OpenSC-0.20.0
General Improvements
- fixed security problems
- Support RSA-PSS signature mechanisms using RSA-RAW (#1435)
- Added memory locking for secrets (#1491)
- added support for terminal colors (#1534)
- PC/SC driver: Fixed error handling in case of changing (#1537) or removing the card reader (#1615)
- macOS installer
- Configuration
- Build Environment
- Bump openssl requirement to 0.9.8 (##1459)
- Added support for fuzzing with AFL (#1580) and libFuzzer/OSS-Fuzz (#1697)
- Added CI tests for simulating GIDS, OpenPGP, PIV, IsoApplet (#1568) and MyEID (#1677) and CAC (#1757)
- Integrate clang-tidy with
make check
(#1673) - Added support for reproducible builds (#1839)
PKCS#11
- Implement write protection (CKF_WRITE_PROTECTED) based on the card profile (#1467)
- Added C_WrapKey and C_UnwrapKey implementations (#1393)
- Handle CKA_ALWAYS_AUTHENTICATE when creating key objects. (#1539)
- Truncate long PKCS#11 labels with ... (#1629)
- Fixed recognition of a token when being unplugged and reinserted (#1875)
Minidriver
OpenSC tools
- Harmonize the use of option
-r
/--reader
(#1548) goid-tool
: GoID personalization with fingerprintopenpgp-tool
opensc-explorer
opensc-minidriver-test.exe
: Tests for Microsoft CryptoAPI (#1510)opensc-notify
: Autostart on Windowspkcs11-register
:opensc-tool
: Show ATR also for cards not recognized by OpenSC (#1625)pkcs11-spy
:- parse CKM_AES_GCM
- Add support for CKA_OTP_* and CKM_*_PSS values
- parse EC Derive parameters (#1677)
pkcs11-tool
- Support for signature verification via
--verify
(#1435) - Add object type
secrkey
for--type
option (#1575) - Implement Secret Key write object (#1648)
- Add GOSTR3410-2012 support (#1654)
- Add support for testing CKM_RSA_PKCS_OAEP (#1600)
- Add extractable option to key import (#1674)
- list more key access flags when listing keys (#1653)
- Add support for
CKA_ALLOWED_MECHANISMS
when creating new objects and listing keys (#1628)
- Support for signature verification via
pkcs15-crypt
: * Handle keys with user consent (#1529)
CAC1
New separate CAC1 driver using the old CAC specification (#1502).
CardOS
Coolkey
- Enable CoolKey driver to handle 2048-bit keys. (#1532)
EstEID
- adds support for a minimalistic, small and fast card profile based on IAS-ECC issued since December 2018 (#1635)
GIDS
MICARDO
- Remove long expired EstEID 1.0/1.1 card support (#1470)
MyEID
- Add support for unwrapping a secret key with an RSA key or secret key (#1393)
- Add support for wrapping a secret key with a secret key (#1393)
- Support for MyEID 4K RSA (#1657)
- Support for OsEID (#1677).
Gemalto GemSafe
OpenPGP
- OpenPGP Card v3 ECC support (#1506)
Rutoken
SC-HSM
Starcos
- Fixed decipher with 2.3 (#1496)
- Added ATR for 2nd gen. eGK (#1668)
- Added new ATR for 3.5 (#1882)
- Detect and allow Globalplatform PIN encoding (#1882)
TCOS
Infocamere, Postecert, Cnipa
- Removed profiles (#1584)
ACS ACOS5
- Remove incomplete acos5 driver (#1622).