Jack Grigg
7c532639d4
Fix clippy lints
2023-03-23 14:20:20 +09:00
Jack Grigg
d5395ea4e5
yubikey 0.8.0-pre.0
2023-03-23 14:07:13 +09:00
Jack Grigg
0d0f64ff1b
base64 0.21
2023-03-23 14:07:13 +09:00
str4d
d9c5abaa15
Merge pull request #128 from str4d/115-yubikey-4-no-pin-cache
...
Document and warn that PIN policy "Once" doesn't work for YubiKey 4
2023-02-16 18:34:11 +00:00
Jack Grigg
e86cd8113c
Intercept PIN errors and replace with PUK errors as necessary
...
Once iqlusioninc/yubikey.rs#479 is part of a `yubikey` release we
can migrate to, this will mean that users get correctly notified
of incorrect PUK entry, instead of being told it is an incorrect
PIN issue.
2023-02-12 20:47:58 +00:00
Jack Grigg
4e053b5efc
TUI: Warn YubiKey 4 users of issue with PIN policy "Once"
2023-02-11 22:04:14 +00:00
str4d
bf437663af
Merge pull request #116 from str4d/avoid-resetting-unused-yubikeys
...
Avoid resetting unused YubiKeys
2023-02-11 04:57:23 +00:00
Jack Grigg
665aedbbba
Merge branch 'version-0.3.3' back into main
2023-02-11 04:51:58 +00:00
Jack Grigg
d2132b4ac2
Prevent changing the default PIN to itself
...
Closes str4d/age-plugin-yubikey#120 .
2023-02-11 02:47:55 +00:00
Jack Grigg
ff3e8e37c9
Treat pcsc::Error::NoSmartcard as a "YubiKey disconnected" error
...
Some SmartCard readers report this error when no SmartCard is inserted,
so we need to check for it when filtering for connected YubiKeys (along
with `pcsc::Error::RemovedCard` which some _other_ SmartCard readers
report instead).
Closes str4d/age-plugin-yubikey#81 .
2023-01-30 00:39:08 +00:00
Jack Grigg
b1710e8d69
Enforce correct PIN lengths during YubiKey setup
...
The behaviour of `age-plugin-yubikey` during setup now matches its
behaviour during plugin usage.
2023-01-29 23:00:46 +00:00
Jack Grigg
55bfa5dafb
Avoid resetting YubiKeys that don't match the desired serial
...
If multiple YubiKeys were connected, and the one we needed for plugin
encryption or decryption was not first in the list of readers, any
YubiKeys before it were being reset upon drop. We now explicitly
disconnect without resetting, since we only access these YubiKeys as a
side-effect of finding the one we need.
2023-01-29 14:16:35 +00:00
Jack Grigg
90b61682bd
Don't reset tested YubiKeys in key::filter_connected
...
This method only connects to YubiKeys in order to confirm it can do so
(i.e. as a side-effect). We therefore want to explicitly disconnect
without resetting the YubiKeys, to avoid clearing PIN caches.
2023-01-29 14:16:35 +00:00
Jack Grigg
45f6580be4
Request PIN before certificate generation if PIN policy is "always"
...
We also correctly ask for a PIN touch after the key is generated (which
does not need it) but before certificate generation (which does if the
touch policy is not "none").
Closes str4d/age-plugin-yubikey#101 .
2023-01-03 02:20:51 +00:00
Jack Grigg
00ab2c756e
Don't re-request a cached PIN for identities with PIN policy "once"
2023-01-02 19:06:37 +00:00
Jack Grigg
9418921dab
Disconnect without resetting YubiKeys if it is safe to do so
...
This enables the PIN caches to be preserved across age-plugin-yubikey
processes, allowing PIN policies of "once" to become meaningful.
2023-01-02 19:06:37 +00:00
vlkrs
9ac72cd66f
Add recommendations for {Open,Free}BSD when pcscd isn't running.
2023-01-01 15:30:40 +01:00
Jack Grigg
a6a5ad109e
Fix clippy lints
2023-01-01 14:07:23 +00:00
Jack Grigg
25fcd353f3
dialoguer 0.10
2023-01-01 14:07:22 +00:00
Jack Grigg
d8ab6e373e
base64 0.20
2023-01-01 14:06:35 +00:00
Jack Grigg
f45ff653b8
Bump cryptographic dependencies
...
- age-plugin 0.4
- bech32 0.9
- p256 0.11
- sha2 0.10
- x509-parser 0.14
- yubikey 0.7
2023-01-01 14:06:34 +00:00
Jack Grigg
1dfadc7e27
Clean up key::filter_connected
2023-01-01 13:29:30 +00:00
Jack Grigg
fc66d9f6fd
Add helper methods for filtering available keys
2023-01-01 13:27:10 +00:00
Jack Grigg
d8eb198e97
Move certificate parsing into Metadata::extract
2023-01-01 13:27:10 +00:00
str4d
c8f9df1b45
Merge pull request #95 from str4d/94-yubikey-agent-sighup
...
Extend "sharing violation" logic to send SIGHUP to `yubikey-agent` processes
2023-01-01 13:24:57 +00:00
Jack Grigg
3597d96332
Correctly hunt agents in plugin mode
2023-01-01 13:18:41 +00:00
Jack Grigg
1913838f8e
Hunt for yubikey-agent
2023-01-01 12:52:17 +00:00
Jack Grigg
6e47448560
Generalise code for hunting agents that may be holding YubiKeys
2023-01-01 12:52:17 +00:00
Jack Grigg
ac7b04a61d
Add keyword argument support to fl! and wlnfl! macros
2022-12-31 14:31:25 +00:00
Jack Grigg
493479344c
De-duplicate parsing recipients from SubjectPublicKeyInfo
2022-12-31 12:49:44 +00:00
Jack Grigg
e4ef700263
Give guidance on reconfiguring YubiKeys with unprotected management keys
...
Closes str4d/age-plugin-yubikey#21 .
2022-12-30 10:18:17 +00:00
Jack Grigg
15c53e42df
Stop scdaemon if it is holding exclusive access to a YubiKey
...
Closes str4d/age-plugin-yubikey#82 .
2022-12-30 09:28:24 +00:00
Jack Grigg
d38743a2fc
Inform users when pcscd is required
...
Closes str4d/age-plugin-yubikey#83 .
2022-12-29 05:09:47 +00:00
Jack Grigg
fb5a1060bd
Check the length of the bytes passed to Stub::from_bytes
...
This will be zero-length when the client uses `-j yubikey`.
Closes str4d/age-plugin-yubikey#48 .
2022-05-01 17:59:24 +00:00
Jack Grigg
f8314c5d6d
Enable users to skip YubiKeys at plugging-in time
...
This requires the `confirm` plugin command to be supported by the age
client; otherwise we fall back to the previous message-plus-timer
method.
2022-05-01 15:14:36 +00:00
Jack Grigg
345c155bb4
Don't print message if YubiKey is waiting for touch
...
The user call-to-action will instead be implemented on the client side,
where it can be done in a more forgiving way (allowing the user some
time to react before prompting them that it is waiting on the plugin).
2022-05-01 14:47:55 +00:00
Jack Grigg
a92a843e14
Tag all strings for translation
2022-05-01 14:40:05 +00:00
Jack Grigg
c4fe3f6b1a
Add support for translations
2022-05-01 11:49:06 +00:00
Jack Grigg
5afec288c9
Forbid unsafe code
2022-03-20 16:53:39 +00:00
Jack Grigg
7d2e3a6829
Remove trait imports that are in the 2021 edition prelude
2022-03-20 16:53:39 +00:00
str4d
f1bb46d274
Merge pull request #46 from str4d/37-ignore-otp-string
...
Detect invalid PIN lengths and ask the user again
2022-03-20 14:57:48 +00:00
Jack Grigg
2fc2dcd1c3
Unify the touch request messages
...
This is also a good test for sending emojis through the age plugin IPC
protocol.
2021-12-20 03:22:25 +00:00
Jack Grigg
68ac19017e
Detect invalid PIN lengths and ask the user again
...
We also detect the specific case where the PIN returned by the user is
likely a YubiKey OTP, generated by the user touching it early.
Closes str4d/age-plugin-yubikey#37 .
2021-12-19 01:31:54 +00:00
Jack Grigg
e5bdffa5cc
Print message if YubiKey is waiting for touch
...
Closes str4d/age-plugin-yubikey#44 .
2021-12-19 00:28:27 +00:00
Jack Grigg
822a10f8f6
yubikey 0.5
2021-11-21 15:51:54 +00:00
Jack Grigg
f2237ed2a7
yubikey 0.4
2021-10-18 21:11:42 +01:00
Jack Grigg
399f0b4c11
Rename crate::yubikey to crate::key
...
So that it doesn't conflict with the renamed `yubikey` crate.
2021-10-18 21:07:23 +01:00
Jack Grigg
77bd7aa3a3
age-plugin 0.2
2021-10-18 20:37:28 +01:00
Jack Grigg
f5f140d172
Fix various clippy lints
2021-08-20 16:22:22 +01:00
Jack Grigg
2c90195f99
Check PIN policy before requesting PIN
...
Closes str4d/age-plugin-yubikey#34 .
2021-08-20 15:11:39 +01:00