|
| 1 | +## Version 2.0.0.0 (11-09-2025) |
| 2 | + |
| 3 | +### 🆕 New Features |
| 4 | +- Added certificate monitoring functionality with new `CertificateMonitor` class and `CertificateStatus` Form |
| 5 | +- Introduced comprehensive timestamp server management system |
| 6 | + - New `TimestampServerEditForm` for adding and editing individual timestamp servers |
| 7 | + - New `TimestampServerManagementForm` for centralized server configuration management |
| 8 | + - Added `TimestampServer` and `TimestampManager` classes for server handling and orchestration |
| 9 | + - Dynamic interface adaptation: "Timestamp Servers" for PFX/Certificate Store and "Endpoints" for Trusted Signing |
| 10 | +- Built-in timestamp server availability testing and health monitoring |
| 11 | +- Support for server prioritization, enabling/disabling, and timeout configuration |
| 12 | +- Added certificate type persistence - application now remembers your preferred signing method (Windows Certificate Store, PFX Certificate, or Trusted Signing) |
| 13 | + |
| 14 | +### 🎨 User Interface Enhancements |
| 15 | +- Enhanced MainForm UI with new menu options for certificate monitoring and timestamp server management |
| 16 | +- Introduced color-coded alerts for certificate expiry in both Windows Certificate Store and PFX scenarios |
| 17 | +- Improved certificate information display with better visual feedback |
| 18 | +- Added intuitive forms for managing timestamp server configurations |
| 19 | +- Context-aware UI labels that change based on signing type (Trusted Signing vs. traditional methods) |
| 20 | +- Added search functionality for certificates (Windows Certificate Store) for name, thumbprint and issuer in the list |
| 21 | + |
| 22 | +### 🔒 Security Improvements |
| 23 | +- **Major Security Enhancement**: Completely redesigned password encryption system |
| 24 | + - Replaced hardcoded encryption keys with machine-specific key derivation |
| 25 | + - Upgraded from basic encryption to AES-256 with PBKDF2 key derivation (100,000 iterations) |
| 26 | + - Implemented automatic migration from old encryption format to new secure method |
| 27 | + - Added machine-specific entropy sources (hardware identifiers, system properties) |
| 28 | + - Passwords encrypted on one machine cannot be decrypted on another (intentional security feature) |
| 29 | +- Enhanced certificate validation and password security handling |
| 30 | + |
| 31 | +### 🏗️ Architecture Improvements |
| 32 | +- Refactored signing classes (`SignerPfx`, `SignerThumbprint`, `SignerTrustedSigning`) to inherit from new `SignerBase` abstract class |
| 33 | +- Centralized common signing logic, reducing code redundancy and improving maintainability |
| 34 | +- Added new `SecurePasswordManager` class for robust password encryption/decryption |
| 35 | +- Enhanced certificate validation and monitoring capabilities |
| 36 | +- Improved error handling and validation for certificate paths and passwords |
| 37 | +- Better separation of concerns with dedicated security and configuration management classes |
| 38 | + |
| 39 | +### ⚡ Performance & Reliability |
| 40 | +- Implemented asynchronous operations for better application responsiveness |
| 41 | +- Enhanced logging system for improved troubleshooting and debugging |
| 42 | +- Added automatic failover to backup timestamp servers when primary servers are unavailable |
| 43 | +- Improved stability when handling certificate operations and network-related timestamp failures |
| 44 | +- Better configuration persistence and loading mechanisms |
| 45 | + |
| 46 | +### 🐛 Bug Fixes |
| 47 | +- Better error recovery for network-related timestamp failures |
| 48 | +- Enhanced validation for certificate operations |
| 49 | +- Improved stability in certificate monitoring scenarios |
| 50 | +- Fixed configuration loading order to prevent UI overrides |
| 51 | +- Better handling of corrupted or incompatible password data |
| 52 | + |
| 53 | +### 🔧 Technical Details |
| 54 | +- Enhanced compatibility with .NET Framework 4.8 |
| 55 | +- Improved machine-specific key generation using multiple entropy sources |
| 56 | +- Added comprehensive error handling and logging for security operations |
| 57 | +- Backward compatibility maintained through automatic password migration system |
| 58 | +- Changed configuration file name to `Config.ini` for clarity (previously `Data.ini`) |
| 59 | + |
| 60 | +Think I have it all now, but can be I forgot something - a lot of work went into this release, so please test it thoroughly and report any issues you find 😉 |
| 61 | + |
| 62 | +--- |
| 63 | + |
| 64 | +*This release represents a major milestone in security and usability, significantly enhancing the reliability, user experience, and enterprise-readiness of the SignTool GUI. The new security architecture ensures that sensitive certificate passwords are protected with industry-standard encryption while maintaining seamless user experience through automatic migration and intelligent configuration management.* |
| 65 | + |
| 66 | +--- |
| 67 | + |
1 | 68 | ## Version 1.4.0.0 (17-03-2025): |
2 | 69 |
|
3 | 70 | - Updated Trusted Signing from v0.1.103.0 to the latest v0.1.108.0 |
|
0 commit comments