Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: yubico-piv-tool | Distribution: openSUSE:Factory:zSystems |
Version: 2.6.0 | Vendor: openSUSE |
Release: 1.1 | Build date: Mon Aug 26 10:11:45 2024 |
Group: Productivity/Networking/Security | Build host: reproducible |
Size: 140043 | Source RPM: yubico-piv-tool-2.6.0-1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://developers.yubico.com/ | |
Summary: Yubico YubiKey NEO CCID Manager |
This is a command line tool to interact with the PIV applet on a YubiKey NEO. Among other functions it supports, generating keys on device, importing keys and certificates and creating certificate requests.
BSD-2-Clause
* Mon Aug 26 2024 Wolfgang Frisch <wolfgang.frisch@suse.com> - update to 2.6.0: * cmd: Add support for biometric verification and match policy * ykcs11: Add support for PKCS11 3.0 * ykpiv: cmd: ykcs11: Improve error traceability * ykpiv: cmd: ykcs11: Fix minor bugs * build: Make building with zlib optional * Tue May 07 2024 Wolfgang Frisch <wolfgang.frisch@suse.com> - update to 2.5.2: * cmd: Fix signing selfsigned certificate for ED25519 key. - update cmake-flags-upstream-issue-474.patch * Wed Feb 14 2024 Wolfgang Frisch <wolfgang.frisch@suse.com> - update to 2.5.1: * ykpiv: cmd: ykcs11: Fix buffer size for key import. - add cmake-flags-upstream-issue-474.patch: proper fix for the cmake flags issue - remove temporary-cmake-flags-fix.patch * Wed Feb 07 2024 Wolfgang Frisch <wolfgang.frisch@suse.com> - update to 2.5.0: * ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types. Available in firmware 5.7.0 and newer * ykpiv: cmd: Add support for ED25519 and X25519 key types. Available in firmware 5.7.0 and newer * ykpiv: cmd: Add support for deleting keys. Available in firmware 5.7.0 and newer * ykpiv: cmd: Add support for moving keys between slots. Available in firmware 5.7.0 and newer - add temporary-cmake-flags-fix.patch The included cmake modules are buggy. This patch should be removed once the root cause is fixed in upstream. * Sun Dec 17 2023 Dirk Müller <dmueller@suse.com> - update to 2.4.2: * ykpiv: Fix potential type casting bug. * ykpiv: ykcs11: Fix building on certain architectures. * ykpiv: cmd: Add support for compressing certificate upon import * ykcs11: Increase maximum number of slots to handle overflow * ykcs11: Add support for CKA_COPYABLE and CKA_DESTROYABLE attributes * Fri Mar 03 2023 Dirk Müller <dmueller@suse.com> - update to 2.3.1: * ykpiv: Add support for T=0 smartcards * ykpiv: ykcs11: Minor code optimization * ykpiv: ykcs11: Improve logging * ykpiv: ykcs11: Improve error handling * ykpiv: ykcs11: Fix minor bugs * ykcs11: Add support for several PKCS11 Attributes * ykcs11: Add support for CKM_ECDSA_SHA512 mechanism * ykcs11: Fix incorrect value for public key attributes CKA_PRIVATE, CKA_SENSITIVE, CKA_ALWAYS_SENSITIVE, CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE * doc: Minor documentation improvement * Sat Dec 03 2022 Dirk Müller <dmueller@suse.com> - update to 2.3.0: * ykpiv: Add support for AES management keys * ykpiv: Better handling of connection reset * ykpiv: Add support for T=0 protocol * ykcs11: Support YubiKeys in NFC readers * ykcs11: Support touch and PIN policies for imported private keys * ykcs11: Support touch and PIN policy when generating keys * ykcs11: Set length to -1 on function fail * ykcs11: Ignore CKA_NAME_HASH_ALGORITHM and CKA_HASH_OF_SUBJECT_PUBLIC_KEY for certificates * cmd: Support attestation in selfsign certificates * build: Compile cleanly with openssl 1.1 and 3 - add keyring * Mon Jan 31 2022 Dirk Müller <dmueller@suse.com> - update to 2.2.1: * ykpiv: Minor bug fixes * ykcs11: Improved handling of object attributes * ykcs11: Update flags for EC related mechanisms * ykcs11: Minor bug fixes * test: Improved testing * doc: Improved documentation * Sun Feb 28 2021 Dirk Müller <dmueller@suse.com> - update to 2.2.0: * ykpiv: Increased SO version * ykpiv: Fixed minor memory leaks * ykpiv: Improved error handling * ykpiv: Improved handling of PCSC card validation * ykcs11: Updated Cryptoki version * ykcs11: Support for CKM_ECDH1_DERIVE mechanism info * ykcs11: Support for destroying ECDH derived keys * ykcs11: Improved handling of PIN after device re-connection * ykcs11: Improved debug logging * cmd: Improved parsing of certificate Distinguished Name to allow an escape character * cmd: Warning to discourage generating RSA1024 keys * build: Use of platform standard installation path when building yubico-piv-tool * tests: Improved testing * Replaced building with autotool with building with cmake * Security update for YSA-2020-02 * ykpiv: Fixed potential memory leaks * ykpiv: Use PIN-protected MGMT key if the device is configured that way * ykpiv: Added attestation to CSR if requested * ykpiv: Fixed compatibility with LibreSSL * ykcs11: Improved handling of error codes * ykcs11: Improved handling of examples in the PKCS11 specifications * ykcs11: Added the possibility to have debug output as a runtime setting * ykcs11: Added support to unblock PIN with PUK * ykcs11: Make C_SetPIN backwards compatible while also allowing unblock PIN * tests: Improved tests - run tests - add pthread-link.patch * Sun Mar 01 2020 Marcus Rueckert <mrueckert@suse.de> - Version 2.0.0 - ykpiv: Added ykpiv_get_metadata and ykpiv_util_parse_metadata to read and parse private key metadata (supported from YK 5.3). - ykpiv: Fixed PCSC transaction handling when re-selecting PIV due to external card reset events. - ykpiv: Improved error reporting. - ykpiv: Correctly report YK5 devices, and NEO and YK5 over NFC. - ykpiv: MGM KEY (SO PIN) is cached (in addition to PIN). - ykpiv: Fixed resetting of cached serial / version when an application re-uses ykpiv_state. - ykpiv: ykpiv_get_pin_retries selects a different applet before re-selecting PIV since just re-selecting PIV is a no-op on YK5. - ykcs11: Shared library exports all PKCS11 functions per the spec (For applications that don’t use C_GetFunctionList). - ykcs11: Support for up to 16 simultaneous sessions, with support for multi-threaded access (if requested when calling C_Initialize). - ykcs11: Support for resetting the PIV application via C_initToken. Requires knowledge of the MGMT KEY (SO PIN) per the PKCS11 spec. - ykcs11: Support for public-key operations not supported by PIV (C_Verify, C_Encrypt), implemented using OpenSSL. - ykcs11: Support for attestations, exposed as session objects of certificate class. Generated when opening the first session to a slot. - ykcs11: Support for forked processes on Linux and MacOS. - ykcs11: Support for RSA signatures using PKCS or PSS padding with optional digesting by the library. Raw signatures are also supported. - ykcs11: Support for ECDSA signatures with optional digesting by the library. Raw signatures are also supported. - ykcs11: Support for RSA encryption / decryption with PKCS or OAEP padding. - ykcs11: Makes use of key metadata when available (YK 5.3 and above), providing access to keys even if certificates are not present. - ykcs11: Supports SHA1, SHA256, SHA384 and SHA512 digesting, plus SHA224 digesting for ECDSA signatures and for the MGF1 digest in PSS / OAEP, implemented using OpenSSL. - ykcs11: Supports C_Login with context-specific user type. This allows use cases that require both SO PIN and normal PIN in the same session.
/usr/bin/yubico-piv-tool /usr/share/doc/packages/yubico-piv-tool /usr/share/doc/packages/yubico-piv-tool/NEWS /usr/share/doc/packages/yubico-piv-tool/README /usr/share/licenses/yubico-piv-tool /usr/share/licenses/yubico-piv-tool/COPYING /usr/share/man/man1/yubico-piv-tool.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 10 00:57:45 2024