Releases: arekinath/PivApplet
Releases · arekinath/PivApplet
v0.9.0
- Basic support for AES admin keys, some long-standing admin auth issues fixed (#37, #38)
- Structure of the APT in response-to-select now follows standards more closely (#43, #45)
- Reset slot pin policies to default during INS_RESET (#41)
- Pre-built CAP files without "strict contactless" feature
v0.8.2
- Fix for #36 (EC key import)
- Fix for JC221 sign-extended Lc problem (mentioned in #2)
v0.8.1
- Performance fix for
GET_METADATA command (used a lot by libykcs11)
- Builds for jc221
v0.8.0
- Implement Yubico INS_GET_METADATA
- Support for ECCP384
- Performance improvements
v0.7.0
-
Support for building against JC3.0.4 with PIV spec compliant ECDSA support (using signPreComputedHash)
-
Fixes to run on some cards with lower amounts of transient memory (e.g. J3H145, JC30M48CR)
-
Multiple configurations:
- "default" = the stock configuration in the repository, if build is jc305 it includes spec compliant ECDSA
- "rsaonly" = ECDSA functionality disabled
- "econly" = RSA functionality disabled
- "small" = no attestation or extended length APDU support, uses
CLEAR_ON_RESET transient memory for Cipher/Signature instances
v0.6.0
- Implement support for the Yubikey PIV Manager's extra configuration slot (
PIVMAN_DATA / tag 5FFF00)
v0.5.0
- Bump YubicoPIV version to 5.0.0 (avoids warnings about ROCA vulnerability)
- Implement remaining YubicoPIV extensions: reset after PUK blocked, set PIN/PUK retries, get serial number.
v0.4.2
- Turn off auto-gen'd self-signed attestation cert for cards without ECDSA support, and ignore certain kinds of errors during generation (fixes up support for J2A040, Feitian cards)
- Clean up of SGList code (also reduces CAP size a little)
v0.4.0
- New chunked buffering scheme for large data commands (certificates up to several KB can be stored on most cards now, and a J3D081 can now sign several KB of data with ECDSA hash-on-card)
- Fixes for lots of bugs, including #11, #7
- Support for YubicoPIV attestation command and the F9 slot
v0.3.1
- Fix for important security issue (#10) allowing overwrite of certificate objects without authentication (no key exposure)
