Release date: June 28th, 2024
This release introduces significant enhancements and new features for YubiKeys running the latest firmware (version 5.7) and YubiKey Bio/Bio Multi-Protocol Edition keys. Highlights include temporary disablement of NFC connectivity, PIN complexity status, support for RSA 3072 and 4096-bit keys, and support for biometric verification. Additionally, USB reclaim speed has been optimized and adjustments to the touch sensor sensitivity have been implemented. For details on all changes, see below.
Features:
- Support for YubiKeys with the latest firmware (version 5.7):
- NFC connectivity can now be temporarily disabled with SetIsNfcRestricted() (#91).
- Additional property pages on the YubiKey are now read into YubiKeyDeviceInfo (#92).
- PIN complexity:
- The set of YubiKey applications that are capable of being put into FIPS mode can be retrieved with FipsCapable. The set of YubiKey applications that are in FIPS mode can be retrieved with FipsApproved (#92).
- The part number for a key’s Secure Element processor, if available, can be retrieved with PartNumber (#92).
- The set of YubiKey applications that are blocked from being reset can be retrieved with ResetBlocked (#92).
- PIV:
- Support for YubiKey Bio/Bio Multi-Protocol Edition keys:
- Bio metadata can now be retrieved with GetBioMetadataCommand (#108).
- New PIV PIN verification policy enum values (MatchOnce, MatchAlways) have been added (#108).
- Biometric verification is now supported (#108).
- A device-wide reset can now be performed on YubiKey Bio Multi-protocol keys with DeviceReset (#110).
- The USB reclaim speed, which controls the time it takes to switch from one YubiKey application to another, has been reduced for compatible YubiKeys. To use the previous 3-second reclaim timeout for all keys, see UseOldReclaimTimeoutBehavior (#93).
- The sensitivity of the YubiKey’s capacitive touch sensor can now be temporarily adjusted with SetTemporaryTouchThreshold (#95).
Bug fixes:
- The ManagementKeyAlgorithm is now updated when the PIV Application is reset (#105).
- macOS input reports are now queued so that large responses aren't dropped (#84).
- Smart card handles are now opened shared by default. To open them exclusively, use OpenSmartCardHandlesExclusively with AppContext.SetSwitch (#83).
- A build issue that occurred when compiling
Yubico.NativeShimson MacOS has been fixed (#109). - The correct certificate OID friendly names are now used for ECDsaCng (nistP256) and ECDsaOpenSsl (ECDSA_P256) (#78).
Miscellaneous:
- The way that YubiKey device info is read by the SDK has changed, and as a result, the following GetDeviceInfo command classes have been deprecated (#91):
- Yubico.YubiKey.Management.Commands.GetDeviceInfoCommand
- Yubico.YubiKey.Otp.Commands.GetDeviceInfoCommand
- Yubico.YubiKey.U2f.Commands.GetDeviceInfoCommand
- Yubico.YubiKey.Management.Commands.GetDeviceInfoResponse
- Yubico.YubiKey.Otp.Commands.GetDeviceInfoResponse
- Yubico.YubiKey.U2f.Commands.GetDeviceInfoResponse
- Integration test guardrails have been added to ensure tests are done only on specified keys. (#100).
- Unit tests were run on all platforms in CI (#80).
Dependencies:
- The test packages xUnit and Microsoft.NET.Test.Sdk have been updated (#94).
New Contributors
- @alanssitis made their first contribution in #78
- @GregDomzalski made their first contribution in #83
- @twistedstream made their first contribution in #97
- @equijano21 made their first contribution in #102
- @AdamVe made their first contribution in #109
- @jamiehankins made their first contribution in #120
Full Changelog: 1.10.0...1.11.0