rpm/yubico-piv-tool
SHA256
1
0
Fork 0
forked from pool/yubico-piv-tool
Code Pull Requests Activity

- update to 2.6.1:

Browse Source 
* cmd: Fix performing bio verification
  * ykcs11: Fix handling ED25519 and X25519 keys

OBS-URL: https://build.opensuse.org/package/show/security/yubico-piv-tool?expand=0&rev=49
This commit is contained in:
Wolfgang Frisch 2024-09-12 14:58:39 +00:00 committed by Git OBS Bridge
commit 46cbc7f57c
13 changed files with 892 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

63
cmake-flags-upstream-issue-474.patch Normal file
View File

@ -0,0 +1,63 @@
commit a3b81d574ac20a1f17eea245da6096f59416b8f7
Author: Wolfgang Frisch <wolfgang.frisch@suse.com>
Date: Thu Feb 15 10:23:03 2024 +0100
cmake: fix semicolons in CFLAGS of custom modules
Both `openssl.cmake` and `pcscd.cmake` use FindPkgConfig to retrieve the
required CFLAGS and LDFLAGS. However FindPkgConfig returns lists [1],
which are stored as semicolon-separated strings in CMake. This breaks
the build when there's more than one flag in any of those variables.
Fixes https://github.com/Yubico/yubico-piv-tool/issues/474
Index: yubico-piv-tool-2.5.2/CMakeLists.txt
===================================================================
--- yubico-piv-tool-2.5.2.orig/CMakeLists.txt
+++ yubico-piv-tool-2.5.2/CMakeLists.txt
@@ -25,7 +25,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-cmake_minimum_required (VERSION 3.5)
+cmake_minimum_required (VERSION 3.12)
# policy CMP0025 is to get AppleClang identifier rather than Clang for both
# this matters since the apple compiler accepts different flags.
cmake_policy(SET CMP0025 NEW)
Index: yubico-piv-tool-2.5.2/cmake/openssl.cmake
===================================================================
--- yubico-piv-tool-2.5.2.orig/cmake/openssl.cmake
+++ yubico-piv-tool-2.5.2/cmake/openssl.cmake
@@ -84,8 +84,9 @@ macro (find_libcrypto)
endif(WIN32 OR OPENSSL_STATIC_LINK)
message(" OpenSSL version: ${OPENSSL_VERSION}")
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${LIBCRYPTO_CFLAGS}")
- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${LIBCRYPTO_CFLAGS}")
+ list(JOIN LIBCRYPTO_CFLAGS " " LIBCRYPTO_CFLAGS_STRING)
+ set(CMAKE_C_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_C_FLAGS}")
+ set(CMAKE_CXX_FLAGS "${LIBCRYPTO_CFLAGS_STRING} ${CMAKE_CXX_FLAGS}")
link_directories(${LIBCRYPTO_LIBRARY_DIRS})
include_directories(${LIBCRYPTO_INCLUDE_DIRS})
Index: yubico-piv-tool-2.5.2/cmake/pcscd.cmake
===================================================================
--- yubico-piv-tool-2.5.2.orig/cmake/pcscd.cmake
+++ yubico-piv-tool-2.5.2/cmake/pcscd.cmake
@@ -75,7 +75,7 @@ macro (find_pcscd)
set(ENV{PKG_CONFIG_PATH} "${PCSCLITE_PKG_PATH}:$ENV{PKG_CONFIG_PATH}")
pkg_check_modules(PCSC REQUIRED libpcsclite)
if(PCSC_FOUND)
- set(PCSC_LIBRARIES ${PCSC_LDFLAGS})
+ list(JOIN PCSC_LDFLAGS " " PCSC_LIBRARIES)
if(VERBOSE_CMAKE)
message("PCSC_FOUND: ${PCSC_FOUND}")
message("PCSC_LIBRARY_DIRS: ${PCSC_LIBRARY_DIRS}")
@@ -124,4 +124,5 @@ macro (find_pcscd)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${PCSC_CFLAGS}")
link_directories(${PCSC_LIBRARY_DIRS})
-endmacro()
\ No newline at end of file
+endmacro()
+

23
pthread-link.patch Normal file
View File

@ -0,0 +1,23 @@
Index: yubico-piv-tool-2.5.0/ykcs11/CMakeLists.txt
===================================================================
--- yubico-piv-tool-2.5.0.orig/ykcs11/CMakeLists.txt
+++ yubico-piv-tool-2.5.0/ykcs11/CMakeLists.txt
@@ -60,6 +60,9 @@ if(${ENABLE_HARDWARE_TESTS})
set(HW_TESTS 1)
endif(${ENABLE_HARDWARE_TESTS})
+set(THREADS_PREFER_PTHREAD_FLAG ON)
+find_package(Threads REQUIRED)
+
# static library
if(BUILD_STATIC_LIB)
add_library(ykcs11 STATIC ${SOURCE})
@@ -73,7 +76,7 @@ endif(BUILD_STATIC_LIB)
# dynamic library
add_library(ykcs11_shared SHARED ${SOURCE})
-target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared)
+target_link_libraries(ykcs11_shared ${LIBCRYPTO_LDFLAGS} ykpiv_shared Threads::Threads)
set_target_properties(ykcs11_shared PROPERTIES SOVERSION ${SO_VERSION} VERSION ${VERSION})
if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
set_target_properties(ykcs11_shared PROPERTIES INSTALL_RPATH "${YKPIV_INSTALL_LIB_DIR}")

3
yubico-piv-tool-2.5.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:918e76bad99463dc0a858a4771ec674a579fad284d99d90c57fb9cf44fb059b8
size 1324642

BIN
yubico-piv-tool-2.5.2.tar.gz.sig Normal file
View File

Binary file not shown.

3
yubico-piv-tool-2.6.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:80f4b7b7f5a85c86502f3286e2b4bef345a6709f4554088c745994f7027302c1
size 1359764

BIN
yubico-piv-tool-2.6.0.tar.gz.sig Normal file
View File

Binary file not shown.

3
yubico-piv-tool-2.6.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d4efd2d7c5baca49ffc070dea5fb64c17239095e0e54b10766a8a156b0c09285
size 2411956

BIN
yubico-piv-tool-2.6.1.tar.gz.sig Normal file
View File

Binary file not shown.

442
yubico-piv-tool.changes Normal file
View File

@ -0,0 +1,442 @@
-------------------------------------------------------------------
Thu Sep 12 14:56:39 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- update to 2.6.1:
* cmd: Fix performing bio verification
* ykcs11: Fix handling ED25519 and X25519 keys
-------------------------------------------------------------------
Mon Aug 26 08:11:45 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- update to 2.6.0:
* cmd: Add support for biometric verification and match policy
* ykcs11: Add support for PKCS11 3.0
* ykpiv: cmd: ykcs11: Improve error traceability
* ykpiv: cmd: ykcs11: Fix minor bugs
* build: Make building with zlib optional
-------------------------------------------------------------------
Tue May 7 09:05:14 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- update to 2.5.2:
* cmd: Fix signing selfsigned certificate for ED25519 key.
- update cmake-flags-upstream-issue-474.patch
-------------------------------------------------------------------
Wed Feb 14 09:05:14 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- update to 2.5.1:
* ykpiv: cmd: ykcs11: Fix buffer size for key import.
- add cmake-flags-upstream-issue-474.patch:
proper fix for the cmake flags issue
- remove temporary-cmake-flags-fix.patch
-------------------------------------------------------------------
Wed Feb 7 12:32:15 UTC 2024 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- update to 2.5.0:
* ykpiv: cmd: ykcs11: Add support for RSA3072 and RSA4096 key types.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for ED25519 and X25519 key types.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for deleting keys.
Available in firmware 5.7.0 and newer
* ykpiv: cmd: Add support for moving keys between slots.
Available in firmware 5.7.0 and newer
- add temporary-cmake-flags-fix.patch
The included cmake modules are buggy. This patch should be removed once the
root cause is fixed in upstream.
-------------------------------------------------------------------
Sun Dec 17 15:01:35 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.4.2:
* ykpiv: Fix potential type casting bug.
* ykpiv: ykcs11: Fix building on certain architectures.
* ykpiv: cmd: Add support for compressing certificate upon
import
* ykcs11: Increase maximum number of slots to handle
overflow
* ykcs11: Add support for CKA_COPYABLE and CKA_DESTROYABLE
attributes
-------------------------------------------------------------------
Fri Mar 3 21:51:36 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.3.1:
* ykpiv: Add support for T=0 smartcards
* ykpiv: ykcs11: Minor code optimization
* ykpiv: ykcs11: Improve logging
* ykpiv: ykcs11: Improve error handling
* ykpiv: ykcs11: Fix minor bugs
* ykcs11: Add support for several PKCS11 Attributes
* ykcs11: Add support for CKM_ECDSA_SHA512 mechanism
* ykcs11: Fix incorrect value for public key attributes
CKA_PRIVATE, CKA_SENSITIVE, CKA_ALWAYS_SENSITIVE,
CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE
* doc: Minor documentation improvement
-------------------------------------------------------------------
Sat Dec 3 17:05:31 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.3.0:
* ykpiv: Add support for AES management keys
* ykpiv: Better handling of connection reset
* ykpiv: Add support for T=0 protocol
* ykcs11: Support YubiKeys in NFC readers
* ykcs11: Support touch and PIN policies for imported private keys
* ykcs11: Support touch and PIN policy when generating keys
* ykcs11: Set length to -1 on function fail
* ykcs11: Ignore CKA_NAME_HASH_ALGORITHM and CKA_HASH_OF_SUBJECT_PUBLIC_KEY for certificates
* cmd: Support attestation in selfsign certificates
* build: Compile cleanly with openssl 1.1 and 3
- add keyring
-------------------------------------------------------------------
Mon Jan 31 20:31:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.2.1:
* ykpiv: Minor bug fixes
* ykcs11: Improved handling of object attributes
* ykcs11: Update flags for EC related mechanisms
* ykcs11: Minor bug fixes
* test: Improved testing
* doc: Improved documentation
-------------------------------------------------------------------
Sun Feb 28 18:33:22 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.2.0:
* ykpiv: Increased SO version
* ykpiv: Fixed minor memory leaks
* ykpiv: Improved error handling
* ykpiv: Improved handling of PCSC card validation
* ykcs11: Updated Cryptoki version
* ykcs11: Support for CKM_ECDH1_DERIVE mechanism info
* ykcs11: Support for destroying ECDH derived keys
* ykcs11: Improved handling of PIN after device re-connection
* ykcs11: Improved debug logging
* cmd: Improved parsing of certificate Distinguished Name to allow an escape character
* cmd: Warning to discourage generating RSA1024 keys
* build: Use of platform standard installation path when building yubico-piv-tool
* tests: Improved testing
* Replaced building with autotool with building with cmake
* Security update for YSA-2020-02
* ykpiv: Fixed potential memory leaks
* ykpiv: Use PIN-protected MGMT key if the device is configured that way
* ykpiv: Added attestation to CSR if requested
* ykpiv: Fixed compatibility with LibreSSL
* ykcs11: Improved handling of error codes
* ykcs11: Improved handling of examples in the PKCS11 specifications
* ykcs11: Added the possibility to have debug output as a runtime setting
* ykcs11: Added support to unblock PIN with PUK
* ykcs11: Make C_SetPIN backwards compatible while also allowing unblock PIN
* tests: Improved tests
- run tests
- add pthread-link.patch
-------------------------------------------------------------------
Sun Mar 1 00:11:08 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- Version 2.0.0
- ykpiv: Added ykpiv_get_metadata and ykpiv_util_parse_metadata
to read and parse private key metadata (supported from YK 5.3).
- ykpiv: Fixed PCSC transaction handling when re-selecting PIV
due to external card reset events.
- ykpiv: Improved error reporting.
- ykpiv: Correctly report YK5 devices, and NEO and YK5 over NFC.
- ykpiv: MGM KEY (SO PIN) is cached (in addition to PIN).
- ykpiv: Fixed resetting of cached serial / version when an
application re-uses ykpiv_state.
- ykpiv: ykpiv_get_pin_retries selects a different applet before
re-selecting PIV since just re-selecting PIV is a no-op on YK5.
- ykcs11: Shared library exports all PKCS11 functions per the
spec (For applications that dont use C_GetFunctionList).
- ykcs11: Support for up to 16 simultaneous sessions, with
support for multi-threaded access (if requested when calling
C_Initialize).
- ykcs11: Support for resetting the PIV application via
C_initToken. Requires knowledge of the MGMT KEY (SO PIN) per
the PKCS11 spec.
- ykcs11: Support for public-key operations not supported by PIV
(C_Verify, C_Encrypt), implemented using OpenSSL.
- ykcs11: Support for attestations, exposed as session objects of
certificate class. Generated when opening the first session to
a slot.
- ykcs11: Support for forked processes on Linux and MacOS.
- ykcs11: Support for RSA signatures using PKCS or PSS padding
with optional digesting by the library. Raw signatures are also
supported.
- ykcs11: Support for ECDSA signatures with optional digesting by
the library. Raw signatures are also supported.
- ykcs11: Support for RSA encryption / decryption with PKCS or
OAEP padding.
- ykcs11: Makes use of key metadata when available (YK 5.3 and
above), providing access to keys even if certificates are not
present.
- ykcs11: Supports SHA1, SHA256, SHA384 and SHA512 digesting,
plus SHA224 digesting for ECDSA signatures and for the MGF1
digest in PSS / OAEP, implemented using OpenSSL.
- ykcs11: Supports C_Login with context-specific user type. This
allows use cases that require both SO PIN and normal PIN in the
same session.
-------------------------------------------------------------------
Mon Jun 3 08:22:20 UTC 2019 - Karol Babioch <kbabioch@suse.de>
- Version 1.7.0 (released 2019-04-03)
* Add ykpiv_get_serial() to API.
* Add version and serial to status output.
* FASC-N fixes for CHUID.
* ykcs11: Fix ECDSA signatures.
* Make selfsigned X.509 extensions have correct extensions to match openssl.
* Security fixes.
* Documentation fixes.
* Try to clear memory that might contain secrets.
-------------------------------------------------------------------
Fri Sep 28 09:10:38 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Rename %soname to %sover to better reflect its use.
- Fix RPM groups.
-------------------------------------------------------------------
Thu Sep 27 11:58:29 UTC 2018 - Karol Babioch <kbabioch@suse.com>
- Version 1.6.2 (released 2018-09-14)
- Compare reader names case insensitive
- Fix certificate and certificate request signatures with OpenSSL 1.1
-------------------------------------------------------------------
Tue Aug 28 09:37:34 UTC 2018 - kbabioch@suse.com
- Version 1.6.1 (released 2018-08-17)
- Compilation warning fixes for OpenSSL 1.1 builds
- Fix length when encoding exactly 0xff bytes
- Check length of objects correctly before storing in buffer
- Check length of certificate correctly when storing
- Version 1.6.0 (released 2018-08-08)
- Security release to mitigate YSA-2018-03 (YSA-2018-03, CVE-2018-14779,
CVE-2018-14780, bsc#1104809, bsc#1104811)
- Allow building against LibreSSL
- Bugfixes in OpenSSL 1.1 code
- Fix compilation warnings
- Fix ykcs11 key generation to work with OpenSSL 1.1
- Ykcs11 compatibility fixes
- Make use of %license macro instead of %doc for COPYING
- Applied spec-cleaner
-------------------------------------------------------------------
Thu Nov 30 15:14:13 UTC 2017 - t.gruner@katodev.de
- Version 1.5.0 (released 2017-11-29)
- API additions: Higher-level "util" API added to libykpiv.
- Added ykpiv_attest(), ykpiv_get_pin_retries(), ykpiv_set_pin_retries()
- Added functions for using existing PCSC card handle.
- Support using custom memory allocator.
- Documentation updates. make doxygen for HTML format.
- Expanded automated tests for hardware devices, moved to make hwcheck.
- OpenSSL 1.1 support
- Moderate internal refactoring. Many small bugs fixed.
-------------------------------------------------------------------
Wed Nov 15 19:19:15 UTC 2017 - t.gruner@katodev.de
- Version 1.4.4 (released 2017-10-17)
- Documentation updates.
- Add pin caching to work around disconnect problems.
- Disable RSA key generation on YubiKey 4 before 4.3.5. See https://yubi.co/ysa201701/ for details.
-------------------------------------------------------------------
Mon May 29 14:46:53 UTC 2017 - t.gruner@katodev.de
- Version 1.4.3 (released 2017-04-18)
- Encode RSA x509 certificates correctly.
- Documentation updates.
- In ykcs11 return CKA_MODULUS correctly for private keys.
- In ykcs11 fix for signature size approximation.
- Fix PSS signatures in ykcs11.
- Add a CLI flag --stdin-input to make batch execution easier.
-------------------------------------------------------------------
Wed Aug 17 14:03:58 UTC 2016 - t.gruner@katodev.de
- Version 1.4.2 (released 2016-08-12)
- Clarify license headers and clean up YKCS11 licensing. Now uses pkcs11.h from the Scute project.
- Dont install ykcs11-version.h.
- No cflags in ykcs11.pc.
- Unimplemented YKCS11 functions now return CKR_FUNCTION_FAILED.
- Version 1.4.1 (released 2016-08-11)
- Documentation updates
- Add possibility to export certificates in SSH format.
- Make certificate serial number random by default.
-------------------------------------------------------------------
Tue May 17 14:55:42 UTC 2016 - t.gruner@katodev.de
- Version 1.4.0 (released 2016-05-03)
- Add attest action When used on a slot with a generated key,
outputs a signed x509 certificate for that slot showing that
the key was generated in hardware. Available in firmware 4.3.0 and newer.
- Add cached parameter for touch-policy With cached, the touch is valid
for an additional 15s. Available in firmware 4.3.0 and newer.
- Enforce a minimum PIN length of 6 characters.
- Fix a bug with list-readers action where it fell through processing into write-object.
-------------------------------------------------------------------
Mon Apr 25 20:04:14 UTC 2016 - t.gruner@katodev.de
- Version 1.3.1 (released 2016-04-19)
- Fix a bug where unblock pin would instead change puk, introduced in 1.3.0.
- Clarifications with help texts.
- Version 1.3.0 (released 2016-02-19)
- Fixed extraction of RSA modulus and exponent for pkcs11.
- Implemented C_SetPIN for pkcs11.
- Add generic write and read object actions for the tool. Supports hex/binary/base64 formats
- Add ykpiv_change_pin(), ykpiv_change_puk() and ykpiv_unblock_pin()
- Print CCC with status action.
- Address bugs with pkcs11 on windows.
- Add --valid-days and --serial to tool for selfsign-certificate action.
- Ask for password for pkcs12 if none is given.
-------------------------------------------------------------------
Fri Dec 11 08:12:48 UTC 2015 - t.gruner@katodev.de
- Version 1.2.2 (released 2015-12-08)
- Fix old buffer overflow in change-pin functionality.
- Version 1.2.1 (released 2015-12-08)
-Fix issue with big certificates and status.
- Version 1.2.0 (released 2015-12-07)
- On OSX use @loader_path instead of @executable_path for ykcs11.
- Add ykpiv_import_private_key to libykpiv.
- Raise buffer sizes to support bigger objects.
- Change behavior of action status, only list populated slots.
- Add retired keys to ykcs11.
- In ykcs11 support login with non null terminated pin.
- Add a new action set-ccc to yubico-piv-tool to set the CCC.
-------------------------------------------------------------------
Wed Nov 18 20:57:56 UTC 2015 - t.gruner@katodev.de
- Version 1.1.2 (released 2015-11-13)
- Properly handle DER encoding in ECDSA signatures.
-------------------------------------------------------------------
Thu Nov 12 14:30:09 UTC 2015 - t.gruner@katodev.de
- Version 1.1.1 (released 2015-11-11)
- Make sure SCardContext is properly acquired and released.
-------------------------------------------------------------------
Fri Nov 6 21:05:07 UTC 2015 - t.gruner@katodev.de
- Version 1.1.0 (released 2015-11-06)
- Add support for new YubiKey 4.
- Add ykcs11.
-------------------------------------------------------------------
Tue Oct 13 07:47:50 UTC 2015 - t.gruner@katodev.de
- Add dependencive in .spec file
-------------------------------------------------------------------
Thu Oct 1 21:18:34 UTC 2015 - t.gruner@katodev.de
- Version 1.0.3 (released 2015-10-01)
- Correct wording on unblock-pin action.
- Show pin retries correctly.
- Use a bigger buffer for receiving data.
-------------------------------------------------------------------
Tue Sep 15 13:32:27 UTC 2015 - t.gruner@katodev.de
- Version 1.0.2 (released 2015-09-04)
- Query for different passwords/pins on stdin if theyre not supplied.
- If a reader fails continue trying matching readers.
- Authentication failed is supposed to be 0x63cX not 0x630X.
-------------------------------------------------------------------
Sat Jul 11 14:49:43 UTC 2015 - t.gruner@katodev.de
- Version 1.0.1 (released 2015-07-10)
- Project relicensed to 2-clause BSD license
- Minor fixes found with clang scan-build
-------------------------------------------------------------------
Wed Jul 8 21:14:24 UTC 2015 - t.gruner@katodev.de
- Version 1.0.0 (released 2015-06-23)
- Add a test-decipher action.
- Check that e is 0x10001 on importing rsa keys
- Use PCSC transactions when sending and receiving data
-------------------------------------------------------------------
Mon Apr 27 16:22:36 UTC 2015 - cdenicolo@suse.com
- license update: GPL-3.0+
COPYING files says package is under GPL-3.0+.
-------------------------------------------------------------------
Thu Mar 26 12:47:38 UTC 2015 - t.gruner@katodev.de
- Version 0.1.6 (released 2015-03-23)
Add a read-certificate action to the tool.
Add a status action to the tool.
Fix a library bug so NULL can be passed to ykpiv_verify()
Add a test-signature action to the tool.
-------------------------------------------------------------------
Mon Feb 9 14:54:37 UTC 2015 - t.gruner@katodev.de
- Version 0.1.5 (released 2015-02-04)
Revert the check for parity and just set parity before the weak check.
-------------------------------------------------------------------
Tue Feb 3 13:43:10 UTC 2015 - t.gruner@katodev.de
- Version 0.1.4 (released 2015-02-02)
Prompt for input if input is stdin.
Mark all bits of the signature as used is certs and requests.
Correct error for unblock-pin.
Fix hex decode to decode capital letters and return error.
Check parity of new management keys.
-------------------------------------------------------------------
Fri Jan 23 07:47:58 UTC 2015 - t.gruner@katodev.de
- Version 0.1.3 (released 2014-12-18)
Add format DER for importing certificates.
Make sure diagnostic feedback ends up on stderr.
Add positive feedback for a couple of actions.
- Version 0.1.2 (released 2014-11-14)
Fix an issue where shorter component of RSA keys where not packed correctly.
- Version 0.1.1 (released 2014-11-10)
Correct broken CHUID that made windows work inconsistently.
Add support for compressed certificates.
Fix broken unblock-pin action.
Dont try to accept to short keys for mgm key.
Only do applet authentication if needed.
Add --hash for selecting what hash to use for signatures.
Add hidden --sign command. Should probably not be used.
Fix for signature algorithm in selfsigned cert.
- Version 0.1.0 (released 2014-08-25)
Break out functionality into a library.
More testing.
- Version 0.0.3 (released 2014-05-26)
Add delete-certificate action.
Fix minor bugs.
- Version 0.0.2 (released 2014-02-19)
Fix an offset bug with CHUID.
Do full mutual auth with the applet.
- Version 0.0.1 (released 2014-02-11)
Initial release.

204
yubico-piv-tool.keyring Normal file
View File

@ -0,0 +1,204 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFt0NG0BEAC0oU+vBj0VLB1LSmoqYO26esNXEC2nrMYthsbe/XkFLUJGlLi4
LoN8RDGZHUd4XMA2Ru3jG5t5M9olPOx8GeWpwOtVWOQEbi5UzSE7qGtVDI2duYm8
6rNfviwKsJ39yIJMXRqyzytxMN2GXK9oCuxhLVUpdTjAbVOq9Ojiza99dvpny7DH
6j9R+Chs/CufYDODABmCVwUxcz0C/g4VqymbZKv/2bq/llSE+qaNIyEUDD/6Qoz7
4+GDgBEafj3izQiLSW8Ho8Db9jgmwPYLNdJR7MWHQwloQgTCsg6zjZPX9dzCPPzV
AY038RbH53+6C5ZqarnPg5DznIp9LCW6rx8EH1qyvgXHSqi3rQflJoLPSzjPPGfN
GQLWtYCIThOWCkAQqF/QZ4ldcTbPIO3bQvNjM6li+T2FYzZ5jzT2A11AjwaVfC59
49pQ0TB2JxMyxIrN+9i403ES06vq2LXtDyqOoUx2ADlC3eIMsTGiK6iKkDW+nFoZ
gSXtCRynAywhemwZIfXSxhv3xlfTiuvvevZ/2Kdiw5OhWv3LTs6Yu7thN/FqM79S
0tNMdtdHDFHLZ1AvTzStjYkfb/6TgJ+CqhqDQBU2B32h5xQcUYE7XSHZi3GDSnsz
xa1rpQRc6oGOsHvtmo7Geffz46B96kDIjG8NkvPL6x3WpAD7EGijlp6AdQARAQAB
tCZBdmVlbiBJc21haWwgPGF2ZWVuLmlzbWFpbEB5dWJpY28uY29tPokCVAQTAQgA
PgIbAQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBB1zCLAFX1rvNpRKjyepwk2V
iOoPBQJiyevoBQkJNur7AAoJECepwk2ViOoPBgkP/A3GZsNYjaWER/yIwh91Jwpu
8dzKuOKHHcX0KuERmXTfwLyLChfzYKulXm8xaofXEbI+vuZ0frCydoRGwUWGOsAP
O80WIdzs2LINEpHxaR/UbaT3I86Umk+NKNFBSh1K7Kq/EylkN3qPT5hGiAepyWof
ZzBuY35JohaFId0ryYgSR5dVgjXlgpOPY8g8xOT8w+3Si2xTCPhQYHTjdM3eFObJ
ygVmB4ycitwtaAasLizBvMkTl+GV4YaVmtogRHUl2slBWaYIbYedaNzO3u4hQ7Lx
eXJnnyjIARbtgOBhEwmYd83MrpTETRjnvh0FiJWcr1b7zz8ChgqJVdNtGyuzHbLY
Vfzov2HFmWEsssUaBnffmOl1k2M0ZxgXhLq5xbcVbmpKY+xsNH4cETn3gjRhGZ1T
U44BJT/w/3XY5QusL/m7/UT/PcqZ6DdNqOflB9ohQzzwWyRfcMdRMZCg8m3frfna
oYv954htuW2d6iFK4tc+2uxHP6KEe2JmyUhnudbQQ5sKDGcBdFzQOD2bDqjoKfXk
KNfmvEdJ9H2Gzd7DZvd0CYfzVVErfZbOqXISI7sSwTWT/q55LXgT80Cf1G0t/RUa
6+2iAoVliE3xCJqyt/6J6ELNDBx1KlZyzXVJ9Xjznq8r1dvyHnNRVsZNCUBffvN+
l7Iv7p6MInHCzjzdnS36uQINBGFpjqwBEADomiJgkIPAnOz1zptmOP94smcCFmwf
/YgWuvXDlYqAktV1qeYyDT3n2HZ0gaBpXOftUdgd1QIhLGkglJfZvRbVbwc1J5oi
Wdhlvt48+BsakUiRvznqE3XjEwiRn8nOU8zwiCf9YjiRMBHXe4vXMlt/5XSl5CtD
YcOe1oPiuz7bru5JRcvVqk+jfMdFmNEd1Geijmz4ZULV1Bg8u34abgbmASHp+UAc
EijDwBR/08NLDhvmoQehLmaomUxRKHKHxZ5vnK0CA/cGbfm2JE/EzVy0ZYgV+ryw
EORFehapCDaWGncIsMOjLm+2BSu3LNz2hQGXYhp2Rz5jtTl7DIj0rjPPzmYjNHZt
Fq6tYMEIv8E9Urc169vJeQLNYzF8fFhfYn+DLisqfoi3ZqQsR4XqpLUTHr0Q2/f3
RYrIUv42xlSsWNP5C3jW7RB/Lot+m4vRLfQlkkea6hfWbE676RFJso+wE/LdJBVc
ydHi+eLC3R/KXn5TpPnlSoesVpBG22yFppuu64S8zehAiaCmyiWsn4uX7Aj6JIzR
ee0ShuIPoT+fYZpqlSJIJq6VFaLtTvzANIUZl/3uHHnBsWLnweQYoVEGSTN4gUso
wygDPbao92Y8/IXTYnvMZ2MMerDtLcNJlFsN9C8CCdQI9s4DRuggmuhjfylKADTl
Ot8qJPHKaEYWowARAQABiQI8BBgBCAAmAhsgFiEEHXMIsAVfWu82lEqPJ6nCTZWI
6g8FAmNhJGYFCQPYyTQACgkQJ6nCTZWI6g8Q8BAAk2yYpPyQFzayg1k5DSXpmBDI
pKHlFHjXEcflp05AxFmlXzYOXUC9TgiVoQ6EmVxo1Lvc61Xj9FTE958ZBXoYC0e0
igwCbeu1vEaM+ZG6ruETDJFVQZgIaK/xK4137teZ/S3vN1iWuLMergfN1ig0hoh4
6fsDEw6Jb9vNCefbrfvjqxIGNZupoOzFZYgJG60M3pCKlbShtZoPGIzHvk8g8BRn
1jplIKIGEQzA1bi7+M+0eAR843YnFh7UWIMH1MiO0jN8X+C/JZPj1AxpxJRC5iOd
7cR8XhLSypHBGNgWHnl41jxY4Yf4GjPziM1MUSrxivhSEMz65hxLXOYZpQkBZBtN
3FhUQXjEKWe5r7cU7BATCosij5rbZSCfPyX7D2MqKE56JVaeR3ZQjliNCnTujVHd
NrR8VRMpJpv20AEXX6ueDdHpruBSh7hE62965VFUt48pYLmg+WEhFKWy6COkcj7w
5YyDhNwr5XEOvVN+NealkzfCkYa0KvbSonapNMP3mna17MsdpXnycVjLo2ZSx7ri
xkBAor1oHjhc/eixDp/D2KE/UxsD2qBECHndsa7tnJCjaJ1xRkuQ6c5sGZnP9Yxh
WJcBYphXg8hV5Lm0lcxLAvRl42GDBKFtLN4g3JAA8UGAejdaAtXu/oyBwplrClwj
y29S8wF1LHU4fjJQeEW5Ag0EYWmORwEQALBu6fR1fvMF2FJn9atg12ZbxfE+vCie
tZitECt/Y2IBbh1K43O0LCfH55b1g52Zh6ePUGQ4xJO4m6iZmuVxMOiFvr6+hxdO
tO+VWXoJ1e7d++rtAhzHEpJPsRPQjWM5fhrG/NU3yuKe1W0G1mLZ3LdSVUhj0oLN
dVZnh8Sgla/xvSrzFcwPUxAoy0Hycu70JpSNmucivmiWelsXAW8+++Xy2YwAvL01
UUFiUkCVOJMIGI+vsrZQWtzMyklOYLLqI7XYPtQQrGo8G4fjfkRN0i3mndQGo2eY
lrjVH7E0AAUmTl9Z0JEMgx6N2JPvKVV8YaiPl+3yYTvNUi9eJyTSYISTRncmahaO
1gtAjeTYFCh264dXcjLD4g2yQQONE9Aj7jdX3L/qpHKiCJXtwTdlIYjM3gZW8mbi
IG7gFzPVS2h7MK6/GwLyIgZ1k42EZ8qAMVUr9RN2uU4gRxjr12YiuLhk7SwOxji0
Tklydji9IlHpW9vPjM/xbYqJc8hm+TLGAgGx69eLrXLiKaVECtV0f5gVTuSygnjq
vvfZQ91ucuv2tWCXtHQYLFzn1QXuYIOmAAgFnWsoqm5T3tvgAQvC0SbTFi1jNxtx
tvV8TV1s1zGUOLHjZwpDevoOcvk1pvbpAr/CUQcKpvAafqr4Gl+Y60eMR2otYUSw
8gxv8wxEsK4ZABEBAAGJBHIEGAEIACYCGwIWIQQdcwiwBV9a7zaUSo8nqcJNlYjq
DwUCY2EkYAUJA9jJmQJAwXQgBBkBCgAdFiEEqM4WeRTu4jK5I3tUEMrEli4Dx8wF
AmFpjkcACgkQEMrEli4Dx8y3Pg//UGxB5ABE7dn3/DMj7vqqDWvBvmJTw4Oj2FiI
yt8mSBT/TkNRheRljhn0K5h6Dow+Khyc8EzKRpf/XaW3E6ucAPXkhvO/eL+NTXVu
u2Hwnik+LE0xG88q1Dvhnt6zt82UoesHgfxp5d+VdVl8IRIrSopwlfMF1Aee/+aB
HSQw5gusr43gKnP88OsEB7YB6P6aL67ZXtExgnV65fl1R+cAiFHCNlGrJGGRQl0Q
OY0PtWJSqSBtYy38QnMfjxH6V//JcvBGs/akYKo3saLHfeknnyeR17YlZO42F14d
nDPbVLspmeFFki2srODz2dqP70akvxarC66mXQIcYAIR3KcbEvTLJ2L+4fmqkmy/
9/jfmGK0ikVWc8S04AB6GyqJ/tS+eO+bmBqdbJsJ3ZLMtMPineXXgaVAlDg/1hAF
jizMdwfaTpa4Spglce6sYv19vdt21dgEYerdAmH2Wmx6W+3gY4pAKExrKRRGLwki
A6iDX/xXk836By25opnAHs2NrZcKFEAunx7PICbWOjhz/xNWVWv7oVRI6BJPtGnJ
YL6pE0TXE1AOByBVCy3YQW3dH58wP0xM0SSbSuVb/eRGnrEozqjjFLZd4t6Z96l0
pJXgoob3jCiEaGV9a/LAcWWwgkyXukwWJU3GUe8xX3LN161AVezV8ZYDDDrwxJr8
dTTuDLAJECepwk2ViOoP90QP/39mKJXcCpGhLSePFOrfzXSk8V1m9iNSGm6ecLIi
uuNqDRGzzPYEI5FA0Lbd0ZkfaOtx7Lj1d66KN3xD/VgEUsqeDz9HSjWyRgwYVcjz
vCT/vLWeaokq4Kc6bX8u+8JRBqLHi6c1i99hF4nIEITUZESoDdDP4sErRaY0tHLB
d4RK57khScWxPYXHthpLn40Lh8q1+6IHHM0iBCbx/cTZfH2Beh7/s8/njlKSh6ro
dhjT/Cy5Nzbh9lrgTrxqOGAyF+pT9XpbwrSoKQNp4IKXd7Zj1kp9mn/QjXtLxiA8
iVfDX2yj6F4u7Pa0wqvULz4V/tgw9aJKK+zFKOhHdkEzLxe403bRRJSUf2etXuxk
1PR4EM8o9FOQ4gNiHs+p2VI9l9DhoYHK/YHJxYqtnnF7YXfeyDUwF25cE+oOu3SU
i/yED2xOwhC7+DAUqoGkleWh+mT0kLLw95Py5Cxwbr2moRD8+vJQ/Rniylax17iK
ci/bSO1f23SXsL0ezdiqWHaVq97MKDmv6GP7P8yjWrToe7Z+0tSbqZ/JVSjokU1X
+nQRs7kqqo8728boN8tMzjFrd50Iqc0x9tR4FW2dPWGK5jeLrUvOAl71NYltLI5W
qgqcCxSWnm544fnpTicKW/qR3QR2gATDRL0+jMmgDjK461Y0YJLq0GQ3d/NKYxaq
lBYIuQENBFt0Rs4BCAC2ypGR7OUEkNx/uBjfGXj14p9yB4KVf70fkf4kHPWPHgj/
0te6/on04gUK//1PeWkrU49jDzqjHfZGz7rAhesJIRRQg8DDzCkb6e9UbyVZqO2X
GXhFhYt9daxJbMV/Fx8Dk3JZnN1mP00pusyCVrGIUH/hbIf5uJD/nRajTRuu3AZX
j9J0GO1nltk9Vw4JW3a3DEuIezxq0iv2h8UG0YbmirGMcdOg5CORed4r5Ip7ZGWz
423MqjKthc9zqk/b6vLSJTq8a1l7dFEBclFSke+6ut22wMpFwD+nxi21odw+wgbt
DjGELLKR/qDcgm3C6gZMEIj3pWhjNh4fZHmLDJJ9ABEBAAGJAjwEGAEIACYCGyAW
IQQdcwiwBV9a7zaUSo8nqcJNlYjqDwUCYsntyQUJCTbadAAKCRAnqcJNlYjqD9jK
EACvViwGhn58TcwcBmCFr92UIB7SJwo9HJZzz+mQURuknCneaIRp3yY5XmoK0lmB
/4+lES3hw2V8QxpCjNOiXx45vaKoHePMIxZcIRzB/+MscHQE9X0JLeXGauPXQSWE
maOBtmFERVMwqFP8F2Vc7m3JGxiB7SLNu6IEZ0Wls2YJU4Y6wFr1/ke2Dt96hEW5
ICBge+AYNZqDR9KbdjxZ4vrVm24YyurH88+4i6ccMzIjOoY8vvLCNkDFCHyxUcup
aFF7J/zIozzERikPG3nfglb4XQIGdAJAii/YdP2tAvjYkAEOwJ7tgD5bVxi7kaiA
/Z8Q4SZiBU2xrDbUv+Sk4pwh4RshDEgcrIUmuHE8qnlX4JNvy5RmkDTqqWIKRsOJ
qMbzHMAjWBzBs0Boo839rq0qw85kPCgVG8R0xTyHFeewrUuGha155ClavbUBMy/W
pbyGWqr/7530q0o7LvmhDDuQVC++D8MTFGIQBh6pLwZ/TnzS4OOdshPLPAoiinV3
dIkzyxm4sGgwK37tycPJdbQfhTca9zHUhekevblwOF/OPr6L0vUOzFTel4B2gBmu
3cPH1qCLcLEyLTGGDfrKcvWtFmFsSMR2hsJt/o1hF8Wrq/g1hh7dGmuo44ZWh81B
im0kMq7NMVRYz9GrQ8HmCAAi825hSsbMyKpVA3fgP0HcR7kBDQRbdEaNAQgAqBap
TmJjnBe9R2wt8syEwna9FQB8XXu2XzjPVANyAatcqchA0za46LFaf4iSwuoNDOaz
i9luCfiTQjr9ZuEVtKB7qluGJbTtt5EoOEVuKAwWQmK4tLGo6MiOAASZxq6JDopy
FU6wnIMpCkA4adfCruaerY77br/J2ZS1aHfZuS7DNqA/HNvT/JOoQ+Y43FzN5au/
aWOYa7EOZJ8oE1mmSWT8UouKSrAswZc6gBO7lkP+Ug5iuWE0cOOuC7GVn+rl5Rdz
JNZkftSwheEy57nRimbJIrvK7ZCbK4isar2nxTwiYDCnDpqz+w/m/D00pbVxNo8U
qLkhnwpr+KQnHg+yEQARAQABiQNyBBgBCAAmAhsCFiEEHXMIsAVfWu82lEqPJ6nC
TZWI6g8FAmLJ7cYFCQk22rUBQMB0IAQZAQoAHRYhBNCO0njlUp2DKgOXoMrBdLic
j8OlBQJbdEaNAAoJEMrBdLicj8Ol/TMH/3XFZRAKJoDcRx6Jvt8NK3KOVl9wkV7X
Hq+ZX2Jd3yDmVxWNz45gJncMbYF6QSEbPiNp54HyP2dtu+d9ovvPo3aP7o2c8DeS
x3K9vxbN69C5y5JO8jODj0SSZGSLePk3OGNKacpDm0asn6e/gLAFbMudYEySWTFu
XWyMDKe3WSm/AZNiUiV1HIlHxBxeNYGD1V4+e8uSzI7vtOnyWPjR4pdL0Z2yT68i
apfdolbBOYdJ1tfXcSxCtjAELlHeWixn5Okj/yCcbzKF8Wv0YKPfzbQ4iORCvgTv
6oiEXk+RGMtk8i/p2v8Duzu2dh2GLsrWZD+sevWgxkNGKwXuIpS8nYMJECepwk2V
iOoPV0cP/AkqV944sK5WCD1Yrm7i+U+EqnkFshjDWmIy/RDLDfCbTXh2sLk7k7A3
ULJ+G7Tk1y9MzH18GSLBiQboYqHSmciaZilgGvWuRhP4lLfoHESA0oAYWrlx/C5c
3bCWXqenF9DkZhOPCKnVZ1dHlYDkk2swRlLbGxbyPNk4ne6nDmwMeuv8pPls9s/d
tX+2KQZNFr6voXTgrx6EwM8TMhEyRdmNdQ1gvfdAigT8l9mpMmzxKMslWPfqS5Ld
cF4JpAAOfbkyk68blnirkPkJnnrFxWgsfCQNrYFchXEzwKFTBMAbAwsx5ouVrMk5
weQ2y7Z720Z15GasLligsseCYUogJ9qWhrbh/DCbLXJaXyloeCujuKYy+J0q34I+
XHFQNjS2mYdq40M1ViSKKMVDAOEhFIMLHKgn0uGB+a9C9kcf5LUxFyF82/VNSGaN
/en09pJFkDIM5B9qTVxJbEhPX3ZjhV9NuNN/fqef3XAbGm2OHUfEQKuzTUZESDVz
Ee/+551uE3BSPHWWF0agcJp8Ez742GA9wysNrWPQN6FgBiouydpVDSyzCcC7EgE+
HpZji9gPa1oiHb69R1hhSoYHUMPkhMid/uEWVbv4bzgmSuZQYQd3mSzXkAwGTPH2
yoJGZlSQHLZ8k5cNadNUy+ED9pacdyYwPzMLikscKhBYdaTW+tOOuQENBFt0NtoB
CADXgqAQlChK8VMHg0L3U6FDPyWGtiYzWpOL33TgE4jh6enEcD4QyI4wHf24crgf
RV8GomFb4/enolI0rzsZt0DBGezNATTMN0eORibkhpFt+aOnC/lr79iC3Az/SrvO
Vbc32hBILIw6gqO3z8XViBxzVniXA7ulR1Fy/Bjh9lV16Y6ynOlBD/OwBg/XC+mn
leKqG1L1E70ejSer8WiJqHQ5I2u88NBgrmD3vvY9ZPRNfcHu6EB3bE3LITMFVM1V
MB4jNH63H7NnUK/UZqty1q7U2jnASD2LJgEscAXioRhepD4W5L3mGibEaZdg7sY5
1+eTzRHFniy24qBaQgkf5hBXABEBAAGJAjwEGAEIACYCGwwWIQQdcwiwBV9a7zaU
So8nqcJNlYjqDwUCYsntwgUJCTbqaAAKCRAnqcJNlYjqD90gD/9yksvphfQDIZHI
LOEcPqV4HzIZpuGj6lgE6fPPD8ENQUZdgBJmbVJBtEP5wztrdL7Y9/ZLh+xuzHCo
JpoBz0dqiYqktUVQBvPP4KZ9j7JueWxRJsf7Ffre139oS88lvRzXRATWYWobvE1Z
M9pMfp0apZHAKeCEy1ZckEJgn4rYX1qkXlBoFzgqcMYbKpPPWiQC54yvHB+3C2uc
Gau74VnzEMFMfnr9M5WxkjKdnCfP1t+meUdtov5zEoQLNMRWXM53f1PJFlXIL3vh
wxXmJw0ZkjpE/pBA1A+sB1rYv/pWCW3aPi9l36IY3bXoyeahT/CwxQGDzBz9s9dg
guj8olWXo1HKEEbekpWPUiVVLFtSDDlcWqwxThan61fWYIak3W3oNbBw9fqEIUlE
F5IvkWEN64r6k0TfUqzW7i8+B+dNGe9WE3frGP6cTXITPFxpbJj4ou2/NbIFS+U3
JU//7k1Wa+Qx73/C2eDxMgppR8PjMFz6RnDH3S1NkGT25z6E8PcaMo69XW+X1GqF
7mCokfJGntmlb9xhlUEUEuZz0O8MyjAEugLLP5DHlfvGK6jERZaJ/za3jTedUYuc
qBN09JEUIlzUF8SPDFLYPYisg8vtNJmRBd7KP/z/unhem51+QRJBtlYHYDyCDc7Y
4SDB0MtL8MzmK/kXuiiD0S9ARMwHL7kCDQRbdTd3ARAAuKPbjBFXv5rnvV6uXGfj
Gf73Av3YPcR1eWES15Whnc9DzvKnSQr9KFlv4LqEOlNFK3xNGZZ8KJ7Noio7EHv7
W4lpB6o1JK4JZJXzldrncg6u1PY0QWZxLjALdcWCUF2uIjKGyIIId7a9/QnTiXvb
WL9EAYWo2P61uC6qAG0TVRMWSebonYX0PBM7Osr4V7Jw+3dqeZ/uLpFq3vtxAQHL
efSqDZejaqVX481oEMfUDyLSgBFkApW6773LYN3XXowqX3XGVRnn1VS8CqtFqQuT
Unt+XT2XxcgPnZXH4+IjjQEiTJaP+tIRf+tgTw6qNzYtV/oMUQoTHVJMiAN1nyOs
+gU7dcL1XOiFjEDbvyyOzdFEs19gd0mLoQNb7tQ9AsLMlZf9H4B/AWBT7iIUY8hF
S/MYwiwrXyblfQPhcWxGpGxTFcy1CGquBy60krq03KlwQAd3tuGMdZld9AxIF/A8
nAEP9AqzvX9/MkMKEKmYqVuEPnRzVXWuLo/kpKbhlriUIJRP4qnr6e3fNC1qDSy0
Bcag0lScZJ+wrK+yJhK8HK3ZuvuZGzjPWbhrI4yAc0JWJredE8SbQpxGERq9E12u
vB6LPZ95FRZwHb1FiiF/qujKnvGwb9Lykqda9UZXMPu/KLTjpzXHzP6o2mzRyeHb
JMQCrFKGFK4Rpm3O6KVEjdsAEQEAAYkEcgQYAQgAJgIbAhYhBB1zCLAFX1rvNpRK
jyepwk2ViOoPBQJg70FGBQkHWz1FAkDBdCAEGQEKAB0WIQRw1xRfLzXEdFUBgpob
IVePxGhr/gUCW3U3dwAKCRAbIVePxGhr/rGUD/9O+uq0Vbx3tbszbPZUs5++2xd6
3QXR9aTP0ixoxTu5eOc29KdkH4IZWb+tCZVPabLLompxq0RchJnxstOiZPG2w23k
hxrsG6ddgdFEJA6nCksSYbZazK1lMKyfSiOsy9DTebHNSHJw/+m9VToadPLdpxX+
eh7Lh37W0haaypbcg81n3xy1UyK7T9OdVK6WVU1KEWpDOivYvOGKQ+SZwGf1e5PN
odmHZ7HUh7p4ueXxTiXVWhjqUHxMshA7lA3yRBpTdgbi7V238uvP1MqvDGi1RHvB
xzeMBZLxG+Jo7YNieujhXzjQUxrLg4JRlB1r2WU3JZ4YVmt5FOmTHkiNPOZ+zZ1O
pXNtyfNGoNKh6RVlW5JraWeQJTEgBu6JprbFD5/tBOJo5DoTSGoqJUh9cwe1Omwp
dO/ZCP6se7EeCo9JahYqtfOFb2ZotSynPxsWeeklmHnmVlQHo/npczIjwyJ5WNYw
rctGYtn1xFOUQ0mKIDOUxeOUd+U3FYKMAVV97uFP071GYsAi1Fq9kK2SXJR2XP2U
4Xqs9BnS6/FLj0upIrQYf1EW6DGbCRT0vE8hitTA1SVCyDImBeWU/mEnS0d4eoj5
+6RfjUOD7B9Ne6QdmbWHqh75KJ280V9tpM6ZPFyU7p4if8fLuj4OzoZnzkjDLrxr
pbK7VnLgpMDcrp1ImQkQJ6nCTZWI6g+c8g//UaG05Mf4JsHdEXB10GMh+WevzFlG
8VsE0aKLAV7Z3NdDwo0rjH6U1I2zVD4ON81YZ9LkucggYTsvPfuBmCq6l34XWj2u
QGOirgJ1IiDx5wv/xiYOr4gXu8poGV71iGNdNHM4K6leKlRzpm0QXKBkzrrMxG2j
W4QMHtPW4QBHGyELAWpo46iVBSTSSyB7/bPMY4SWZ+RClLs14/2+/08yZXn8hVUN
qT9QZaLzMQsNJjK23J7o9iWIs3iUOQQ6k/P/8lxikZUQSKley4rVm2zv7LLu56KG
Jhl+QKNtNhCdQcowIHVbPIBshT9v8f6I5nV0fexhbDSQnj142EmiNxkYXrHqu+0m
ScBU7vMonSTsALceC5oQPVJM7KbePpdrlWxEkw2bM47L9xyk+j10hlIZN2JG3qgl
4SHlfredosUvvuZhIasasqOV3OXmqwp2aDR5g/uQXnFUcfeHwSDxt1no44d8xbkI
+R8TO3VGDN9IwpBCiu9HkRz5Sb3J9L0zcfBQoUqP1HRaccaCukELpOx4MMhBVNZu
yrDFDTucoP+dVPRjCST/qdChHKll3dWzcQi1eCj4XzJ60jCPmT4ktVN8vlppeb+o
nrtjiyvKesKl7axipTfyNpioUUKeWm7sk+bAzja0wNgPmHgHFn4mouchuC1Le5sR
eRFIb5Qgl/utTz+5Ag0EW3U4kgEQALmVbqZ1ETE2BbFFsFioPeK3p7k3UBX0ZT/n
IczPJe4bEGAHYf4ItxHgIXjBTj+QfXVHlQVObj3twj21YgKKATR8b9M2gP3pPkLf
eVOX0VYjY8skBqkoSm9dxKmep8vFyEhloYfAsEhcyyG4f71nn0io71V5QiOU3sic
EUfjiQsErdB59e+PPpVUcjp4yO1dcrnIKZno3Ag/cuCAVR4kPb8sVgIcdqeHzkJ0
2NLDOfEDIYLMYjLQK4dD/dROG9yq5M9hxaQs8LqXe/Os83UDzyir8HJehsfmAUoU
GQYfiPC1NPknj5A07UW2HFkU2cVAUuLomAgAtS/qVEMJemeLPRT1FrKN4IXHCVP7
u12+5XSEWHqPEOoFy67h9HUA+SdRNmbgHUxXHFFkiGZaL8HK/qT7OwT/PsdY+kqB
7laySxxUTOq4A0hupb5pXsgZ+/Wkrcdov9r9FP9Pb5T8Elo+jHyxXHBGgzfdC9Vm
ioT2ZG38d54RV7rGbOSRc93OWO+1TMTpmlcibYHBKq85UPPXxufWfJgEtYtELo6S
Z/Mm1e9fcCOY6laKUQgBgbc29dFYpOLNm+XSR0vJNbXglI3FVuscOf+pPlyqIRT8
KpQ52XvcsAbfPISPNW9De1vNrnqEKjTWjKKDER28H3ak4SMk4R25CrPKkHjD9hlL
Bt7zOK1fABEBAAGJAjwEGAEIACYCGyAWIQQdcwiwBV9a7zaUSo8nqcJNlYjqDwUC
YO9BSQUJB1s8KgAKCRAnqcJNlYjqDwNpD/9kchmspmi38JMl4QdDtgiagDTx3qYQ
LcB+8yLH2s/XhgoinGhaeyxQ8bAIPn9U66Zru2Fk/5TjBub6CYEOIsnQqR6f4FPz
9bOdPS4+3L5IB1KbynUUyRX6iPKvq378ABJHy4VubKeuSLFTDWLYaZDqmgKhsjJE
GQYXYSn5oFPgqZ7S4MrC9/ezclIcCotitNf6qZD0+AyxiKqtRVJv61YM34f5vBky
facsrGdE+dg8qR4ckAISZWLKu2KbDoCcG2KS5P8oq/f0fYT+E/kAHwoVKtyZfw9b
9EmGEH++QmsloCybaLTMEOF1Gj1Xu7pdQGS1ERt+pHU8fI3Wa81flM/DKUc/VH++
pQSulcySUh8Mtl1cwZ6C0GSDy0D42FGWun1Q33gdDYBFhMVxySWL51BXgfHKiuX9
ZFz6QaE6+Hom0SR5Mcr+xehFeLLDMd1aGOm4JhhMh/AbWXelMdO8nv0Tny6U28FY
EJdvc1vNCCw1nmw9xzU+15CE4o28Afyx1HLuSTRhlVa0xzKyoo7G1w7xfYKdSo+r
kdfdCmHcq0jYhTyJWJwTtffqQS4dxkt+mWpOY+X+5JiBM7WQFMrwnlO72QnnDPj2
rlgJ/w6peHvxPUPNJFVRfmmub8Cmq4BTTbUKwwLOEU9ghBLnXnre51ltZPF12c10
W+dOfr3N9/d1zQ==
=kpxO
-----END PGP PUBLIC KEY BLOCK-----

127
yubico-piv-tool.spec Normal file
View File

@ -0,0 +1,127 @@
#
# spec file for package yubico-piv-tool
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define sover 2
Name: yubico-piv-tool
Version: 2.6.1
Release: 0
Summary: Yubico YubiKey NEO CCID Manager
License: BSD-2-Clause
Group: Productivity/Networking/Security
URL: https://developers.yubico.com/
Source0: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz
Source1: https://developers.yubico.com/yubico-piv-tool/Releases/%{name}-%{version}.tar.gz.sig
Source3: yubico-piv-tool.keyring
Patch1: pthread-link.patch
# https://github.com/Yubico/yubico-piv-tool/issues/474
Patch2: cmake-flags-upstream-issue-474.patch
BuildRequires: c++_compiler
BuildRequires: check-devel
BuildRequires: cmake
BuildRequires: gengetopt
BuildRequires: help2man
BuildRequires: libboost_thread-devel
BuildRequires: pcsc-lite-devel
BuildRequires: pkgconfig
BuildRequires: valgrind
BuildRequires: pkgconfig(openssl)
Requires: libykcs11-%{sover} = %{version}
Requires: libykpiv%{sover} = %{version}
%description
This is a command line tool to interact with the PIV applet on a YubiKey NEO.
Among other functions it supports, generating keys on device, importing keys
and certificates and creating certificate requests.
%package -n libykpiv%{sover}
Summary: Yubikey NEO PIV applet library
Group: System/Libraries
Requires: pcsc-ccid
%description -n libykpiv%{sover}
This is a low-level library to interact the PIV applet on a YubiKey NEO
%package -n libykcs11-%{sover}
Summary: Yubikey NEO PKCS#11 applet library
Group: System/Libraries
Requires: pcsc-ccid
%description -n libykcs11-%{sover}
This is a PKCS#11 module that allows to communicate with the PIV application running on a YubiKey
%package -n libykpiv-devel
Summary: Development files for the Yubikey NEO PIV applet library
Group: Development/Libraries/C and C++
Requires: libykpiv%{sover} = %{version}
%description -n libykpiv-devel
This package contains the header file needed to develop applications that use
Yubikey NEO PIV applet library.
%package -n libykcs11-devel
Summary: Development files for the Yubikey NEO PKCS#11 applet library
Group: Development/Libraries/C and C++
Requires: libykcs11-%{sover} = %{version}
%description -n libykcs11-devel
This package contains the header file needed to develop applications that use
Yubikey NEO PKCS#11 applet library.
%prep
%setup -q
%autopatch -p1
%build
%cmake -DBUILD_STATIC_LIB=OFF
%cmake_build
%check
cd build
make test
%install
%cmake_install
%post -n libykpiv%{sover} -p /sbin/ldconfig
%postun -n libykpiv%{sover} -p /sbin/ldconfig
%post -n libykcs11-%{sover} -p /sbin/ldconfig
%postun -n libykcs11-%{sover} -p /sbin/ldconfig
%files
%license COPYING
%doc NEWS README
%{_bindir}/%{name}
%{_mandir}/man1/*
%files -n libykpiv%{sover}
%{_libdir}/libykpiv.so.%{sover}*
%files -n libykcs11-%{sover}
%{_libdir}/libykcs11.so.%{sover}*
%files -n libykpiv-devel
%dir %{_includedir}/ykpiv/
%{_includedir}/ykpiv/*
%{_libdir}/libykpiv.so
%{_libdir}/pkgconfig/ykpiv.pc
%files -n libykcs11-devel
%{_libdir}/libykcs11.so
%{_libdir}/pkgconfig/ykcs11.pc
%changelog