Previous releases

2018-10

The July 2018-10 release includes the following changes:

  • Sign Android apps with SAS CSP for Java Hash Signing. You can now use the CSP for Java Hash Signing to sign Android apps without making any changes to your existing implementations. However, you must contact support to enable your Android code signing keys for use with the Java Hash Signing service.
  • Integrate SAS CSP for Java Hash Signing with your Apache Maven implementation. You can now use the CSP for Java Hash Signing to sign builds generated from Apache Maven. To learn how, review the readme document included in the CSP download.

2018-5

The May 2018-5 release includes the following changes.

  • Android and Java signing services upgraded to JDK 1.8 - All signing services that use Jarsigner now support JDK 1.8. You DON'T need to take any actions to upgrade your implementations to support these signing services.
  • CSP installers now available from the developer's protal - Both Java Hash Signing and Windows Hash Signing CSPs are now available for download on the developer's portal.

2018-4

The April 2018-4 release includes the following changes.

Better EV certificate status feedback through APIs

Now, you can see more meaningful status messages for EV certificates in the GetEVCertificateStatus API response. The EV certificate status codes are now at par with the SAS portal UI and tell you whether the certificate is Active, Deactivated, Revoked, or Expired.

2018-3

The April 2018-3 release contains the following changes.

End of Life of GeoCenter Android code signing feature

In order to streamline our authentication and issuance platforms with DigiCert’s processes and trust hierarchies, and to remove dependencies on the legacy Symantec systems, we are discontinuing the Android code-signing feature available through GeoCenter portal and CSPub API.

This service stops on 1st August, 2018.

For more information about the EOL timelines and impact, click here.

Get instant response while modifying signing sets of large or multiple files

Added new boolean parameter signingSynchronous to modifySigningSet request. When this parameter is False, your request gets an instant, interim response. You don't have to wait for a response until all the files in the signing set are processed.

2018-2

The March 2018-2 release contains the following changes.

  • Revoke EV certificates from the SAS portal - The Extended Validation Certificates module in SAS portal now includes the option to revoke EV certificates instantly. You no longer need to visit the MSSL Control Center or call customer support to revoke EV certificates.
  • Get EV certificates instantly - Certificate requests from SAS are no longer affected by the "auto-approval" option in MSSL or CWS. SAS users can now get their EV certificates instantly.
    This change does not affect certificate requests submitted through the MSSL Control Center or CWS. MSSL and CWS admins can still control approval-checks for certificate requests coming from MSSL or CWS (both the Control Center and VICE2 APIs).
  • End of support for RC4 cipher stream - Deprecation of RC4 cipher stream on our Adobe time stamping service to remove the associated vulnerabilities.
  • Remove unused accounts and workgroups - Request customer support to deactivate a whole account or individual workgroups if you don't need them anymore.
  • Efficiency improvement on Secure App Service cloud storage - Going forward, all test-signed files are automatically purged after 30 days from the date they were signed. New error code -164 added to inform you of unavailability of test-signed files.

2017-9

The December 2017-9 release includes the following changes.

Java hash signing

The Cryptographic Service Provider (CSP) for Java Hash Signing is now available. You can use this tool to sign large Java files locally, without uploading them to the Secure App Service cloud. To learn how to use this tool, see the Readme included in the package. Contact support to get this package.

Client authentication certificate renewal for API users

If you are an existing API user, the client authentication certificate for your API user account is up for renewal. Watch out for our emails with renewal notifications. You can use the following resources to renew your certificates:

  • Use the unique renewal link in the email notification sent to the registered email address of your API account.
  • Ask your administrator to use the Resend client authentication certificate pickup link option in the Secure App Service portal to send you a new certificate pickup link.

New trust hierarchy for Android and Test signing

We have updated the certificate authorities for Android and Test signing. The changes do not affect your existing certificates. However, if you have hard coded the trust hierarchy in your API implementation, you must update it as follows:

Table:

Platform

Root

ICA

Download

Android

Symantec Root for Code Signing

Symantec Private CA for Android - G2

Click here

Test

Symantec TEST Root for Code Signing

Symantec Private TEST CA for Code Signing

Click here

2017-8

The November 2017-8 release includes the following changes.

Detailed error messages in API responses

We have updated the error messaging for existing error codes to make our APIs provide more meaningful feedback for your requests. We have also added new error codes and messages for areas where you asked for better feedback. For a list of all error codes and their descriptions, see Error.

2017-7

The September 2017 release includes the following changes.

Add API user from the Secure App Service portal

Workgroup admins can now add and manage API users from the Secure App Service portal.

The feature allows you to perform the following actions on API users:

  • Add API user
  • Resend client authentication certificate pickup link.
  • Reset password.
  • Revoke client authentication certificate.

Once the admin adds an API user, we send the API username, password creation link, and client authentication certificate pickup link to the email address of that API user account.

Test signing status codes

We have updated the signing set status codes to make them more meaningful to API users. These updated statuses are available when you set the API version to 2017-7:

java
<Request>
<QueryRequestHeader>
<ApiVersion>2017-7</ApiVersion>

Table: signingSetStatus codes for test signing

Case

Statuses with older apiVersions

Statuses with apiVersion 2017-7

Signing set submitted

signingType = Unsigned

signingSetStatus = INITIALIZED

signingType = Unsigned

signingSetStatus = INITIALIZED

Signing failed

signingType = Unsigned

signingSetStatus = INITIALIZED

signingType = Test

signingSetStatus = TEST_SIGNING_FAILED

Signing succesful

signingType = Testing

signingSetStatus = INITIALIZED

signingType = Test

signingSetStatus = TEST_SIGNED

For descriptions of these codes, see Signing set status codes.

2017-6

The August 2017 release includes the following changes.

Cryptographic service provider tool

The Cryptographic service provider (CSP) tool includes the following changes:

SAS_CSP.properties file:

  • You don't need to contact support for password reset any more. Ask your workgroup admin to send you a reset password link from the Secure App Service portal.
  • Password is not automatically included in the properties file any more. You must encrypt your password and update it in the password field of the file. You must update the password field yourself every time you reset your password.

2017-5

The June 2017 release includes the following changes:

Java code signing with on-demand keys

You can now use on-demand keys (also known as fixed pool certificates) for signing Java applications. For more information about key models, see Working with keys and certificates.

2017-1

The January 2017 release includes the following changes:

Two-factor authentication is now required for the SAS portal and API

To comply with Microsoft Trusted Root Program Requirements, (section 3.14), Symantec now requires two-factor authentication for Secure App Service APIs and portal. Have your Service Manager contact Symantec Support to request a client certificate for using two-factor authentication with your SAS API-integrated application.

  • The SAS API and CSP tool will require you to login using both username/password credentials and a client certificate.
  • The SAS portal will require you to login using both a client certificate and an OTP (One-Time Password) authentication mechanism, which will be provided by our Symantec VIP solution.
  • New test and production endpoints have been introduced for accounts with two-factor authentication enabled.

For instructions to enable two-factor authentication on your account, see our knowledge base article.

2016-4

The December 2016 release includes the following changes:

Extended validation code signing

You can now use extended validation (EV) certificates for Microsoft Windows-based signing services. After EV code signing is enabled, request an EV certificate and use it for the supported signing services. This enhancement includes the following features:

  • Request EV certificates: Request an EV certificate from the Extended Validation Certificates portlet on Secure App Service portal. You cannot request EV certificates from the CSP tool or API.
  • Sign with an EV certificate: Use the existing requestSigning API for submitting files for EV signing. Pick a supported signing service and mention the friendly name of your EV certificate in the request.
  • Check the status of an EV certificate: Use the new API call getEVCertificateStatus for checking whether an EV certificate is enabled for signing or not.
  • Get the list of all EV certificates: Use the new parameter returnEvInd in getCertificateList request to check whether a certificate in the list is EV.

Signing type

The following operations can now return the signing type:

  • getSigningSetDetails - Use the returnSigningType parameter to retrieve the signing type.
  • requestSigning - Use the returnSigningServiceType parameter to retrieve the signing type.

New signing services

Secure App Services now includes the following new signing services:

  • Apple codesign
  • Apple productsign
  • Apple signIPA
  • Apple XAR signing
  • Windows Hardware Certification Kit (HCK)
  • Windows Hardware Lab Kit (HLK)
  • Microsoft signing services with EV code signing capability

Documentation enhancements

The description of SigningServicesSearchCriteriaType has been updated. As a Service Manager, you can view the list of all signing services by entering "0" for publisherID in the getSigningServices request.

2016-3

The September 2016 release includes the following changes:

  • Added support for GnuPG (GPG) signing platform.
  • Added support for Red Hat Package Manager (RPM) signing platform.

2016-2

The May 2016 release includes the following changes:

OpenSSL hash signing

SAS now supports OpenSSL based hash signing. We have included a sample code to help you get started with this feature. For more information, see Sample code for OpenSSL hash signing.

Microsoft Office document signing

SAS now supports Microsoft Office document XML signing. The feature enables you to sign .docx, .xlsx, .pptx files from Office 2007 and later versions.

Important considerations for Office document XML signing:

  • Uses XAdES-XL XML signing option.
  • Includes timestamping.
  • Supports large files up to a maximum size of 2 GB.
  • Supports ZIP files up to a maximum size of 5 MB.

2016-1-4

The April 2016 minor release includes the following changes:

  • The Microsoft Authenticode signing service now supports .xap and .deploy files.
  • The Windows Manifest signing service now supports .vsto files.
  • The Windows Manifest signing service now lets you sign multiple files.

2016-1-2

The February 2016 minor release includes the following changes:

  • The Microsoft Authenticode signing service now supports .xsn files.

2016-1-1

The January 2016 minor release includes the following changes:

  • Large file upload requests now support both GET and POST methods. POST is preferred, when possible.

2016-1

The January 2016 release includes the following changes:

  • Added support for Windows Manifest Signing.
  • The Android signing service now supports signing embedded wearable .apk files. This support is enabled by default. Contact us if you want to disable wearable APK signing.

2015-5

The following enhancements were added in the December 2015 release.

There are three new operations:

2015-4-1

The following enhancements were added in the November 2015 minor release.

  • You can now perform test or production signing on signing sets that have already been test signed.
  • Requests to create a signing set that already exists with the same name and version no longer create a duplicate signing set.

We use cookies to ensure that we give you the best experience on our website. By using this site, you agree to the Terms of Service.