New Features, Enhancements, and Changes
NOTE If you are upgrading from a version of Sentinel LDK that is earlier than 8.5, be sure to review the release notes for all intervening versions. Significant enhancements and changes are introduced in each version of Sentinel LDK. Download a ZIP file that contains all Sentinel LDK release notes to see the changes.
Service Pack: 9.0.200
>Enhanced Envelope Protection for Python Applications Under Windows
>Improved Windows Shell Protection for .NET Assemblies
>Additional Enhancements to Sentinel LDK Envelope
Enhanced Envelope Protection for Python Applications Under Windows
Sentinel LDK now provides a new command-line tool called Script Envelope for applying Sentinel LDK Envelope protection to Python applications on a Windows machine.
After you create a project file that contains protection parameters, you can protect the Python application simply be executing Script Envelope. No additional steps are required.
For details, see Sentinel LDK Envelope for Windows.
Improved Windows Shell Protection for .NET Assemblies
Until now, Sentinel LDK Envelope supported shell protection for normal .NET executables.
Effective with this release, the Envelope V3 engine additionally supports shell protection for .NET mixed mode executables and DLL assemblies under Windows.
Additional Enhancements to Sentinel LDK Envelope
The following enhancements have been implemented by this service pack:
>.NET Envelope runtime message boxes now display as a foreground window.
>For application protected using the Windows V3 engine, Envelope runtime message boxes now display as a foreground window.
>The .NET target frameworks under which protected applications are supported includes .NET 8. For details, see this table.
Service Pack: 9.0.100
>Master Wizard Now Communicates Using HTTPS
>Changes to Support for .NET Target Framework
>Enhancements to Sentinel LDK Envelope and Data Protection Utility
Master Wizard Now Communicates Using HTTPS
Communication between Sentinel LDK Master Wizard and Thales servers is now secured using HTTPS protocol.
Changes to Support for .NET Target Framework
When installing Service Pack 9.0.100, the .NET target frameworks under which protected applications are supported is modified. For details, see this table.
Enhancements to Sentinel LDK Envelope and Data Protection Utility
The table below describes enhancements to Sentinel LDK Envelope and Sentinel LDK Data Protection utility.
| Component | Description |
|---|---|
| Windows V3 protection engine |
The advanced protection parameter Keep Debug Info has been implemented for the Windows V3 protection engine. When this parameter is set to True, debug information for the application is retained. (Default setting is False.) Note: For the Windows V3 engine, this functionality retains debug information for both executables and DLLs. |
| Envelope GUI for Windows |
The Feature ID and Frequency columns have been added back to the data grids for .NET and Java. |
| Windows V3 protection engine |
When you attempt to protect a program file with the V3 protection engine, Envelope now detects if the program file is already protected with the Windows NG engine. If the program is already protected, Envelope issues an error message and the operation fails. |
| Windows NG protection engine |
When you attempt to protect a program file with the NG protection engine, Envelope now detects if the program file is already protected with the Windows V3 engine. If the program is already protected, Envelope issues an error message and the operation fails. |
| Windows V3 protection engine |
When protecting a program file, Envelope now removes an existing Authenticode signature and logs a warning that the protected program file needs to be re-signed. |
| Linux Envelope | Linux Envelope for QT framework has been implemented. |
| Data File Protection for Linux |
Data file protection now supports new file statistics functions of recent versions of glibc. |
Release: 9.0
>Enhancements to Sentinel LDK Envelope
>Enhancements to Sentinel Run-time Environment Installer API
>Enhancement to V-Clock for Sentinel SL Keys
>Introduction of Sentinel Remote Update System (RUS)
>Identity Strings Can Now Be Hidden
>Rate Limiting for Cloud Licensing
>Directories for Licensing API Have Been Renamed
>Enhancement to Sentinel Admin API
>Admin Control Center Now Uses Session-Based Authentication
>Improved Help System for Admin Control Center
>Enhancement to the Run-time Environment Changes a Return Code in Admin API
>Additional Changes to Sentinel LDK
Enhancements to Sentinel LDK Envelope
Sentinel LDK Envelope now supports the following functionality:
>Enhanced V3 Engine
The Windows V3 engine has been significantly enhanced to provide more robust and stable protection of Windows applications. As a result, Thales now recommends the use of the V3 engine as the engine of choice when protection applications.
The behavior of Sentinel LDK Envelope 9.0 is as follows:
•When you start Sentinel LDK Envelope 9.0 for the first time, by default the Windows engine used for applications in new projects is V3.
•If you open a project that was created in Sentinel LDK Envelope 8.5 or earlier, the protection engine in the Envelope Settings dialog box changes for that project to the setting that was in force when that project was created.
Once you manually change the Windows engine in the Settings dialog box and click OK, the engine you selected is applied for all applications that you add to any project, regardless of when the project was created.
>Support for AppOnChip in the V3 Protection Engine
The enhanced V3 protection engine now supports the use of AppOnChip functionality to protect applications that are licensed using HL (Driverless configuration) keys.
>Support for .NET 7
Sentinel LDK Envelope now supports .NET 7 applications.
Enhancements to Sentinel Run-time Environment Installer API
Sentinel Run-time Environment Installer API has been enhanced as follows:
>The haspds_Install function has been enhanced to support forcing installation of the RTE with legacy drivers if required.
Enhancement to V-Clock for Sentinel SL Keys
The V-Clock in an SL key can now be set to a specific date and time, or to the date and time from the system clock on the machine where the V2C file is generated. This may be required, under certain circumstances, to re-enable a Feature that was blocked due to time-tampering.
NOTE Before applying a V2C file to reset the V-Clock using the system clock, the user should ensure that the system clock is set to the current date and time.
Introduction of Sentinel Remote Update System (RUS)
This feature consists of the following components:
>The Sentinel Remote Update System (referred to as RUS) is an executable utility that you can send to your end users to enable secure, remote updating of the license and memory data of Sentinel protection keys after they are deployed.
The RUS utility can be used by the end user to:
•Generate a fingerprint of their machine to send to the vendor.
•Collect information about licenses on their machine to send to the vendor.
•Apply updates to licenses and memory data on the end user's machine.
•Transfer (rehost) an SL key from one of their computers to another, without any intervention by the vendor.
For more information, see Sentinel LDK Software Protection and Licensing Guide.
>You use theRUS Generator to generate a RUS utility executabe that is associated with your Batch Code. The RUS Generator can also be used to brand the RUS utility interface with your company information and with any other text or instructions that you want to add. For more information, see Sentinel RUS Generator.
Identity Strings Can Now Be Hidden
Identity strings used by cloud licensing can now be hidden in Sentinel Admin Control Center and in the hasplm.ini file on licensed users’ machines. This prevents licensed users from sharing their identity strings with other users.
When hidden, the identity string is replaced in the serveraddr string in Admin Control Center with “*”.
Automatic detach remains supported even if the identity string is not visible in Admin Control Center or the hasplm.ini file.
Licenses that were detached before the identity string was hidden continue to be available without providing the identity.
For more information, see Sentinel Admin API Reference.
Rate Limiting for Cloud Licensing
Sentinel Licensing API now supports rate limiting for
For Thales-hosted cloud license managers (coming soon), rate limiting is configured by Thales. However, you can control the load imposed on the license manager by optimizing the frequency of your protected application's API calls. For more information, see Sentinel Licensing API Reference. For information about the availability of Thales-hosted cloud license managers, contact your Thales representative.
Directories for Licensing API Have Been Renamed
The sample and API directories for Sentinel Licensing API in the Sentinel LDK installation have been renamed as follows:
From:
>\Samples\Runtime\
>\API\Runtime\
To:
>\Sample\Licensing\
>\API\Licensing\
These directories have been renamed for Windows, Linux, and Mac installation of Sentinel LDK. This change aligns the name of these directories from the legacy name of the API (that is, Runtime API) to the current name (Licensing API).
Enhancement to Sentinel Admin API
Access to Sentinel Admin API can now be restricted so that it is only available for users from the local network. This can be enforced using firewall rules. Administrator-level requests would be allowed only on a specific port or network interface (or both).
Admin Control Center Now Uses Session-Based Authentication
Password protection in Sentinel Admin Control Center now uses session-based authentication instead of basic authentication. This enhancement provides the option to log in securely from any machine without the need to configure a trusted client.
NOTE If you have configured Admin Control Center to require login credentials, a user name is now required. If you have not defined a user name, use admin (the default user name) to log in to Admin Control Center.
Improved Help System for Admin Control Center
The help system for Sentinel Admin Control Center has been significantly improved. This new help system is provided when the user is working with Run-time Environment 9.12 and later.
Until now, the help system was implemented using simple HTML pages with very little navigation assistance.
The new help system is displayed in an independent browser window and provides:
>Context-sensitive help content
>A navigation pane
>Search capabilities
>Improved formatting and readability
These improvements will better assist users in working with Admin Control Center.
Enhancement to the Run-time Environment Changes a Return Code in Admin API
Sentinel Admin API generated a misleading return code as described below.
Given the following circumstances:
>The provided scope for the sntl_admin_get function to retrieve an identity list returns a null data set.
>The installed Run-time Environment is version 8.43 or earlier.
The value for the return code was 0 (SNTL_ADMIN_STATUS_OK).
After you install Run-time Environment version 8.51 or later, in the same circumstances, the value for the return code is (SNTL_ADMIN_SCOPE_RESULTS_EMPTY).
This enhancement (SM-122852) was implemented with the release of Sentinel LDK 8.5 , but was not reported in the documentation.
Additional Changes to Sentinel LDK
The Sentinel LDK High Availability for Cloud Licensing Configuration Guide has been incorporated into the Sentinel LDK Installation Guide. This configuration guide was formerly a standalone document.