SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libykpiv1-1.5.0-40.1.x86_64.rpm :
Thu Nov 30 13:00:00 2017 t.grunerAATTkatodev.de
- Version 1.5.0 (released 2017-11-29)
- API additions: Higher-level \"util\" API added to libykpiv.
- Added ykpiv_attest(), ykpiv_get_pin_retries(), ykpiv_set_pin_retries()
- Added functions for using existing PCSC card handle.
- Support using custom memory allocator.
- Documentation updates. make doxygen for HTML format.
- Expanded automated tests for hardware devices, moved to make hwcheck.
- OpenSSL 1.1 support
- Moderate internal refactoring. Many small bugs fixed.

Wed Nov 15 13:00:00 2017 t.grunerAATTkatodev.de
- Version 1.4.4 (released 2017-10-17)
- Documentation updates.
- Add pin caching to work around disconnect problems.
- Disable RSA key generation on YubiKey 4 before 4.3.5. See https://yubi.co/ysa201701/ for details.

Mon May 29 14:00:00 2017 t.grunerAATTkatodev.de
- Version 1.4.3 (released 2017-04-18)
- Encode RSA x509 certificates correctly.
- Documentation updates.
- In ykcs11 return CKA_MODULUS correctly for private keys.
- In ykcs11 fix for signature size approximation.
- Fix PSS signatures in ykcs11.
- Add a CLI flag --stdin-input to make batch execution easier.

Wed Aug 17 14:00:00 2016 t.grunerAATTkatodev.de
- Version 1.4.2 (released 2016-08-12)
- Clarify license headers and clean up YKCS11 licensing. Now uses pkcs11.h from the Scute project.
- Don’t install ykcs11-version.h.
- No cflags in ykcs11.pc.
- Unimplemented YKCS11 functions now return CKR_FUNCTION_FAILED.
- Version 1.4.1 (released 2016-08-11)
- Documentation updates
- Add possibility to export certificates in SSH format.
- Make certificate serial number random by default.

Tue May 17 14:00:00 2016 t.grunerAATTkatodev.de
- Version 1.4.0 (released 2016-05-03)
- Add attest action When used on a slot with a generated key,
outputs a signed x509 certificate for that slot showing that
the key was generated in hardware. Available in firmware 4.3.0 and newer.
- Add cached parameter for touch-policy With cached, the touch is valid
for an additional 15s. Available in firmware 4.3.0 and newer.
- Enforce a minimum PIN length of 6 characters.
- Fix a bug with list-readers action where it fell through processing into write-object.

Mon Apr 25 14:00:00 2016 t.grunerAATTkatodev.de
- Version 1.3.1 (released 2016-04-19)
- Fix a bug where unblock pin would instead change puk, introduced in 1.3.0.
- Clarifications with help texts.
- Version 1.3.0 (released 2016-02-19)
- Fixed extraction of RSA modulus and exponent for pkcs11.
- Implemented C_SetPIN for pkcs11.
- Add generic write and read object actions for the tool. Supports hex/binary/base64 formats
- Add ykpiv_change_pin(), ykpiv_change_puk() and ykpiv_unblock_pin()
- Print CCC with status action.
- Address bugs with pkcs11 on windows.
- Add --valid-days and --serial to tool for selfsign-certificate action.
- Ask for password for pkcs12 if none is given.

Fri Dec 11 13:00:00 2015 t.grunerAATTkatodev.de
- Version 1.2.2 (released 2015-12-08)
- Fix old buffer overflow in change-pin functionality.
- Version 1.2.1 (released 2015-12-08)
- Fix issue with big certificates and status.
- Version 1.2.0 (released 2015-12-07)
- On OSX use AATTloader_path instead of AATTexecutable_path for ykcs11.
- Add ykpiv_import_private_key to libykpiv.
- Raise buffer sizes to support bigger objects.
- Change behavior of action status, only list populated slots.
- Add retired keys to ykcs11.
- In ykcs11 support login with non null terminated pin.
- Add a new action set-ccc to yubico-piv-tool to set the CCC.

Wed Nov 18 13:00:00 2015 t.grunerAATTkatodev.de
- Version 1.1.2 (released 2015-11-13)
- Properly handle DER encoding in ECDSA signatures.

Thu Nov 12 13:00:00 2015 t.grunerAATTkatodev.de
- Version 1.1.1 (released 2015-11-11)
- Make sure SCardContext is properly acquired and released.

Fri Nov 6 13:00:00 2015 t.grunerAATTkatodev.de
- Version 1.1.0 (released 2015-11-06)
- Add support for new YubiKey 4.
- Add ykcs11.

Tue Oct 13 14:00:00 2015 t.grunerAATTkatodev.de
- Add dependencive in .spec file

Thu Oct 1 14:00:00 2015 t.grunerAATTkatodev.de
- Version 1.0.3 (released 2015-10-01)
- Correct wording on unblock-pin action.
- Show pin retries correctly.
- Use a bigger buffer for receiving data.

Tue Sep 15 14:00:00 2015 t.grunerAATTkatodev.de
- Version 1.0.2 (released 2015-09-04)
- Query for different passwords/pins on stdin if they’re not supplied.
- If a reader fails continue trying matching readers.
- Authentication failed is supposed to be 0x63cX not 0x630X.

Sat Jul 11 14:00:00 2015 t.grunerAATTkatodev.de
- Version 1.0.1 (released 2015-07-10)
- Project relicensed to 2-clause BSD license
- Minor fixes found with clang scan-build

Wed Jul 8 14:00:00 2015 t.grunerAATTkatodev.de
- Version 1.0.0 (released 2015-06-23)
- Add a test-decipher action.
- Check that e is 0x10001 on importing rsa keys
- Use PCSC transactions when sending and receiving data

Mon Apr 27 14:00:00 2015 cdenicoloAATTsuse.com
- license update: GPL-3.0+
COPYING files says package is under GPL-3.0+.

Thu Mar 26 13:00:00 2015 t.grunerAATTkatodev.de
- Version 0.1.6 (released 2015-03-23)
Add a read-certificate action to the tool.
Add a status action to the tool.
Fix a library bug so NULL can be passed to ykpiv_verify()
Add a test-signature action to the tool.

Mon Feb 9 13:00:00 2015 t.grunerAATTkatodev.de
- Version 0.1.5 (released 2015-02-04)
Revert the check for parity and just set parity before the weak check.

Tue Feb 3 13:00:00 2015 t.grunerAATTkatodev.de
- Version 0.1.4 (released 2015-02-02)
Prompt for input if input is stdin.
Mark all bits of the signature as used is certs and requests.
Correct error for unblock-pin.
Fix hex decode to decode capital letters and return error.
Check parity of new management keys.

Fri Jan 23 13:00:00 2015 t.grunerAATTkatodev.de
- Version 0.1.3 (released 2014-12-18)
Add format DER for importing certificates.
Make sure diagnostic feedback ends up on stderr.
Add positive feedback for a couple of actions.
- Version 0.1.2 (released 2014-11-14)
Fix an issue where shorter component of RSA keys where not packed correctly.
- Version 0.1.1 (released 2014-11-10)
Correct broken CHUID that made windows work inconsistently.
Add support for compressed certificates.
Fix broken unblock-pin action.
Don’t try to accept to short keys for mgm key.
Only do applet authentication if needed.
Add --hash for selecting what hash to use for signatures.
Add hidden --sign command. Should probably not be used.
Fix for signature algorithm in selfsigned cert.
- Version 0.1.0 (released 2014-08-25)
Break out functionality into a library.
More testing.
- Version 0.0.3 (released 2014-05-26)
Add delete-certificate action.
Fix minor bugs.
- Version 0.0.2 (released 2014-02-19)
Fix an offset bug with CHUID.
Do full mutual auth with the applet.
- Version 0.0.1 (released 2014-02-11)
Initial release.


  
ICM