RELEASE NOTES

Issue Month: January 2026

Build Details

Server (Full version): 3.0.0

• IDPrimeVirtual_Server_Alpine - supports Luna HSM only

For more information, click here.

Product Description

SafeNet IDPrime Virtual (IDPV) is a PKI-based software authenticator that uses latest innovation in software-based smart token technology to combine the strong two-factor security of a smart card. It is cost effective and convenient for the software authentication. IDPV emulates the functionality of physical smart cards used for authentication, email, data encryption, and digital signing to enable the use cases such as VDI, BYOD, backup, and mobility on any device. It secures user private key on HSM with user authentication from OIDC compatible Identity providers (IDPs).

Release Description

SafeNet IDPrime Virtual v3.0.0 includes new features and bug fixes from the previous version.

New Features and Enhancements

• Enhanced the migrate_tenants utility to support the MariaDB Galera Cluster environment.

• Provided support for HSM version 7.8.4 or later.

  Caution

  To use HSM version 7.8.4 or later, a user must create a new version 3 token. Legacy tokens are not compatible with HSM version 7.8.4 and later.

• Backward compatibility is retained for IDPV Client 2.10.0 and Luna HSM firmware versions earlier than 7.8.4, ensuring that existing deployments continue to function without requiring configuration changes.

• The following APIs are added:

  IDPV Server API

  • CreateToken API V3

    The CreateToken API enables the creation of tokens using a strong key-wrapping algorithm to support HSM version 7.8.4 or later.

    Post

    /IDPrimeVirtual/V3/Tenants/{tenantId}/Users/{userId}/Tokens

    Response

    
      {
      "tokenID": "string",
      "metadata": "string",
      "keyIDs": [
      "string"
      ],
      "isOfflineModeSupported": true,
      }
    

  Note

  From this release, the CreateToken API will return a new response header, CTAG. This tag will contain the token version.

• The following APIs are updated:

  IDPV Server API

  • GetTokens API V2

    From this release, the GetTokens API V2 will return a new response header, CTAG. This tag will contain the token version.

  Provisioning API

  • CreateToken API V3

    The updated version of the CreateToken API allows to create tokens, which uses a strong algorithm for key wrapping. Only V3 tokens are compatible with HSM version 7.8.4 or later.

    Post

    /IDPrimeVirtual/Provisioning/V2.0/Tenants/{tenantId}/Users/{userId}/Tokens

    Response

    
    "string"
    

Default Password

Virtual IDPrime cards are supplied with the following default token password: “000000” (6 zeros) and the Administrator Password must be entered using 48 zeros.

Password Recommendations

We strongly recommend changing all device passwords upon receipt of a token/ smart card as follows:

• User PIN should include at least 8 characters of different types.

• PIN character types should include upper case, lower case, numbers, and special characters.

  For more information, refer to the ‘Security Recommendations’ section in SafeNet IDPrime Virtual Server-Client Product Documentation.

Compatibility Information

Operating Systems

Following operating systems are supported:

Server Operating Systems

• Ubuntu 22.04 and 24.04.3

• RHEL 8,9, and 10

Middleware

• SafeNet Authentication Client R2 10.9.5951.0

• SafeNet Minidriver R2 10.9.5951.0

IDPV Windows Client

• Windows Client: 2.10.0.122

Virtual Smart Card Features

Below table specifies the various features that are supported by IDPV:

Features:	Device: SafeNet IDPrime Virtual
Number of Keys	15 max
RSA Key Size	2048 bit, 3072 bit, and 4096 bit
RSA Padding	PKCS#1 v1.5
Hash and Signature Schemes	• SHA-2 512-bit • CKM_SHA1_RSA_PKCS_PSS • CKM_SHA256_RSA_PKCS_PSS • CKM_SHA384_RSA_PKCS_PSS • CKM_SHA512_RSA_PKCS_PSS
Supported APIs	PKCS#11 V2.20, PKCS#15, MS CryptoAPI and CNG(CSP,KSP), PC/SC
Supported cryptographic algorithms	3DES (deprecated and will be phased out), AES, SHA-256, RSA upto 2048/3072/4096, RSA PSS

Execution of Third-Party Security Tools

• Aqua Trivy 0.66.0

• Anchore Grype v0.100.0

• Open Collective Dockle v0.4.14

• Anchore Syft v1.33.0

• Cisco ClamAV v1.4.3

Compatibility with Thales Applications

Virtual IDPrime cards can be used with the following products:

• SafeNet Authentication Service Private Cloud Edition (SAS PCE) with Keycloak / SafeNet Trusted Access (STA)

• SafeNet Authentication Client (SAC) R2 10.9.5951.0

• SafeNet Minidriver R2 10.9.5951.0

Resolved and Known Issues

This section lists the resolved and known issues that exist in this release. The following table defines the severity of the issues listed in this section.

Severity	Classification	Definition
C	Critical	No reasonable workaround exists.
H	High	Reasonable workaround exists.
M	Medium	Medium level priority problems.
L	Low	Lowest level priority problems.

Resolved Issues

Issue	Severity	Synopsis
IDPV-11972	H	The SigningKey Service fails to recover after encountering an error, resulting in the IdP key rotation process stopping entirely.
IDPV-11916	H	The tenant migration utility fails on MariaDB 10.11 with Galera Cluster replication because this database setup does not support XA transactions required by the migration process.
IDPV-11744	H	IDPV is not compatible with HSM Firmware version 7.8.4 when FIPS mode is enabled.

Related Product Documentation

The following documentation is associated with this release:

ThalesDocs

IDPV Documentation Homepage

We have attempted to make the documentation complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.