Klas Lindfors
ed38b96fe4
raise buffer sizes and remove a miss-leading error
2015-11-20 13:14:55 +01:00
Alessio Di Mauro
113c3e0b98
Whitespace cleanup.
2015-11-20 12:03:02 +01:00
Alessio Di Mauro
abc94bc62a
Refactor yubico-piv-tool to use import_private_key from libykpiv.
2015-11-20 11:49:30 +01:00
Alessio Di Mauro
d38df01c6c
Change applet to application.
2015-11-06 13:14:52 +01:00
Klas Lindfors
f46a4713bd
Merge branch 'master' into development
2015-10-28 16:08:00 +01:00
Klas Lindfors
f558983577
add an error print for failing set-pin-retries
2015-10-28 16:07:18 +01:00
Klas Lindfors
e4059a5995
Merge branch 'master' into development
...
Conflicts:
NEWS
configure.ac
2015-10-20 20:48:57 +02:00
Klas Lindfors
777b40b3c2
read key from stdin if no key is given as argument
2015-10-09 11:14:58 +02:00
Alessio Di Mauro
17ebced2e6
Mask more one pin change.
2015-09-24 14:20:25 +02:00
Klas Lindfors
809e0ebdb7
use in, not signinput to actually sign anything in the ecc case
2015-09-18 11:05:15 +02:00
Klas Lindfors
d30f6fc781
unblock-pin shouldn't tell you new puk
2015-09-16 14:32:30 +02:00
Klas Lindfors
49eab7dbfa
drop ykpiv_sign_data2() and change ykpiv_sign_data() to not pad
2015-09-08 15:29:10 +02:00
Klas Lindfors
8eb7595d42
add list-readers action to tool
...
also refactor ykpiv_list_readers() a bit
2015-09-08 12:26:42 +02:00
Klas Lindfors
b770155cbb
Merge branch 'devel/p384' into ykcs11
...
Conflicts:
NEWS
configure.ac
lib/ykpiv.c
lib/ykpiv.h
tool/util.c
tool/util.h
2015-09-07 14:32:37 +02:00
Steffan Karger
723fe2f405
Query for PIN/PUK/mgmt-key if not supplied on command line
...
Do not force a user to specify the PIN/PUK/mgmt-key on the command line.
Instead, query the user to supply them through stdin when required for
the requested operation. This is both more user friendly and more
secure, since the secrets do not end up in the shell history and/or
visible to shoulder-surfers on the terminal.
Signed-off-by: Steffan Karger <steffan@karger.me >
2015-08-12 23:05:44 +02:00
Klas Lindfors
8ece5ed26e
drop unused variable
...
found with clang scan-build
2015-07-09 11:03:11 +02:00
Klas Lindfors
2e91cd0f5b
Merge branch 'master' into devel/p384
2015-07-08 15:09:11 +02:00
Klas Lindfors
3b080dca45
relicense to 2-clause BSD license
2015-07-01 16:34:20 +02:00
Klas Lindfors
80e6fe525a
change IS_XXKEY macros to be YKPIV_IS_XX
2015-06-30 07:33:39 +02:00
Klas Lindfors
f43c5781b9
fix indentation
2015-06-26 13:00:21 +02:00
Klas Lindfors
6f5870d884
better errors for fail on pin-policy and touch-policy
2015-06-25 12:37:06 +02:00
Klas Lindfors
600b302c1d
add touch for set-mgm-key
2015-06-25 12:32:01 +02:00
Klas Lindfors
ca6a355b5d
add touch tlv for generate and import-key
2015-06-25 12:04:05 +02:00
Klas Lindfors
be8f37924d
pin policy code for generate and import-key
2015-06-24 15:25:59 +02:00
Klas Lindfors
bc27d98bf7
better errors for generate on non-supported algorithm or slot
2015-06-24 13:22:02 +02:00
Klas Lindfors
c2621960a9
use IS_RSAKEY and IS_ECKEY macros, fix minor stuff for ECCP384
2015-06-24 13:06:00 +02:00
Klas Lindfors
d06852959c
add sha384 hash and refactor some common patterns
2015-06-24 13:06:00 +02:00
Klas Lindfors
f17d09f19c
start adding secp384r1
2015-06-24 13:06:00 +02:00
Klas Lindfors
6b4b3001c4
verify that e is 0x10001 on import
...
fixes #13
2015-06-23 14:28:44 +02:00
Klas Lindfors
18e057e58c
let RSA_public_encrypt() do the PKCS1 padding
...
noteworthy is that it will do pkcs1 type 2 padding
2015-05-19 15:11:30 +02:00
Klas Lindfors
3d0ff7b969
add a test-decipher command
...
test-decipher will for rsa do public encrypt on a random string and let
the key decrypt
for ec it will generate a new ec key and do ecdh and confirm it gets the
same answer back
2015-05-19 14:22:26 +02:00
Klas Lindfors
8ce4ab4997
add newline at end of output
2015-05-08 13:49:32 +02:00
Klas Lindfors
a9c8cb9fd3
drop openssl/err.h again
2015-03-20 14:17:51 +01:00
Klas Lindfors
9db6d3d45a
replace EVP_MD_CTX_verify() stuff with RSA_verify()/ECDSA_verify()
...
since the EVP_MD_CTX stuff doesn't seem to exist on osx at all.
2015-03-20 14:04:26 +01:00
Klas Lindfors
f204987941
add a test-signature action
...
that takes a certificate in and does a signature with the given slot,
then verifying that signature with the given certificate.
2015-03-20 10:04:58 +01:00
Klas Lindfors
b1cda2ffce
add missing }
...
that's why you should always build before push..
2015-03-19 15:52:20 +01:00
Klas Lindfors
da1f61f23a
move up validation of pin-retries parameters
2015-03-19 14:54:23 +01:00
Klas Lindfors
c85fd4eaa8
move more validation of parameters together
2015-03-19 14:52:38 +01:00
Klas Lindfors
9124e82ea6
write version to output file
2015-03-19 14:43:13 +01:00
Klas Lindfors
635729f339
call get_algorithm() to get the algorithm
...
as it was already implemented..
2015-03-19 14:37:59 +01:00
Klas Lindfors
0f26a7c1e3
refactor dump_hex to drop some redundant code
2015-03-18 15:09:32 +01:00
Klas Lindfors
cd1410a950
make parts of argument validation cleaner
2015-03-18 15:09:32 +01:00
Klas Lindfors
9b6bf1b737
write action name instead of number
2015-03-18 15:09:32 +01:00
Klas Lindfors
ad3c92f7d2
break out after error
2015-03-17 15:00:54 +01:00
Klas Lindfors
340c898dcb
print out slot/cert algorithm in status
...
relates #17
2015-03-17 14:20:13 +01:00
Klas Lindfors
26d5c23090
write CHUID in status
...
relates #17
2015-03-17 13:59:29 +01:00
Klas Lindfors
4552e8700c
write out number of pin tries left
...
references #17
2015-03-17 13:54:50 +01:00
Klas Lindfors
572b3b1739
add status action and print certificate information
...
relates #17
2015-03-17 12:42:05 +01:00
Klas Lindfors
e64952476d
add a read-certificate action
2015-03-17 10:40:37 +01:00
Klas Lindfors
f24b1d0c46
report error if setting a new key fails
2015-02-02 10:26:12 +01:00