Piv Go Versions Save

What's Changed

• piv/pcsc_freebsd.go: fix build on 32 bit FreeBSD by @clausecker in https://github.com/go-piv/piv-go/pull/107
• piv: allow PIN verification by exposing VerifyPIN by @Quantu in https://github.com/go-piv/piv-go/pull/117
• piv: support RSA PSS and add test for TLS 1.3 as a server and client by @ericchiang in https://github.com/go-piv/piv-go/pull/119

New Contributors

• @clausecker made their first contribution in https://github.com/go-piv/piv-go/pull/107
• @Quantu made their first contribution in https://github.com/go-piv/piv-go/pull/117

Full Changelog: https://github.com/go-piv/piv-go/compare/v1.10.0...v1.11.0

What's Changed

• Fix build on OpenBSD by @qbit in https://github.com/go-piv/piv-go/pull/101
• Fix typo in README.md by @jmg292 in https://github.com/go-piv/piv-go/pull/103
• *: clean up actions and address all staticcheck findings by @ericchiang in https://github.com/go-piv/piv-go/pull/106

New Contributors

• @qbit made their first contribution in https://github.com/go-piv/piv-go/pull/101
• @jmg292 made their first contribution in https://github.com/go-piv/piv-go/pull/103

Full Changelog: https://github.com/go-piv/piv-go/compare/v1.9.0...v1.10.0

Updates:

• Add //go:build tags and bump module to Go 1.16 https://github.com/go-piv/piv-go/pull/97
• Include attestation CA for some 4C Nano YubiKeys https://github.com/go-piv/piv-go/pull/91 (@oreparaz)
• Support parsing FIPS form factors https://github.com/go-piv/piv-go/pull/98 (@deuill)

• Attestation now includes the key's Slot #89 (@jalseth)
• Document support for non-YubiKey smartcards #90
• Document PINPolicy for imported keys #84 (@jstasiak)

• Implement import key functionality #83
• Support added for x32 ARCH and other 32 bit architectures #81
• Add method for accessing retired key management slots #72

• Fixes for older YubiKeys that don't support attestation certificates #59
• Add yubikey 5ci form factor #63 @xoebus
• Fix retry errors detection on some older YubiKeys #64
• PIN policy can now be specified explicitly instead of being inferred by the attestation certificate #65
• Ed25519 support as implemented by SoloKeys added #69 @nickray
• FreeBSD support added #70 @gonzoua
• TouchPolicyAlways and TouchPolicyCached variables now correspond to their spec values #74 @joemiller
• cgo now uses pkg-config on Linux to discover pcsclite #75 @rawkode @philandstuff
• ECDH support added #80 @tv42

• Fixes for PIN prompt for PIN policy once #44
• Attestation certificate is used for determining PIN prompt strategy #50
• Connections are now marked as exclusive #51
• PC/SC errors on MacOS are now reported correctly #54
• Add support for Windows #57 (@tobiaskohlbau)

• YubiKey structs are now exclusive, you can't have multiple YubiKey structs for the same card open #39
• PINPrompt now works as expected for PINPolicyOnce #37
• Attest returns ErrNotFound if the slot hasn't been initialized #40

• Fix panic on certain signing error conditions https://github.com/go-piv/piv-go/pull/32 (@dnesting)
• Add ErrNotFound and AuthErr types https://github.com/go-piv/piv-go/pull/31 (@dnesting)

• Fix slot object IDs and add management key slot https://github.com/go-piv/piv-go/pull/30

NOTE: previous uses of SetCertificate for the SlotAuthentication and SlotCardAuthentication used the wrong object IDs. This updates them to use the correct values, which may cause breaking changes for previously written certificate. To migrate to the correct slots, use:

mk := piv.DefaultManagementKey
// Migrate SlotAuthenication certificate to the correct slot.
authCert, err := yk.Certificate(piv.SlotCardAuthentication)
if err != nil {
    // ...
}
if err := yk.SetCertificate(mk, piv.SlotAuthentication, authCert); err != nil {
    // ...
}

// Migrate SlotCardAuthentication certificate to the correct slot.
cardAuthCert, err := yk.Certificate(piv.SlotKeyManagement)
if err != nil {
    // ...
}
if err := yk.SetCertificate(mk, piv.SlotCardAuthentication, cardAuthCert); err != nil {
    // ...
}