Welcome to the 2.1 release of the Machina SDK. This release contains significant changes to the underlying cryptography, including the integration (by default) of the FIPS-validated version of the OpenSSL open source library.
Details are summarized below.
New Features / Improvements
CryptoPP Usage Mostly Replaced with OpenSSL
- SDK usage of the CryptoPP cryptography library has been replaced with the OpenSSL v1.0.2 library, which is FIPS 140-2 validated.
- CryptoPP usage is limited to use of the Shamir Secret Sharing algorithm (used in
Alternative Cryptography Library (Platform-Specific) Available
- The SDK package includes an additional platform-specific implementation of the CryptoAbstract interface. This library may be used instead of the OpenSSL FIPS implementation if needed, in order to work around cross-platform limitations.
ISCrypto::getCryptoSharedLibraryLoadedFilename()APIs have been added to ascertain the version of the loaded cryptography library.
MacOS KeyVault Enhancement
ISKeyVaultMac::enableUniqueKeyPerVault() call has been implemented, allowing multiple KeyVault files to exist in different filesystem locations, each with a unique encryption key.
Identity Assertion Validation API Available
ISAgent::validateAssertion() has been added, allowing SDK users to verify the authenticity of identity assertions generated both externally, and by the SDK.
Create Identity Assertion API Uses Default Nonce When None Provided
On use of SDK identity assertion APIs, a default nonce is provided when no nonce is supplied by the caller.
Additional Documentation Included with Release Distributable
The SDK release distributable now includes the following documents, in markdown and html formats:
README, describing high-level SDK project functionality
LICENSE, providing the Machina license agreement for Ionic resources
CHANGELOG, with line items providing summary information about the issues included in each release
RELEASE_NOTES, detailing the features and fixes included in the release
Machina Service Policy Decision Simulation Support
The SDK now allows the use of a flag when calling
CreateKey to perform a policy evaluation at the service without creating any keys.
- A logging issue has been addressed in the OpenXml file cipher when reading unexpected content from a PowerPoint file.
- Issues have been corrected that caused some
doxygendocumentation to be excluded from the SDK distributables.
- Additional content has been added to the documentation for the class
ISCryptolibrary module now includes additional logging, in order to easily diagnose usage issues.
- The language level of the SDK source has been updated to C++ 11.
- Issues have been addressed with the documentation of the ProfilePersistor classes, and their relationship to the base Agent class.
- Information about password length requirements has been added to the documentation for
- KeyVault requests now properly filter expired keys out of responses.
- The documentation for the CreateKey operation notes the service limitation on the number of newly created keys that may be requested in a single request.
- Since Crypto initialization now loads a library module dynamically, it should not be called in startup code.
The Machina SDK is tested against the following platform configurations:
|Windows||Windows 8.1 (32 and 64 bit)|
|Windows||Windows 10 (32 and 64 bit)|
|macOS||macOS 13 (High Sierra)|
|macOS||macOS 14 (Mojave)|
|macOS||macOS 15 (Catalina)|