Release notes

Introduction

These release notes apply to version 7.20.0 of the Time Stamp Option Pack™ (TSOP) Software Development Kit (SDK). They contain information specific to this release such as new features, defect fixes, and known issues.

This release supports the following operating systems:

  • Microsoft Windows Server 2012 R2 x64

  • Microsoft Windows Server 2016 x64

  • Microsoft Windows Server 2019 x64

  • Oracle Enterprise Linux 7.1 x64

  • Oracle Enterprise Linux 7.6 x64

  • Oracle Enterprise Linux 8 x64

  • Red Hat Enterprise Linux 7 x64

  • Red Hat Enterprise Linux 8 x64

  • SUSE Enterprise Linux 12 x64

  • SUSE Enterprise Linux 15 x64

The Release Notes may from time to time be updated with issues that have come to light after this release has been made available. Please check Entrust nShield Support at https://nshieldsupport.entrust.com for the most up to date version of this document and the TSOP user documentation.

Access to support is available to customers under maintenance. Please contact Entrust nShield Support at nShield.support@entrust.com to request an account.

Purpose of this release

Time Stamp Option Pack™ Software Development Kit version 7.20.0 addresses a number of known issues and introduces a number of enhancements over the previous 7.10.0 release, including:

  • Updated operating system support.

  • Improved time stamp token verification.

  • Additional branding updates.

Changes in this release

The TSOP SDK 7.20.0 release introduces a number of enhancements. These are discussed in the following sections.

Updated operating system support

The following operating systems are now supported by the TSOP SDK:

  • Microsoft Windows Server 2019 x64

  • Oracle Enterprise Linux 7.6 x64

  • Oracle Enterprise Linux 8 x64

  • Red Hat Enterprise Linux 8 x64

  • SUSE Enterprise Linux 15 x64

Support for the TSOP SDK on Microsoft Windows Server 2008 R2 x64 has been deprecated and support for Oracle Solaris has been removed.

Improved time stamp token verification

The following improvements have been made:

  • Previously, when TTI_VERIFY_ESSCERTIDV2 was set to 0, only ESSCertID would be verified. Now when TTI_VERIFY_ESSCERTIDV2 is set to 0, the first SHA-2 hash in ESSCertIDv2 is checked - and if no SHA-2 hashes are present - the first SHA-1 hash in ESSCertID is checked. The behavior when TTI_VERIFY_ESSCERTIDV2 is set to 1, or the environment variable is unset, remains as before i.e. only ESSCertIDv2 is verified.

  • It is now possible, through the use of newly introduced functions, to specify the desired mode of verification, namely: ESSCertID or ESSCertIDv2. On successful verification, the mode of verification will be returned to the caller.

  • The value of the TSS_VERIFY_ESSCERTIDV2 environment variable is no longer cached, allowing applications to change its value at run time.

The above is applicable to both the C and Java versions of the TSOP SDK. Please see the TSOP SDK Reference Guide and accompanying Javadoc documentation for details.

Additional branding updates

This release includes a number of additional branding related changes. None of these changes affect product functionality.

Other changes

Other changes include:

  • Addressed an issue where signature validation (TTI_VerifyTST_Signature) would fail to verify valid signatures if the UTC offset of the local timezone was not UTC +00:00.

Important information

Before deploying the TSOP SDK, the following should be considered:

  • This release only supports the operating systems detailed in Introduction.

  • It is required that all client applications built with pre-6.20.00 versions of the TSOP SDK (both the C and Java APIs) are rebuilt to use the updated libraries in this release.

  • On Linux, applications linking with libtti.a must also link with the pthread library.

  • When TTI_VERIFY_ESSCERTIDV2 is set to 0, the first SHA-2 hash in ESSCertIDv2 is checked - if no SHA-2 hashes are present - the first SHA-1 hash in ESSCertID is checked. If TTI_VERIFY_ESSCERTIDV2 is set to 1, or the environment variable is unset, only ESSCertIDv2 is verified.

  • The Java SDK requires a Java Development Kit (JDK) version 1.8 installation.

  • Both the Java and C versions of the TSOP SDK include example code (the Java examples are accompanied by Javadoc documentation).

  • On Windows, the Java and C versions of the TSOP SDK software are installed, respectively, in:

    • C:\Program Files\nCipher\nfast\java\dsesdk\

    • C:\Program Files\nCipher\nfast\c\dsesdk\

  • On Unix-based operating systems, the Java and C versions of the TSOP SDK software are installed, respectively, in:

    • /opt/nfast/java/dsesdk/

    • /opt/nfast/c/dsesdk/

See the TSOP SDK Reference Guide for additional information.