Chilkat v9.5.0.99 Release Notes Ssh, SFtp, SshTunnel: Added the SetAllowedAlgorithms method. This allows an application to explicitly set the set of allowed connection algorithms (cipher, mac, key exchange, etc.). Note: It’s best to NOT explicitly set the algorithms. Chilkat already prioritizes algorithms according to security and other factors. By explicitly setting algorithms, you may be creating a vulnerability (such as w/ the SSH Terrapin attack), or you might create a situation where the client and server cannot establish a connection because no mutually supported algorithms are possible. Jwt: Added the CreateJwtCert method to allow for a JWT to be created using a certificate’s private key. This is especially needed if the certificate and private key reside on a smartcard or USB token, because it’s not possible to directly access the private key material, and thus the private key is indirectly accessed via the certificate (assuming the Chilkat Cert object was loaded by calling Cert.LoadFromSmartcard). Android: Updated the Chilkat Android builds to support 16K page sizes, as per Android Support 16 KB page sizes Charset: The Charset.ConvertFile method did not correctly recognize the “no-bom” if converting to “no-bom-utf8” (which is the utf-8 encoding without the utf-8 preamble consisting of the 3-bytes EF BB BF). In other words, Chilkat was adding the EF BB BF preamble when it should not. Perl/Alpine Linux: Now supporting more Perl builds across Alpine Linux architectures: x86_64, x86, armv7l, arm64. MacOS C++ Libs: Fixed the library ID within the libchilkat.dylib to be the Unified version rather than an architecture specific version. CkPython/Alpine arm64: Added Alpine Linux arm64 builds for CkPython. PDF: Fixed Pdf.AddEmbeddedFiles to maintain A-3 compliance (if the PDF was already A-3 compliant). Compress: Added the CompressEncryptFile and DecryptDecompressFile methods to make it easy to both compress and encrypt files, and to do the reverse. This is especially important when working with extremely large files that won’t fit in memory. Common: Added “Base45” to the set of binary encodings supported by Chilkat. “base45” can now be used in any Chilkat function or property where a binary encoding such as “base64”, “hex”, “base58”, etc., can be used. AWS S3: For multipart uploads, Chilkat will no longer compute the SHA256 hash and will instead use “UNSIGNED-PAYLOAD” for the x-amz-content-sha256. In addition, Chilkat will automatically compute and add the Content-MD5 header for the data of each part. This is what AWS expects for multi-part uploads. AWS S3: Chilkat did not compute the V4 signature for authentication when a prefix included non-us-ascii chars. TLS: Client-initiated TLS renegotiation is generally considered a vulnerability, and Chilkat does not allow it by default. If an application really needs to enable client-initiated renegotation (which is an extension in the TLS ClientHello, sent internally by Chilkat), then you can add the keyword “AllowClientInitReneg” to the UncommonOptions property for any Chilkat function that makes a TLS connection. SSH: In some cases, Chilkat failed to establish connections trying to use aes-gcm. This was fixed. (It was not common.) smart cards: Added to Chilkat’s internal list of recognized smartcard ATR’s to also recognize Giesecke & Devrient Sm@rtCafe 7.0 CC. Pkcs11: The Discover method can take a long time for some smartcards and tokens. Chilkat added two UncommonOptions keywords to limit the amount of querying for each discovered token. The keyword “Pkcs11DiscoverSkipTokenInfo” causes Discover to get only slot info (token info and mechanisms are skipped). The “Pkcs11DiscoverSkipMechanisms” causes only mechanisms to be skipped. Pkcs11: Internally, Chilkat increased the max number for FindObjects from 512 to 8192. SFtp: The AuthFailReason was not getting set when authentication failed. This is fixed. Crypt2: Fixed: The AesKeyUnwrap method was not unpadding the result. This cause the returned value to include the 8-byte padding. General: Chilkat’s internal ASN.1 decoder needed an update to correctly handle 0-length ASN.1 bit strings (which is something not normally encountered). MacOS: Chilkat is now digitally signing .dylib’s and .so’s for the MacOS operating system. SSH, SFtp, SshTunnel: The default client identifier for SSH connections is changed to “SSH-2.0-Chilkat_{version}, where {version} is a string such as “9.5.0.99”. DKIM: Fixed problem when duplicate header fields are specified in the list of “h” header fields. AuthGoogle: Added the AddClaims method. Ecc: Added support for the secp160r1 curve>/li> C++ Builder: Added the classic 64-bit .lib build for C++ Builder. DNS: Fixed a problem where Chilkat was not using the secondary DNS server if the primary DNS server failed. CkString: Fixed a crash problem when appending hex encoded bytes to be interpreted as “gsm”.