AWS CloudHSM Improvements

New flexibility of the P11NG crypto token now allows P11NG to be used with SignServer for integration with AWS CloudHSM. A new setting on a worker or the crypto token can control if a certificate object is generated when a key pair is generated. When used for integration with AWS CloudHSM, the worker or crypto token must be configured not to generate certificates. A similar option is also available in the p11-ng tool (using the nocertificateobject command).

Further improvements to the Android (APK) signers have been made in this release making the APK signers work fully without certificates in the token and thus function with AWS CloudHSM.

Issues Resolved in 5.9.1

Released May 2022

New Features

DSS-2380 - Make key generation work with P11NG Tool with AWS CloudHSM

DSS-2381 - Support key entries without certificate with P11NG

Improvements

DSS-2369 - AdESSignerUnitTest fails in the build job

DSS-2451 - Add files that should not be tracked to .gitignore

DSS-2456 - Fix failing webtests

DSS-2457 - Do not fail parsing of PDF documents with negative indirect references

DSS-2459 - Upgrade BC to 1.71

DSS-2462 - Support for include certificate levels in APKHashSigner

DSS-2465 - Support in APK signers for certificate in config instead of import it into the token not only for other signers

DSS-2466 - Upgrade to OpenPDF 1.3.28

Bug Fixes

DSS-2453 - Keywrapping is not working with PostgreSQL

DSS-2463 - Regression: P11NG tool not included in P11NG CLI dist

DSS-2467 - Fail to verify the MSIX file signed with SignServer