt, aber ein Fehlercode wird zurückgegeben. Es handelt sich um eine Fast Fail Exception. Verursacht durch github.com/openssl/openssl/commit/02b87cc189fa8cae8d6f69d68449a9aecc0e34f0. Das Problem ist behoben siehe: github.com/openssl/openssl/issues/22508. D.h. der Aufrufer muss die OpenSSL Version 3.0.14 oder höher nutzen!
    Das Problem ist in den folgenden Versionen von OpenSSL vorhanden:

    • 3.0.12 und 3.0.13

    • 3.1.4 und 3.1.5

    • 3.2.0 und 3.2.1

Installation instructions

  • none

Release 3.2.2

Bugfixes

  • none

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • MTG KMS-Server

    • Updated CMP client.

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • none

Installation instructions

  • none

Release 3.2.1

Bugfixes

  • MTG KMS-Server

    • For Create::SecretData, SecretDataType.PASSWORD with KeyFormatType(XDIGITS, GRAPH, ASCII), the possible character set was not fully utilised, e.g. for XDIGITS the 'F' or for 'GRAPH' the '~' (0x7e). With ASCII, the complete range 0x00-0x7f is now also used.

    • Padding added for the signature operation with RSA and the padding method PKCS1V1_5.

  • MTG KMS-UI

    • Fixed public key link in private key details page in KMS Crypto UI.

    • Fixed the download public key functionality in the keypair and public key details pages in KMS Crypto UI.

    • Fixed issue of covering the page content when the side-menu was open.

    • Fixed lost query parameters on refresh or manual url navigation.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • MTG KMS-Server

    • Update MTG-KMS-KMIP-Operations document.

    • Extension of the validation of the Managed-Object crypto attributes (e.g. CryptographicLength==actual key length).

    • Extension of the handling of default managed object crypto attributes. If possible, crypto attributes are also derived from the key material.

    • KMIP Operation Register::CertificateRequest updated.

    • KMIP Operation Register::Certificate update to use X.509-PKCS#7.

    • Support of further RSA-Encrypt/Decrypt OEAP-Padding variants.

    • The KMIP Sign() and SignatureVerify() methods are enhanced to handle DigestedData with RSA-and-PKCS1.5Padding as ASN.1 encoded DigestInfo or as raw Message-Digest data.

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • - Upgraded library @mtg/ers-ui-utils, due to the display of icons after the latest Chromium version.

Installation instructions

  • none

Release 3.2.0

Bugfixes

  • MTG KMS-Server

    • ApplicationSpecificInformation modify didn’t work.

    • Fixed a bug where the revocation reason code and revocation message weren’t updated after a revocation process.

    • Fixed a bug where the reactivation of revoked entities was allowed.

  • MTG KMS-UI

    • Improved user state handling by updating to the latest version on refresh.

    • Fixed bug of not displaying the reactivate/deactivate/delete buttons for Pre-Active Crypto Objects in KMS Crypto UI.

    • Improvements of the Cryptographic Objects table refresh in KMS Crypto UI.

    • Fixed bug for Keypair details page when no name existed in KMS Crypto UI.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Spring boot version increased to 2.7.18 (includes tomcat 9.0.83).

  • Upgrade Bouncy Castle to 1.77.

  • MTG KMS-Server

    • Implemented/supplemented KMIP-DeriveKey variants PBKDF2, HMAC, AsymmetricKey-ECDH, AsymmetricKey-ECDH-ConcatKDF.

    • Support Locate and Extraction of attributes Secret Data Type and Key Format Type.

    • Update kms004-mtg-kms-kmip-operations.

    • Support of Create, Register and Sign of Edwards curves Ed448 oid: 1.3.101.113 and Ed25519 oid: 1.3.101.112 for KMIP version 2.0 and higher.

    • MTG smartHSM is no longer supported.

    • Description of the default character set for MariaDB inside the installation manual.

  • MTG KMS-Crypto-API

    • Added activation functionality for "Pre-Active" cryptographic objects.

    • Support Edward ED curves keys.

    • Support Secret Data Crypto Object.

    • Support Sensitive attribute.

    • Spring boot version increased to 2.7.18 (includes tomcat 9.0.83).

    • Added revocation functionality for Certificate cryptographic objects.

    • Added support for activation, deactivation, reactivation, deletion of linked cryptographic objects when used for an asymmetric Public Key, Private Key, Key Pair or Certificate.

    • Error handling improvements.

  • MTG Mini-CA

    • Description of the default character set for MariaDB inside the installation manual.

  • MTG KMS-PKCS#11-Server

  • MTG KMS-TTLV-Proxy

  • prepare parameters for the connection pool for the communication to the KMS-Server.

MTG KMS-PKCS#11-Library

  • Added support for PKCS#12 files as key stores for TLS client authentication.

  • Renamed the property client_cert_chain_pem_path to client_cert_pem_path.

  • Upgrade OpenSSL dependency to OpenSSL 3.2.0.

  • The library now supports running on Windows 10 and Windows 11.

  • Support Sign for Edwards curves Ed448 oid: 1.3.101.113 and Ed25519 oid: 1.3.101.112.

MTG KMS-UI

  • Error handling improvements.

  • Added the activation button for the Pre-Active cryptographic objects in KMS Crypto UI.

  • Added support for Edward ED curves Keys in KMS Crypto UI.

  • Improvements in the search form of the Crypto Objects table page in KMS Crypto UI.

  • Added Secret Key generation with 192 bit length in KMS Crypto UI.

  • The language switching is disabled for pages that include critical data.

  • Added HEX validation for the Authenticated Encryption Additional Data in Encrypt and Decrypt pages in KMS Crypto UI.

  • Added support for Secret Data in the KMS Crypto UI.

  • Added support of Sensitive attribute for Cryptographic Objects in the KMS Crypto UI.

  • Enabled file upload for the Sign and Verify in KMS Crypto UI.

  • Smart HSMs is no longer supported in KMS Admin UI.

  • Added linked certificates in the Public Key details page in KMS Crypto UI.

  • Added state’s management for the Certificate cryptographic object in KMS Crypto UI.

  • Added state’s management for linked cryptographic objects for Keypair, Public Key, Private Key, and Certificate in KMS Crypto UI.

Installation instructions

  • MTG KMS-PKCS#11-Library

    • In the kms_pkcs11.conf configuration file in section tls, the configuration parameter client_cert_chain_pem_path must be changed to client_cert_pem_path!

Release 3.1.3

Bugfixes

  • none

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Spring boot version increased to 2.7.15 (includes tomcat 9.0.79).

  • Upgrade Bouncy Castle to 1.76.

  • MTG KMS-Server

    • Update kms004-mtg-kms-kmip-operations.

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • none

Installation instructions

  • none

Release 3.1.2

Bugfixes

  • MTG KMS-Server

    • Sanitize KMS-Tenant-Client username in the log output, because this date could come from an untrusted input. I.e. all special characters are filtered out.

    • The Version info on the info endpoint was wrong, now shows correct version number.

    • RSA Signature with PSS used wrong signature algorithm.

  • MTG KMS-UI

    • Added max size validation for the text and file inputs of the Encrypt/Decrypt pages in the KMS Crypto UI.

    • Responsive design improvements of details pages in KMS Crypto UI.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Spring boot version increased to 2.7.14 (includes tomcat 9.0.78).

  • Upgrade Bouncy Castle to 1.75.

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • Added browser tab titles to all the pages of the application.

  • Stored the selection of table’s visible columns.

  • Set the Padding Method based on the selection of Block Cipher Mode for encryption and decryption in KMS Crypto UI.

  • Improvements in the Encrypt/Decrypt pages in KMS Crypto UI.

Installation instructions

  • MTG KMS-UI

    • Added documentation for health check endpoint.

Release 3.1.1

Bugfixes

  • MTG KMS-UI

    • Fixed bugs of Sign and Verify buttons in KMS Crypto UI.

    • Fixed bug of not displaying the latest available un-assigned HSM Profiles in the Protected KEK details page in KMS Tenant UI.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Spring boot version increased to 2.7.12 (includes tomcat 9.0.75).

  • Preparation for support of metrics with the OpenSearch Server.

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • Added confirmation modal for removing a Protected KEK’s HSM Profile in KMS Tenant UI.

  • Fixed creation date format of a (Protected) KEK in the details page in KMS Tenant UI.

  • Separated the Cryptographic Object details page into different pages based on the type in KMS Crypto UI.

  • Improved the layout and the validations of the sign/verify/encrypt/decrypt pages in the KMS Crypto UI.

  • Improved text display.

  • Displayed message for successful 'Copy to Clipboard'.

  • Set the default Tag Length to 12 for Encrypt and Decrypt in KMS Crypto UI.

  • Set Authenticated Encryption Tag as required for Decrypt when using GCM Block Cipher Mode in KMS Crypto UI.

Installation instructions

  • none

Release 3.1.0

Bugfixes

  • MTG KMS-Server

    • Fixed deletion of a tenant.

    • Added missing audit events for user management.

  • MTG KMS-UI

    • Fixed bug of triggering the Crypto search request twice on advanced search submission and reset in KMS Crypto UI.

    • Fixed bug of not refreshing Keycloak access token after its expiration.

    • Fixed bug of navigating back from the Crypto Certificate details page using the History API in KMS Crypto UI.

    • Fixed bugs related to selecting a file in the Import Certificate page in KMS Crypto UI.

    • Fixed bug for the synchronization and fetching of CAs in KMS Admin UI.

    • Fixed bug of deletion of a KEK and removal of a Protected KEK’s HSM Profile when the HSM is not available in KMS Tenant UI.

    • Fixed bug of overflowing on mobile screens when the logged-in user has a long name.

    • Fixed bug of missing warning message when a protected KEK has only one connected HSM Profile in KMS Tenant UI.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Spring boot version increased to 2.7.11 (includes tomcat 9.0.74).

  • MTG KMS-Server

    • Added new MTG-Specific Reactivation operation.

    • Adapt Kmip Objects and Operations document to Ascii doc.

    • Support of Locate Digest.

    • Added description of max_packet_size for Apache configuration in the installation manual.

    • Added a Note for configuration to the KeyCloak Server as it is optional, in the installation manual.

    • Added a Note in the installation manual that the failover mode of the CXI Utimaco interface is not supported.

    • Additional support of SHA_512_224, SHA_512_256, SHA3_224, SHA3_256, SHA3_384 and SHA3_512 for RSA PSS Signature.

    • Added fasterxml Version 2.14.2

    • Added Managed object attribute Nist-Key-Type.

    • Added Support of LUNA HSM with FIPS mode.

    • Added new configurable audit messages for KMIP operations.

    • Added disjunct search of attribute ObjectTypes via Locate operation.

    • Providing endpoints for the system monitoring. See Installation Manual chapter "System monitoring". For the provision of the system monitoring endpoints, basic authentication can be activated. To do this, enter the parameters in application.properties. See installation manual chapter "System monitoring basic authentication properties".

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • Nuxt 3 & Vue 3 migration.

  • Added the reactivation option of a Cryptographic Object in KMS Crypto UI.

  • Added a button for enabling/disabling the reactivation in a tenant in KMS Admin UI.

  • Added a new column (description) in the Tenant Clients table page in KMS Tenant UI.

  • Added the function of enabling/disabling the Audit messages for specific KMIP operations in the Tenant details page in KMS Admin UI.

  • Disabled the submission of a Certificate when none has been set in KMS Crypto UI.

  • Improvements related to the edit Certificate Name of a Certificate in KMS Crypto UI.

  • Improved the warning message during CAs table synchronization when the mini-CA is not available or misconfigured in KMS Admin UI.

  • The nuxt/auth (@nuxtjs/auth-next) was replaced by the keycloak-js dependency.

  • Removed moment, nuxt-clipboard2, v-calendar, vue-papa-parse, consola and buffer dependencies.

  • Replaced the bootstrap-vue with the internally developed library @mtg/ers-ui-utils.

Installation instructions

  • MTG KMS-Server

    • For the following Features a database migration with flyway will be done automatically:

      1. Reactivation operation

      2. Nist-Key-Type

      3. New configurable audit messages for KMIP operations

      4. LUNA FIPS mode

Release 3.0.1

Bugfixes

  • MTG KMS-Server

    • Fixed error while restoring KW-KPK due to caching.

    • Fixed error, WRAP_KEY with asymmetric public key again possible

  • MTG KMS-UI

    • Fixed wrong title in Crypto Object details page after successful keypair creation in KMS Crypto UI.

    • Fixed page width overflow and transition while hovering buttons in the backup page of Protected-KEK in KMS Tenant UI.

    • Layout of CA and HSM attach/detach page in KMS Admin UI same as KMS Client Role page of KMS Tenant UI.

    • Fixed page layout for KMS Role creation in KMS Admin UI.

    • Fixed navigation prevention in credentials pages when confirmation was missing in KMS Admin and KMS Tenant UI.

    • Fixed navigation query check for redirection to correct KEK or protected KEK creation page in KMS Tenant UI.

    • Fixed displaying incorrect info (start and end entity index) after table search submission.

    • Fixed responsive design in Secret Key creation page in KMS Crypto UI.

    • Fixed redirection after success deletion of CA in KMS Admin UI.

    • Fixed design bug in navigation links when exceeding a limit.

    • Fixed bug of buttons that allowed multiple submission.

    • Fixed bug where refreshing the application while still loading data would result to a continuous loading indicator.

    • Fixed bug in cryptographic objects table page in KMS Crypto UI where using the advanced search filtering reset the search input.

    • Fixed bug of multiple PKCS11-ID generation in cryptographic objects table page in KMS Crypto UI.

    • Fixed bug of deleting the private key when deleting a public key in KMS Crypto UI.

    • Fixed bug of displaying overlapping buttons in the cryptographic object details page in KMS Crypto UI.

    • Fixed bug of undefined parameters in CSR Create page, when opening the page in a new tab or changing language, in KMS Crypto UI.

    • Fixed bug in the Tenant UI Restore KEK and KEK Backup Protected pages if the language was changed.

    • Fixed bug of invalid data submission in the Settings page in KMS Admin UI.

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Spring boot version increased to 2.7.8 (includes tomcat 9.0.71).

  • MTG KMS-Server

    • Updated hsm-session version to 2.0.0 (improvements for Luna and PKCS11).

    • Updated secrets-protection version to 1.2.0 (supports hsm-session 2.0.0).

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

  • Changed any reference of managed object to crypto object in KMS Crypto UI.

  • Format of dates are now fixed.

  • Added proper message when table has no records of select HSM modal of KEK creation and edit in KMS Tenant UI, and of HSM Profile creation in KMS Admin UI.

  • Added object type field in the private key detail page in KMS Crypto UI.

  • Added message after successful license request creation in KMS Admin UI.

  • Added validation message for KMS role creation in KMS Admin UI.

  • Added public key link field in the private key detail page in KMS Crypto UI.

  • Added password toggle for HSM user’s password in HSM Profile creation page in KMS Admin UI.

  • Disallowed characters + = in the name input of HSM Profile creation page in KMS Admin UI and KEK creation page in KMS Tenant UI.

  • Changes in alert-mechanism: Error alerts dismissed by the user, success and warning alerts closes automatically after 10 seconds and all the alerts are stacked, with the latest on top.

  • Added the option of searching for public keys and private keys in KMS Crypto UI.

  • Several pages and modals (10 cases) related to attached/assigned entities were improved to include tables with search and paging mechanisms.

  • Added action button in HSMs table in KMS Admin UI.

  • Design improvements in tables.

  • Tables keep state of search and page filtering between page navigations.

  • Added the navigation menus for 404 error page.

  • Added private key’s state in keypair details page in KMS Crypto UI.

  • Hid the "Create CSR" button in public key and keypair details page when there is no private key or the private key is not active in KMS Crypto UI.

  • The Public Key KMS ID field in Keypair details page is now a link toward the Public Key details page.

  • Redesigned the Trace Request and Digest in the Settings page in KMS Admin UI.

  • Added confirmation for creating a new Tenant-User in KMS Tenant UI.

Installation instructions

  • none

Release 3.0.0

Bugfixes

  • none

Features and updates

All MTG Java Application Projects

List of all MTG Java Application Projects see MTG ERS JAVA.

  • Updated Spring Boot version to 2.7.5.

  • MTG KMS-Server

    • Updated snakeyaml version to 1.33.

    • Database migrations are now run automatically on application startup without the need to manually run scripts thanks to the integrated Flyway tool.

    • Describe setting of log_bin_trust_function_creators inside installation manual

MTG KMS-PKCS#11-Library

  • none

MTG KMS-UI

First version with new javascript frameworks:

vue.js vuejs.org/
nuxt.js nuxtjs.org/

Installation instructions

  • MTG KMS-Server

  • See MTG KMS Migration Guide.

References

The following documents provide additional information.

KMS010

MTG KMS Installation Manual

User-Manual

MTG-KMS-User-Manual

KMS028

MTG KMS BYOK Tool Usage Guide

SP002

MTG Secrets Protection Manager Usage Guide

MTG ERS JAVA

  • MTG KMS-Server

  • MTG KMIP-SDK

  • MTG Mini-CA

  • MTG Secrets-Protection-Manager

  • MTG KMS-PKCS#11-Server

  • MTG KMS-TTLV-Proxy

  • MTG KMS-Crypto-API

  • MTG KMS-BYOK

OpenSSL_compatibility

  • This version is compatible with OpenSSL version 3.4.0, 3.3.2, 3.0.15

Operating Systems

  • Redhat Enterprise Linux (RHEL) 9, Redhat Enterprise Linux (RHEL) 8, openSUSE Leap 15.6, openSUSE Leap 15.5, Ubuntu 24.04, Ubuntu 22.04, Ubuntu 20.04

Operating Systems PKCS11

  • Ubuntu 20.04 LTS

  • Ubuntu 22.04 LTS

  • openSUSE Leap 15.5

  • openSUSE Leap 15.6

  • Windows 10

  • Windows 11