Sentinel LDK v.6.

3
Release Notes
2 SAFENET SENTINEL LDK PRODUCT END USER LICENSE AGREEMENT

Document Revision History

August 2012
Revision 1209-2

Disclaimer and Copyrights

Copyright © 2012, SafeNet, Inc. All rights reserved. http://www.safenet-inc.com/

We have attempted to make these documents complete, accurate, and useful, but we cannot
guarantee them to be perfect. When we discover errors or omissions, or they are brought to our
attention, we endeavor to correct them in succeeding releases of the product. SafeNet, Inc. is not
responsible for any direct or indirect damages or loss of business resulting from inaccuracies or
omissions contained herein. The specifications contained in this document are subject to change
without notice.
SafeNet® and Sentinel® are registered trademarks of SafeNet, Inc. All other product names
referenced herein are trademarks or registered trademarks of their respective manufacturers.

Confidential Information

Sentinel LDK is designed to protect your applications from unauthorized use. The less information
that unauthorized people have regarding your security system, the greater your protection. It is in
your best interest to protect the information herein from access by un-authorized individuals. .
 Contents
About This Document 5
Product Overview 5
Sentinel Vendor Keys 6
Technical Support 7
Help Us to Improve Sentinel LDK 7
What's New in This Release? 8
New Back-end System 8
Certificate-based Licensing 8
Next-generation Hardware Keys 8
License Rehosting 9
Installation Without Administrator Rights 9
SL Protection Keys for Linux 9
Sentinel LDK Envelope Security Enhancement 9
Additional Enhancements for Sentinel LDK Envelope 10
Sentinel LDK Envelope for Mac Now Supports Data Encryption and Decryption 10
Sentinel License Generation API 10
Sentinel Admin API 10
Sentinel EMS Now Provides Custom Reports 11
Sentinel Protection Key Memory Now Supports UTF8 Encoding 11
Note Regarding Support for Windows 8 and OS X 10.8 11
What's Changed in This Release? 11
Changes to Sentinel Vendor Keys 11
Licensing API 12
HASP SL Keys Are Now Sentinel SL Keys 12
Master Wizard 12
Sentinel LDK Documentation 13
Documents 13
Online Help Systems - User Interfaces 14
Online Help Systems – Sentinel LDK APIs 15
Software and Documentation Updates 16
Supported Platforms 16
Known Issues and Workarounds 17
Sentinel Vendor Suite Installation 17
Sentinel EMS 17
Sentinel LDK Master Wizard 18
Sentinel LDK Runtime Environment Installer 18
Sentinel LDK Runtime Environment and Customer Tools 19
Sentinel LDK Envelope for Windows Platforms 20
Sentinel LDK Envelope and Data Encryption for Mac OS X 23
 Sentinel LDK v.6.3 - Release Notes
About This Document
This document contains information about the latest release of the Sentinel LDK product,
including new features, changes to the product, documentation, and known issues and
workarounds.

These release notes are subject to change. If you are reading the release notes that were
installed with the product, SafeNet recommends that you check the release notes available
from the Sentinel Community web site to see if any information was added or changed.
You can access the latest release notes from this location: http://sentinelcustomer.safenet-
inc.com/sentineldownloads/

Product Overview
Sentinel LDK (Sentinel License Development Kit) provides software publishers with strong anti-
piracy and IP protection solutions, offering unmatched flexibility in assisting you to protect your
revenue and increase sales. The Sentinel system prevents unauthorized use of software, protects
software copyrights and intellectual property, and offers multiple licensing models.
The strength, uniqueness, and flexibility of Sentinel LDK are based on two primary principles:
n Protect Once—Deliver Many™ — the concept of separating the software engineering and
business processes.
n Cross-Locking™ — the technology that supports the Protect Once—Deliver Many concept,
enabling a protected application to work with a Sentinel hardware key or a Sentinel
License Certificate (software key).
All commercial decisions, package creation and license definitions are executed by product or
marketing managers after the protection has been implemented.
6 Sentinel LDK v.6.3 - Release Notes

This workflow model provides you with greater flexibility and freedom when defining new sales
and licensing models, including feature-based and component licensing, evaluation, rental,
floating, subscription, provisional (trial/grace), pay-per-use, and more, enabling you to focus on
revenue growth.

Sentinel Vendor Keys

When you purchase Sentinel LDK, you are provided with two Sentinel Vendor keys—the
Sentinel Master key and the Sentinel Developer key.
The Sentinel Developer key is used by your software engineers in conjunction with the
Sentinel LDK protection tools to protect your software and data files.
The Sentinel Master key is used in conjunction with Sentinel LDK and is attached to the Sentinel
EMS Server. The key is used by your production staff to create licenses and lock them to Sentinel
protection keys, to write specific data to the memory of a Sentinel protection key, and to update
licenses already deployed in the field.
Every Sentinel EMS Server computer must have a Sentinel Master key connected.
 Technical Support 7

Technical Support
For assistance, or to report problems, contact your local SafeNet representative, or create a
support call at http://www.safenet-inc.com/technicalsupport.aspx. .

Customer Connection Center (C3)

http://c3.safenet-inc.com
Existing customers with a Customer Connection Center account can log in to manage
incidents, get latest software upgrades and access the complete SafeNet Knowledge Base
repository.
Support and Downloads
http://www.safenet-inc.com/Support
Provides access to knowledge base and quick downloads for various products.
E-mail-based Support
[email protected]
Telephone-based Support
United States (800) 545-6608, (410) 931-7520
France 0825 341000
Germany 01803 7246269
United Kingdom 0870 7529200, +1 410 931-7520
Australia and New Zea- +1 410 931-7520(Intl)
land
China (86) 10 8851 9191
India +1 410 931-7520 (Intl)

Help Us to Improve Sentinel LDK

You can make a difference! We invite you to send us your ideas and opinions, and tell us what
you like (and don’t like) about Sentinel LDK. Your input can help shape future versions of the
product.
Feedback on Sentinel LDK can be sent to: [email protected]
 8 Sentinel LDK v.6.3 - Release Notes

What's New in This Release?

This section describes the main features and enhancements that are introduced in Sentinel LDK
v.6.3.

Most of the features described in this section were introduced in Sentinel LDK v.6.0 or 6.1
For ISVs who installed Sentinel LDK v.6.0 or 6.1, the new or modified features are those
that are identified in this section as New for 6.3.

New Back-end System

Sentinel LDK now incorporates Sentinel EMS (Sentinel Entitlement Management System) as its
back-end database server, web server, and user interface. From a single central installation in the
ISV organization, Sentinel EMS can be accessed by all authorized users from their web browsers.
Sentinel EMS supports functionality from earlier versions of Sentinel HASP Business Studio.
Sentinel EMS also provides new functionality such as:
n a user portal that customers can access to activate their licenses online by entering a Product
Key. In addition, customers can now be required to provide registration information before they
can activate their licenses.
n the ability to burn multiple HL keys simultaneously. This can provide a significant time savings
for the ISV.
For existing Sentinel HASP ISVs, Sentinel LDK provides the following to simply the process of
migrating to Sentinel EMS:
n Sentinel LDK Data Migration Tool - This tool migrates the content of Sentinel HASP Business Stu-
dio Server to the Sentinel EMS database.
n Business Studio Server API for Sentinel EMS - This API allows your CRM and ERP applications to
access the Sentinel EMS database using existing Business Studio Server API function calls. This
avoids the need to convert your applications to use Sentinel EMS Web Services.

Certificate-based Licensing
Sentinel SL protection keys are now implemented using certificates. These licenses are tamper-
proof and can be generated in a clear-text format that can be read and understood by the ISV and
customer. The certificate licenses on the end user’s computer provide a history of the license for
the protected application. This simplifies tracking changes and dealing with any licensing questions
that may arise.
(New for 6.3) Updates to Sentinel SL AdminMode licenses can now be applied by simply placing
the V2C file in the visible license store.

Next-generation Hardware Keys

(New for 6.3) HASP HL keys are being replaced with advanced Sentinel HL keys. The new Sentinel
HL keys use smart card technology to provide a higher level of protection against hardware
cloning. In addition, the new Sentinel HL keys provide the following:
n Two configurations of Sentinel HL keys are available:
 What's New in This Release? 9

o Driverless-configuration keys – When used with this type of HL key, the protected appli-
cation does not use the HASP drivers included in the Run-time Environment. In future
releases of Sentinel LDK, these keys will not require installation of the Run-time Envi-
ronment. (Note: For the current release, Sentinel HL Net and NetTime keys are not avail-
able in the Driverless configuration.)
o HASP-configuration keys – When used with this type of HL key, the protected application
requires the presence of the Run-time Environment. This type of key provides backward
compatibility for protected application that work with HASP HL keys.
n Dynamic memory – Larger, more efficient utilization of on-key memory for Features.
n Infrastructure for the next security leap.
The new Sentinel HL keys are available as USB dongles. ExpressCards models are planned for the
end of 2012.
ISVs who already have Vendor keys may require new Master and Developer keys. For more
information, see "What's Changed in This Release?" on page 11.

License Rehosting
ISVs now have the option to allow customers to rehost (transfer) a protection key from one
computer to another without any intervention by the ISV customer support department and
without requiring on-line connectivity to the ISV servers. This reduces the load on customer
support and provides the customer with an improved end user experience.

Installation Without Administrator Rights

ISVs now have the option of providing a “UserMode” SL license for Windows platforms. This
license does not require installation of the Run-Time Environment on the end user’s computer.
This simplifies installation of the protected application for the end user and allows applications to
be installed without requiring administrator rights.
In addition, for network licenses, end users may be able to install the protected application
without installing the Run-time Environment on the same machine. Note that the Run-time
Environment is still required on the machine where the Net key is connected.

SL Protection Keys for Linux

ISVs can now offer protected applications with SL keys for the Linux operating system.

Sentinel LDK Envelope Security Enhancement

Sentinel LDK Envelope now employs “white box” secure communication channel when protecting
applications. This protects the encryption key from exposure to hackers.
10 Sentinel LDK v.6.3 - Release Notes

Additional Enhancements for Sentinel LDK Envelope

n (New for 6.3) For .NET applications: Dispose methods are now deselected by default. Dis-
pose methods typically contain no security logic or other critical logic and can be dese-
lected to improve performance and reliability.
n (New for 6.3) For .NET and Java applications: When adding new methods to an existing
project, you can choose to have Envelope select the methods to protect using the default
selection method, or to leave new methods unprotected by default.
n (New for 6.3) When a class contains multiple constructors, the constructors are no longer
grouped together in a single entry. It is now possible to select individual constructors to
be protected.
n (New for 6.3) Envelope can now protect 64-bit Windows application that use file overlays.
n (New for 6.3) On Windows platforms, Sentinel SL UserMode is now supported for 64-bit
applications with Windows Envelope, .Net Envelope, and Java Envelope protection.

Sentinel LDK Envelope for Mac Now Supports Data Encryption and Decryption
Sentinel LDK Envelope for Mac now adds the capability for a protected application to encrypt and
decrypt data that is written to and read from an external file.
(New for 6.3) Data files that will be delivered together with the protected application can be pre-
encrypted using the new Sentinel LDK Data Encryption utility for Mac. (This utility was previously
referred to as the DataHASP utility).
Note: See the known issue "151020" on page 24

Sentinel License Generation API

For ISVs that already have a licensing infrastructure in place or that prefer to implement an
alternative to Sentinel EMS and Sentinel EMS Server, Sentinel LDK offers a standalone licensing
solution.
ISVs can use Sentinel License Generation API together with their existing licensing server software
and ERP and CRM back office systems for maximum flexibility and control over their business
processes.
Sentinel License Generation API provides the functionality required to generate and maintain
Sentinel protection keys, but without any of the back office services that are provided by Sentinel
EMS. All the required services are provided by the system that the ISV chooses to implement. The
ISV would use Sentinel LDK only to handle the protection and licensing functions for their
applications.
Sentinel License Generation API is incorporated into Sentinel LDK ToolBox. The online help for
ToolBox includes descriptions of the API functions and the XML templates required to work with
the API.

Sentinel Admin API

Sentinel Admin API provides the functionality available in Admin Control Center and Sentinel
License Manager. ISV developers can call functions to retrieve information from local or remote
 What's Changed in This Release? 11

License Managers and to perform actions in these License Managers. For example, the developer
can call functions to:
n Examine the configuration of a License Manager installation and make modifications to
the configuration
n Examine a list of accessible protection keys; retrieve all Feature data for a specific pro-
tection key
n Detach a protection key from one computer and attach it to a different computer
n Apply a V2C file

Sentinel Admin API is incorporated into Sentinel LDK ToolBox. The online help for ToolBox includes
descriptions of the API functions and the XML templates required to work with the API.
(New for 6.3) Interfaces for Sentinel Admin API for Java, .NET, and C++ are available.

Sentinel EMS Now Provides Custom Reports

(New for 6.3) The Sentinel EMS Reports facility now provides you with the ability to produce
reports with valuable business information, based on an SQL query of data in the Sentinel EMS
database. With this tool, managers can obtain data for analyzing how their software is used and
the purchasing preferences of their customers. (This functionality requires a Reporting Module
license.)

Sentinel Protection Key Memory Now Supports UTF8 Encoding

You can now write UTF8-encoded data to the memory space in Sentinel protection keys. This
enables you to fit more data into the existing memory space.

Note Regarding Support for Windows 8 and OS X 10.8

Microsoft Windows 8 and Mac OS x 10.8 are not supported in Sentinel LDK v.6.3. However,
SafeNet plans to announce support for these operating systems in the coming weeks and to
release the necessary updates to Sentinel LDK.

What's Changed in This Release?

This section describes significant changes from earlier releases that have occurred in this release of
Sentinel LDK (Sentinel License Development Kit).

Changes to Sentinel Vendor Keys

ISVs who already have a Sentinel Master key and want to create license updates for Sentinel HL
(Driverless configuration) keys will need to obtain a new Master key. This new Master key should
be used in parallel with your existing Master key. (It is not necessary to introduce this new Master
key.) For more information, contact your SafeNet sales representitive. Updates to the Master key
(such as adding Standalone Licenses or network seats should be performed using your original
Master key.
12 Sentinel LDK v.6.3 - Release Notes

ISVs who already have a Sentinel Developer key and who want to protect Mac or Linux
applications with Envelope for use with Sentinel HL (Driverless configuration) keys will need to
obtain a new Developer key. This new Developer key should be used in parallel with your existing
Developer key. (It is not necessary to introduce this new Developer key.) For more information,
contact your SafeNet sales representitive.

Licensing API
The Run-time API is now referred to in product documentation as the Licensing API.
A new function called hasp_transfer() has been added to the API. This function is used both to
detach the license for a Product from a Sentinel SL key or to removes a Sentinel SL key from its
host machine and prepares it to be transferred ("rehosted") to a target machine.
(New for 6.3) In the Licensing API, the manner in which protection keys are specified for
<hasp> <type> for the login scope or for the hasp_get_info() function has been changed:
HASP-SL-AdminMode and HASP-SL-UserMode are now specified as HASP-SL. However, the values
HASP-SL-AdminMode and HASP-SL-UserMode are still supported for backward compatibility.

HASP SL Keys Are Now Sentinel SL Keys

HASP SL keys are now referred to in the user interfaces and in the documentation as Sentinel SL
keys. There is no functional difference between HASP SL keys and Sentinel SL keys.

Master Wizard
The option in the Master Wizard to download merged libraries is not supported in the current
release of Sentinel LDK.
 Sentinel LDK Documentation 13

Sentinel LDK Documentation

The documents and online help systems described below are provided in this release of Sentinel
LDK.

Documents
Sentinel LDK documents (PDF files) can be found:
n on the Sentinel LDK Installation DVD, under: \Windows\Installed\Docs\
n where Sentinel LDK is installed, under: …\Program Files\SafeNet Sentinel\Sentinel
LDK\Docs\
n where Sentinel EMS is installed, under: …\Program Files\SafeNet Sentinel\Sentinel
EMS\EMSServer\webapps\ems\Docs\
(For Windows x64, under \Program Files (x86)\...)

Document Description
Sentinel LDK Installation Guide Details the prerequisites and procedures for installing Sen-
tinel LDK Vendor Tools, Sentinel EMS Server, and the
Run-time Environment.
Sentinel LDK Software Protection and Provides in-depth information about the logic of the appli-
Licensing Guide cations and best practices for maximizing your software
protection and licensing strategies. Describes a wide
range of licensing strategies and models that you can
implement, and can serve as the basis for elaboration
and for creating new, tailor-made licensing models.
Sentinel LDK Software Protection and Guide you through the basic procedures of Sentinel LDK
Licensing Tutorials to familiarize you with the applications and their func-
tionality. • The Demo Kit tutorial is for vendors who wish
to evaluate Sentinel LDK. • The Starter Kit tutorial is for
vendors who have just purchased Sentinel LDK. Two ver-
sions of each tutorial are provided – one for working with
Sentinel EMS as the back office system, and one for ven-
dors who want to provide their own back office system
and use only the Sentinel LDK APIs to handle licensing
and protection.
Quick Start Guides Provides a short and simple demonstration of how you
can easily protect your software using Sentinel HL keys.
Separate Demo Kit and Starter Kit guides are provided.
Integrating Sentinel EMS Server into Outlines the many ways that software vendors can max-
Your Existing Back-Office Systems imize the potential of their existing back-office systems,
such as ERP, CRM, and business intelligence systems,
through seamless integration with Sentinel EMS Server.
14 Sentinel LDK v.6.3 - Release Notes

Document Description
Sentinel HL Drive Flash Partitioning Describes how to use the Sentinel HL Drive partitioning
Utility – User Guide utility and API to load your Sentinel LDK-protected appli-
cations and data onto the CD-ROM partition of a Sentinel
HL Drive, and ship it to your customers. Your customers
can save files to Sentinel HL Drive or load additional soft-
ware on it, and thus utilize the convenience of USB flash
drive functionality.
Migration Guide: Sentinel HASP to Describes how to migrate from Sentinel HASP to Sentinel
Sentinel LDK LDK. Describes how to migrate your Business Studio
Server database to a Sentinel EMS database. This guide
also describes the Business Studio Server API for Sentinel
EMS.
Additional Migration Guides These guides describe how to migrate to Sentinel LDK
from:
- Hardlock
- SmartKey
- Sentinel SuperPro
- HASP HL
- HASP4
- Sentinel Hardware Keys
Migration Guides will be available at:
http://www.safenet-
inc.com/SentinelLDK/MigrationGuides
Sentinel EMS Configuration Guide Provides information on setting up and configuring
Sentinel EMS to satisfy the requirements of your
organization.
Sentinel EMS User Guide Provides the Sentinel EMS user with detailed directions
on how to set up license entities and how to handle
entitlements, production, and support for Sentinel HL
and SL keys. (This information is also provided in online
help for the Sentinel EMS user interface.)

The document "Transitioning From HASP SRM v.2.x" is no longer provided on the
Installation DVD. If you require this document, contact Technical Support.

Online Help Systems - User Interfaces

The documentation described in the table that follows can be accessed from the user interface for
the relevant Sentinel LDK component.
 Sentinel LDK Documentation 15

Online Help System Description

Sentinel LDK Admin Control Center Documentation for the end user, describing the Admin
Control Center and providing instructions for performing
the various functions such as updating or attaching
licenses.
Sentinel EMS Provides the Sentinel EMS user with detailed directions
on how to set up license entities and how to handle
entitlements, production, and support for Sentinel HL
and SL keys.
Sentinel LDK Data Encryption Utility Provides the developer with a description of the Sentinel
LDK Data Encryption utility (formerly DataHASP utility),
used for protecting data files that are accessed by
Sentinel LDK Envelope.
Sentinel LDK Envelope (Separate Describes how to employ Sentinel LDK Envelope to
versions for Windows and for Mac) automatically wrap your programs with a protective
shield. The application provides advanced protection
features to enhance the overall level of security of your
software.
Sentinel LDK ToolBox Describes how to work with the ToolBox user interface for
the Licensing, License Generation, and Admin APIs. Using
Sentinel LDK ToolBox, the developer can experiment with
the individual functions that are available in each API and
can generate programming code for insertion in the
developer’s own program. Provides full documentation
for each of the included APIs.

Online Help Systems – Sentinel LDK APIs

Documentation for the Sentinel LDK APIs described below can be found:
n on the Sentinel LDK Installation DVD, under: \Windows\Installed\API\
n where Sentinel LDK is installed, under:…\Program Files\SafeNet Sentinel\Sentinel LDK\API\
(For Windows x64, under\Program Files (x86)\…)

Sentinel LDK API Description

Activation API Reference Together with various Licensing API functions, this API
assists the developer in communicating with the Sentinel
EMS Server.
Licensing API Reference (formerly Provides the developer with an interface to use the
Run-time API) licensing and protection functionality available in the
Sentinel LDK Run-time Environment.
16 Sentinel LDK v.6.3 - Release Notes

Sentinel LDK API Description

Run-time COM API Provides the developer with access to Sentinel HASP Run-
time Environment functionality, through an interface
written for the Microsoft Component Object Model
(COM).
Run-time Installer API Provides the developer with an interface for integrating
installation of the Run-time Environment into the
installation of the vendor’s protected application.
Sentinel EMS Web Services Provides the developer with an interface for integrating
Sentinel EMS functionality into the vendor’s existing
back-office systems. (Documentation is available from the
index.html menu under
…\Program Files\SafeNet
Sentinel\Sentinel EMS\EMSServer\webapps\
ems\Docs\
(For Windows x64, under \Program Files (x86)\…)
License Generation API Reference Provides access to the power and flexibility of Sentinel
protection keys without the need to employ the full
Sentinel EMS system. The developer can call functions in
this API to generate and update licenses for Sentinel
protection keys.
Admin API Provides the functionality available in Admin Control
Center and Sentinel License Manager in the form of
callable API functions.

Software and Documentation Updates

SafeNet recommends that you frequently visit the Sentinel downloads page to ensure that you
have the most recent versions of Sentinel LDK software and documentation, and for
documentation in other languages.

Supported Platforms
To ensure that you have the most comprehensive and up-to-date list of supported platforms, go
to: http://sentinelcustomer.safenet-inc.com/platformsupport/
 Known Issues and Workarounds 17

Known Issues and Workarounds

The known issues in Sentinel LDK v.6.3 that are likely to have the most significant impact on users
are listed below, according to component.

Sentinel Vendor Suite Installation

Ref Issue
133240 When Installing Sentinel Vendor Suite under Windows 2003, the installation may fail
with an internal error or with error messages similar to the following:
Error 1718. File fileName was rejected by digital signature policy.
Installation ended prematurely because of an error.
This problem is caused by a known issue in Windows 2003. To resolve this problem,
go the following Microsoft URL:
http://support.microsoft.com/kb/925336
130317 During installation, the file haspnedrt.dll may be detected as malware by AVG anti-
virus. This is a false positive, and the file is safe to use. SafeNet has notified AVG
Technologies about this issue.
171812 In a machine with an Nvidia graphics card and AMD64 processor, installation of
Sentinel EMS stops responding after the installer displays the "installed successfully"
screen. At this point, installation of Sentinel EMS has succeeded, but the Finish
button is not displayed, and the installer cannot continue with the installation of
Sentinel Vendor Suite (if you requested to install it).
Workaround: Perform the installation using a remote desktop. Alternatively, cancel
the installation wizard when the "installed successfully" screen is displayed, and then
run the installation wizard a second time and select only the Vendor Suite for
installation.
172141 On a machine with a localized operating system, installation of Sentinel EMS in a
directory whose name contains localized characters fails with "Error 1324".
Workaround: Install Sentinel EMS in a directory whose name does not contain
localized characters.

Sentinel EMS
Ref Issue
143768 If Sentinel EMS is configured to work with a remote database that uses a password
that contains non-English letters, Sentinel EMS Service fails to log in successfully to
the remote database.
Workaround: Change the password for the database so that it does not contain non-
English letters.
167309 In the RUS Branding screen, the list field for selecting the font does not work
correctly in the Google Chrome browser.
Workaround: Use a different browser to edit the RUS Branding screen.
18 Sentinel LDK v.6.3 - Release Notes

Sentinel LDK Master Wizard

Ref Issue
139726 Under some versions of openSUSE Linux, when the Master Wizard is run as root, the
application hangs with the following output:
qctest@linux-g09j:~/Desktop/Linux/VendorTools/VendorSuite> su
Password:
linux-g09j:/home/qctest/Desktop/Linux/VendorTools/VendorSuite #
./masterhasp
**
GLib-GIO:ERROR:gdbusconnection.c:2279:initable_init: assertion failed:
(connection->initialization_error == NULL)
Aborted
This appears to be the result of a known issue in openSUSE.
Workaround:
Enter the following commands to run the Master Wizard:
su -
./masterhasp
(Note the syntax: "su -")
172697 When the Master Wizard is run from the console under Debian 6.0, the following
warning is displayed:
Qt: Session management error: None of the authentication protocols
specified are supported
This message can be ignored. The Master Wizard performs its function correctly.

Sentinel LDK Runtime Environment Installer

Ref Issue
8475 When you attempt to integrate the Sentinel LDK Run-time Environment Installer MSM
module in your Windows Vista installation package, a warning may be displayed. This
is a known issue for the Installer, and the message can be ignored. For more
information about this issue, go to the following URL:
http://kb.flexerasoftware.com/selfservice/microsites/
search.do?cmd=-
displayKC&docType=kc&externalId=Q107955&sliceId=1&docTypeID=DT_ERRDOC_1_
1&dialogID=95513399&stateId=0%200%2095503947
 Known Issues and Workarounds 19

Ref Issue
136831 Given the following circumstances:
n A hasplms service exists in a location other than c:\windows\system32.

n haspdinst is used install the Run-time Environment.

haspdinst will copy the new hasplms.exe file to the standard location, but then start
the old hasplms.exe.
Workaround: Stop and remove the old hasplms.exe service before executing
haspdinst.exe.
(HASPUserSetup.exe and haspds.msm do not show this behavior. They always stop
and remove a running hasplms service, then install and start the new one correctly.)
This issue also exists in SRM 5.x and below.

Sentinel LDK Runtime Environment and Customer Tools

Ref Issue
12506 Sentinel LDK communicates via TCP and UDP on port 1947. This port is IANA-
registered exclusively for this purpose. At the end user site, the firewall must be
configured so that communication via this port is not blocked.
14827 Given the following situation:
A Product is protected by a Sentinel SL protection key and allows concurrency.
The number of concurrent users is the maximum allowed.
Additional users attempting to access the protected software receive the message
“Access denied” instead of the message “Too many users.”
99350 On the Mac OS 10.6 Server with 64-bit kernel extension: The Run-time C samples
(static, shared, Xcode static and shared) sometimes stop responding after displaying
the copyright notice.
Workaround: Install the latest operating systems updates (10.6.8 or later) from
Apple.
Note: If the precompiled Run-time sample binaries do not function properly (they do
not respond when executed), recompile the binaries with Xcode or GCC.
137995 When a Feature that is disabled for virtual machines is accessed in a VM
environment, the Run-time Environment returns the message HASP_FEATURE_NOT_
FOUND instead of HASP_VM_DETECTED.
140898 Under the Linux operating system, Sentinel License Manager does not support the
IPV6 network protocol.
144293 In Admin Control Center, when the user clicks the Certificate button to display
certificate information regarding an updated license, the certificate displayed is from
the base version of the license. (This issue has no impact on license functionality.)
This issue does not exist in Sentinel Admin API.
20 Sentinel LDK v.6.3 - Release Notes

Ref Issue
170463 When the user attempts to install MicroSoft Office 2010 on a computer that contains
the Run-time Environment, the installation fails and displays the following error:
Error 1406. Setup cannot write the value Assembly to the registry key
Software\Classes\CLSID\{0006F024-0000-0000-C000-000000000046}
\InprocServer32\14.0.0.0.
Verify that you have sufficient permissions to access the registry or
contact Microsoft Product Support Services (PSS) for assistance.
Workaround:
Disable the License Manager,install Microsoft Office, and then re-enable the License
Manager as follows:
1. Start the Registry Editor (Start > Run > Enter Regedit.)
2. Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aksfridge"
3. Change the value of "Start" from 2 to 4.
4. Restart the computer. (The License Manager is disabled.)
5. Install Microsoft Office.
6. Start the Registry Editor.
7. In the key described above, change the value of "Start" from 4 to 2.
8. Restart the computer. (The License Manager is enabled.)

Sentinel LDK Envelope for Windows Platforms

General

Ref Issue
92503 If you move an Envelope project file from its original location to a different location,
then the next time you open the project, Envelope displays an incorrect path for the
output (protected) file.
You can use either of these workarounds to move an Envelope project file to a new
location:
n Use the Save As option from the Envelope File menu to save the project to

the new location. (You can afterwards delete the original project file.).
n Copy the directory structure containing both the project file and the related

unprotected binary to the new location.

93877 (For Windows Vista and Windows 7) In the event that the error “Serious internal
engine error (65535)” is displayed, make sure that you have write permission for the
specified output directories and that the output directory is not protected by
Windows UAC.
 Known Issues and Workarounds 21

Ref Issue
143551 When a 32-bit overlay supported application is protected using Envelope and then
executed under a 64-bit Windows operating system, the application fails or does not
work, although the application executes successfully under a 32-bit Windows
operating system.
Workaround: This application should only be run under a 32-bit Windows operating
system.
173378 A win64 application that is protected using Sentinel LDK Envelope with the Data
Encryption facility enabled may cause the operating system to crash.
Workaround: Handle data encryption/decryption manually without using the Data
Encryption facility. You can use the hasp_encrypt and hasp_decrypt functions in the
Sentinel Licensing API. For examples that use these functions, see the Runtime
samples provided. Check the SafeNet website periodically for an updated version of
the Envelope that resolves this issue.

Java

Ref Issue
11043 To protect JAR files using Sentinel LDK Envelope on Windows 2008 Server 64-bit
computers, you must have the Win32 Java Run-time Environment (JRE) installed,
even if you already have the Windows x64 JRE installed. Alternatively, ensure that the
path to the Windows x64 JRE is included in the system path variables.
91963 When a (vendor) developer attempts to create a shared object file that links to the
(CASE 20) Sentinel LDK shared object file libhasp_linux_batchCode.so, error messages similar
to the following are displayed:
user@host:~/Desktop/API/Runtime/Java/source> ./build_linux_x64.sh
Building HASP Java native library
/usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../x86_64-suse-linux/bin/ld:
HASPJava.o: relocation R_X86_64_32 against `a local symbol' can not be
used when making a shared object; recompile with -fPIC
HASPJava.o: could not read symbols: Bad value
collect2: ld returned 1 exit status
This problem occurs because the Sentinel Licensing (Run-time) API was not compiled
to allow position-independent code generation (using the –fPIC flag).
Workaround: You can obtain a version of the Sentinel Licensing API that was
compiled with the –fPIC flag. For more information, contact Technical Support.
22 Sentinel LDK v.6.3 - Release Notes

Ref Issue
93464 Envelope v.5.10 and Envelope v.6.0 both provide extensive enhancements for
protection of Java programs. As a result, projects for Java programs that were
created before the release of this version of Envelope must be updated using the
Sentinel LDK Envelope GUI. (Make sure that you update existing Envelope projects as
described below before you attempt to use the current Envelope command-line
utility with these projects.)
To update an existing Envelope project (v.5.10 or earlier) to v.6.0 or later:
1. Open the project in the Sentinel LDK Envelope v.6.0 GUI and click the appli-
cation in the Project pane. Envelope fills in the class/method list. By default,
some methods are preselected. This is equivalent to the results expected
when adding a new project.
2. Review the selection of methods that were selected by default for protection.
For more information, see “Optimizing Protection Settings for Performance
and Security” in the Sentinel LDK Envelope online help.
3. Save the project.
94373 One of the optional behaviors in Envelope for protecting JEE applications is to halt
the thread if the protected JEE application fails to detect a Sentinel protection key.
This behavior is controlled by the advanced protection property SUSPEND_THREADS.
However, the protection mechanism also halts all threads from all third-party
application running in the same Java Virtual Machine instance (JVM) on the Tomcat
server. (Note that each Tomcat server only starts a single JVM instance.) Therefore,
when protecting JEE applications in Envelope, the default value for the SUSPEND_
THREADS property is currently set to False (although the documentation states that
it is set to True). If you attempt to set the value for this property to True, a warning
message is displayed.
95269 The current release of Sentinel LDK Envelope does not support protection of Java
paint methods, but it allows you to select them in the user interface. As a result, the
protected program may cause a deadlock when it executes a protected paint method
at runtime with no Sentinel key connected. To prevent this issue from occurring, you
can deselect all paint methods. Note that paint methods do not usually contain
application logic; therefore, deselecting them typically has no impact on security. As
an alternative, you can select console output for messages by enabling stderr output
instead of windows in the Advanced settings panel.
95491 The current release of Sentinel LDK Envelope does not support protecting instance
methods that call instance methods of the super class. Note that such methods are
not detected by the Envelope and may be selected for protection by default. As a
result, the protected application may trigger an IllegalAccessError exception during
runtime.
To prevent such exceptions, you can disable the protection of methods that contain
calls to super class methods. Note that this reduces the level of protection.
As an alternative, you can create a new class with a method that contains only the
code leading up to (but not including) the call to the super instance method. You can
protect this method instead of protecting the original method that contains the
super instance method call.
 Known Issues and Workarounds 23

Ref Issue
104163 A protected JAR/WAR archive that contains Unicode characters in its path or name
(99869) will not operate under the native operating system. Although there is small chance
that the archive will run (depending on the type of Unicode characters that are used),
in most cases the application will not run and will display an error message. (This
problem does not occur on systems that use MUI for localization.)
Workaround: Install the Tomcat server in a path whose name contains only ASCII
characters. Ensure that the name of the WAR archive contains only ASCII characters.
104179 The number of instances of a protected application that can run in a network
environment may exceed the number of concurrent instances allowed by the license
terms.
Workaround: In the protected application, call a Run-time API function to open a
permanent session to the Feature for which concurrency is restricted.
None If protected JEE applications from multiple vendors are deployed on a single Tomcat
server, the applications will not operate.

.NET

Ref Issue
89873 If a base class is selected to be obfuscated and a derived class is not set to be
obfuscated, the derived class will not find the base class. Therefore, if you select a
base class for obfuscation, you must also select any derived class for obfuscation.

Sentinel LDK Envelope and Data Encryption for Mac OS X

Ref Issue
11416 In certain instances, a protected Mach-O binary may have a different owner and
permissions than it had prior to protection with Envelope. This is caused because
Envelope designates the current user (that is, the user applying the protection) as
the owner of the newly-created files.
132292 Applications that use deprecated functions or classes (for example: NSQuickDrawView
used by SDL, deprecated since OS X 10.4.x) might fail to run under Mac OS X 10.7.x
after protection. This is the case even if the unprotected application executes
correctly or if the protected application executes correctly under versions of Mac OS
X prior to 10.7.x
Workaround: Do not use SDL or any other Library/Framework that relies on
deprecated System Frameworks.
24 Sentinel LDK v.6.3 - Release Notes

Ref Issue
151020 Given the following situation:
n An application is protected using Envelope with the Data Encryption facility

enabled.
n The protected application is operated under OS X 10.6.x or later with Versions

feature enabled.
Encrypted files may become corrupted, resulting in data loss.
Workaround: Handle data encryption/decryption manually without using the Data
Encryption facility. You can use the hasp_encrypt and hasp_decrypt functions in the
Sentinel Licensing API. For examples that use these functions, see the Runtime
samples provided for Mac. Check the SafeNet website periodically for an updated
version of the Envelope that resolves this issue.