Klas Lindfors
d30f6fc781
unblock-pin shouldn't tell you new puk
2015-09-16 14:32:30 +02:00
Steffan Karger
723fe2f405
Query for PIN/PUK/mgmt-key if not supplied on command line
...
Do not force a user to specify the PIN/PUK/mgmt-key on the command line.
Instead, query the user to supply them through stdin when required for
the requested operation. This is both more user friendly and more
secure, since the secrets do not end up in the shell history and/or
visible to shoulder-surfers on the terminal.
Signed-off-by: Steffan Karger <steffan@karger.me >
2015-08-12 23:05:44 +02:00
Klas Lindfors
8ece5ed26e
drop unused variable
...
found with clang scan-build
2015-07-09 11:03:11 +02:00
Klas Lindfors
3b080dca45
relicense to 2-clause BSD license
2015-07-01 16:34:20 +02:00
Klas Lindfors
6b4b3001c4
verify that e is 0x10001 on import
...
fixes #13
2015-06-23 14:28:44 +02:00
Klas Lindfors
18e057e58c
let RSA_public_encrypt() do the PKCS1 padding
...
noteworthy is that it will do pkcs1 type 2 padding
2015-05-19 15:11:30 +02:00
Klas Lindfors
3d0ff7b969
add a test-decipher command
...
test-decipher will for rsa do public encrypt on a random string and let
the key decrypt
for ec it will generate a new ec key and do ecdh and confirm it gets the
same answer back
2015-05-19 14:22:26 +02:00
Klas Lindfors
8ce4ab4997
add newline at end of output
2015-05-08 13:49:32 +02:00
Klas Lindfors
a9c8cb9fd3
drop openssl/err.h again
2015-03-20 14:17:51 +01:00
Klas Lindfors
9db6d3d45a
replace EVP_MD_CTX_verify() stuff with RSA_verify()/ECDSA_verify()
...
since the EVP_MD_CTX stuff doesn't seem to exist on osx at all.
2015-03-20 14:04:26 +01:00
Klas Lindfors
f204987941
add a test-signature action
...
that takes a certificate in and does a signature with the given slot,
then verifying that signature with the given certificate.
2015-03-20 10:04:58 +01:00
Klas Lindfors
b1cda2ffce
add missing }
...
that's why you should always build before push..
2015-03-19 15:52:20 +01:00
Klas Lindfors
da1f61f23a
move up validation of pin-retries parameters
2015-03-19 14:54:23 +01:00
Klas Lindfors
c85fd4eaa8
move more validation of parameters together
2015-03-19 14:52:38 +01:00
Klas Lindfors
9124e82ea6
write version to output file
2015-03-19 14:43:13 +01:00
Klas Lindfors
635729f339
call get_algorithm() to get the algorithm
...
as it was already implemented..
2015-03-19 14:37:59 +01:00
Klas Lindfors
0f26a7c1e3
refactor dump_hex to drop some redundant code
2015-03-18 15:09:32 +01:00
Klas Lindfors
cd1410a950
make parts of argument validation cleaner
2015-03-18 15:09:32 +01:00
Klas Lindfors
9b6bf1b737
write action name instead of number
2015-03-18 15:09:32 +01:00
Klas Lindfors
ad3c92f7d2
break out after error
2015-03-17 15:00:54 +01:00
Klas Lindfors
340c898dcb
print out slot/cert algorithm in status
...
relates #17
2015-03-17 14:20:13 +01:00
Klas Lindfors
26d5c23090
write CHUID in status
...
relates #17
2015-03-17 13:59:29 +01:00
Klas Lindfors
4552e8700c
write out number of pin tries left
...
references #17
2015-03-17 13:54:50 +01:00
Klas Lindfors
572b3b1739
add status action and print certificate information
...
relates #17
2015-03-17 12:42:05 +01:00
Klas Lindfors
e64952476d
add a read-certificate action
2015-03-17 10:40:37 +01:00
Klas Lindfors
f24b1d0c46
report error if setting a new key fails
2015-02-02 10:26:12 +01:00
Klas Lindfors
22d04fc1c8
return error properly on hex decode
2015-02-02 10:17:45 +01:00
Klas Lindfors
60c8b757ae
use bounded scanf
2015-01-29 11:03:13 +01:00
Klas Lindfors
9046955606
drop unnecessary memset()
2015-01-29 11:03:13 +01:00
Thomas Westfeld
1b4ad6b8bd
Fixed error when parameters in unblock-pin
...
when unblock-pin action is called without -P and -N parameter, the wrong
error is returned, saying that -P should be a pin, whereas in this
action it is a puk.
2015-01-18 22:35:35 +01:00
Klas Lindfors
f69a4ff8f6
mark all bits of the signature as used
...
the first byte of a bit string marks how many bits should be
subtracted, make sure this doesn't get set.
2015-01-14 12:52:10 +01:00
Klas Lindfors
f86ded25bf
rip input_ready() and call isatty() instead
...
should be more portable (work on windows)
relates to #12
2015-01-12 21:20:15 +01:00
Klas Lindfors
b1a673b1f9
try to discover if there is input waiting on stdin
...
otherwise give the user a hint
resolves #12
2015-01-12 16:27:13 +01:00
Simon Josefsson
f84d332c15
Fix typo.
2015-01-08 15:25:27 +01:00
Klas Lindfors
31f6b61af0
add more feedback for successful actions
2014-12-17 15:37:46 +01:00
Klas Lindfors
458bde4bef
diagnostic output for generate key
2014-12-17 09:54:06 +01:00
Klas Lindfors
7ef2015f38
switch diagnostic output to stderr
2014-12-17 09:53:24 +01:00
Klas Lindfors
368b527fa1
add DER format for certificate import
2014-12-05 11:10:33 +01:00
Klas Lindfors
36468219c2
check length of private key components before setting
...
the card functions only accepts key components of correct size
so here we add 0 before if they're shorter (usually one byte shorter)
thus fixing the issue where the card returned 6f00
2014-11-12 14:08:11 +01:00
Klas Lindfors
cd4fdef2f7
cast cert_len to size_t shouldn't be negative here.
...
gets rid of warnings about int/size_t combinations
2014-11-10 10:12:01 +01:00
Klas Lindfors
c14f53dfad
check that stat completes correctly
2014-11-10 10:07:35 +01:00
Klas Lindfors
4fd1cf953e
Merge branch 'master' of ssh://github.com/dwmw2/yubico-piv-tool
2014-11-10 09:54:09 +01:00
Klas Lindfors
7e0fdd8f9d
correct offs for CHUID_GUID_OFFS and change verbose print to CHUID
...
CHUID_GUID_OFFS was 28 instead of 29, leading to invalid CHUID
verbose print said "setting GUID.." changing to CHUID
patch from Doug Engert
fixes #9
2014-11-10 09:49:54 +01:00
David Woodhouse
3dce5b06e0
Add support for compressed certificates
...
This could be more sophisticated — it could automatically compress
certificates if they are too large, instead of expecting the user to do
so manually. But this is a good start.
2014-11-07 19:55:08 +00:00
Klas Lindfors
ccf9d01027
fix broken unblock-pin action
...
the unblock pin action misstakenly used pin reference 0x81 (unblock)
instead of 0x80 (pin)
2014-10-29 08:09:17 +01:00
Klas Lindfors
146fa881f2
add an error message for wrong key length
2014-10-28 08:37:53 +01:00
Daniel Barnes
61b0284c6d
Check if new keys being set are the correct length, since longer or shorter keys yield inconsistant results
2014-10-28 08:36:37 +01:00
Klas Lindfors
b16dce294d
use EVP_MD_size() instead of EVP_MD_block_size()
...
actually gives correct size for the digest
2014-10-02 13:28:02 +02:00
Klas Lindfors
4bc0c95c4c
give errors when sign fails
2014-10-02 13:27:52 +02:00
Klas Lindfors
ad335d5d0a
a bit of verbosity for authentication needs
2014-10-02 13:21:43 +02:00