Stormshield KMaaS 4.3 new features and enhancements
For information about the Google services supported by the Stormshield KMaaS (client-side encryption), refer to the section Which services CSE supports of Google documentation About client-side encryption.
New version numbering
Version numbers for the Stormshield KMaaS Saas and On Premises have been harmonized. They now use the following numbering pattern:
<major>.<minor>.<corrective>.<build>
The table below indicates the version number which corresponds to a business name:
| Version name | Version number |
|---|---|
| 4.3 |
4.3.0.158 |
|
4.3 beta 1 |
4.3.0.145 |
Environment
New installation requirements
Stormshield KMaaS now requires NodeJS 20, OpenSSL 3.0 and RedHat Enterprise 8.8 or 9 to benefit from the latest security updates.
Start-up time of the Stormshield KMaaS
The start-up time of the Stormshield KMaaS has been optimized.
TLS algorithms
The number of TLS algorithms used by default have been restricted to improve the security of incoming and outgoing communications.
Connections to the Key management System (KMS)
Connections to the KMS are no longer closed after each operation, but now remain open. When a connection problem occurs, the Stormshield KMaaS tries to reconnect, and logs are issued to inform the administrator.
Support for Google features
Support for Gmail on mobile
With the Stormshield KMaaS, users can now encrypt their emails in Gmail on iOS and Android mobile devices.
Edit encrypted Excel files with Google Sheets
Users can now view and edit encrypted Excel files directly with Google Sheets.
For more information, refer to the Google documentation.
Encrypted import of Excel files into Google Sheets
Users can now import and encrypt Microsoft Excel files into Google Sheets.
For more information, refer to the Google documentation.
Manage comments and action items on Google Docs
The Stormshield KMaaS is now compatible with comment and action item management on Google Docs.
For more information, refer to the Google documentation.
Co-host management in Google Meet
The Stormshield KMaaS is now compatible with the Google Meet co-host feature.
For more information, refer to the Google documentation.
External Google Meet invitations
The Stormshield KMaaS now supports Google's Beta feature for inviting external participants to Google Meet conferences. To do this, you must configure two dedicated identity providers and add them to the list of authorized providers in the config.json file, section tenants > user_authentication > idps.
This Beta feature is currently under development at Google. Contact Google Support for more information on implementation and limitations.
Encryption and signature keys
It is now possible to use different keys to decrypt and sign Gmail messages.
Gmail messages signing
PKCS1.5 signing using the KMIP protocol is now supported when the Stormshield KMaaS is configured to store the keys in the KMS to secure Gmail.
Administration route authentication
Authentication of privileged administration routes and authentication of the route used to initialize Google users for Gmail message encryption are now different to enhance security.
Algorithms for checking JWT tokens
It is now possible to configure the list of algorithms used to check the validity of authorization and authentication tokens (JWT).
Bulk file import
The Stormshield KMaaS now supports bulk import of encrypted files into Google Drive using a compatible third-party software. A new API route, /privilegedwrap, has been added for this purpose. It can only be used with administration rights.
For more information, refer to the Google documentation.