Jack Grigg
ac22ae1df1
Merge tag 'v0.5.0' into detect-critical-extensions
2026-04-08 04:21:39 +01:00
Jack Grigg
eb945b2849
Merge tag 'v0.4.0' into detect-critical-extensions
2026-04-08 04:16:00 +01:00
Jack Grigg
9503f406ae
Reject identities with unrecognised critical extensions
...
We don't know how to correctly use these identities. In particular, some
identities store parts of their private key material in certificate
extensions to work around hardware limitations. Not understanding these
extensions could lead to encrypting with the wrong protocol and
violating security assumptions.
2026-04-08 04:12:35 +01:00
Jack Grigg
34011088a0
Fix 1.67 clippy lints
2024-07-30 05:42:54 +00:00
Jack Grigg
d6729e99ba
dialoguer 0.11
2024-07-30 05:27:06 +00:00
Jack Grigg
6452fa0540
age-plugin 0.5
2024-07-30 05:19:27 +00:00
Jack Grigg
62f237f859
Provide a better error message when management key authentication fails
...
We now indicate to the user that AES management key algorithms are not
yet supported, and tell them how to change their management key to use
TDES.
Closes str4d/age-plugin-yubikey#135 .
2023-04-09 06:53:25 +00:00
str4d
95657fd844
Merge pull request #130 from VlkrS/VlkrS-bsd-ccid
...
Explicitly mention CCID packages for the two BSDs
2023-03-23 08:30:07 +00:00
Jack Grigg
ac04615219
Ignore smart cards that don't have a PIV applet
...
Closes str4d/age-plugin-yubikey#78 .
2023-03-23 14:33:13 +09:00
Jack Grigg
7c532639d4
Fix clippy lints
2023-03-23 14:20:20 +09:00
Jack Grigg
d5395ea4e5
yubikey 0.8.0-pre.0
2023-03-23 14:07:13 +09:00
Jack Grigg
0d0f64ff1b
base64 0.21
2023-03-23 14:07:13 +09:00
str4d
d9c5abaa15
Merge pull request #128 from str4d/115-yubikey-4-no-pin-cache
...
Document and warn that PIN policy "Once" doesn't work for YubiKey 4
2023-02-16 18:34:11 +00:00
Jack Grigg
e86cd8113c
Intercept PIN errors and replace with PUK errors as necessary
...
Once iqlusioninc/yubikey.rs#479 is part of a `yubikey` release we
can migrate to, this will mean that users get correctly notified
of incorrect PUK entry, instead of being told it is an incorrect
PIN issue.
2023-02-12 20:47:58 +00:00
VlkrS
e037c1c883
Mention ccid packages for {Open,Free}BSD
...
Addresses #112
2023-02-12 16:10:43 +01:00
Jack Grigg
4e053b5efc
TUI: Warn YubiKey 4 users of issue with PIN policy "Once"
2023-02-11 22:04:14 +00:00
str4d
bf437663af
Merge pull request #116 from str4d/avoid-resetting-unused-yubikeys
...
Avoid resetting unused YubiKeys
2023-02-11 04:57:23 +00:00
Jack Grigg
665aedbbba
Merge branch 'version-0.3.3' back into main
2023-02-11 04:51:58 +00:00
Jack Grigg
d2132b4ac2
Prevent changing the default PIN to itself
...
Closes str4d/age-plugin-yubikey#120 .
2023-02-11 02:47:55 +00:00
Jack Grigg
ff3e8e37c9
Treat pcsc::Error::NoSmartcard as a "YubiKey disconnected" error
...
Some SmartCard readers report this error when no SmartCard is inserted,
so we need to check for it when filtering for connected YubiKeys (along
with `pcsc::Error::RemovedCard` which some _other_ SmartCard readers
report instead).
Closes str4d/age-plugin-yubikey#81 .
2023-01-30 00:39:08 +00:00
Jack Grigg
b1710e8d69
Enforce correct PIN lengths during YubiKey setup
...
The behaviour of `age-plugin-yubikey` during setup now matches its
behaviour during plugin usage.
2023-01-29 23:00:46 +00:00
Jack Grigg
55bfa5dafb
Avoid resetting YubiKeys that don't match the desired serial
...
If multiple YubiKeys were connected, and the one we needed for plugin
encryption or decryption was not first in the list of readers, any
YubiKeys before it were being reset upon drop. We now explicitly
disconnect without resetting, since we only access these YubiKeys as a
side-effect of finding the one we need.
2023-01-29 14:16:35 +00:00
Jack Grigg
90b61682bd
Don't reset tested YubiKeys in key::filter_connected
...
This method only connects to YubiKeys in order to confirm it can do so
(i.e. as a side-effect). We therefore want to explicitly disconnect
without resetting the YubiKeys, to avoid clearing PIN caches.
2023-01-29 14:16:35 +00:00
Jack Grigg
45f6580be4
Request PIN before certificate generation if PIN policy is "always"
...
We also correctly ask for a PIN touch after the key is generated (which
does not need it) but before certificate generation (which does if the
touch policy is not "none").
Closes str4d/age-plugin-yubikey#101 .
2023-01-03 02:20:51 +00:00
Jack Grigg
00ab2c756e
Don't re-request a cached PIN for identities with PIN policy "once"
2023-01-02 19:06:37 +00:00
Jack Grigg
9418921dab
Disconnect without resetting YubiKeys if it is safe to do so
...
This enables the PIN caches to be preserved across age-plugin-yubikey
processes, allowing PIN policies of "once" to become meaningful.
2023-01-02 19:06:37 +00:00
vlkrs
9ac72cd66f
Add recommendations for {Open,Free}BSD when pcscd isn't running.
2023-01-01 15:30:40 +01:00
Jack Grigg
a6a5ad109e
Fix clippy lints
2023-01-01 14:07:23 +00:00
Jack Grigg
25fcd353f3
dialoguer 0.10
2023-01-01 14:07:22 +00:00
Jack Grigg
d8ab6e373e
base64 0.20
2023-01-01 14:06:35 +00:00
Jack Grigg
f45ff653b8
Bump cryptographic dependencies
...
- age-plugin 0.4
- bech32 0.9
- p256 0.11
- sha2 0.10
- x509-parser 0.14
- yubikey 0.7
2023-01-01 14:06:34 +00:00
Jack Grigg
1dfadc7e27
Clean up key::filter_connected
2023-01-01 13:29:30 +00:00
Jack Grigg
fc66d9f6fd
Add helper methods for filtering available keys
2023-01-01 13:27:10 +00:00
Jack Grigg
d8eb198e97
Move certificate parsing into Metadata::extract
2023-01-01 13:27:10 +00:00
str4d
c8f9df1b45
Merge pull request #95 from str4d/94-yubikey-agent-sighup
...
Extend "sharing violation" logic to send SIGHUP to `yubikey-agent` processes
2023-01-01 13:24:57 +00:00
Jack Grigg
3597d96332
Correctly hunt agents in plugin mode
2023-01-01 13:18:41 +00:00
Jack Grigg
1913838f8e
Hunt for yubikey-agent
2023-01-01 12:52:17 +00:00
Jack Grigg
6e47448560
Generalise code for hunting agents that may be holding YubiKeys
2023-01-01 12:52:17 +00:00
Jack Grigg
ac7b04a61d
Add keyword argument support to fl! and wlnfl! macros
2022-12-31 14:31:25 +00:00
Jack Grigg
493479344c
De-duplicate parsing recipients from SubjectPublicKeyInfo
2022-12-31 12:49:44 +00:00
Jack Grigg
e4ef700263
Give guidance on reconfiguring YubiKeys with unprotected management keys
...
Closes str4d/age-plugin-yubikey#21 .
2022-12-30 10:18:17 +00:00
Jack Grigg
15c53e42df
Stop scdaemon if it is holding exclusive access to a YubiKey
...
Closes str4d/age-plugin-yubikey#82 .
2022-12-30 09:28:24 +00:00
Jack Grigg
d38743a2fc
Inform users when pcscd is required
...
Closes str4d/age-plugin-yubikey#83 .
2022-12-29 05:09:47 +00:00
Jack Grigg
fb5a1060bd
Check the length of the bytes passed to Stub::from_bytes
...
This will be zero-length when the client uses `-j yubikey`.
Closes str4d/age-plugin-yubikey#48 .
2022-05-01 17:59:24 +00:00
Jack Grigg
f8314c5d6d
Enable users to skip YubiKeys at plugging-in time
...
This requires the `confirm` plugin command to be supported by the age
client; otherwise we fall back to the previous message-plus-timer
method.
2022-05-01 15:14:36 +00:00
Jack Grigg
345c155bb4
Don't print message if YubiKey is waiting for touch
...
The user call-to-action will instead be implemented on the client side,
where it can be done in a more forgiving way (allowing the user some
time to react before prompting them that it is waiting on the plugin).
2022-05-01 14:47:55 +00:00
Jack Grigg
a92a843e14
Tag all strings for translation
2022-05-01 14:40:05 +00:00
Jack Grigg
c4fe3f6b1a
Add support for translations
2022-05-01 11:49:06 +00:00
Jack Grigg
5afec288c9
Forbid unsafe code
2022-03-20 16:53:39 +00:00
Jack Grigg
7d2e3a6829
Remove trait imports that are in the 2021 edition prelude
2022-03-20 16:53:39 +00:00