ActivClient 9.5 Release Notes
This page provides the latest information about the ActivClient.
What's New in ActivClient 9.5
Key Features and Enhancements
Modernized User Interface
A redesigned, intuitive user interface that offers smoother navigation and a more user-friendly experience.
Token Support
-
Full read and write support for:
-
Crescendo 4000 Cards
-
Crescendo Key V3 (4000 Series)
-
Enhanced Encryption Support:
-
Support for RSA Rivest–Shamir–Adleman cryptographic algorithm. 4096 and ECC Eliptic curve cryptography. A cryptography approach for public key encryption using the mathematics of elliptic curves Allows smaller keys to provide equivalent security, compared to other cryptosystems such as RSA. cryptography (P-256 and P-384) is now available for:
-
Crescendo 4000 Card
-
Crescendo Key V3 (4000 Series)
-
General Improvements and Fixes
-
Improved detection of token content changes reduces the need to manually reset persistent cache.
-
Overall performance and reliability improvements.
Known Limitations
To provide the best possible experience, ActivClient 9.5 delivers the most relevant and commonly used features in a streamlined package.
Some advanced or legacy functionalities from earlier versions are not yet included. These will be gradually reintroduced in future releases based on customer feedback and priorities.
Before upgrading, make sure to review the sections below.
For a complete overview of currently supported features, refer to the relevant sections of this documentation.
Features Not Yet Supported
The following features are not yet supported, compared to ActivClient 8.4:
-
BSI API
-
PIV API
-
Write support for Crescendo 2300 Card and Crescendo Key V1
-
GSC-IS card edge
-
Outlook enhancements
-
CMS Auto-Update
Other Current Limitations
-
Some notifications are not yet implemented
-
Some configuration and customization options are not yet available
What Was New in ActivClient 8.4
This version provides the following improvements with respect to the previous version:
- Support for Windows Server 2025
- Support for YubiKey 5.7
-
Support for PIV-compatible devices missing a Card Capability Container (CCC), e.g. YubiKey tokens personalized with Yubico Manager
- Improved compatibility with cards with invalid VCI configuration (Case #00008346)
- Automatically install root code signing CA certificate (Case #03652656)
- Fix issuance of ECC Card Authentication Keys (CAK) on Crescendo 2300 FIPS cards
What Was New in ActivClient 8.3
-
Support for Thales IDCore 3230 with applet 2.7.8, supporting VCI (Virtual Contact Interface) and RSA 3072-bit keys.
-
Support for RSA 3072 certificates for authentication, digital signature, and encryption/decryption in all relevant components: Minidriver, PKCS#11, ActivClient Console, PIV API, GSC-IS API.
What Was New in ActivID ActivClient 8.2
Bug Fixes in ActivClient 8.2.1
-
Fixed PIV API call (pivCrypt method) (Case #00008535)
-
Fixed PIN caching issue causing problems with authentication (Cases #00008518, #00008645)
-
Fixed card profile loading on some older cards — Crescendo C11xx, Cyberflex Access 64K V2c (Cases #03473835, #00007969, #03494662)
-
Installer — Fixed PIN handling for 32-bit applications (Case #00008778)
-
Installer — Fixed Calais registry script invalid format handling
-
Installer — Fixed localization issue with Users group resolving
Bug Fixes in ActivClient 8.2
-
Thales IDCore 3230 support - PIVEP mode failed to send signed email
-
Installation - Install ActivClient path under system env variables (#00007842)
-
Installation - Change in internal PowerShell script signing (#00008124)
Details: In order to sign the inner PowerShell scripts, we are now signing directly using the Advanced Installer in-built signing feature.
-
Improved compatibility with some Crescendo Cards
What Was New in ActivID ActivClient 8.1
New Features and Bug Fixes in ActivClient 8.1.0
-
Pass credentials for RDP connections
-
Support for Thales IDCore 3230 including VCI (Virtual Contact Interface)
-
Do not store public key if ActivClient also stores certificate (Case #03228411)
-
Fix unlock of cards with custom XAuth profile (Case #03291662)
-
Fix structure of GPO policy file HIDGlobal.ActivClient.admx
-
Do not auto-initialize empty cards in AC minidriver
-
Advanced Diagnostics reader driver not shown
ActivClient 8.1.0 MSI Installer Improvements
-
Mozilla Thunderbird PKCS#11 configuration feature removed
-
Software Auto Update feature removed
-
The GPO list provided by the SettingsManagement feature has been updated to remove policies that are no longer relevant.
-
Azure multi-session OS support: when installed in a multi-session by one user, ActivClient is immediately accessible to everyone. For example, upon installation, the smart card agent is started automatically in each user session. This is carried out by the task scheduler. Similarly, uninstalling removes the software for all users and leaves the machine clean (without a need to reboot).
-
Upgrade by direct install of the new version should by fully functional. No reboot needed neither before nor after, and no need to uninstall ActivClient beforehand.
-
During interactive upgrade/uninstall, warnings about resources being used will no longer be displayed. Also no reboot warnings should be visible.
Note: During interactive upgrade, this change will become visible only later, when upgrading from 8.1.0 (because this behavior is also caused by the version from which you are upgrading). -
In case of interactive install, in the Setup type dialog box, the Next button is enabled with the predefined Typical install action.
ActivClient 8.1.0 MSI Installer Bug Fixes
-
In some cases, the minidriver install step was failing due to the minidriver signing certificate not being imported to the certificate store successfully. Fix modifying relevant custom action PowerShell script.
-
•In rare cases, the minidriver Calais registry was not properly distributed/cleared due to a minor error in a PowerShell script.
-
TransactionTimeoutMilliseconds registry entry moved to correct registry key, in other words, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider.
-
When version 7.4.3 was installed, all ActivClient DLL files and binaries were installed as shared components. This was occasionally resulting in ActivClient not being completely removed upon uninstall/upgrade. This happened when the shared DLL registry entries got corrupted.
Since version 8.0.0, ActivClient no longer register components as shared. In addition, version 8.1.0 implements a check and automatically fixes the corrupt state. -
An inconvenient PowerShell API was used to write a larger amount of a registry value, which prolonged the installation by more than-20 seconds. This bottleneck was entirely removed, thus significantly speeding up installation.
-
The UAC prompt during the ActivClient install now displays the correct MSI name.
-
Minor bugs related to upgrading from 8.0.0 to 8.1.0 were fixed.
Bug Fixes in ActivClient 8.1.1
-
Fixing the corner case in installation script when Calais registry was in unexpected state (Case #03358358)
-
Fixing the corner case incompatibility issue in installer scripts execution policies
What Was New in ActivClient 8.0
-
Added support for the Virtual Contact Interface (VCI), a NIST security requirement to allow the non-card management operations to be carried out over contactless interface in a highly secure manner.
-
ActivClient 8.0.0 is a major release, featuring streamlined installation, enhanced compatibility, improved performance, and advanced security. ActivClient strongly recommends that customers refer to the documentation during the upgrade and installation process to fully leverage these enhancements while ensuring a smooth transition.
What Was New in ActivClient 7.4.3
-
Support for new HID Global Crescendo Devices
ActivClient 7.4.3 now supports Crescendo 3000 Card and Crescendo Key V2 USB token.
What Was New in ActivClient 7.4.1
-
Enhancement: Support for Enterprise Crescendo profiles
ActivClient now supports Enterprise Crescendo device profiles available with "HID Credential Management System 5.8 (coming end of August 2022)", the new profiles are compatible with Crescendo 2300 Cards and Crescendo Key and offer more flexibility.
-
ActivClient won’t install due to a revoked certificate
To fix installation issues due to the revoked code signing certificate used with ActivClient 7.4, a new base release 7.4.1 is created to support customers installation of ActivClient. This version supports upgrades from ActivClient 7.1 till ActivClient 7.4 to ActivClient 7.4.1.
-
TransactionTimeoutMilliseconds in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais is set to 5000ms to give the maximum allowed time for each individual Smartcard API call to execute without any timeout.