Skip to content

Releases: arekinath/PivApplet

v0.9.0

08 Mar 00:12
@arekinath arekinath
v0.9.0
671faa9
Compare
Choose a tag to compare
v0.9.0 Latest
Latest
  • Basic support for AES admin keys, some long-standing admin auth issues fixed (#37, #38)
  • Structure of the APT in response-to-select now follows standards more closely (#43, #45)
  • Reset slot pin policies to default during INS_RESET (#41)
  • Pre-built CAP files without "strict contactless" feature
Assets 17

v0.8.2

28 Aug 03:31
@arekinath arekinath
v0.8.2
1bbfaea
Compare
Choose a tag to compare
v0.8.2
  • Fix for #36 (EC key import)
  • Fix for JC221 sign-extended Lc problem (mentioned in #2)
Assets 12
Loading

v0.8.1

28 May 10:37
@arekinath arekinath
v0.8.1
f984e3b
Compare
Choose a tag to compare
v0.8.1
  • Performance fix for GET_METADATA command (used a lot by libykcs11)
  • Builds for jc221
Assets 12
Loading

v0.8.0

13 May 07:58
@arekinath arekinath
v0.8.0
7811076
Compare
Choose a tag to compare
v0.8.0
  • Implement Yubico INS_GET_METADATA
  • Support for ECCP384
  • Performance improvements
Assets 9
Loading

v0.7.0

01 Apr 00:05
@arekinath arekinath
v0.7.0
edbc10b
Compare
Choose a tag to compare
v0.7.0

  • Support for building against JC3.0.4 with PIV spec compliant ECDSA support (using signPreComputedHash)

  • Fixes to run on some cards with lower amounts of transient memory (e.g. J3H145, JC30M48CR)

  • Multiple configurations:

    • "default" = the stock configuration in the repository, if build is jc305 it includes spec compliant ECDSA
    • "rsaonly" = ECDSA functionality disabled
    • "econly" = RSA functionality disabled
    • "small" = no attestation or extended length APDU support, uses CLEAR_ON_RESET transient memory for Cipher/Signature instances
Assets 8
Loading

v0.6.0

27 Jan 21:56
@arekinath arekinath
v0.6.0
b526403
Compare
Choose a tag to compare
v0.6.0
  • Implement support for the Yubikey PIV Manager's extra configuration slot (PIVMAN_DATA / tag 5FFF00)
Assets 3
Loading

v0.5.0

06 Jan 02:43
@arekinath arekinath
v0.5.0
118c585
Compare
Choose a tag to compare
v0.5.0
  • Bump YubicoPIV version to 5.0.0 (avoids warnings about ROCA vulnerability)
  • Implement remaining YubicoPIV extensions: reset after PUK blocked, set PIN/PUK retries, get serial number.
Assets 3
Loading

v0.4.2

24 Oct 22:17
@arekinath arekinath
v0.4.2
be4942b
Compare
Choose a tag to compare
v0.4.2
  • Turn off auto-gen'd self-signed attestation cert for cards without ECDSA support, and ignore certain kinds of errors during generation (fixes up support for J2A040, Feitian cards)
  • Clean up of SGList code (also reduces CAP size a little)
Assets 3
Loading

v0.4.0

24 Oct 02:40
@arekinath arekinath
v0.4.0
5b34a62
Compare
Choose a tag to compare
v0.4.0
  • New chunked buffering scheme for large data commands (certificates up to several KB can be stored on most cards now, and a J3D081 can now sign several KB of data with ECDSA hash-on-card)
  • Fixes for lots of bugs, including #11, #7
  • Support for YubicoPIV attestation command and the F9 slot
Assets 3
Loading

v0.3.1

06 Sep 19:57
@arekinath arekinath
v0.3.1
1c7c9c1
Compare
Choose a tag to compare
v0.3.1
  • Fix for important security issue (#10) allowing overwrite of certificate objects without authentication (no key exposure)
Assets 3
Loading