Introduction
Welcome to the 2.1 release of the Machina SDK. This release contains significant changes to the underlying cryptography, including the integration (by default) of the FIPS-validated version of the OpenSSL open source library.
Details are summarized below.
New Features / Improvements
CryptoPP Usage Mostly Replaced with OpenSSL
- SDK usage of the CryptoPP cryptography library has been replaced with the OpenSSL v1.0.2 library, which is FIPS 140-2 validated.
- CryptoPP usage is limited to use of the Shamir Secret Sharing algorithm (used in
ISCryptoSecretSharePersistor
).
Alternative Cryptography Library (Platform-Specific) Available
- The SDK package includes an additional platform-specific implementation of the CryptoAbstract interface. This library may be used instead of the OpenSSL FIPS implementation if needed, in order to work around cross-platform limitations.
- The
ISCrypto::setCryptoSharedLibraryLoadedFilename()
andISCrypto::getCryptoSharedLibraryLoadedFilename()
APIs have been added to ascertain the version of the loaded cryptography library.
MacOS KeyVault Enhancement
An optional ISKeyVaultMac::enableUniqueKeyPerVault()
call has been implemented, allowing multiple KeyVault files to exist in different filesystem locations, each with a unique encryption key.
Identity Assertion Validation API Available
The API ISAgent::validateAssertion()
has been added, allowing SDK users to verify the authenticity of identity assertions generated both externally, and by the SDK.
Create Identity Assertion API Uses Default Nonce When None Provided
On use of SDK identity assertion APIs, a default nonce is provided when no nonce is supplied by the caller.
ISAgent::createIdentityAssertion()
ISAgent::validateAssertion()
Additional Documentation Included with Release Distributable
The SDK release distributable now includes the following documents, in markdown and html formats:
README
, describing high-level SDK project functionalityLICENSE
, providing the Machina license agreement for Ionic resourcesCHANGELOG
, with line items providing summary information about the issues included in each releaseRELEASE_NOTES
, detailing the features and fixes included in the release
Machina Service Policy Decision Simulation Support
The SDK now allows the use of a flag when calling CreateKey
to perform a policy evaluation at the service without creating any keys.
Issues Addressed
- A logging issue has been addressed in the OpenXml file cipher when reading unexpected content from a PowerPoint file.
- Issues have been corrected that caused some
doxygen
documentation to be excluded from the SDK distributables. - Additional content has been added to the documentation for the class
ISFileCryptoCipherGeneric
. - The
ISCrypto
library module now includes additional logging, in order to easily diagnose usage issues. - The language level of the SDK source has been updated to C++ 11.
- Issues have been addressed with the documentation of the ProfilePersistor classes, and their relationship to the base Agent class.
- Information about password length requirements has been added to the documentation for
IonicAgentDeviceProfilePersistorPassword
. - KeyVault requests now properly filter expired keys out of responses.
- The documentation for the CreateKey operation notes the service limitation on the number of newly created keys that may be requested in a single request.
Discontinued Support
- None.
Additional Notes
- Since Crypto initialization now loads a library module dynamically, it should not be called in startup code.
Supported Platforms
The Machina SDK is tested against the following platform configurations:
Platform | Version |
---|---|
Linux | CentOS 7.8-2003 |
Linux | Ubuntu 18.04 |
Windows | Windows 8.1 (32 and 64 bit) |
Windows | Windows 10 (32 and 64 bit) |
macOS | macOS 13 (High Sierra) |
macOS | macOS 14 (Mojave) |
macOS | macOS 15 (Catalina) |
Comments
0 comments
Please sign in to leave a comment.