Alessio Di Mauro
17ebced2e6
Mask more one pin change.
2015-09-24 14:20:25 +02:00
Klas Lindfors
d30f6fc781
unblock-pin shouldn't tell you new puk
2015-09-16 14:32:30 +02:00
Steffan Karger
723fe2f405
Query for PIN/PUK/mgmt-key if not supplied on command line
...
Do not force a user to specify the PIN/PUK/mgmt-key on the command line.
Instead, query the user to supply them through stdin when required for
the requested operation. This is both more user friendly and more
secure, since the secrets do not end up in the shell history and/or
visible to shoulder-surfers on the terminal.
Signed-off-by: Steffan Karger <steffan@karger.me >
2015-08-12 23:05:44 +02:00
Klas Lindfors
8ece5ed26e
drop unused variable
...
found with clang scan-build
2015-07-09 11:03:11 +02:00
Klas Lindfors
306651a308
remove extra \
2015-07-03 13:28:12 +02:00
Klas Lindfors
0d88b0b38b
name include file .adoc instead
2015-07-03 09:52:41 +02:00
Klas Lindfors
5f8605dc7e
use asciidoc comments for comments in asciidoc file
2015-07-03 09:42:17 +02:00
Klas Lindfors
3b080dca45
relicense to 2-clause BSD license
2015-07-01 16:34:20 +02:00
Klas Lindfors
561bf00c55
add include file for help2adoc
2015-07-01 13:23:22 +02:00
Klas Lindfors
6b4b3001c4
verify that e is 0x10001 on import
...
fixes #13
2015-06-23 14:28:44 +02:00
Klas Lindfors
18e057e58c
let RSA_public_encrypt() do the PKCS1 padding
...
noteworthy is that it will do pkcs1 type 2 padding
2015-05-19 15:11:30 +02:00
Klas Lindfors
3d0ff7b969
add a test-decipher command
...
test-decipher will for rsa do public encrypt on a random string and let
the key decrypt
for ec it will generate a new ec key and do ecdh and confirm it gets the
same answer back
2015-05-19 14:22:26 +02:00
Klas Lindfors
8ce4ab4997
add newline at end of output
2015-05-08 13:49:32 +02:00
Klas Lindfors
a9c8cb9fd3
drop openssl/err.h again
2015-03-20 14:17:51 +01:00
Klas Lindfors
9db6d3d45a
replace EVP_MD_CTX_verify() stuff with RSA_verify()/ECDSA_verify()
...
since the EVP_MD_CTX stuff doesn't seem to exist on osx at all.
2015-03-20 14:04:26 +01:00
Klas Lindfors
f204987941
add a test-signature action
...
that takes a certificate in and does a signature with the given slot,
then verifying that signature with the given certificate.
2015-03-20 10:04:58 +01:00
Klas Lindfors
b1cda2ffce
add missing }
...
that's why you should always build before push..
2015-03-19 15:52:20 +01:00
Klas Lindfors
da1f61f23a
move up validation of pin-retries parameters
2015-03-19 14:54:23 +01:00
Klas Lindfors
c85fd4eaa8
move more validation of parameters together
2015-03-19 14:52:38 +01:00
Klas Lindfors
9124e82ea6
write version to output file
2015-03-19 14:43:13 +01:00
Klas Lindfors
635729f339
call get_algorithm() to get the algorithm
...
as it was already implemented..
2015-03-19 14:37:59 +01:00
Klas Lindfors
0f26a7c1e3
refactor dump_hex to drop some redundant code
2015-03-18 15:09:32 +01:00
Klas Lindfors
cd1410a950
make parts of argument validation cleaner
2015-03-18 15:09:32 +01:00
Klas Lindfors
9b6bf1b737
write action name instead of number
2015-03-18 15:09:32 +01:00
Klas Lindfors
ad3c92f7d2
break out after error
2015-03-17 15:00:54 +01:00
Klas Lindfors
340c898dcb
print out slot/cert algorithm in status
...
relates #17
2015-03-17 14:20:13 +01:00
Klas Lindfors
26d5c23090
write CHUID in status
...
relates #17
2015-03-17 13:59:29 +01:00
Klas Lindfors
4552e8700c
write out number of pin tries left
...
references #17
2015-03-17 13:54:50 +01:00
Klas Lindfors
572b3b1739
add status action and print certificate information
...
relates #17
2015-03-17 12:42:05 +01:00
Klas Lindfors
e64952476d
add a read-certificate action
2015-03-17 10:40:37 +01:00
Klas Lindfors
f24b1d0c46
report error if setting a new key fails
2015-02-02 10:26:12 +01:00
Klas Lindfors
22d04fc1c8
return error properly on hex decode
2015-02-02 10:17:45 +01:00
Klas Lindfors
60c8b757ae
use bounded scanf
2015-01-29 11:03:13 +01:00
Klas Lindfors
9046955606
drop unnecessary memset()
2015-01-29 11:03:13 +01:00
Klas Lindfors
d2e0a3bc79
add --enable-coverage for lcov
2015-01-20 13:06:07 +01:00
Thomas Westfeld
1b4ad6b8bd
Fixed error when parameters in unblock-pin
...
when unblock-pin action is called without -P and -N parameter, the wrong
error is returned, saying that -P should be a pin, whereas in this
action it is a puk.
2015-01-18 22:35:35 +01:00
Klas Lindfors
f69a4ff8f6
mark all bits of the signature as used
...
the first byte of a bit string marks how many bits should be
subtracted, make sure this doesn't get set.
2015-01-14 12:52:10 +01:00
Klas Lindfors
f86ded25bf
rip input_ready() and call isatty() instead
...
should be more portable (work on windows)
relates to #12
2015-01-12 21:20:15 +01:00
Klas Lindfors
b1a673b1f9
try to discover if there is input waiting on stdin
...
otherwise give the user a hint
resolves #12
2015-01-12 16:27:13 +01:00
Simon Josefsson
98320c2c0d
Fix markup.
2015-01-08 15:27:19 +01:00
Simon Josefsson
f84d332c15
Fix typo.
2015-01-08 15:25:27 +01:00
Klas Lindfors
31f6b61af0
add more feedback for successful actions
2014-12-17 15:37:46 +01:00
Klas Lindfors
458bde4bef
diagnostic output for generate key
2014-12-17 09:54:06 +01:00
Klas Lindfors
7ef2015f38
switch diagnostic output to stderr
2014-12-17 09:53:24 +01:00
Klas Lindfors
caf64fc464
add valgrind for tests
2014-12-09 15:11:22 +01:00
Klas Lindfors
368b527fa1
add DER format for certificate import
2014-12-05 11:10:33 +01:00
Klas Lindfors
36468219c2
check length of private key components before setting
...
the card functions only accepts key components of correct size
so here we add 0 before if they're shorter (usually one byte shorter)
thus fixing the issue where the card returned 6f00
2014-11-12 14:08:11 +01:00
Klas Lindfors
cd4fdef2f7
cast cert_len to size_t shouldn't be negative here.
...
gets rid of warnings about int/size_t combinations
2014-11-10 10:12:01 +01:00
Klas Lindfors
c14f53dfad
check that stat completes correctly
2014-11-10 10:07:35 +01:00
Klas Lindfors
4fd1cf953e
Merge branch 'master' of ssh://github.com/dwmw2/yubico-piv-tool
2014-11-10 09:54:09 +01:00