Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

yubico-piv-tool-2.6.0-1.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: yubico-piv-tool Distribution: openSUSE:Factory:zSystems
Version: 2.6.0 Vendor: openSUSE
Release: 1.1 Build date: Mon Aug 26 10:11:45 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 140043 Source RPM: yubico-piv-tool-2.6.0-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://developers.yubico.com/
Summary: Yubico YubiKey NEO CCID Manager
This is a command line tool to interact with the PIV applet on a YubiKey NEO.
Among other functions it supports, generating keys on device, importing keys
and certificates and creating certificate requests.

Provides

Requires

License

BSD-2-Clause

Changelog

* Mon Aug 26 2024 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - update to 2.6.0:
    * cmd: Add support for biometric verification and match policy
    * ykcs11: Add support for PKCS11 3.0
    * ykpiv: cmd: ykcs11: Improve error traceability
    * ykpiv: cmd: ykcs11: Fix minor bugs
    * build: Make building with zlib optional
* Tue May 07 2024 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - update to 2.5.2:
    * cmd: Fix signing selfsigned certificate for ED25519 key.
  - update cmake-flags-upstream-issue-474.patch
* Wed Feb 14 2024 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - update to 2.5.1:
    * ykpiv: cmd: ykcs11: Fix buffer size for key import.
  - add cmake-flags-upstream-issue-474.patch:
    proper fix for the cmake flags issue
  - remove temporary-cmake-flags-fix.patch
* Wed Feb 07 2024 Wolfgang Frisch <wolfgang.frisch@suse.com>
  - update to 2.5.0:
    * ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types.
      Available in firmware 5.7.0 and newer
    * ykpiv: cmd: Add support for ED25519 and X25519 key types.
      Available in firmware 5.7.0 and newer
    * ykpiv: cmd: Add support for deleting keys.
      Available in firmware 5.7.0 and newer
    * ykpiv: cmd: Add support for moving keys between slots.
      Available in firmware 5.7.0 and newer
  - add temporary-cmake-flags-fix.patch
    The included cmake modules are buggy. This patch should be removed once the
    root cause is fixed in upstream.
* Sun Dec 17 2023 Dirk Müller <dmueller@suse.com>
  - update to 2.4.2:
    * ykpiv: Fix potential type casting bug.
    * ykpiv: ykcs11: Fix building on certain architectures.
    * ykpiv: cmd: Add support for compressing certificate upon
      import
    * ykcs11: Increase maximum number of slots to handle
      overflow
    * ykcs11: Add support for CKA_COPYABLE and CKA_DESTROYABLE
      attributes
* Fri Mar 03 2023 Dirk Müller <dmueller@suse.com>
  - update to 2.3.1:
    * ykpiv: Add support for T=0 smartcards
    * ykpiv: ykcs11: Minor code optimization
    * ykpiv: ykcs11: Improve logging
    * ykpiv: ykcs11: Improve error handling
    * ykpiv: ykcs11: Fix minor bugs
    * ykcs11: Add support for several PKCS11 Attributes
    * ykcs11: Add support for CKM_ECDSA_SHA512 mechanism
    * ykcs11: Fix incorrect value for public key attributes
      CKA_PRIVATE, CKA_SENSITIVE, CKA_ALWAYS_SENSITIVE,
      CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE
    * doc: Minor documentation improvement
* Sat Dec 03 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.3.0:
    * ykpiv: Add support for AES management keys
    * ykpiv: Better handling of connection reset
    * ykpiv: Add support for T=0 protocol
    * ykcs11: Support YubiKeys in NFC readers
    * ykcs11: Support touch and PIN policies for imported private keys
    * ykcs11: Support touch and PIN policy when generating keys
    * ykcs11: Set length to -1 on function fail
    * ykcs11: Ignore CKA_NAME_HASH_ALGORITHM and CKA_HASH_OF_SUBJECT_PUBLIC_KEY for certificates
    * cmd: Support attestation in selfsign certificates
    * build: Compile cleanly with openssl 1.1 and 3
  - add keyring
* Mon Jan 31 2022 Dirk Müller <dmueller@suse.com>
  - update to 2.2.1:
    * ykpiv: Minor bug fixes
    * ykcs11: Improved handling of object attributes
    * ykcs11: Update flags for EC related mechanisms
    * ykcs11: Minor bug fixes
    * test: Improved testing
    * doc: Improved documentation
* Sun Feb 28 2021 Dirk Müller <dmueller@suse.com>
  - update to 2.2.0:
    * ykpiv: Increased SO version
    * ykpiv: Fixed minor memory leaks
    * ykpiv: Improved error handling
    * ykpiv: Improved handling of PCSC card validation
    * ykcs11: Updated Cryptoki version
    * ykcs11: Support for CKM_ECDH1_DERIVE mechanism info
    * ykcs11: Support for destroying ECDH derived keys
    * ykcs11: Improved handling of PIN after device re-connection
    * ykcs11: Improved debug logging
    * cmd: Improved parsing of certificate Distinguished Name to allow an escape character
    * cmd: Warning to discourage generating RSA1024 keys
    * build: Use of platform standard installation path when building yubico-piv-tool
    * tests: Improved testing
    * Replaced building with autotool with building with cmake
    * Security update for YSA-2020-02
    * ykpiv: Fixed potential memory leaks
    * ykpiv: Use PIN-protected MGMT key if the device is configured that way
    * ykpiv: Added attestation to CSR if requested
    * ykpiv: Fixed compatibility with LibreSSL
    * ykcs11: Improved handling of error codes
    * ykcs11: Improved handling of examples in the PKCS11 specifications
    * ykcs11: Added the possibility to have debug output as a runtime setting
    * ykcs11: Added support to unblock PIN with PUK
    * ykcs11: Make C_SetPIN backwards compatible while also allowing unblock PIN
    * tests: Improved tests
  - run tests
  - add pthread-link.patch
* Sun Mar 01 2020 Marcus Rueckert <mrueckert@suse.de>
  - Version 2.0.0
    - ykpiv: Added ykpiv_get_metadata and ykpiv_util_parse_metadata
      to read and parse private key metadata (supported from YK 5.3).
    - ykpiv: Fixed PCSC transaction handling when re-selecting PIV
      due to external card reset events.
    - ykpiv: Improved error reporting.
    - ykpiv: Correctly report YK5 devices, and NEO and YK5 over NFC.
    - ykpiv: MGM KEY (SO PIN) is cached (in addition to PIN).
    - ykpiv: Fixed resetting of cached serial / version when an
      application re-uses ykpiv_state.
    - ykpiv: ykpiv_get_pin_retries selects a different applet before
      re-selecting PIV since just re-selecting PIV is a no-op on YK5.
    - ykcs11: Shared library exports all PKCS11 functions per the
      spec (For applications that don’t use C_GetFunctionList).
    - ykcs11: Support for up to 16 simultaneous sessions, with
      support for multi-threaded access (if requested when calling
      C_Initialize).
    - ykcs11: Support for resetting the PIV application via
      C_initToken.  Requires knowledge of the MGMT KEY (SO PIN) per
      the PKCS11 spec.
    - ykcs11: Support for public-key operations not supported by PIV
      (C_Verify, C_Encrypt), implemented using OpenSSL.
    - ykcs11: Support for attestations, exposed as session objects of
      certificate class. Generated when opening the first session to
      a slot.
    - ykcs11: Support for forked processes on Linux and MacOS.
    - ykcs11: Support for RSA signatures using PKCS or PSS padding
      with optional digesting by the library. Raw signatures are also
      supported.
    - ykcs11: Support for ECDSA signatures with optional digesting by
      the library. Raw signatures are also supported.
    - ykcs11: Support for RSA encryption / decryption with PKCS or
      OAEP padding.
    - ykcs11: Makes use of key metadata when available (YK 5.3 and
      above), providing access to keys even if certificates are not
      present.
    - ykcs11: Supports SHA1, SHA256, SHA384 and SHA512 digesting,
      plus SHA224 digesting for ECDSA signatures and for the MGF1
      digest in PSS / OAEP, implemented using OpenSSL.
    - ykcs11: Supports C_Login with context-specific user type. This
      allows use cases that require both SO PIN and normal PIN in the
      same session.

Files

/usr/bin/yubico-piv-tool
/usr/share/doc/packages/yubico-piv-tool
/usr/share/doc/packages/yubico-piv-tool/NEWS
/usr/share/doc/packages/yubico-piv-tool/README
/usr/share/licenses/yubico-piv-tool
/usr/share/licenses/yubico-piv-tool/COPYING
/usr/share/man/man1/yubico-piv-tool.1.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Sep 10 00:57:45 2024