v1.11.0

What's Changed

• piv/pcsc_freebsd.go: fix build on 32 bit FreeBSD by @clausecker in #107
• piv: allow PIN verification by exposing VerifyPIN by @Quantu in #117
• piv: support RSA PSS and add test for TLS 1.3 as a server and client by @ericchiang in #119

New Contributors

• @clausecker made their first contribution in #107
• @Quantu made their first contribution in #117

Full Changelog: v1.10.0...v1.11.0

v1.10.0

What's Changed

• Fix build on OpenBSD by @qbit in #101
• Fix typo in README.md by @jmg292 in #103
• *: clean up actions and address all staticcheck findings by @ericchiang in #106

New Contributors

• @qbit made their first contribution in #101
• @jmg292 made their first contribution in #103

Full Changelog: v1.9.0...v1.10.0

v1.9.0

Updates:

• Add //go:build tags and bump module to Go 1.16 #97
• Include attestation CA for some 4C Nano YubiKeys #91 (@oreparaz)
• Support parsing FIPS form factors #98 (@deuill)

v1.8.0

• Attestation now includes the key's Slot #89 (@jalseth)
• Document support for non-YubiKey smartcards #90
• Document PINPolicy for imported keys #84 (@jstasiak)

v1.7.0

• Implement import key functionality #83
• Support added for x32 ARCH and other 32 bit architectures #81
• Add method for accessing retired key management slots #72

v1.6.0

• Fixes for older YubiKeys that don't support attestation certificates #59
• Add yubikey 5ci form factor #63 @xoebus
• Fix retry errors detection on some older YubiKeys #64
• PIN policy can now be specified explicitly instead of being inferred by the attestation certificate #65
• Ed25519 support as implemented by SoloKeys added #69 @nickray
• FreeBSD support added #70 @gonzoua
• TouchPolicyAlways and TouchPolicyCached variables now correspond to their spec values #74 @joemiller
• cgo now uses pkg-config on Linux to discover pcsclite #75 @rawkode @philandstuff
• ECDH support added #80 @tv42

v1.5.0

• Fixes for PIN prompt for PIN policy once #44
• Attestation certificate is used for determining PIN prompt strategy #50
• Connections are now marked as exclusive #51
• PC/SC errors on MacOS are now reported correctly #54
• Add support for Windows #57 (@tobiaskohlbau)

v1.4.0

• YubiKey structs are now exclusive, you can't have multiple YubiKey structs for the same card open #39
• PINPrompt now works as expected for PINPolicyOnce #37
• Attest returns ErrNotFound if the slot hasn't been initialized #40

v1.3.0

• Fix panic on certain signing error conditions #32 (@dnesting)
• Add ErrNotFound and AuthErr types #31 (@dnesting)

v1.2.0

• Fix slot object IDs and add management key slot #30

NOTE: previous uses of SetCertificate for the SlotAuthentication and SlotCardAuthentication used the wrong object IDs. This updates them to use the correct values, which may cause breaking changes for previously written certificate. To migrate to the correct slots, use:

mk := piv.DefaultManagementKey
// Migrate SlotAuthenication certificate to the correct slot.
authCert, err := yk.Certificate(piv.SlotCardAuthentication)
if err != nil {
    // ...
}
if err := yk.SetCertificate(mk, piv.SlotAuthentication, authCert); err != nil {
    // ...
}

// Migrate SlotCardAuthentication certificate to the correct slot.
cardAuthCert, err := yk.Certificate(piv.SlotKeyManagement)
if err != nil {
    // ...
}
if err := yk.SetCertificate(mk, piv.SlotCardAuthentication, cardAuthCert); err != nil {
    // ...
}