Rebex Security

XTS-AES and other handy security classes for .NET

Download 30-day free trial Buy from $99
More .NET libraries

Release notes for Rebex Security for .NET

Released
November122024

7.0.9083 #

(build 9083 from 2024-11-12)

Support for .NET 9!

This release adds a new set of binaries targeting .NET 9. It supports all .NET 9 platforms:

  • Windows (x64, x86, ARM64)
  • Linux (x64, ARM32, ARM64)
  • Android (x64, ARM32, ARM64)
  • macOS (ARM64, x64)
  • iOS/iPadOS/tvOS (ARM64)

R6.17 available as well

For customers who have not yet upgraded to version 7 of Rebex libraries, we published the R6.17 update with important fixes and enhancements. Version R6.x will be supported until November 2025.

Detailed list of changes:

  • All: Added binaries targeting ,NET 9 on all supported platforms.
  • Cryptography: Added workaround for EnvelopedData with unpadded RSA EncryptedKey.
  • Cryptography: Added workaround for parsing CMS ASN.1 with redundant zeros at the end.
  • Cryptography: Fixed common name validation logic in NativeCertificateEngine and EnhancedCertificateEngine when used stand-alone by custom code.
Released
October082024

7.0.9048 #

(build 9048 from 2024-10-08)

Maintenance release

This is a maintenance release with fixes and enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added ValidationOptions.​DisableCertificateDownloads option (only supported on .NET 5 and higher).
  • Cryptography: Fixed detection of support for ECDH with brainpool curves on iOS.
  • Cryptography: Fixed padding issues in AsymmetricKeyAlgorithm.​GetKeyMaterialDeriver (did not affect Rebex libraries).
  • Cryptography: Fixed wrong RSA public key format when saving private keys in new OpenSSH format.
  • Cryptography: Improved handling of wrong (negative) serial numbers in X.509 certificates.
Released
June252024

7.0.8943 #

(build 8943 from 2024-06-25)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

R6.16 available as well

For customers who have not yet upgraded to version 7 of Rebex libraries, we published the R6.16 update with important fixes and enhancements. Version R6.x will be supported until November 2025.

Detailed list of changes:

  • Cryptography: Added support for issuing certificates signed with Ed25519.
  • Cryptography: Fixed calculation of subject key identifier in certificate issuer API.
  • Cryptography: Fixed rare wrong final calculation of Poly1305 hash when temporary storage for remaining data is bigger than input block size.
  • Cryptography: Using AES/GCM instead of AES/CBC for new OpenSSH key format encryption.
Released
April082024

7.0.8865 #

(build 8865 from 2024-04-08)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added support for loading private keys in new OpenSSH key format encrypted using AES/GCM or ChaCha20/Poly1305.
Released
February192024

7.0.8816 #

(build 8816 from 2024-02-19)

CMS (PKCS #8) enhancements

This release brings several improvements in the low-level PKCS #8 APIs.

R6.15 available as well

For customers who have not yet upgraded to version 7 of Rebex libraries, we published the R6.15 update with important fixes and enhancements. Version R6.x will be supported until November 2025.

Detailed list of changes:

  • Cryptography: Added low-level API for loading/saving PrivateKeyInfo with byte[] passwords.
  • Cryptography: Added ObjectIdentifier.Encode method.
  • Cryptography: Added support for loading PKCS #8 private keys with legacy RC4 algorithm.
  • Cryptography: Added UseDer property to SignedData and EnvelopedData classes.
  • Cryptography: PrivateKeyInfo.Save now uses SHA-2 instead of SHA-1 in PKCS #8 format with PBKDF2 derivation.
  • Cryptography: Reduced memory footprint of CNG API interop layer.
Released
December202023

7.0.8755 #

(build 8755 from 2023-12-20)

Improved Native AOT compatibility

This update improves compatibility with .NET 8's Native AOT deployment model, which makes it possible to compile applications to native code ahead-of-time (AOT). Most common features should already work in Native AOT mode.

Detailed list of changes:

  • All: Improved compatibility with Native AOT in .NET 8.
  • Common: Optimized memory usage of miscellaneous methods.
Released
November152023

7.0.8720 #

(build 8720 from 2023-11-15)

Support for .NET 8!

This release adds a new set of binaries targeting .NET 8. It supports all .NET 8 platforms:

  • Windows (x64, x86, ARM64)
  • Linux (x64, ARM32, ARM64)
  • macOS (x64)
  • Android
  • iOS/tvOS

Detailed list of changes:

  • All: Added a new set of binaries targeting .NET 8.0.
  • Cryptography: Fixed behavior of certificate issuer API when no CRLs have been specified.
Released
June292023

7.0.8581 #

(build 8581 from 2023-06-29)

First 7.0.* release!

This is the first release of 7.0.* series. It no longer uses the 'Rx.y' naming scheme, which was somewhat confusing.

The R6.x series will be supported until November 2025 and will receive fixes and security updates.

Support for Argon2, Blake2b and HKDF

Rebex Security supports several new algorithms:

  • Argon2 class implements the Argon2 memory-hard password hash algorithm (RFC 9106).
  • Blake2b, Blake2b256, Blake2b384 and Blake2b512 classes implement BLAKE2 cryptographic hash and MAC algorithm (RFC 7693).
  • HKDF class implements HMAC-based Extract-and-Expand key derivation function (RFC 5869).

AesGcm and ChaChaPoly1305 moved to Rebex.Security

AesGcm and ChaChaPoly1305 classes were moved from Rebex.Common assembly to Rebex.Security.

Detailed list of changes:

  • Security: Added Argon2 class that implements the Argon2 memory-hard password hash algorithm.
  • Security: Added Blake2b, Blake2b256, Blake2b384 and Blake2b512 classes that implement the BLAKE2 cryptographic hash and MAC algorithm.
  • Security: Added Rebex.Security.Cryptography.HKDF class.
  • Cryptography: Added API for CRL distribution endpoints with multiple CRL entries.
  • Cryptography: Added Certificate.Bind methods.
  • Cryptography: Added CertificateStoreName.WebHosting enum value.
  • Cryptography: Added CertificateStoreOpenFlags and corresponding CertificateStore constructors.
  • Cryptography: AesGcm and ChaChaPoly1305 classes moved from Rebex.Common assembly to Rebex.Security.
  • Cryptography: Certificate.Extensions collection is now read-only.
  • Cryptography: Deprecated EncryptValue/DecryptValue methods in RSAManaged class.
  • Cryptography: Fixed visibility of CertificateException legacy serialization constructor.
  • Cryptography: Improved loading of Y-less legacy DSA keys in FIPS-only mode on .NET 6/7 in Windows.
  • Common: Optimized internal Task.Run methods on old platforms.
  • Common: Optimized internal WhenAll/WhenAny Task combinators on old platforms.
Released
June282023

R6.14 #

(version 6.0.8580 from 2023-06-28)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

What next for R6.x?

Version R6.x of Rebex libraries will be supported until November 2025 and will receive fixes and security updates. See R6.x release history for more information.

Detailed list of changes:

  • All: Fixed problems in finalizer logic.
  • Cryptography: Fixed support for ECDSA private key formats with optional public key.
Released
June062023

R6.13 #

(version 6.0.8558 from 2023-06-06)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Fixed lifecycle of AsymmetricKeyAlgorithm based on RSA CSP.
  • Cryptography: Improved support for SignatureHashAlgorithm.MD5SHA1 in .NET 5 and higher in FIPS-only mode.
Released
April182023

R6.12 #

(version 6.0.8509 from 2023-04-18)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Common: Fixed rare race condition in scheduled action infrastructure.
Released
January312023

R6.11 #

(version 6.0.8432 from 2023-01-31)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Fixed CRL retrieval for certificate with multiple CRL distribution endpoints.
  • Common: Fixed potential premature release of an unmanaged buffer in SSPI interop code.
  • Common: Improved compatibility with Windows 2000.
Released
December022022

R6.10 #

(version 6.0.8372 from 2022-12-02)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

  • Cryptography: Added workaround for broken X25519 implementation in early versions of Windows 10 (version 1507 and 1511).
  • Common: Fixed Windows Extended Protection in 64-bit Windows applications.
Released
November082022

R6.9 #

(version 6.0.8348 from 2022-11-08)

Support for .NET 7!

This release adds a new set of binaries targeting .NET 7. It supports all .NET 7 platforms:

  • Windows (x64, x86, ARM64)
  • Linux (x64, ARM32, ARM64)
  • macOS (x64)
  • Android
  • iOS/tvOS

Detailed list of changes:

  • All: Added a new set of binaries targeting .NET 7.
  • Cryptography: Fixed SHA-2 support on pre-SP3 versions of Windows XP.
Released
October252022

R6.8 #

(version 6.0.8334 from 2022-10-25)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added SSE2 implementation of ChaCha20 for .NET 5.0 or higher.
Released
October052022

R6.7 #

(version 6.0.8314 from 2022-10-05)

Fixed code signing (broken by DigiCert)

From September 14th to September 22nd, 2022, DigiCert's timestamping authority mistakenly issued a TSA certificate with a validity period of only one year. Unfortunately, this mistake means that code-signed Rebex assemblies from R6.6 release will no longer pass validation after February 28th, 2024.

Therefore, Rebex customers should upgrade from R6.6 as soon as possible to take advantage of the new TSA certificate's full 11-year validity period.

Detailed list of changes:

  • All: This release is properly code-signed again. TSA certificate validity was too short in R6.6 due to DigiCert's mistake.
  • Cryptography: Added Rebex.Common.Validator assembly.
Released
September162022

R6.6 #

(version 6.0.8295 from 2022-09-16)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added GetPrivateKeyAlgorithm/​GetPublicKeyAlgorithm methods to Certificate class.
Released
July152022

R6.5 #

(version 6.0.8232 from 2022-07-15)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Common: Improved internal asynchronous infrastructure for old platforms.
Released
May252022

R6.4 #

(version 6.0.8181 from 2022-05-25)

Support for .NET 6.0 on Android and iOS

Support for mobile platforms in .NET 6.0 has finally arrived, slightly masquaraded as .NET MAUI. Rebex libraries now support these new platforms as well.

Detailed list of changes:

  • All: Added support for .NET 6.0 on Android.
  • All: Added support for .NET 6.0 on iOS.
  • Cryptography: Added support for NTLM plugin for non-Windows platforms.
  • Cryptography: Added workaround for buggy RSACryptoServiceProvider in .NET 6.0 on Android.
  • Cryptography: Enhanced workarounds for slightly misbehaved certificate validator in .NET 6.0 on Android.
  • Cryptography: Fixed compatibility with ECDiffieHellman on .NET 7 Preview.
  • Cryptography: Fixed exporting of DSA keys on Windows XP SP3.
  • Cryptography: Optimized ChaCha20Poly1305 internals.
  • Cryptography: Optimized internal AEAD interfaces.
  • Cryptography: Working around RSA private key access issue in .NET 6.0 on Android.
  • Common: Improved inner exception rethrow logic on .NET Framework 3.5/4.0.
  • Common: Optimized internal data buffer methods.
Released
March282022

R6.3 #

(version 6.0.8123 from 2022-03-28)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Improved Poly1305 internals.
  • Cryptography: Slightly optimized encrypt/decrypt operations in symmetric branch of the CNG/BCrypt interop layer.
  • Cryptography: Small optimization in ARM (Advanced NEON SIMD) implementation of ChaCha20.
  • Common: Fixed rare premature finalization of a buffer in SSPI interop that might lead to an AccessViolationException.
  • Common: Improved internal asynchronous infrastructure.
Released
January242022

R6.2 #

(version 6.0.8060 from 2022-01-24)

Maintenance release

This is a maintenance release that resolves an issue in a shared library.

Detailed list of changes:

  • Cryptography: Fixed releasing of CNG handles in AES/GCM interop (issue only present in R6.1 on Windows).
Released
January082022

R6.1 #

(version 6.0.8044 from 2022-01-08)

Maintenance release

This is a maintenance release that brings several enhancements and resolves some issues.

Detailed list of changes:

  • All: Fixed compatibility of Rebex binaries for .NET Framework 4.0 with ASP.NET 4.5 or higher.
  • Cryptography: Caching of CNG algorithm provider handles.
  • Cryptography: Fixed Certificate.​GetSignatureHashAlgorithm() for certificates signed by Ed25519 authorities.
  • Cryptography: Fixed unmanaged resource leak in CertificateStore.
  • Cryptography: Optimized symmetric branch of Windows CNG (BCrypt) interop layer.
Released
November252021

R6.0 #

(version 6.0.8000 from 2021-11-25)

Support for .NET 6.0!

This release adds a new set of binaries targeting .NET 6.0. It supports all .NET 6.0 platforms:

  • Windows (x64, x86, ARM64)
  • Linux (x64, ARM32, ARM64)
  • macOS (x64)

Please note that support for Android and iOS/tvOS in .NET 6.0 is still in preview mode. We will fully support these platforms as soon as the corresponding .NET 6.0 update is published.

Support for Visual Studio 2022

All Rebex libraries are now fully supported in Microsoft Visual Studio 2022.

Detailed list of changes:

  • All: Added a new set of binaries targeting .NET 6.0.
  • All: Removed several obsolete and deprecated APIs.
  • All: Removed support for legacy ISerializable interface from binaries for .NET Standard.
Released
November242021

R5.7 #

(version 5.0.7999 from 2021-11-24)

Support for .NET 6.0 and Windows 11

Windows 11 is now a supported platform.

Rebex assemblies targeting .NET Standard 2.1 now support .NET 6.0.

Detailed list of changes:

  • All: Added support for .NET 6.0 on Windows, Linux and macOS.
  • All: Added support for Windows 11.
  • Cryptography: Added more values to X.509 RevocationReason enum.
  • Cryptography: Added support for private keys in PuTTY PPK3 format (uses Argon2 key derivation function).
  • Cryptography: Added workaround for Google's CRLs with non-constructed explicit ASN.1 nodes.
Released
October262021

R5.6 #

(version 5.0.7970 from 2021-10-26)

Support for .NET 6.0 RC2

Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 6.0 RC2 and are suitable to be used in production on Microsoft's latest .NET platform ahead of the official release.

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • All: Added support for .NET 6.0 RC2.
  • Cryptography: Fixed handling of RSAParameters without DP/DQ in AsymmetricKeyAlgorithm and PrivateKeyInfo.
  • Cryptography: Fixed loading of encrypted keys with empty passwords in new OpenSSH format.
  • Cryptography: Small optimization in AVX2 implementation of ChaCha20.
Released
August172021

R5.5 #

(version 5.0.7900 from 2021-08-17)

New binaries for .NET Core 3.1

We added a new set of binaries targeting .NET Core 3.1. We have already been supporting that platform since 2019 via .NET Standard 2.1. However, the new set of binaries utilizes .NET Core's hardware intrinsics API and features our fast ChaCha20/Poly1305 implementation that has been previously only available on .NET 5.0.

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Detailed list of changes:

  • All: Added 'netcoreapp3.1' binaries.
  • All: Fixed compatibility with UWP and .NET Native compiler.
Released
August052021

R5.4 #

(version 5.0.7888 from 2021-08-05)

Maintenance release

This release resolves several issues in the shared functionality.

Detailed list of changes:

  • Cryptography: Fixed Certificate.FriendlyName setter in .NET 5.0 on non-Windows platforms.
Released
June182021

R5.3 #

(version 5.0.7840 from 2021-06-18)

Fixed FIPS-mode detection in .NET 4.8

This release fixes an issue in FIPS-mode detection routine that was not working properly in applications targeting .NET Framework 4.8 due to a change in the framework's behavior. This only affects applications targeting .NET Framework 4.8. Applications targeting earlier framework versions do not suffer from this issue even when running on .NET Framework 4.8.

If your application targets .NET Framework 4.8 and is supposed to honor system-wide FIPS mode settings, either upgrade to this release, or set Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly to System.Security.Cryptography.CryptoConfig.AllowOnlyFipsAlgorithms in your application's startup code.

Detailed list of changes:

  • Cryptography: Added support for private keys using PBKDF2 with HMAC/SHA-2 (RFC 8018 / PKCS #5 v2.1).
  • Cryptography: Fixed detection of FIPS-only systems on .NET Framework 4.8.
  • Cryptography: Optimized creation of algorithm objects in CNG layer.
Released
May092021

R5.2 #

(version 5.0.7800 from 2021-05-09)

New ChaCha20Poly1305 class

This release features the new ChaCha20Poly1305 class that implements the 'combined mode' AEAD cipher consisting of ChaCha20 stream cipher and Poly1305 authenticator, as specified by RFC 7539.

Faster ChaCha20/Poly1305 on older platforms

We further improved performance of ChaCha20/Poly1305 in TLS and SSH on older platforms. It's not as fast as our .NET 5.0 implementation using AVX2 or Advanced NEON SIMD, but it's faster than ever before.

Detailed list of changes:

  • Cryptography: Added ChaCha20Poly1305 class that implements ChaCha20/Poly1305 with an API that resembles .NET's AesGcm class.
  • Cryptography: Added support for loading of ECDSA certificates from PFX/P12 files in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
  • Cryptography: Added support for saving to PFX/P12 files for certificates with temporarily associated private keys in .NET 5.0 and .NET Standard 2.1 on Linux and macOS.
  • Cryptography: AVX2 implementation of ChaCha20 releases old pre-generated keystream immediately after reinitialization.
  • Cryptography: Clearing output data in AesGcm class when authentication tag is invalid.
  • Cryptography: Fixed parsing of Cryptographic Message Syntax envelopes with unsupported OIDs.
  • Cryptography: Improved ChaCha20/Poly1305 performance on .NET 3.5-4.6 and .NET Standard 2.x.
  • Cryptography: Improved performance of AES/CTR ciphers (used in SSH).
  • Common: Improved error handling when raising events via synchronization context.
Released
March032021

R5.1 #

(version 5.0.7733 from 2021-03-03)

Simplified release naming

We decided to drop the year from our release naming scheme. Instead of '2020 R5.1', this release is called just 'R5.1', and the forthcoming releases will use the same 'R5.x' naming scheme until the next major upgrade.

Detailed list of changes:

  • All: Changed release naming scheme ('R5.1' instead of '2020 R5.1').
  • Cryptography: Added workaround to Certificate.LoadDer method to enable loading of certificates in PKCS #7 containers.
  • Cryptography: Enhanced implicit operator for conversion of Certificate->X509Certificate2 to retain private keys on non-Windows platforms as well.
  • Cryptography: Fixed Ed25519 PKCS #8 key structure (now compatible with OpenSSL).
  • Cryptography: Optimized memory usage in symmetric encryption transformations based on Windows CNG API.
  • Cryptography: Substantial speed-up of ChaCha20/Poly1305 (used in SSH and TLS). Utilizing AVX2 or Advanced NEON SIMD on .NET 5.0 (if available).
  • Common: Accelerated common byte array operations in .NET 5.0 on devices with AVX2 support.
Released
November102020

2020 R5 #

(version 5.0.7620 from 2020-11-10)

Support for .NET 5.0!

This release adds a new set of binaries targeting .NET 5.0. It supports all .NET 5.0 platforms:

  • Windows (x64, x86, ARM64)
  • Linux (x64, ARM32, ARM64)
  • macOS (x64)

Built-in Ed25519 support

We have already been supporting Ed25519 (EdDSA on edwards25519 curve) in AsymmetricKeyAlgorithm class for several years, but an external plugin was needed to make it work. That is no longer case, and Ed25519 works out-of-the-box.

New AES/GCM API

Our new Rebex.Security.Cryptography.AesGcm class resembles .NET 5.0's class of the same name, but it's available on all supported platforms including .NET Framework 3.5/4.0 and Mono 5/6.

Detailed list of changes:

  • All: Added support for .NET 5.0 on all platforms.
  • Cryptography: Added built-in support for Ed25519 algorithm.
  • Cryptography: Added Rebex.Security.Cryptography.AesGcm class (equivalent to .NET 5.0's AesGcm class, but available on all platforms including .NET Framework 3.5).
  • Cryptography: Added SetOtherNames/GetOtherNames methods to CertificateInfo class ('Other Name' support in SANs).
  • Cryptography: AsymmetricKeyAlgorithm.ImportKey method can initialize Ed25519 key from seed (in addition to private key).
  • Cryptography: AsymmetricKeyAlgorithm.Register method made thread-safe.
  • Cryptography: Deprecated CryptoHelper.ForceManagedAes property.
  • Cryptography: Enhanced compatibility with unsupported legacy versions of CryptoAPI.
  • Cryptography: Enhanced SignedData.Load(Stream) and EnvelopedData.Load(Stream) methods to support Base64-encoded format (PEM) as well.
  • Cryptography: Enhanced workaround for RSA CSPs with lack of SHA-2 support.
  • Common: Added SspiAuthentication.IsSupported method.
  • Common: Enhanced EncodingTools helper class to always provide Encodings with implemented HeaderName, EncodingName and BodyName properties.
Released
September302020

2020 R4 #

(version 5.0.7579 from 2020-09-30)

Fully tested on .NET 5.0 RC1

Rebex assemblies targeting .NET Standard 2.1 have been fully tested on .NET 5.0 RC1 and are suitable to be used in production on Microsoft's latest .NET platform.

Removed all BinaryFormatter usage

.NET's BinaryFormatter class is considered dangerous and should not be used for data processing. This applies to related types as well. This version no longer uses BinaryFormatter internally during serialization.

Detailed list of changes:

  • All: Fixed several minor compatibility issues on .NET 5.0 RC1.
  • Security: Fixed behavior of XtsStream.CanSeek and CanRead properties.
  • Cryptography: Added Ed25519 support to Certificate class. (Not yet supported by the built-in certificate validator due to lack of support in Windows and .NET).
  • Cryptography: Fixed handling of non-content data in Certificate(byte[]) constructor and CertificateChain.LoadP7b(Stream) / CertificateRevocationList.​Load(Stream) methods.
  • Cryptography: Fixed parsing of constructed primitive ASN.1 types with more than two layers of nesting.
  • Cryptography: Fixed version number in PKCS #10 CertificationRequest structure.
  • Cryptography: Prohibited usage of Chacha20/Poly1305 in TLS 1.3 in FIPS-only mode. (Already prohibited in TLS 1.2 or earlier.)
  • Cryptography: Updated RSAManaged constructor logic to make it suitable as a base for derived classes on .NET Framework in FIPS-compliant mode.
  • Cryptography: Using Windows CNG API for Diffie-Hellman parameter generation on Windows 10 and Windows Server 2016/2019.
  • Common: Optimized internal cancellation infrastructure on old platforms.
  • Common: Removed usage of BinaryFormatter which has been found to be insecure.
  • Common: Updated EncodingTools.GetEncoding method to prefer encodings provided by .NET.
Released
July142020

2020 R3 #

(version 5.0.7501 from 2020-07-14)

Binaries for .NET Standard 2.1

We added a new set of binaries targeting .NET Standard 2.1. They are suitable for .NET Core 3.1 and .NET 5.0 Preview 6, on Windows, Linux and macOS.

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Detailed list of changes:

  • All: Added binaries targeting .NET Standard 2.1.
  • Cryptography: Fixed encoding of ECDSA signatures in PKCS #7 CertificationRequest structure.
  • Cryptography: Memory usage optimizations in CNG layer.
  • Cryptography: On Windows 10 and Windows Server 2016 or higher, Windows CNG API is used for classic Diffie-Hellman calculations instead of legacy Windows CryptoAPI.
  • Cryptography: Optimized disposing of temporary keys in Certificate class.
Released
May242020

2020 R2 #

(version 5.0.7450 from 2020-05-24)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added ContentInfo.ToStream() method.
  • Cryptography: Enhanced Certificate.LoadDerWithKey to support RSASSA-PSS and RSAES-OAEP for RSA keys.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.​GenerateDiffieHellmanParameters slowness (only affected the previous release).
  • Cryptography: Improved AsymmetricKeyAlgorithm to support RSASSA-PSS and RSAES-OAEP with keys loaded via ImportKey method.
  • Cryptography: Optimized Certificate and CertificateChain class to only consume native resources when needed.
  • Cryptography: Optimized CNG handles cleanup.
Released
March272020

2019 R3.4 #

(version 5.0.7392 from 2020-03-27)

Detailed list of changes:

  • Common: Enhanced error message when a Diffie-Hellman key that is too large is encountered.
Released
March252020

2020 R1.1 #

(version 5.0.7390 from 2020-03-25)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Common: Added DiffieHellmanNative class to Rebex.Common.Native assembly (speeds up Diffie-Hellman calculations on Xamarin.Android).
Released
February212020

2020 R1 #

(version 5.0.7357 from 2020-02-21)

.NET Standard 2.0 on Xamarin.Android and Xamarin.iOS

Rebex binaries targeting .NET Standard 2.0 are now supported on Xamarin.Android and Xamarin.iOS. Previously-available binaries targeting specific Xamarin platforms have been deprecated, and .NET Standard 2.0 binaries should be used instead.

Note: Applications that require certificate validation also need to use the new Rebex.Common.Native.dll assembly which provides validation of X.509 certificates on Xamarin.Android and Xamarin.iOS.

Native X25519 elliptic curve support on Windows 10

On Windows 10, Windows Server 2016 and Windows Server 2019, AsymmetricKeyAlgorithm supports X25519 curve (also known as Curve25519) without any external plugins.

End of Standard Support for .NET Framework 2.0 and 3.0

2019 R4.2 was the last release to include support for .NET Framework 2.0 and 3.0 in the standard package. Customers using these platforms are advised to migrate to .NET Framework 3.5 SP1, which will enjoy mainstream support until 2023-10-10.

For customers who are unable to migrate, a Legacy Edition of Rebex libraries for .NET Framework 2.0/3.0 is available.

Deprecated .NET Core 1.0/1.1

.NET Core 1.1 and 1.0 became end-of-life platforms at 2019-06-27. In accordance with our framework support policy, they are no longer supported by Rebex libraries. Customers using these platforms are advised to migrate to .NET Core 2.1 or .NET Core 3.1.

Detailed list of changes:

  • All: Binaries targeting .NET Standard 2.0 now support Xamarin.Android and Xamarin.iOS.
  • All: Deprecated binaries targeting .NET Standard 1.5, Xamarin.Android and Xamarin.iOS.
  • All: Fixed several occurences of culture-sensitive string formatting.
  • All: Fixed several occurrences of wrong synchronization context.
  • All: Mainstream edition no longer supports .NET Framework 2.0/3.0 and .NET Core 1.0/1.1.
  • Cryptography: Added full support for Elliptic Curve Diffie-Hellman (ECDH) on Windows 10, Windows Server 2016 and Windows Server 2019.
  • Cryptography: Added native support for ECDH with X25519 curve on Windows 10, Windows Server 2016 and Windows Server 2019.
  • Common: Internal optimizations.
Released
January152020

2019 R4.2 #

(version 5.0.7320 from 2020-01-15)

Maintenance release

This release solves several issues in the shared functionality.

Detailed list of changes:

  • Cryptography: Added workaround for RSA signatures shorter than the key size (.NET Core on Linux is unable to handle them).
  • Cryptography: Fixed AsymmetricKeyAlgorithm.​GetRawPublicKey() key format when RSA via MS CNG is in use.
  • Cryptography: Only known external plugins are allowed for enhanced security.
  • Cryptography: Saving public key as well when saving X25519 private keys.
Released
December162019

2019 R4.1 #

(version 5.0.7290 from 2019-12-16)

.NET Core 3.1 support

.NET Core 3.1 is now supported on the following platforms:

  • Windows (x64, x86, ARM32)
  • Windows 10 IoT (x64, x86, ARM32)
  • Linux (x64, ARM32)
  • macOS (x64)

Detailed list of changes:

  • All: Added support for .NET Core 3.1.
  • All: Added support for Mono 6.x.
  • Cryptography: Added workaround for bad RSA/PSS signature algorithm identifiers with missing parameters.
  • Cryptography: Enabled workaround for private key loading from Mono key store in .NET Standard edition on Mono.
  • Cryptography: Enhanced 'Invalid key format' error message when loading a private key.
  • Cryptography: Fixed serial number handling in CertificateIssuer to conform to RFC 5280 constraints.
  • Common: Binaries for .NET Standard 1.5 now use System.Collections.NonGeneric instead of custom implementations.
  • Common: Enabled Xamarin.Android workarounds in .NET Standard 2.0 edition.
  • Common: Improved ISafeSerializationData support detection.
Released
October312019

2019 R4 #

(version 5.0.7244 from 2019-10-31)

Enhancement release

This release brings enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added PkcsBase.LoadSignedOrEnvelopedData method (a replacement for deprecated PkcsBase.Load).
Released
October292019

2019 R3.3 #

(version 5.0.7242 from 2019-10-29)

Detailed list of changes:

  • All: This release also includes all updates from 2019 R4 except TLS 1.3 and ALPN support.
  • Cryptography: Optimized memory usage when loading CRLs from cache in the built-in custom certificate validator on .NET Compact Framework.
  • Common: Fixed possible ArgumentOutOfRangeException in custom .NET Compact Framework thread pool.
  • Common: Fixed possible crash on .NET Compact Framework 3.5 when SSPI single sign-on is attempted.
Released
September232019

2019 R3.2 #

(version 5.0.7206 from 2019-09-23)

.NET Core 3.0 support

This release introduces support for .NET Core 3.0 on the following platforms:

  • Windows (x64, x86, ARM32)
  • Windows 10 IoT (x64, x86, ARM32)
  • Linux (x64, ARM32)
  • macOS (x64)

Windows 10 IoT support

This release introduces support for .NET Core 3.0 on Windows 10 IoT on x64, x86 and ARM32 platforms.

Detailed list of changes:

  • All: Added support for .NET Core 3.0.
  • All: Added support for Windows 10 IoT (via .NET Core 3.0).
  • Common: Optimized internal Task infrastructure on old .NET platforms.
Released
June282019

2019 R3 #

(version 5.0.7119 from 2019-06-28)

Support for .NET Standard 2.0 on Mono 5.14 and higher

Binaries of Rebex libraries targeting .NET Standard 2.0 are now also supported on Mono 5.14 and higher.

End of Standard Support for .NET Compact Framework 3.5 and 3.9

2019 R3 is the last release that includes support for .NET Compact Framework 3.5 and 3.9 in the standard package. Starting with 2019 R4, .NET CF 3.5/3.9 will only be supported with Legacy Editions, which will be available as separate products. See their release history.

Detailed list of changes:

  • All: Binaries targeting .NET Standard 2.0 are now supported on Mono 5.14 or higher.
  • Cryptography: Added Certificate.GetPrivateKeyInfo() method.
  • Cryptography: Added CertificateEngine.LocalMachine engine and CertificateEngine.Bind method.
  • Cryptography: Added support for SHA-224 hash algorithm.
  • Cryptography: Added support for X25519 key format (RFC 8410).
  • Cryptography: Always using AES by default to encrypt PKCS #8 private keys.
  • Cryptography: Meaningful error message for the CNG AEAD auth tag mismatch.
  • Common: Optimized asynchronous continuations on modern platforms.
  • Common: Upgraded Task infrastructure in Xamarin.Android binaries.
Released
May172019

2019 R2 #

(version 5.0.7077 from 2019-05-17)

Support for Visual Studio 2019

All Rebex libraries are now fully supported in Microsoft Visual Studio 2019.

Support for .NET Framework 4.8

.NET Framework 4.8 is a fully supported platform.

Detailed list of changes:

  • All: Added support for .NET Framework 4.8 and Visual Studio 2019.
  • All: Removed leftover Trace.Write logging.
  • Cryptography: Added CertificationRequest.Save method.
  • Cryptography: Added support for ECDSA and ECDH on .NET Core 2.1/.2.2 on Linux (no need for external plugins).
  • Cryptography: Added workaround for broken export of RSA keys from the CNG providers on Windows 7.
  • Cryptography: Added workaround for CRLs with redundant trailing data to CertificateRevocationList.
  • Cryptography: Added workaround for legacy versions of Mono with lack of SHA-2 support.
  • Common: Asynchronous infrastructure improvements.
Released
March282019

2019 R1 #

(version 5.0.7027 from 2019-03-28)

Improved platform support

This release adds three new sets of binaries targeting the following platforms:

  • .NET Core 2.0/2.1/2.2 (via .NET Standard 2.0)
  • .NET Framework 4.6.x/4.7.x
  • .NET Framework 3.5 SP1

For an overview of available binaries and supported platforms, check out Rebex Support Lifecycle KB article.

Detailed list of changes:

  • All: Added binaries targeting .NET Framework 3.5 SP1.
  • All: Added binaries targeting .NET Framework 4.6 and higher.
  • All: Added binaries targeting .NET Standard 2.0.
  • All: Removed long-deprecated API. Deprecated legacy API.
  • Cryptography: Fixed behavior of HMAC mode in KeyMaterialDeriver.​DeriveKeyMaterial method.
  • Cryptography: Fixed garbage collection issue with PFX-based certificate keys on non-Windows platforms.
  • Cryptography: Fixed handling of shared secred padding in AsymmetricKeyAlgorithm.​GetKeyMaterialDeriver.​
  • Cryptography: Fixed possible NullReferenceException in CertificationRequest.​GetAlternativeHostnames method.
  • Common: Fixed Certificate.Associate with permanent bind on .NET Compact Framework to ensure the key is not garbage-collected.
  • Common: LocalItem constructor no longer fails on items with invalid paths.
Released
December212018

2018 R4 #

(build 6930 from 2018-12-21)

Support for yet another OpenSSH key encryption

Added support for new OpenSSH keys with AES-CTR encryption.

Detailed list of changes:

  • Cryptography: Added support for 'BEGIN RSA PUBLIC KEY' keys (PKCS #1 / RFC 3447) to PublicKeyInfo.
  • Cryptography: Added support for IP addresses in Subject Alternative Name certificate extension.
  • Common: Added support for new OpenSSH key format with AES-CTR encryption.
  • Common: Fixed possible certificate validation failures on some versions of Xamarin.Android.
Released
October262018

2018 R3 #

(build 6874 from 2018-10-26)

Maintenance release

This release includes enhancements in the shared functionality.

Detailed list of changes:

  • All: Added password-hiding in Verbose logging mode.
  • All: Added experimental support for Mono on Windows.
  • All: Fixed messages of some ObjectDisposedException objects.
  • Cryptography: CertificateStore implements IEnumerable<Certificate>.
  • Cryptography: Proper error is reported when trying to validate ECDSA certificates on Mono.
  • Common: Added optimized thread pool on .NET Compact Framework.
Released
September032018

2018 R2.1 #

(build 6821 from 2018-09-03)

Maintenance release

This is a maintenance release with bugfixes and enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Optimized certificate signature validation on .NET Compact Framework.
Released
June292018

2018 R2 #

(build 6755 from 2018-06-29)

New fully supported platform: .NET Core on macOS

This release adds full support for .NET Core 2.x on macOS.

Enhancements and bugfixes

Enhancements and bugfixes in the shared functionality.

Detailed list of changes:

  • All: Added support for .NET Core on macOS.
  • Cryptography: Added workaround for eToken CSP private key operations.
  • Cryptography: Fixed possible 'Unexpected key algorithm' error in AsymmetricKeyAlgorithm.
  • Cryptography: Fixed Certificate.​GetSignatureHashAlgorithm() for RSASSA-PSS certificates
  • Cryptography: RSACryptoServiceProvider usability detection made more compatible.
  • Cryptography: Fixed CertificateStore.Exists on .NET Core.
  • Cryptography: Fixed Certificate.HasPrivateKey for non-silent keys.
  • Cryptography: Fixed potential security vulnerability in RSAManaged class (proper padding check in signature verification).
  • Common: Fixed compatibility with AWS Lambda.
Released
April252018

2018 R1.1 #

(build 6690 from 2018-04-25)

New fully supported platform: .NET Core on Linux

This release adds full support for .NET Core 2.x on Linux.

Detailed list of changes:

  • All: Added support for .NET Core on Linux.
  • Security: FileEncryption object's EncryptionKeySize and XtsBlockSize properties are no longer ignored when using FileEncryptionAlgorithm.AesXts.
  • Cryptography: Enhanced error message when trying to use signing-only RSA certificate for decryption.
  • Cryptography: Fixed private key exporting on .NET Core on Linux.
  • Cryptography: Fixed retrieval of certificate with bound keys from store on .NET Core on Linux.
  • Cryptography: Fixed possible NullReferenceException in built-in custom certificate validator on .NET Compact Framework. Could occur using CRL validation.
  • Cryptography: Fixed DSAManaged.ExportParameter method that failed to export parameters with missing Seed.
  • Cryptography: Added CertificateEngine.​BuildChain(Certificate) method.
  • Cryptography: Current CertificateEngine's BuildChain method is now used in CMS (PKCS #7) SignedData and EnvelopedData.
  • Cryptography: Added Certificate.Tag property to make it possible to associate custom objects with a particular Certificate instance.
  • Cryptography: Enhanced logging in built-in custom certificate validator on .NET Compact Framework.
Released
April012018

2018 R1 #

(build 6666 from 2018-04-01)

New low-level Xts class

For those who need to use the raw XTS-AES algorithm, Rebex Security now features a low-level Xts class in addition to high-level XtsStream class.

Detailed list of changes:

  • Security: Added low-level Xts class.
  • Cryptography: Added CryptographicCollection<T> as a base for cryptographic collection classes.
  • Cryptography: Fixed possible NullReferenceException inCertificateRevocationList.​GetRevocationReason() method.
  • Cryptography: Fixed PFX saving on Mono.
  • Cryptography: Fixed "Unable to load DLL 'Bcrypt.dll'" error on Linux with .NET Core.
  • Cryptography: Added EnhancedCertificateEngine to .NET Compact Framework version to make it possible to supply custom root certification authorities.
  • Common: Enabled Certificate/​CertificateChain.​LoadPfx with AlwaysCng option on .NET Compact Framework 3.9.
  • Common: Fixed rare race condition in possibly leading to NullReferenceException on .NET Core and UWP platforms.
  • Common: Fixed COMException in CertificateChain.BuildFrom method on experimental UWP platform.
  • Common: Built-in custom certificate validator on .NET CF no longer unnecessarily validates signature of root CA certificates that are trusted by the OS.
Released
January112018

2017 R6.3 #

(build 6586 from 2018-01-11)

Enhanced RSA/OAEP and RSA/PSS support

This release adds support for RSA/OAEP with label (input parameter). RSA/OAEP and RSA/PSS structures with mismatched hash algorithms are supported as well.

Detailed list of changes:

  • Cryptography: Added support for RSAES-OAEP with input parameter (label).
  • Cryptography: Added support for RSAES-OAEP with mismatched hash algorithms.
  • Cryptography: Fixed initialization of EncryptionAlgorithm property in MailMessage.Recipients collection items.
  • Cryptography: Added support for RSASSA-PSS with mismatched hash algorithms.
  • Cryptography: Fixed CNG private key conversion workaround.
Released
December212017

2017 R6.2 #

(build 6565 from 2017-12-21)

Faster AES on Windows

Rebex libraries now use Windows CNG for AES symmetric encryption algorithm when available. CNG implementation of AES is faster and takes advantage of AES-NI instructions.

Detailed list of changes:

  • Security: Added overloads of XtsStream that accept file path.
  • Cryptography: Added CertificateChain.LoadDer method to load a chain of Base64-encoded certificates.
  • Cryptography: Fast CNG implementation of AES (which takes advantage of AES-NI instructions) is used when available.
  • Cryptography: Added workaround for broken X509Certificate.GetPublicKey() on Mono 5.4.
  • Cryptography: Added a workaround for GPG's gpgsm utility that required some SignedData fields to be DER-encoded.
Released
November202017

2017 R6.1 #

(build 6534 from 2017-11-20)

Maintenance release

This is a maintenance release with improvements, bugfixes or workarounds in the shared functionality.

Detailed list of changes:

  • Cryptography: Enhanced custom CRL downloader for .NET Compact Framework to handle all 3xx redirect codes.
  • Cryptography: Enhanced Certificate.LoadDer to handle files with multiple certificates (loads the first one).
  • Cryptography: Enabled usage of MS CNG API in .NET Compact Framework 3.9 edition on Windows Embedded Compact 2013 when appropriate.
  • Cryptography: Fixed detection of AES/GCM support.
  • Cryptography: Fixed detection of native Brainpool and secp256k1 support.
  • Cryptography: Added 'params' to CertificateInfo.​SetExtendedUsave/​SetAlternativeHostnames methods.
  • Cryptography: Fixed null handling in CertificateInfo.MailAddress.
  • Cryptography: Fixed empty block processing in AES/GCM.
  • Common: Added workaround for broken Encoding.ASCII encoder on legacy Mono platforms.
  • Common: Enhanced SSPI error reporting.
  • Common: Fixed platform info in logs on macOS.
Released
October252017

2017 R6 #

(build 6508 from 2017-10-25)

Support for RSA signatures with PSS padding (RSASSA-PSS)

Our SignedData class (CMS / PKCS #7) now supports RSA signatures with PSS padding (RSASSA-PSS) based on SHA-1, SHA-256, SHA-384 and SHA-512.

These algorithms are available on all supported platforms including .NET Framework 2.0/3.5 and .NET Compact Framework.

Support for RSA encryption with OAEP padding (RSAES-OAEP)

Our EnvelopedData class (CMS / PKCS #7) now supports RSA encryption with OAEP padding (RSAES-OAEP) based on SHA-1, SHA-256, SHA-384 and SHA-512.

These algorithms are available on all supported platforms including .NET Framework 2.0/3.5 and .NET Compact Framework.

Detailed list of changes:

  • All: Added support for DSA key generation on .NET Core on Windows.
  • Cryptography: Added support for RSAES-OAEP encryption to EnvelopedData/RecipientInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for RSAES-OAEP encryption to Encrypt/Decrypt methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Added support for DSA key generation on .NET Core 1.1 on Windows.
  • Cryptography: Added support for RSASSA-PSS signatures to SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Enhanced environment info logging.
  • Cryptography: Fixed KeySize property of RSAManaged and DSAManaged to return the proper size for key sizes that are not evenly divisible by 8.
  • Cryptography: Added support for RSASSA-PSS signatures to SignedData/SignerInfo objects (CMS / PKCS #7).
  • Cryptography: Added support for legacy MD4 algorithm.
  • Cryptography: Fixed saving of Brainpool keys (used wrong OID).
  • Cryptography: Fixed handling of ED25519 keys in PrivateKeyInfo.
  • Cryptography: Fixed CertificateStore private key saving on Mono.
  • Common: Environment info is now logged when creating an instance of FileLogWriter.
Released
September082017

2017 R5 #

(build 6461 from 2017-09-08)

New fully supported platforms: .NET Core 1.1 and 2.0 on Windows

This release adds full support for .NET Core 2.0 and 1.1 on Windows. Support for .NET Core on Linux and macOS is still experimental.

Support for .NET Standard 1.5, 1.6 and 2.0 (on .NET Core 1.1 and 2.0)

All Rebex libraries support .NET Standard 1.5, 1.6 and 2.0 on .NET Core 1.1 and 2.0. Support for other platforms (such as .NET Standard on .NET 4.6.x or higher) is still experimental.

Detailed list of changes:

  • All: Added support for .NET Core 1.1 and 2.0 on Windows.
  • Cryptography: Added HTTP redirect handling to CRL downloader on .NET Compact Framework.
  • Cryptography: Added workaround to enable SHA-2 on legacy operating systems (such as pre-SP3 Windows XP).
  • Cryptography: Using ASN.1 GeneralizedTime for dates greater than 2050.
  • Cryptography: Enhanced logging of some SSPI errors.
  • Cryptography: Added workaround for invalid or empty HTTP header names.
  • Common: Enabled SHA-2 support workaround for legacy RSA providers.
  • Common: Using custom IBM 437 encoding on .NET Compact Framework.
Released
August042017

2017 R4.1 #

(build 6426 from 2017-08-04)

Maintenance release

This is a maintenance release with several improvements, bugfixes and workarounds in the shared functionality.

Detailed list of changes:

  • Cryptography: Enhanced RSAES-OAEP support.
  • Cryptography: Added CertificateStore.Add method (replacement for deprecated CertificateStore.AddCertificate method).
  • Cryptography: Added KeySetOptions.PreferCng and KeySetOptions.AlwaysCng options.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.Dispose method.
  • Cryptography: Fixed AsymmetricKeyAlgorithm.CreateFrom method (always honors the ownsAlgorithm argument now).
Released
June302017

2017 R4 #

(build 6391 from 2017-06-30)

Support for CNG Key Storage Providers

Rebex Certificate class now fully supports RSA, DSA and ECDSA private keys stored in Windows CNG Key Storage Providers.

Detailed list of changes:

  • All: Deprecated .NET Compact Framework 2.0, Windows (Store) 8.0 and Windows (Store/Phone) 8.1 platforms.
  • All: Lots of improvements in experimental .NET Core / .NET Standard edition.
  • Cryptography: Added support for certificates with private keys stored in CNG Key Storage Providers.
  • Cryptography: Compatibility enhancements in Certificate public/private key operations and AsymmetricKeyAlgorithm class.
  • Cryptography: Added Certificate.GetPublicKeyInfo() method.
  • Cryptography: Fixed PublicKeyInfo.GetKeySize() method that used to throw an exception for ECDSA and ED keys.
  • Cryptography: Added native support for secp256k1, Brainpool P-256 R1, P-384 R1 and P-512 R1 on Windows 10 and Windows Server 2016.
  • Cryptography: Fixed default hash algorithm detection in SignMessage/VerifyMessage methods in Certificate and AsymmetricKeyAlgorithm classes.
  • Cryptography: Experimental support for CMS (PKCS #7) decryption with RSA/OAEP/SHA-1 (RSAES-OAEP defined by RFC 3447).
  • Cryptography: Fixed 'Unexpected PFX length' error when exporting 4096-bit RSA certificates into PFX/P12 file.
Released
May092017

2017 R3 #

(build 6339 from 2017-05-09)

NuGet packages

Rebex libraries just got official NuGet packages!

If you have an active subscription, you will get NuGet packages as part of Rebex libraries. These are supposed to be added to your private NuGet repository.

Rebex packages are available at NuGet.org as well.

Experimental support for .NET Standard 1.5 and NET Core

This release adds experimental support for .NET Core (or rather .NET Standard 1.5/1.6) to all Rebex libraries.

In addition to .NET Core on Windows, Linux and macOS, .NET Standard edition of Rebex libraries can be used on any platform with .NET Standard 1.5 support. This currently includes .NET 4.6.2 and .NET 4.7, and hopefully other platforms soon.

Please note that 'experimental' support means that this edition has not yet reached the 'mainstream' support phase, and the API is subject to change. Any feedback is greatly appreciated.

Support for .NET Framework 4.7

.NET Framework 4.7 is a fully supported platform.

Detailed list of changes:

  • All: Added NuGet packages.
  • All: Added experimental support for .NET Core and .NET Standard 1.5.
  • All: Added workaround for a breaking change in Exception.Data on recent Xamarin.Android.
  • All: Added support for .NET Framework 4.7.
  • Cryptography: Enhanced error messages in AsymmetricKeyAlgorithm.
  • Cryptography: Custom certificate validator now behaves like MS CryptoAPI validator when dealing with RSA key sizes shorter than 1024 bits; MD5 signature hash algorithm is always considered to be weak for non-root certificates.
  • Cryptography: Added support for .PFX/.P12 saving on .NET Compact Framework (requires Windows CE 5.0 or later).
  • Common: Fixed incorrect handling of CNG RSA keys.
Released
March222017

2017 R2 #

(build 6291 from 2017-03-22)

Support for Visual Studio 2017

All Rebex libraries are now fully supported in Microsoft Visual Studio 2017. Older Visual Studio versions (2008 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • All: Mono 2.10 is no longer supported. (Mono 3.x and 4.x still supported.)
  • Cryptography: Added support for Elliptic Curve DSA to Certificate/​CertificateChain/​CertificateIssuer classes.
  • Cryptography: SignMessage/VerifyMessage methods added to AsymmetricKeyAlgorithm.
  • Cryptography: Renamed KeyDerivationOptions class to KeyDerivationParameters.
  • Cryptography: Removed seldom-used static methods from CryptoHelper.
  • Cryptography: CertificateIssuer class made available on .NET Compact Framework.
  • Cryptography: Fixed TLS 1.0/1.1 on FIPS-only Windows with disabled UseFipsAlgorithmsOnly.
  • Cryptography: Enhanced CertificateIssuer API.
  • Cryptography: Fixed PrivateKeyInfo.KeyAlgorithm that returned non-standard values for some ECDSA keys.
  • Cryptography: Fixed handling of padding in ECDSA private keys stored using the new OpenSSH format.
  • Cryptography: Fixed weak algorithm detection in .NET Compact Framework custom certificate verifier.
Released
February082017

2017 R1 #

(build 6249 from 2017-02-08)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added support for ValidationOptions.UseCacheOnly on .NET CF.
  • Cryptography: Substantially optimized CRL parsing code used by enhanced certificate validator on .NET Compact Framework.
Released
December192016

2016 R3 #

(build 6198 from 2016-12-19)

Tweakable XTS parameters in FileEncryption class

It's now possible to specify XtsBlockSize and EncryptionKeySize when using XtsAes through FileEncryption object.

Detailed list of changes:

  • Security: Added FileEncryption.XtsBlockSize; fixed FileEncryption.EncryptionKeySize when using XtsAes.
  • Security: XtsStream now flushes the base stream on SetLength.
  • Cryptography: Improved ASN.1 time node parser.
  • Cryptography: Added support for certificate validation on Universal Windows Platform.
  • Cryptography: Added custom X.509 certificate validator for .NET Compact Framework with full SHA-2 support on all platforms.
  • Cryptography: Fixed parsing of 'Intended Usage' extension when 'Decipher Only' was specified.
  • Cryptography: Added static Create method to SHA256Managed/​SHA384Managed/​SHA512Managed classes on .NET Compact Framework.
  • Cryptography: ValidationResult.ErrorCode deprecated and replaced with NativeErrorCode.
  • Cryptography: Optimized memory usage in CMS/PKCS #7 (SingedData/EnvelopedData classes).
  • Cryptography: Added missing argument checks to CertificateIssuer methods.
  • Cryptography: Added support for Base64-encoded files with CRLF end-of-line sequences to CertificateChain.LoadP7b method.
  • Cryptography: Fixed HMAC calculation based on SHA-384 and SHA-512 on NET Compact Framework and Mono platforms.
  • Cryptography: Added Rebex.​Security.​Certificates.​CertificateEngine class to make it possible to implement custom X.509 chain building and validation engines.
  • Common: Added ConsoleLogWriter for Xamarin platforms.
  • Common: Added Rebex.TeeLogWriter class that makes it possible to log to multiple log writers.
  • Common: Added LocalItem.GetChecksum methods and related types.
Released
August262016

2016 R2.2 #

(build 6083 from 2016-08-26)

Maintenance release

This is a maintenance release with enhancements in the shared functionality.

Detailed list of changes:

  • Cryptography: Added CheckCertificate/​GetIssuingDistributionPoint methods to CertificateRevocationList class and ValidateRevocationList method to Certificate class.
  • Cryptography: Enhanced SHA-2 support check on .NET Compact Framework.
  • Cryptography: Fixed SHA-2 support in AsymmetricKeyAlgorithm.SignHash on Windows Server 2008 (and possibly other old platforms).
  • Common: Added workaround for broken FileStream.SetLength on some .NET Compact Framework platforms.
Released
July282016

2016 R2.1 #

(build 6054 from 2016-07-28)

Maintenance release

This is a maintenance release with enhancements and fixes in the shared functionality.

Detailed list of changes:

  • Cryptography: Fixed AsymmetricKeyAlgorithm.SignHash (in 2016 R2, it falls back to RSAManaged without trying to use RSACryptoServiceProvider first).
  • Cryptography: Fixed CertificateIssuer.​IssueRevocationList method that ignored signatureHashAlgorithm argument and always used SHA-1.
  • Common: FileLogWriter on Windows Store 8.x / Universal Windows Platform is now thread-safe.
  • Common: Fixed LocalItem(string) constructor on Windows Store 8.x / Universal Windows Platform.
  • Common: Added workaround for broken handling of surrogate pairs when converting to "iso-8859-1" using System.Text.Encoding on Mono 4.x.
Released
June302016

2016 R2 #

(build 6026 from 2016-06-30)

Support for Xamarin June 2016 Update

June 2016 update of Xamarin.iOS/Xamarin.Android/Xamarin.Mac introduced a breaking change in Mono.Security API that broke compatibility with Rebex libraries. This issue has been solved in this release.

SHA-2 for all supported .NET Compact Framework platforms

SHA-1 is currently being deprecated, which poses a problem for legacy .NET Compact Framework platforms based on editions of Windows CE with no native SHA-2 support. We added a custom implementation of SHA-2 for these legacy platforms.

Detailed list of changes:

  • Cryptography: Fixed detection of native SHA-2 support in .NET Compact Framework version.
  • Cryptography: Added support for more variants of OpenSSL/OpenSSH (SSLeay) key files.
  • Cryptography: Fixed Certificate.Associate to work with DSA keys.
  • Cryptography: Added CrlNumber property to CertificateRevocationList object.
  • Cryptography: Added support for SHA-2 certificates to Certificate.VerifyHash in .NET Framework 2.0 on Windows with FIPS-compliant mode enabled.
  • Cryptography: Certificate.LoadPfx and CertificateChain.LoadPfx methods now specify Exportable options by default (in addition to UserKeySet).
  • Cryptography: Added workaround for RSA implementations that reject rare signatures shorter than the key size.
  • Common: Enhanced SSPI error messages.
  • Common: Fixed LogWriterBase.Level default value.
  • Common: Fixed compatibility issue in Xamarin edition (caused by a breaking change in June 2016 update of Xamarin).
Released
February102016

2016 R1.1 #

(build 5885 from 2016-02-10)

Experimental assemblies for Xamarin.Mac

Added experimental binaries of most Rebex libraries (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for Xamarin.Mac platforms. They are suitable for targeting Xamarin.Mac Mobile Framework and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

Experimental binaries of most Rebex libraries (FTP/SSL, SFTP, File Server, Secure Mail, ZIP, Time, Security) for the Xamarin.Mac platform are now available. They are suitable for targeting both Xamarin.Mac Mobile and Xamarin.Mac .NET 4.5 Framework projects.

Maintenance release

This release includes several hotfixes.

Detailed list of changes:

  • Security: Reusing FileEncryption.Encrypt with different encryption algorithms is now supported without changing the password.
Released
January112016

2016 R1 #

(build 5855 from 2016-01-11)

Experimental assemblies for Windows Store Apps

Experimental binaries of many Rebex libraries (SFTP, FTP/SSL, Time, ZIP, File Transfer Pack, Terminal Emulation) for "Windows 8 Store", "Windows 8.1 PCL", and "Windows Universal Platform" are now available. The are suitable for "Store Apps" targeting Windows 8.0, Windows 8.1, Windows Phone 8.1, Windows 10, Windows 10 Mobile and Windows 10 IoT.

Configurable key size

Encryption key size can now be specified for XtsStream class (through XtsSettings passed to the constructor) and for FileEncryption class (through EncryptionKeySize property).

Detailed list of changes:

  • All: Added workaround for Xamarin.Android whose Dns.GetHostEntry resolves 'localhost' to device's external IP address.
  • All: Rebex assemblies are now signed with SHA-256 signatures in addition to legacy SHA-1 signatures.
  • Security: Added XtsSettings class (passed to XtsStream constructor) to make it possible to specify additional options such as key size.
  • Security: Added FileEncryption.EncryptionKeySize property to make it possible to specify encryption algorithm's key size.
  • Cryptography: Enhanced cryptographic provider initialization error message.
  • Cryptography: Added workaround for PuTTY keys with bad data at the end.
  • Common: Fixed multi-file operations to never modify input FileSet's BasePath.
  • Common: ThreadPool is now used to handle background operations instead of a custom implementation.
  • Common: Enhanced multithread operation support in log writers.
Released
August242015

2015 R4.1 #

(build 5715 from 2015-08-24)

Fixed Xamarin mobile platform detection

Fixed platform detection code on Xamarin.iOS and Xamarin.Android.

Detailed list of changes:

  • All: Fixed platform detection on Xamarin.Android and Xamarin.iOS.
  • All: Version and platform added to assembly description.
Released
August092015

2015 R4 #

(build 5700 from 2015-08-09)

Support for Windows 10, .NET Framework 4.6 and Visual Studio 2015

All Rebex libraries now ship with full support for Windows 10, .NET Framework 4.6 and Microsoft Visual Studio 2015. Older Visual Studio versions (2005 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Public/private key XTS encryption

XtsStream object in Rebex Security supports RSA public/private key encryption.

Detailed list of changes:

  • All: Enhanced platform detection code.
  • Security: Added support for public/private key encryption to XtsStream.
  • Cryptography: Fixed final empty block handling in Twofish/Blowfish/ArcTwo TransformFinalBlock with PKCS #7 padding.
  • Cryptography: SSH and TLS/SSL now use Java-based Diffie-Hellman objects on Xamarin.Android platform to speed up negotiation.
  • Common: Fixed end-of-line sequences in LogWriterBase, optimized FileLogWriter.
  • Common: Added workaround for broken ASN.1 time values with the second part of "60".
Released
April082015

2015 R3 #

(build 5577 from 2015-04-08)

Maintenance release

This update brings several enhancements and bugfixes.

Detailed list of changes:

  • All: Fixed Version property of Ftp, Imap, Pop3, Scp, Sftp, Smtp and Ssh classes to return a proper version number. Changed Ftp.Version to a static propery to match the other objects.
  • Cryptography: Enhanced weak signature algorithm detection during certificate validation on Xamarin.iOS.
  • Common: Connect methods no longer require FileIOPermission (used to determine the assembly version for a log).
Released
March172015

2015 R2 #

(build 5555 from 2015-03-17)

Maintenance release

This update brings several enhancements and bugfixes.

Detailed list of changes:

  • Cryptography: Added support for SSLeay private keys with AES-256-CBC encryption.
  • Cryptography: Fixed broken HashSize property in SHA-2 CSP on .NET Compact Framework.
Released
February022015

2015 R1 #

(build 5512 from 2015-02-02)

Support for Xamarin Unified API

Added support for the new Unified API. This includes unified 32-bit and 64-bit platform support and makes it simple to share code between iOS and Mac.

Detailed list of changes:

  • All: Added support for Xamarin.iOS unified API.
Released
December182014

2014 R3 #

(build 5466 from 2014-12-18)

Legacy SSL 3.0 disabled by default in TLS/SSL-enabled libraries.

TLS 1.1 is now used by default in TLS/SSL-enabled libraries. Legacy SSL 3.0 support is disabled by default because it is no longer considered secure. Its use is strongly discouraged after disclosure of POODLE Attack.

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Detailed list of changes:

  • All: Added more overloads to asynchronous Connect and Login methods.
  • All: Removed legacy Connect methods and enumerations from Xamarin.iOS and Xamarin.Android version (should never have been there).
  • Cryptography: Fixed SymmetricKeyAlgorithm.Padding for non-CBC modes.
  • Cryptography: Added support for base-64 encoded P7B certificate chains.
  • Cryptography: Changed padding of parameters exported by DSAManaged.ExportParameters to match DSACryptoServiceProvider.
  • Cryptography: Added AsymmetricKeyAlgorithm.PublicOnly property.
  • Cryptography: Added workaround for non-working HMACSHA256/384/512 on some FIPS-only systems.
  • Cryptography: Added CertificateExtension.​EnhancedKeyUsage method Useful when constructing certificate requests using CertificateRequest object.
  • Cryptography: Fixed DiffieHellmanManaged.KeySize that sometimes reported shorter bit lengths.
  • Cryptography: Several new AsymmetricKeyAlgorithm-based methods added to Certificate and CertificationRequest.
  • Common: Added LocalItem.Attributes property.
  • Common: PKCS #12 key loading routines changed to not persist keys in Windows key storage by default.
  • Common: Added ConsoleLogWriter, a console-based log writer class.
Released
July032014

2014 R2 #

(build 5298 from 2014-07-03)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Detailed list of changes:

  • All: Eliminated "Unknown heap type" warnings in Mono.
  • Cryptography: Added Load, Save and Generate methods to PrivateKeyInfo and PublicKeyInfo classes.
  • Cryptography: Enhanced CertificationRequest class to support request generating in addition to parsing.
  • Cryptography: Fixed behavior with disabled UseFipsAlgorithmOnly on FIPS-only systems.
Released
February262014

2014 R1 #

(build 5171 from 2014-02-26)

Maintenance release

This update brings several improvements, workarounds and bugfixes.

Detailed list of changes:

  • All: Various small low-level optimizations.
  • Security: FileEncryption.Encrypt an Decrypt methods no longer dispose the target stream.
  • Cryptography: Fixed a bug in MD5SHA1 signature validation on .NET Compact Framework.
  • Cryptography: Fixed AES CSP availability detection in FIPS-compliant mode.
  • Cryptography: Fixed sorting of PKCS #7 signature attributes.
  • Cryptography: Added support for AES-128-CBC SSLeay private keys.
  • Cryptography: Added workaround for certificates and keys in Base64-encoded format ending with a zero octet.
  • Common: Assemblies made more obfuscator-friendly.
  • Common: Fixed null value comparisons in FileSystemItemComparer.
Released
December022013

2013 R3 #

(build 5085 from 2013-12-02)

Support for Xamarin.iOS and Xamarin.Android

Rebex libraries now support Xamarin.iOS and Xamarin.Android, making it possible to target iPad/iPhone and Android devices! (The only exception is the Terminal Emulation library whose TerminalControl object relies heavily on Windows Forms and is only available for Windows and Linux at the moment.)

Support for .NET Compact Framework 3.9

In addition to .NET CF 2.0 and 3.5, we now support .NET CF 3.9 as well. This makes it possible to target Windows Embedded Compact 2013, Microsoft's latest incarnation of Window CE.

Assemblies for every supported platform for all

With every purchase, you now get binaries for all supported platforms. Users with active support contract were upgraded for free. This will make it easy to embrace the new trends - we offer a single API that works with .NET, .NET Compact Framework, Mono, Xamarin.iOS and Xamarin.Android.

Support for Visual Studio 2013

All Rebex libraries now ship with full support for Microsoft Visual Studio 2013. Older Visual Studio versions (2005 and higher) and .NET Framework versions (2.0 and higher) are still supported as well.

Detailed list of changes:

  • All: Xamarin.iOS and Xamarin.Android officially supported in all libraries except Rebex Terminal Emulation.
  • All: .NET Compact Framework 3.9 officially supported.
  • All: Visual Studio 2013 officially supported.
  • Security: Decrypting with wrong password no longer overwrites the target file.
  • Cryptography: Changed Certificate.FindCertificates method not to include subordinate CAs in the search by default.
  • Cryptography: Fixed CertificateStore.Exists on non-Windows platforms.
  • Cryptography: Added workaround for opening certificate stores in .NET CF that don't exist yet.
  • Cryptography: Added workaround for problem with DSA certificate in .PFX importing code on Windows Embedded Compact 2013.
  • Cryptography: Added .NET CF support for Certificate.Associate(privateKey, permanentBind)
  • Cryptography: Added Certificate.​GetAuthorityKeyIdentifier() method.
  • Cryptography: Changed SignerInfo and SignerInfo objects to use NULL parameters for hash algorithms (in order to match RSACryptoServiceProvider behavior).
  • Common: Added FileLogWriter.Path to replace FileLogWriter.Filename.
  • Common: Added LocalItem.ComputeCrc32() method.
  • Common: Signed and encrypted message parsing made more compatible with broken messages.
Released
July292013

2013 R1 #

(build 4959 from 2013-07-29)

Official support for Mono

All Rebex libraries now officially support Mono, an open source, cross-platform, implementation of C# and the CLR that is binary compatible with Microsoft .NET Framework. The same assemblies that work on Windows now work on Mono in Linux or Apple OS X as well.

New library - Rebex Security

We released a new library called Rebex Security. It features XTS-AES encryption stream support and easy-to-use FileEncryption class with support for AES, 3DES, TwoFish and XTS-AES. Also includes PKCS #7 (CMS) API for electronic signatures and encryption of binary data using X.509 certificates. Supports .NET Framework, .NET Compact Framework and Mono. Available as a standalone package or as a part of Rebex Total Pack.

Detailed list of changes:

  • All: Added support for Mono.
  • All: Fixed finalizers that used to call state-changed events in some cases.
  • Security: Initial public release.
  • Cryptography: Added support for anyExtendedKeyUsage attribute (in X.509 certificates).
  • Cryptography: Added DiffieHellmanCryptoServiceProvider class.
  • Cryptography: Added PrivateKeyFormat.RawPkcs8 format for PrivateKeyInfo.Save and PrivateKeyInfo.Encode methods.
  • Cryptography: RSAManaged.VerifyHash returns false on error.
  • Cryptography: Fixed ArcTwoTransform to treat EffectiveKeySize of 0 as "current KeySize".
  • Cryptography: HMAC fixed to use block length of 128 for algorithms with hashes larger than 256 bits.
  • Cryptography: Fixed certificate verification to better handle server certificate with missing common name (used to throw NullReferenceException).
  • Cryptography: Fixed handle leak in CertificateStore constructor.
  • Common: Enhanced workaround for Stream.Seek on .NET CF.
  • Common: FileLogWriter enhanced to log assembly version when opening log file.
  • Common: Added missing PublicKeyInfo() constructor.
  • Common: Added FileSet.​ContainingDirectoriesIncluded option.
  • Common: Added workaround for instances of FileStream that return "[Unknown]" name.
  • Common: EncodingTools support IBM437 charset on all platforms.
  • Common: Added CertificateFindOptions.None.
  • Common: Added FileSystemItemCollection.UsePath property.