Releases: kenh/keychain-pkcs11
New release, includes signing fixes
I am pleased to announce the 1.1 release of Keychain-PKCS11!
The major update for this release is the package is signed with new signing certificates that are not revoked. This resolves the issues with the 1.0 release that used certificates that were unexpectedly revoked.
This release also includes a minor fix for hardware that contained EC keys (EC is currently not supported but is planned for a future release).
Feedback is always welcome. Please contact the author at kenh@cmf.nrl.navy.mil
New Release, now with Apple Silicon support
Greetings! I am pleased to announce the 1.0 release of Keychain-PKCS11!
This release includes the following changes since the last release:
- The Installer now includes support for Apple Silicon! The
keychain-pkcs11.dylibis now built as a multi-architecture library and
the same library should work on x86_64 or amd64. - Support for the
CKM_RSA_X_509PKCS#11 mechanism (decrypt only) - Minor bug fixes
This release has been tested primarily on Catalina and Big Sur, but should work on all versions of MacOS X from High Sierra onwards.
Feedback is always welcome. Please contact the author at kenh@cmf.nrl.navy.mil
Long-overdue update - Second Release
Greetings! After a long time I have finally had the opportunity to come out with a new release of Keychain-PKCS11!
Major changes in this release include:
- A proper installer! Keychain-PKCS11 is now distributed as a product archive which should provide a better end user experience.
- The Installer package is signed and notarized! The Installer package should open under any MacOS system without any workarounds or extra steps. In addition, the
keychain-pkcs11.dylibhas been code-signed so there should be no issues with Gatekeeper causing warnings on Catalina. - Proper support for multiple hardware tokens. Keychain-PKCS11 now puts each hardware token in a different PKCS#11 slot like other PKCS#11 libraries.
- Better support for token insertion/removal events. Keychain-PKCS11 now uses the TKToken watcher interface to receive token insertion and removal events, so tokens should be made available to the applications immediately upon insertion.
- Expanded crypto support. Keychain-PKCS11 now supports the OAEP and PSS mechanisms in addition to the basic PKCS#1 RSA v1.5 mechanism.
- Keychain-PKCS11 now supports multipart signing and signature verification (
C_SignUpdate&C_VerifyUpdate).
A caution for Catalina users: IF the application you are using with Keychain-PKCS11 is running under the hardened runtime environment, it must have the com.apple.security.smartcard entitlement to access smartcard tokens. Most popular applications (such as Firefox) already do this.
Feedback is always welcome. Please contact the author at kenh@cmf.nrl.navy.mil
First public release
Greetings! This is the first public release of Keychain-PKCS11. It is not perfect, but I believe it is functional. We have a number of users locally and they have not reported problems, so I feel comfortable deploying this to a wider audience.
We have specifically tested this library with Firefox, MIT Kerberos, and various versions of Adobe Acrobat. Some preliminary testing has been done with Thunderbird but nothing extensive yet.
Please send any feedback to the author at kenh@cmf.nrl.navy.mil