ActivID ActivClient 8.3 Release Notes
This page provides the latest information about the ActivID ActivClient.
What's New in ActivClient 8.3
This version provides the following improvements with respect to the previous version:
-
Support for Thales IDCore 3230 with applet 2.7.8, supporting VCI (Virtual Contact Interface) and RSA 3072 bit keys.
-
Support for RSA 3072 certificates for authentication, digital signature, and encryption/decryption in all relevant components: Minidriver, PKCS#11, User Console, PIV API, GSC-IS API.
Bug Fixes in ActivClient 8.2.1
-
Fixed PIV API call (pivCrypt method) (Case #00008535)
-
Fixed PIN caching issue causing problems with authentication (Cases #00008518, #00008645)
-
Fixed card profile loading on some older cards — Crescendo C11xx, Cyberflex Access 64K V2c (Cases #03473835, #00007969, #03494662)
-
Installer — Fixed PIN handling for 32-bit applications (Case #00008778)
-
Installer — Fixed Calais registry script invalid format handling
-
Installer — Fixed localization issue with Users group resolving
Bug Fixes in ActivClient 8.2
-
Thales IDCore 3230 support - PIVEP mode failed to send signed email
-
Installation - Install ActivClient path under system env variables (#00007842)
-
Installation - Change in internal PowerShell script signing (#00008124)
Details: In order to sign the inner PowerShell scripts, we are now signing directly using the Advanced Installer in-built signing feature.
-
Improved compatibility with some Crescendo cards
New Features and Bug Fixes in ActivClient 8.1.0
-
Pass credentials for RDP connections
-
Support for Thales IDCore 3230 including VCI (Virtual Contact Interface)
-
Do not store public key if ActivClient also stores certificate (Case #03228411)
-
Fix unlock of cards with custom XAuth profile (Case #03291662)
-
Fix structure of GPO policy file HIDGlobal.ActivClient.admx
-
Do not auto-initialize empty cards in AC minidriver
-
Advanced Diagnostics reader driver not shown
ActivClient 8.1.0 MSI Installer Improvements
-
Mozilla Thunderbird PKCS#11 configuration feature removed
-
Software Auto Update feature removed
-
The GPO list provided by the SettingsManagement feature has been updated to remove policies that are no longer relevant.
-
Azure multi-session OS support: when installed in a multi-session by one user, ActivClient is immediately accessible to everyone. For example, upon installation, the smart card agent is started automatically in each user session. This is carried out by the task scheduler. Similarly, uninstalling removes the software for all users and leaves the machine clean (without a need to reboot).
-
Upgrade by direct install of the new version should by fully functional. No reboot needed neither before nor after, and no need to uninstall ActivClient beforehand.
-
During interactive upgrade/uninstall, warnings about resources being used will no longer be displayed. Also no reboot warnings should be visible.
Note: During interactive upgrade, this change will become visible only later, when upgrading from 8.1.0 (because this behavior is also caused by the version from which you are upgrading). -
In case of interactive install, in the Setup type dialog box, the Next button is enabled with the predefined Typical install action.
ActivClient 8.1.0 MSI Installer Bug Fixes
-
In some cases, the minidriver install step was failing due to the minidriver signing certificate not being imported to the certificate store successfully. Fix modifying relevant custom action PowerShell script.
-
•In rare cases, the minidriver Calais registry was not properly distributed/cleared due to a minor error in a PowerShell script.
-
TransactionTimeoutMilliseconds registry entry moved to correct registry key, in other words, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider.
-
When version 7.4.3 was installed, all ActivClient DLL files and binaries were installed as shared components. This was occasionally resulting in ActivClient not being completely removed upon uninstall/upgrade. This happened when the shared DLL registry entries got corrupted.
Since version 8.0.0, ActivClient no longer register components as shared. In addition, version 8.1.0 implements a check and automatically fixes the corrupt state. -
An inconvenient PowerShell API was used to write a larger amount of a registry value, which prolonged the installation by more than-20 seconds. This bottleneck was entirely removed, thus significantly speeding up installation.
-
The UAC prompt during the ActivClient install now displays the correct MSI name.
-
Minor bugs related to upgrading from 8.0.0 to 8.1.0 were fixed.
Bug Fixes in ActivClient 8.1.1
-
Fixing the corner case in installation script when Calais registry was in unexpected state (Case #03358358)
-
Fixing the corner case incompatibility issue in installer scripts execution policies
-
Added support for the Virtual Contact Interface (VCI), a NIST security requirement to allow the non-card management operations to be carried out over contactless interface in a highly secure manner.
-
ActivClient 8.0.0 is a major release, featuring streamlined installation, enhanced compatibility, improved performance, and advanced security. ActivClient strongly recommends that customers refer to the documentation during the upgrade and installation process to fully leverage these enhancements while ensuring a smooth transition.
-
Support for new HID Global Crescendo Devices
ActivID ActivClient 7.4.3 now supports Crescendo 3000 Card and Crescendo Key V2 USB token.
-
Enhancement: Support for Enterprise Crescendo profiles
ActivID ActivClient now supports Enterprise Crescendo device profiles available with "ActivID Credential Management System 5.8 (coming end of August 2022)", the new profiles are compatible with Crescendo 2300 Cards and Crescendo Key and offer more flexibility.
-
ActivClient won’t install due to a revoked certificate
To fix installation issues due to the revoked code signing certificate used with ActivClient 7.4, a new base release 7.4.1 is created to support customers installation of ActivClient. This version supports upgrades from ActivClient 7.1 till ActivClient 7.4 to ActivClient 7.4.1.
-
TransactionTimeoutMilliseconds in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais is set to 5000ms to give the maximum allowed time for each individual Smartcard API call to execute without any timeout.
Limitations and Known Issues
This section describes issues known by HID Global as of the release date, but which have not been addressed in the current product version. When possible, fixes and workarounds are suggested. This section also describes known limitations of this release.
Following features are temporarily unavailable or limited in ActivClient 8.3 and will be restored in later versions:
-
Windows logon with VCI-enabled cards that require Pairing Code is not possible when using Windows 10 version 22H2 and subsequent releases – normal use is unaffected and available