Blog Archives

SwissDecTX 5.0 Work in Progress!

Summer 2021 is almost over and the work on SwissDecTX Transmitter 5.0 – compliant with the Swissdec 5.0 ELM directives – is making good progress.

First, we want to restate the existing SwissDecTX Transmitter 4.0 is (and always was) fully compatible with the latest Swissdec security requirements, notably TLS 1.2, but that Windows requires some registry tweaks to enable this support which is off by default, see our article on the subject.

The SwissDecTX Transmitter 5.0 builds on that solid foundation and will incorporate the registry changes necessary to configure Windows and the .NET Framework to use the proper ciphers and signature algorithms automatically upon installation.

As of this writing, the SwissDecTX 5.0 project reached two important milestones:

  • The transmitter code base, rooted in version 4.0 from 2014, has been updated to use the latest tools. The transmitter is a mix of C#, C++ and XSLT and we made sure the code builds cleanly on the latest toolsets, jumping from 2013 to 2019 tool versions. We should be able to maintain the existing system requirements, except the minimum Windows version will be Windows 7 SP1 due to the TLS 1.2 requirement (this also applies to the existing transmitter.)
  • We successfully integrated the final Swissdec 5.0 schemas and adapted the transmitter code to match the 5.0 Swissdec web service. As its stands, we can Ping the server 5.0 and verify inter-operability, signatures, encryption/decryption as well as the cryptographic validation of the replies. This step is important as is validates the technical foundation.

We also updated our unit-tests to match the new 5.0 service. We use unit-testing extensively to catch regressions and ensure high quality along the entire development process. We hope we’ll be able to perform the first 5.0 declaration transmission in the next few days, which will mark another important milestone.

We will then proceed with the support of the features that are new to Swissdec 5.0, notable the monthly declarations and the dialog interactions, after which a pre-beta version of the transmitter 5 will be made available on this site.

Stay tuned!

Swissdec 5.0 Work Started!

The new Swissdec 5.0 directives for transmissions have been published on May 1, 2020.

We are pleased to announce that we started working on the SwissDecTX 5.0 transmitter, which will satisfy the new Swissdec 5.0 transmission certification criteria.

The new standard will be in effect in early 2021 and we plan to have an updated transmitter on time to meet that deadline, ready for certification together with your salary solution.

SwissDec 2020: TLS 1.2

As a follow-up to our December post, we are pleased to confirm that the existing transmitter SwissDecTX4 is already compatible with the latest security enhancements announced by Swissdec for 2020, however a small configuration change to the .NET Framework is necessary to enable the use of the required protocols.

Once this support is enabled, the existing SwissDecTX 4.08 transmitter starts using TLS 1.2 immediately without re-installation or redeployment.

The configuration change consists in setting registry values that direct the .NET Framework to use the latest protocols available on the underlying Operating System.

For Windows 10:

Windows Registry Editor Version 5.00



For prior versions of Windows:

Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

Copy the above text in a new text file that ends with a .reg extension and merge this file with the registry.

Note that TLS 1.2 is only available on Windows 7 SP1 or later, and Windows Server 2008 or later. Those operating systems then de-facto become the minimum system requirements for TLS 1.2 compatibility.

The details of the .NET Framework TLS 1.x compatibility matrix and system requirements can be found here:

Thanks to Michael Iten for helping testing on Windows Server 2008 R2!

January 2020 Security Update

EDIT: See out follow up post here!

Today December 12, 2019 we tested the current production SwissDecTX 4.08 transmitter against the newest Swissdec Reference App (“Swissdec refapps 2019.11.1 (25698) 12.12.2019 13:16:13“) which is believed to implements the latest security specifications slated for release in January 2020.

We are pleased to inform our customers that the transmitter passed all our inter-operability and transmission tests, using the ‘next’ Ref App URL pointing to the up-and-coming version of the Swissdec receiver:

As of today, we do not plan to release a software update to accommodate the planned changes in the Swissdec Receiver security configuration, as the SwissDecTX 4.08 transmitter is already compatible with the January 2020 changes: the transmitter should continue to work seamlessly and does not necessitate any redeployment or changes on customer’s sites.

Be assured that we keep a close eye on the evolution of the Swissdec standard and will do our best to ensure the SwissDecTX transmitter keeps functioning reliably as the standard evolves.

Axel Rietschin

SwissDecTX 4.08 Released

Geneva, July 17, 2016

Today, we announce the release of the SwissDecTX 4.08 transmitter for the Swissdec 4.0.0 directives, as part as our ongoing commitment to provide the best possible and most up-to-date Swissdec experience to our customers.

Version 4.08 introduces a new “proxy settings” option to the command-line interface of the transmitter, enabling users of this interface to specify a proxy host and port, and optionally a proxy user and password.

To that effect, a new parameter -p has been added to the PING, INTEROP, INTEROP2, TX, STATUS and DATA modes.

The syntax of the new -p parameter is as follow:


Users of the various transmitter’s direct API always had access to proxy settings through the ITransmitter4::SetProxy() and ITransmitter4::SetProxyWithCredentials() API functions or their C# or DLL equivalent.

The proxy feature introduced in version 4.08 is non-breaking: besides the addition of the new optional -p parameter, the operation of the command-line interface is identical. No other change were made to the transmitter so v4.08 is a fully backwards compatible drop-in replacement for all previous SwissDecTX transmitter 4.x versions.

The SwissDecTX 4.08 transmitter is available for immediate download.

SwissDecTX 4.07 Released

Geneva, June 6, 2016

Today, we announce the release of the SwissDecTX 4.07 transmitter for Swissdec 4.0.0, as part as our ongoing commitment to provide the best possible and most up-to-date Swissdec experience to our customers.

Version 4.07 introduces a new “per-machine” configuration mode where the administrator can decide to install and centrally configure the SwissDecTX transmitter for all users on a given computer, as opposed to the default mode where the transmitter is configured for the installing user only.

The new mode was introduced in response to user feedback and will prove helpful in some scenarios, such as Terminal Server / Citrix deployments. Please note that the per-user configuration is still the recommended default for most uses.

The new per-machine configuration option can be selected easily from the built-in Test & Configuration utility.

Additionally, users of the command-line tool, SwissDecTX.exe, can now pass a negative argument to the INTEROP2 second operand parameter. Previously, a bug prevented negative arguments, as -o2 -1.00 was interpreted by the tool as two separate switches. Users can now surround the second operand in single-quotes to pass negative values, as in -o2 ‘-1.00’

The SwissDecTX 4.07 transmitter has been thoroughly tested against the official Swissdec 4.0.0 test distributor [itServe AG Receiver Referenz Implementation 3.0.7_1 .7s (Build 21081)], as well as against the latest Swissdec working test distributor [4.0.0-SNAPSHOT (21320) 26.04.2016 15:24:42] and found to interoperate perfectly with both versions of the distributor.

As a side note, all releases of the SwissDecTX 4.x transmitters were always compliant with the latest published Swissdec 4.0.0 recommendations. In particular, the SwissDecTX transmitter started using the recommended RSA-OAEP et AES256-CBC encryption protocols exclusively, since the first 4.0 release in late 2013, and those protocols have been successfully used in production with several certified “4.0” salary applications since early 2014.

The upcoming (June 2016) deprecation of some older protocols should no have any effect on existing SwissDecTX 4.0x transmitters, in particular, no redeployment is necessary as all existing SwissDecTX 4.0x transmitters are already compliant with the latest transmitter requirements.

The SwissDecTX 4.07 transmitter is available for immediate download.

SwissDecTX 4.06 Released

Geneva, November 2, 2014

Today, we announce the release of the SwissDecTX 4.06 transmitter, as part as our ongoing commitment to provide the best possible and most up-to-date SwissDec experience to our customers.

Version 4.06 includes a minor change to the formatting of exception codes, where the DescriptionCode has been added to the formatted text. The code is available as part of the InnerException’s XML data (which contains all the exception’s details) but is now convenently part of the formatted exception message. This change only affects users who were manually formatting the exception results.

The SwissDecTX 4.06 transmitter is available for immediate download.

SwissDecTX 4.05 Released

Geneva, October 15, 2014

Today, we announce the release of the SwissDecTX 4 .05 transmitter, as part as our ongoing commitment to provide the best possible and most up-to-date SwissDec experience to our customers.

The only change from v4.04 is a tiny enhancement to the transmission journal configuration in the “per user” mode, where the transmitter now interprets the variable %USERNAME%, if present in the journal’s path name stored in the registry, and replaces it with the currently logged user name.

Most users are not affected in any way by this change as the log is usually stored in a “per machine” location, independantly of the current user, which is the recommended setup.

SwissDecTX 4.04 Released

Geneva, September 28, 2014

Today, we announce the release of the SwissDecTX 4 .04 transmitter, as part as our ongoing commitment to provide the best possible and most up-to-date SwissDec experience to our customers.

The only change from v4.03 is a cosmetic fix in the optional XML-to-HTML conversion, were the status data for the FAK-CAF domain was not styled propely in the HTML output.

SwissDecTX 4.03 Released

Geneva, September 17, 2014

Today, we announce the release of the SwissDecTX 4.03 transmitter, as part as our ongoing commitment to provide the best possible and most up-to-date SwissDec experience to our customers.

Changes from v4.02 includes full support for the ‘Statistic’ domain that has been enabled on SwissDec (thanks to Mário Petráš from P&I AG, who kindly helped validate the feature).

The new version also delivers native support for 64-bit Windows: when deploying the SwissDecTX 4.03 transmitter on a computer running a 64-bit version of Windows, the installer will automatically deploy 64-bit components such as a 64-bit version of the command-line utility (SwissDecTX.exe) and a 64-but version of the DLL interface proxy (SwissDecTX64.dll) in addition to the 32-bit DLL proxy.

Customer applications written to take advantage of 64-bit platforms can now transmit data to SwissDec while staying entirely within the 64-bit domain. Or course, the full compatibility with 32-bit application running on 64-bit Windows is preserved, and nothing has changed regarding the 32-bit world so the SwissDecTX 4.03 transmitter is fully backward-compatible and a drop-in replacement for all previous SwissDecTX 4 versions.

This release also include minor internal adaptations in preparation for the up-coming SwissDecTX Gateway add-in, a high-performance, high-volume software gateway enabling SwissDec transmission from computers not directly connected to the internet and/or running on virtually any platform, including non-Windows operating systems. The gateway also enables high throughput local queuing of SwissDec declarations and background, decoupled transmission using a very simple yet robust file-based protocol.