Blog Archives

SwissDecTX 5.0 BETA Released!

Sept. 14, 2022 – The SwissDecTX 5.0 BETA for Swissdec ELM 5.0 is ready for immediate download. All of the ground work is complete for Swissdec 5 and the entire Swissdec 5 API is covered and exposed through all of the transmitter interfaces, including the command-line tool.

The complete redistributable installer (the part that you bundle with your application and ship to your customers royalty-free) is still a lightweight 2.5MB package that does not bloat your product and installs in seconds.

The transmitter configuration (certificates, URLs…) can be entirely automated from your application’s installer. The transmitter features an integrated transmission journal and interoperability testing that are accepted for the Swissdec certification, meaning you have less work to do to comply with the Swissdec requirements.

Unique to the SwissDecTX transmitter is the optional conversion of server replies into ready-to-display HTML that your application can effortlessly display in a browser control. The display formatting is acceptable as-is for the certification, saving you weeks of tedious work!

In production since 2009 for Swissdec 2.2, the SwissDecTX Transmitter is the most tested, most reliable, most lightweight solution for your Swissdec ELM transmission needs. Written in C# on top of .NET 4.8 today, the transmitter is natively compatible with 64-bit environments and can be invoked from any development system or language using .NET, COM, a “classic DLL” interface, or even from the command-line without any special programming.

With about 30 software publishers collectively deploying their respective products to hundred of enterprise customers and large organizations like Etat de Vaud and the Geneva University Hospitals (HUG) using it, the SwissDecTX transmitter is the most often certified, most reliable, most field-proven, and most robust solution for secure Swissdec data transmission.

Ask your SUVA representative about it and try it today! Many customers have made their first successful transmission on the first day!

SwissDecTX 5.00 BETA is available now on the download page.




Update about SwissDecTX 5.0

Sept. 28, 2021 – The work on SwissTecTX 5.0 for ELM 5.0 is making good progress and nearing beta. Most of the ground work is complete for v5 (ping, interoperability, annual, monthly and summary totals declarations are complete). We need to digest the latest dialog message requirements and to implement the new Dialog API. Contact us if you wish to start working on your Swissdec 5.0 certification right now, we can arrange a pre-beta to help you get started!




SwissDecTX 5.0 Work in Progress!

Summer 2021 is almost over and the work on SwissDecTX Transmitter 5.0 – compliant with the Swissdec 5.0 ELM directives – is making good progress.

First, we want to restate the existing SwissDecTX Transmitter 4.0 is (and always was) fully compatible with the latest Swissdec security requirements, notably TLS 1.2, but that Windows requires some registry tweaks to enable this support which is off by default, see our article on the subject.

The SwissDecTX Transmitter 5.0 builds on that solid foundation and will incorporate the registry changes necessary to configure Windows and the .NET Framework to use the proper ciphers and signature algorithms automatically upon installation.

As of this writing, the SwissDecTX 5.0 project reached two important milestones:

  • The transmitter code base, rooted in version 4.0 from 2014, has been updated to use the latest tools. The transmitter is a mix of C#, C++ and XSLT and we made sure the code builds cleanly on the latest toolsets, jumping from 2013 to 2019 tool versions. We should be able to maintain the existing system requirements, except the minimum Windows version will be Windows 7 SP1 due to the TLS 1.2 requirement (this also applies to the existing transmitter.)
  • We successfully integrated the final Swissdec 5.0 schemas and adapted the transmitter code to match the 5.0 Swissdec web service. As its stands, we can Ping the server 5.0 and verify inter-operability, signatures, encryption/decryption as well as the cryptographic validation of the replies. This step is important as is validates the technical foundation.

We also updated our unit-tests to match the new 5.0 service. We use unit-testing extensively to catch regressions and ensure high quality along the entire development process. We hope we’ll be able to perform the first 5.0 declaration transmission in the next few days, which will mark another important milestone.

We will then proceed with the support of the features that are new to Swissdec 5.0, notable the monthly declarations and the dialog interactions, after which a pre-beta version of the transmitter 5 will be made available on this site.

Stay tuned!




Swissdec 5.0 Work Started!

The new Swissdec 5.0 directives for transmissions have been published on May 1, 2020.

We are pleased to announce that we started working on the SwissDecTX 5.0 transmitter, which will satisfy the new Swissdec 5.0 transmission certification criteria.

The new standard will be in effect in early 2021 and we plan to have an updated transmitter on time to meet that deadline, ready for certification together with your salary solution.




SwissDec 2020: TLS 1.2

As a follow-up to our December post, we are pleased to confirm that the existing transmitter SwissDecTX4 is already compatible with the latest security enhancements announced by Swissdec for 2020, however a small configuration change to the .NET Framework is necessary to enable the use of the required protocols.

Once this support is enabled, the existing SwissDecTX 4.08 transmitter starts using TLS 1.2 immediately without re-installation or redeployment.

The configuration change consists in setting registry values that direct the .NET Framework to use the latest protocols available on the underlying Operating System.

For Windows 10:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

For prior versions of Windows:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
“SystemDefaultTlsVersions”=dword:00000001
“SchUseStrongCrypto”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“DisabledByDefault”=dword:00000000

Copy the above text in a new text file that ends with a .reg extension and merge this file with the registry.

Note that TLS 1.2 is only available on Windows 7 SP1 or later, and Windows Server 2008 or later. Those operating systems then de-facto become the minimum system requirements for TLS 1.2 compatibility.

The details of the .NET Framework TLS 1.x compatibility matrix and system requirements can be found here:

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

Thanks to Michael Iten for helping testing on Windows Server 2008 R2!




January 2020 Security Update

EDIT: See out follow up post here!

Today December 12, 2019 we tested the current production SwissDecTX 4.08 transmitter against the newest Swissdec Reference App (“Swissdec refapps 2019.11.1 (25698) 12.12.2019 13:16:13“) which is believed to implements the latest security specifications slated for release in January 2020.

We are pleased to inform our customers that the transmitter passed all our inter-operability and transmission tests, using the ‘next’ Ref App URL pointing to the up-and-coming version of the Swissdec receiver:

https://tst.itserve.ch/swissdec/refapps/next/receiver/services/SalaryDeclarationService20130514

As of today, we do not plan to release a software update to accommodate the planned changes in the Swissdec Receiver security configuration, as the SwissDecTX 4.08 transmitter is already compatible with the January 2020 changes: the transmitter should continue to work seamlessly and does not necessitate any redeployment or changes on customer’s sites.

Be assured that we keep a close eye on the evolution of the Swissdec standard and will do our best to ensure the SwissDecTX transmitter keeps functioning reliably as the standard evolves.

Sincerely,
Axel Rietschin




SwissDecTX 4.08 Released

Geneva, July 17, 2016

Today, we announce the release of the SwissDecTX 4.08 transmitter for the Swissdec 4.0.0 directives, as part as our ongoing commitment to provide the best possible and most up-to-date Swissdec experience to our customers.

Version 4.08 introduces a new “proxy settings” option to the command-line interface of the transmitter, enabling users of this interface to specify a proxy host and port, and optionally a proxy user and password.

To that effect, a new parameter -p has been added to the PING, INTEROP, INTEROP2, TX, STATUS and DATA modes.

The syntax of the new -p parameter is as follow:

Examples:

Users of the various transmitter’s direct API always had access to proxy settings through the ITransmitter4::SetProxy() and ITransmitter4::SetProxyWithCredentials() API functions or their C# or DLL equivalent.

The proxy feature introduced in version 4.08 is non-breaking: besides the addition of the new optional -p parameter, the operation of the command-line interface is identical. No other change were made to the transmitter so v4.08 is a fully backwards compatible drop-in replacement for all previous SwissDecTX transmitter 4.x versions.

The SwissDecTX 4.08 transmitter is available for immediate download.




SwissDecTX 4.07 Released

Geneva, June 6, 2016

Today, we announce the release of the SwissDecTX 4.07 transmitter for Swissdec 4.0.0, as part as our ongoing commitment to provide the best possible and most up-to-date Swissdec experience to our customers.

Version 4.07 introduces a new “per-machine” configuration mode where the administrator can decide to install and centrally configure the SwissDecTX transmitter for all users on a given computer, as opposed to the default mode where the transmitter is configured for the installing user only.

The new mode was introduced in response to user feedback and will prove helpful in some scenarios, such as Terminal Server / Citrix deployments. Please note that the per-user configuration is still the recommended default for most uses.

The new per-machine configuration option can be selected easily from the built-in Test & Configuration utility.

Additionally, users of the command-line tool, SwissDecTX.exe, can now pass a negative argument to the INTEROP2 second operand parameter. Previously, a bug prevented negative arguments, as -o2 -1.00 was interpreted by the tool as two separate switches. Users can now surround the second operand in single-quotes to pass negative values, as in -o2 ‘-1.00’

The SwissDecTX 4.07 transmitter has been thoroughly tested against the official Swissdec 4.0.0 test distributor [itServe AG Receiver Referenz Implementation 3.0.7_1 .7s (Build 21081)], as well as against the latest Swissdec working test distributor [4.0.0-SNAPSHOT (21320) 26.04.2016 15:24:42] and found to interoperate perfectly with both versions of the distributor.

As a side note, all releases of the SwissDecTX 4.x transmitters were always compliant with the latest published Swissdec 4.0.0 recommendations. In particular, the SwissDecTX transmitter started using the recommended RSA-OAEP et AES256-CBC encryption protocols exclusively, since the first 4.0 release in late 2013, and those protocols have been successfully used in production with several certified “4.0” salary applications since early 2014.

The upcoming (June 2016) deprecation of some older protocols should no have any effect on existing SwissDecTX 4.0x transmitters, in particular, no redeployment is necessary as all existing SwissDecTX 4.0x transmitters are already compliant with the latest transmitter requirements.

The SwissDecTX 4.07 transmitter is available for immediate download.




SwissDecTX 4.06 Released

Geneva, November 2, 2014

Today, we announce the release of the SwissDecTX 4.06 transmitter, as part as our ongoing commitment to provide the best possible and most up-to-date SwissDec experience to our customers.

Version 4.06 includes a minor change to the formatting of exception codes, where the DescriptionCode has been added to the formatted text. The code is available as part of the InnerException’s XML data (which contains all the exception’s details) but is now convenently part of the formatted exception message. This change only affects users who were manually formatting the exception results.

The SwissDecTX 4.06 transmitter is available for immediate download.




SwissDecTX 4.05 Released

Geneva, October 15, 2014

Today, we announce the release of the SwissDecTX 4 .05 transmitter, as part as our ongoing commitment to provide the best possible and most up-to-date SwissDec experience to our customers.

The only change from v4.04 is a tiny enhancement to the transmission journal configuration in the “per user” mode, where the transmitter now interprets the variable %USERNAME%, if present in the journal’s path name stored in the registry, and replaces it with the currently logged user name.

Most users are not affected in any way by this change as the log is usually stored in a “per machine” location, independantly of the current user, which is the recommended setup.