Skip to content

1.11.0 - June 2024 Release

Compare
Choose a tag to compare
@DennisDyallo DennisDyallo released this 30 Jun 10:23
· 262 commits to main since this release
b039a8c

Release date: June 28th, 2024

This release introduces significant enhancements and new features for YubiKeys running the latest firmware (version 5.7) and YubiKey Bio/Bio Multi-Protocol Edition keys. Highlights include temporary disablement of NFC connectivity, PIN complexity status, support for RSA 3072 and 4096-bit keys, and support for biometric verification. Additionally, USB reclaim speed has been optimized and adjustments to the touch sensor sensitivity have been implemented. For details on all changes, see below.

Features:

  • Support for YubiKeys with the latest firmware (version 5.7):
    • NFC connectivity can now be temporarily disabled with SetIsNfcRestricted() (#91).
    • Additional property pages on the YubiKey are now read into YubiKeyDeviceInfo (#92).
    • PIN complexity:
      • Complexity status can now be checked with IsPinComplexityEnabled (#92).
      • PIN complexity error messages and exceptions have been added (#112).
    • The set of YubiKey applications that are capable of being put into FIPS mode can be retrieved with FipsCapable. The set of YubiKey applications that are in FIPS mode can be retrieved with FipsApproved (#92).
    • The part number for a key’s Secure Element processor, if available, can be retrieved with PartNumber (#92).
    • The set of YubiKey applications that are blocked from being reset can be retrieved with ResetBlocked (#92).
    • PIV:
      • 3072 and 4096 RSA keys can now be generated and imported (#100).
      • Keys can now be moved between all YubiKey PIV slots except for the attestation slot with MoveKeyCommand. Any PIV key can now be deleted from any PIV slot with DeleteKeyCommand (#103).
  • Support for YubiKey Bio/Bio Multi-Protocol Edition keys:
    • Bio metadata can now be retrieved with GetBioMetadataCommand (#108).
    • New PIV PIN verification policy enum values (MatchOnce, MatchAlways) have been added (#108).
    • Biometric verification is now supported (#108).
    • A device-wide reset can now be performed on YubiKey Bio Multi-protocol keys with DeviceReset (#110).
  • The USB reclaim speed, which controls the time it takes to switch from one YubiKey application to another, has been reduced for compatible YubiKeys. To use the previous 3-second reclaim timeout for all keys, see UseOldReclaimTimeoutBehavior (#93).
  • The sensitivity of the YubiKey’s capacitive touch sensor can now be temporarily adjusted with SetTemporaryTouchThreshold (#95).

Bug fixes:

  • The ManagementKeyAlgorithm is now updated when the PIV Application is reset (#105).
  • macOS input reports are now queued so that large responses aren't dropped (#84).
  • Smart card handles are now opened shared by default. To open them exclusively, use OpenSmartCardHandlesExclusively with AppContext.SetSwitch (#83).
  • A build issue that occurred when compiling Yubico.NativeShims on MacOS has been fixed (#109).
  • The correct certificate OID friendly names are now used for ECDsaCng (nistP256) and ECDsaOpenSsl (ECDSA_P256) (#78).

Miscellaneous:

  • The way that YubiKey device info is read by the SDK has changed, and as a result, the following GetDeviceInfo command classes have been deprecated (#91):
    • Yubico.YubiKey.Management.Commands.GetDeviceInfoCommand
    • Yubico.YubiKey.Otp.Commands.GetDeviceInfoCommand
    • Yubico.YubiKey.U2f.Commands.GetDeviceInfoCommand
    • Yubico.YubiKey.Management.Commands.GetDeviceInfoResponse
    • Yubico.YubiKey.Otp.Commands.GetDeviceInfoResponse
    • Yubico.YubiKey.U2f.Commands.GetDeviceInfoResponse
  • Integration test guardrails have been added to ensure tests are done only on specified keys. (#100).
  • Unit tests were run on all platforms in CI (#80).

Dependencies:

  • The test packages xUnit and Microsoft.NET.Test.Sdk have been updated (#94).

New Contributors

Full Changelog: 1.10.0...1.11.0