[ssh_x509] SecureBox Pro 3.0.5

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Feb 12 13:20:15 EET 2022


Version 3.0.5 published yesterday 2022-02-11 includes following fixes:
- PKCS#8 export for Ed25519 keys.
- Preserve the legacy storage model (Android 10).
- Improve cross-compatibility between Android versions.

For protocol changes from previous versions:
Version 3.0.4 - 17 Jan 2022:
- Always manage "delete" widget visibility on identity card when allowed.
- Extract certificate subjects during import as well.
- Limit request for WRITE_EXTERNAL_STORAGE permission to API Level 29 as is not used on Android 11 (API Level 30).
- Request permission DUMP needed by dumpsys command.
- Packaged with ldns 1.8.1, openssl 1.1.1m and EmulatorView 1.6.2.
- Modernised compatibility - build with appcompat 1.4.1.

Version 3.0.3 - 12 Dec 2021:
- Enhance client "Expert" configuration with more options like PubkeyAlgorithms, NumberOfPasswordPrompts, EscapeChar and etc.
- Use label EC instead ECDSA for respective identities.
- Key source icon for Android 4* (regression from 2.9.1).
- Add .pub or .pem suffix to export identity name.
- Packaged with EmulatorView 1.6.1.

Access to "external storage" (sdcard) is changed in Android 10 and 11. There is some compatibility options addressed in release 3.0.1 and compatibility functionality is finalized in 3.0.5. Last change address upgrades of Android application.
Unfortunately as mentioned in previous announce (3.0.2) application cannot get "all files access permission" - primary functionality is not file management.

Forgotten PKCS#8 export for Ed25519 keys is resolved. Functionality is available since PKIX-SSH 13.0 if build is OpenSSL 1.1.1.

Suffixes of exported keys are not required as SecureBox Pro manages "mime-type". Unfortunately some low end programs does not use "file magic" to check file type. On those system, like Microsoft Windows, file suffix (extension) is more usable and user-friendly.

SecureBox Pro will use EC instead ECDSA on screens. Type ecdsa used in secure shell utilities will be managed internally. Also EC is more suitable for keys managed by "Android key store".
Hopefully next major release finally will include support for keys managed on device level in addition to current stored as files. For instance use of identity (key) could be confirmed by fingerprint, aka user presence. Note functionality depend from device capability.

Roumen Petrov

More information about the ssh_x509 mailing list