File: NEWS

package info (click to toggle)
yubico-piv-tool 1.4.2-2+deb9u2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 2,640 kB
  • sloc: sh: 12,138; ansic: 11,801; makefile: 183; perl: 53
file content (207 lines) | stat: -rw-r--r-- 5,047 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
yubico-piv-tool NEWS -- History of user-visible changes.        -*- outline -*-

* Version 1.4.2 (released 2016-08-12)

** Clarify license headers and clean up YKCS11 licensing.
Now uses pkcs11.h from the Scute project.

** Don't install ykcs11-version.h.

** No cflags in ykcs11.pc.

** Unimplemented YKCS11 functions now return CKR_FUNCTION_FAILED.

* Version 1.4.1 (released 2016-08-11)

** Documentation updates

** Add possibility to export certificates in SSH format.

** Make certificate serial number random by default.

* Version 1.4.0 (released 2016-05-03)

** Add attest action
When used on a slot with a generated key, outputs a signed x509 certificate for
that slot showing that the key was generated in hardware. Available in firmware
4.3.0 and newer.

** Add cached parameter for touch-policy
With cached, the touch is valid for an additional 15s. Available in firmware
4.3.0 and newer.

** Enforce a minimum PIN length of 6 characters.

** Fix a bug with list-readers action where it fell through processing into
write-object.

* Version 1.3.1 (released 2016-04-19)

** Fix a bug where unblock pin would instead change puk, introduced in 1.3.0.

** Clarifications with help texts.

* Version 1.3.0 (released 2016-02-19)

** Fixed extraction of RSA modulus and exponent for pkcs11.

** Implemented C_SetPIN for pkcs11.

** Add generic write and read object actions for the tool.
Supports hex/binary/base64 formats

** Add ykpiv_change_pin(), ykpiv_change_puk() and ykpiv_unblock_pin()

** Print CCC with status action.

** Address bugs with pkcs11 on windows.

** Add --valid-days and --serial to tool for selfsign-certificate action.

** Ask for password for pkcs12 if none is given.

* Version 1.2.2 (released 2015-12-08)

** Fix old buffer overflow in change-pin functionality.

* Version 1.2.1 (released 2015-12-08)

** Fix issue with big certificates and status.

* Version 1.2.0 (released 2015-12-07)

** On OSX use @loader_path instead of @executable_path for ykcs11.

** Add ykpiv_import_private_key to libykpiv.

** Raise buffer sizes to support bigger objects.

** Change behavior of action status, only list populated slots.

** Add retired keys to ykcs11.

** In ykcs11 support login with non null terminated pin.

** Add a new action set-ccc to yubico-piv-tool to set the CCC.

* Version 1.1.2 (released 2015-11-13)

** Properly handle DER encoding in ECDSA signatures.

* Version 1.1.1 (released 2015-11-11)

** Make sure SCardContext is properly acquired and released.

* Version 1.1.0 (released 2015-11-06)

** Add support for new YubiKey 4.

** Add ykcs11.

* Version 1.0.3 (released 2015-10-01)

** Correct wording on unblock-pin action.

** Show pin retries correctly.

** Use a bigger buffer for receiving data.

* Version 1.0.2 (released 2015-09-04)

** Query for different passwords/pins on stdin if they're not supplied.

** If a reader fails continue trying matching readers.

** Authentication failed is supposed to be 0x63cX not 0x630X.

* Version 1.0.1 (released 2015-07-10)

** Project relicensed to 2-clause BSD license

** Minor fixes found with clang scan-build

* Version 1.0.0 (released 2015-06-23)

** Add a test-decipher action.

** Check that e is 0x10001 on importing rsa keys

** Use PCSC transactions when sending and receiving data

* Version 0.1.6 (released 2015-03-23)

** Add a read-certificate action to the tool.

** Add a status action to the tool.

** Fix a library bug so NULL can be passed to ykpiv_verify()

** Add a test-signature action to the tool.

* Version 0.1.5 (released 2015-02-04)

** Revert the check for parity and just set parity before the weak check.

* Version 0.1.4 (released 2015-02-02)

** Prompt for input if input is stdin.

** Mark all bits of the signature as used is certs and requests.

** Correct error for unblock-pin.

** Fix hex decode to decode capital letters and return error.

** Check parity of new management keys.

* Version 0.1.3 (released 2014-12-18)

** Add format DER for importing certificates.

** Make sure diagnostic feedback ends up on stderr.

** Add positive feedback for a couple of actions.

* Version 0.1.2 (released 2014-11-14)

** Fix an issue where shorter component of RSA keys where not packed correctly.

* Version 0.1.1 (released 2014-11-10)

** Correct broken CHUID that made windows work inconsistently.

** Add support for compressed certificates.

** Fix broken unblock-pin action.

** Don't try to accept to short keys for mgm key.

** Only do applet authentication if needed.

** Add --hash for selecting what hash to use for signatures.

** Add hidden --sign command. Should probably not be used.

** Fix for signature algorithm in selfsigned cert.

* Version 0.1.0 (released 2014-08-25)

** Break out functionality into a library.

** More testing.

* Version 0.0.3 (released 2014-05-26)

** Add delete-certificate action.

** Fix minor bugs.

* Version 0.0.2 (released 2014-02-19)

** Fix an offset bug with CHUID.

** Do full mutual auth with the applet.

* Version 0.0.1 (released 2014-02-11)

** Initial release.