|Index||index by Group||index by Distribution||index by Vendor||index by creation date||index by Name||Mirrors||Help||Search|
|Name: yubico-piv-tool||Distribution: openSUSE Tumbleweed|
|Version: 2.2.0||Vendor: openSUSE|
|Release: 1.2||Build date: Fri May 28 14:31:55 2021|
|Group: Productivity/Networking/Security||Build host: armbuild21|
|Size: 105644||Source RPM: yubico-piv-tool-2.2.0-1.2.src.rpm|
|Summary: Yubico YubiKey NEO CCID Manager|
This is a command line tool to interact with the PIV applet on a YubiKey NEO. Among other functions it supports, generating keys on device, importing keys and certificates and creating certificate requests.
* Sun Feb 28 2021 Dirk Müller <firstname.lastname@example.org> - update to 2.2.0: * ykpiv: Increased SO version * ykpiv: Fixed minor memory leaks * ykpiv: Improved error handling * ykpiv: Improved handling of PCSC card validation * ykcs11: Updated Cryptoki version * ykcs11: Support for CKM_ECDH1_DERIVE mechanism info * ykcs11: Support for destroying ECDH derived keys * ykcs11: Improved handling of PIN after device re-connection * ykcs11: Improved debug logging * cmd: Improved parsing of certificate Distinguished Name to allow an escape character * cmd: Warning to discourage generating RSA1024 keys * build: Use of platform standard installation path when building yubico-piv-tool * tests: Improved testing * Replaced building with autotool with building with cmake * Security update for YSA-2020-02 * ykpiv: Fixed potential memory leaks * ykpiv: Use PIN-protected MGMT key if the device is configured that way * ykpiv: Added attestation to CSR if requested * ykpiv: Fixed compatibility with LibreSSL * ykcs11: Improved handling of error codes * ykcs11: Improved handling of examples in the PKCS11 specifications * ykcs11: Added the possibility to have debug output as a runtime setting * ykcs11: Added support to unblock PIN with PUK * ykcs11: Make C_SetPIN backwards compatible while also allowing unblock PIN * tests: Improved tests - run tests - add pthread-link.patch * Sun Mar 01 2020 Marcus Rueckert <email@example.com> - Version 2.0.0 - ykpiv: Added ykpiv_get_metadata and ykpiv_util_parse_metadata to read and parse private key metadata (supported from YK 5.3). - ykpiv: Fixed PCSC transaction handling when re-selecting PIV due to external card reset events. - ykpiv: Improved error reporting. - ykpiv: Correctly report YK5 devices, and NEO and YK5 over NFC. - ykpiv: MGM KEY (SO PIN) is cached (in addition to PIN). - ykpiv: Fixed resetting of cached serial / version when an application re-uses ykpiv_state. - ykpiv: ykpiv_get_pin_retries selects a different applet before re-selecting PIV since just re-selecting PIV is a no-op on YK5. - ykcs11: Shared library exports all PKCS11 functions per the spec (For applications that don’t use C_GetFunctionList). - ykcs11: Support for up to 16 simultaneous sessions, with support for multi-threaded access (if requested when calling C_Initialize). - ykcs11: Support for resetting the PIV application via C_initToken. Requires knowledge of the MGMT KEY (SO PIN) per the PKCS11 spec. - ykcs11: Support for public-key operations not supported by PIV (C_Verify, C_Encrypt), implemented using OpenSSL. - ykcs11: Support for attestations, exposed as session objects of certificate class. Generated when opening the first session to a slot. - ykcs11: Support for forked processes on Linux and MacOS. - ykcs11: Support for RSA signatures using PKCS or PSS padding with optional digesting by the library. Raw signatures are also supported. - ykcs11: Support for ECDSA signatures with optional digesting by the library. Raw signatures are also supported. - ykcs11: Support for RSA encryption / decryption with PKCS or OAEP padding. - ykcs11: Makes use of key metadata when available (YK 5.3 and above), providing access to keys even if certificates are not present. - ykcs11: Supports SHA1, SHA256, SHA384 and SHA512 digesting, plus SHA224 digesting for ECDSA signatures and for the MGF1 digest in PSS / OAEP, implemented using OpenSSL. - ykcs11: Supports C_Login with context-specific user type. This allows use cases that require both SO PIN and normal PIN in the same session. * Mon Jun 03 2019 Karol Babioch <firstname.lastname@example.org> - Version 1.7.0 (released 2019-04-03) * Add ykpiv_get_serial() to API. * Add version and serial to status output. * FASC-N fixes for CHUID. * ykcs11: Fix ECDSA signatures. * Make selfsigned X.509 extensions have correct extensions to match openssl. * Security fixes. * Documentation fixes. * Try to clear memory that might contain secrets. * Fri Sep 28 2018 Jan Engelhardt <email@example.com> - Rename %soname to %sover to better reflect its use. - Fix RPM groups. * Thu Sep 27 2018 Karol Babioch <firstname.lastname@example.org> - Version 1.6.2 (released 2018-09-14) - Compare reader names case insensitive - Fix certificate and certificate request signatures with OpenSSL 1.1 * Tue Aug 28 2018 email@example.com - Version 1.6.1 (released 2018-08-17) - Compilation warning fixes for OpenSSL 1.1 builds - Fix length when encoding exactly 0xff bytes - Check length of objects correctly before storing in buffer - Check length of certificate correctly when storing - Version 1.6.0 (released 2018-08-08) - Security release to mitigate YSA-2018-03 (YSA-2018-03, CVE-2018-14779, CVE-2018-14780, bsc#1104809, bsc#1104811) - Allow building against LibreSSL - Bugfixes in OpenSSL 1.1 code - Fix compilation warnings - Fix ykcs11 key generation to work with OpenSSL 1.1 - Ykcs11 compatibility fixes - Make use of %license macro instead of %doc for COPYING - Applied spec-cleaner * Thu Nov 30 2017 firstname.lastname@example.org - Version 1.5.0 (released 2017-11-29) - API additions: Higher-level "util" API added to libykpiv. - Added ykpiv_attest(), ykpiv_get_pin_retries(), ykpiv_set_pin_retries() - Added functions for using existing PCSC card handle. - Support using custom memory allocator. - Documentation updates. make doxygen for HTML format. - Expanded automated tests for hardware devices, moved to make hwcheck. - OpenSSL 1.1 support - Moderate internal refactoring. Many small bugs fixed. * Wed Nov 15 2017 email@example.com - Version 1.4.4 (released 2017-10-17) - Documentation updates. - Add pin caching to work around disconnect problems. - Disable RSA key generation on YubiKey 4 before 4.3.5. See https://yubi.co/ysa201701/ for details. * Mon May 29 2017 firstname.lastname@example.org - Version 1.4.3 (released 2017-04-18) - Encode RSA x509 certificates correctly. - Documentation updates. - In ykcs11 return CKA_MODULUS correctly for private keys. - In ykcs11 fix for signature size approximation. - Fix PSS signatures in ykcs11. - Add a CLI flag --stdin-input to make batch execution easier. * Wed Aug 17 2016 email@example.com - Version 1.4.2 (released 2016-08-12) - Clarify license headers and clean up YKCS11 licensing. Now uses pkcs11.h from the Scute project. - Don’t install ykcs11-version.h. - No cflags in ykcs11.pc. - Unimplemented YKCS11 functions now return CKR_FUNCTION_FAILED. - Version 1.4.1 (released 2016-08-11) - Documentation updates - Add possibility to export certificates in SSH format. - Make certificate serial number random by default.
/usr/bin/yubico-piv-tool /usr/share/doc/packages/yubico-piv-tool /usr/share/doc/packages/yubico-piv-tool/NEWS /usr/share/doc/packages/yubico-piv-tool/README /usr/share/licenses/yubico-piv-tool /usr/share/licenses/yubico-piv-tool/COPYING /usr/share/man/man1/yubico-piv-tool.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Nov 29 00:07:57 2021