v0.5.1

Full Changelog: v0.5.0...v0.5.1

v0.5.0

On-device TOTP/HOTP for Token2 FIDO keys

Token2 PIN+ / FIDO2+ security keys can now store and manage TOTP/HOTP entries
that the key itself computes — provisioning seeds, listing entries, reading
codes, configuring the button-press HOTP, and reading device configuration —
over both USB-HID and PC/SC (NFC). Available in both keyroostctl and the
desktop app's new OTP pane.

The seed-bearing commands are wrapped in the device's ECDH (P-256) + AES-256-CBC
scheme, and the wire protocol is implemented as a pure, dependency-light byte
layer (keyroost-token2otp) with the vendor spec's worked examples reproduced
as known-answer tests and a fuzz target over the response parsers.

Contributed by @token2 — the device vendor and
author of the reference client — who provided the protocol specification and
implemented the transport, crypto, and UI against real hardware. keyroost
remains an independent project; see the README's acknowledgements.

Fixes

• No more ghost / duplicate Molto2 in the device list when a Token2 FIDO
  key is also connected (Windows). Molto2 detection was matching the bare
  "TOKEN2" brand in the PC/SC reader name, which Token2's FIDO keys share — it
  now matches the "Molto2" product name specifically. (#21)

Maintenance

• The release publish workflow's crates.io "already published?" probe now sends
  a User-Agent (crates.io rejects UA-less API requests), restoring re-run
  safety; crates.io publishing moved to OIDC Trusted Publishing (no stored
  token).

Install

cargo install keyroostctl / cargo install keyroost, or grab a prebuilt
archive below (each is covered by SHA256SUMS and a build-provenance attestation).

v0.4.0

PIV: from status view to full management — with on-card certificates

The headline of this release. The PIV applet went from a read-only status
panel to a complete management surface, in both keyroostctl piv and the
desktop app's PIV pane, hardware-verified end to end:

• Management-key authentication (AES-128/192/256 and 3DES, auto-detected
  — including the AES-192 default on newer YubiKey firmware), with rotation
  to a key of your own.
• On-card key generation: RSA 1024–4096, ECC P-256/P-384, Ed25519.
• Certificates, signed by the card itself: create a self-signed
  certificate straight into the slot, or a PKCS#10 CSR to hand to a
  certificate authority — the private key never leaves the device. All four
  signature families validated against OpenSSL.
• Certificate import/export, PIN & PUK change, PIN unblock, retry-count
  configuration, and a typed-confirmation applet reset.

Security hardening

A full-workspace review (quality, efficiency, simplicity, security) drove a
broad hardening pass:

• Robust against misbehaving devices: no panics, stack overflows, or
  unbounded allocations from malformed or hostile card/authenticator
  responses; device-driven loops and lengths are bounded everywhere.
• Memory hygiene: PINs, seeds, passwords, and key material are wiped
  after use across every layer — CLI buffers, GUI fields, transmitted APDUs,
  cipher key schedules, and the import pipeline (including decrypted Aegis
  vaults) — and secret-bearing traffic is redacted from --debug traces.
• Safer flows: typed secrets can no longer follow you from one device to
  another in the GUI; card probing no longer resets cards held by other
  software; destructive confirmations can't be silently dropped; secrets
  never appear in command-line arguments.
• Supply-chain posture: all CI actions SHA-pinned with least-privilege
  tokens, release artifacts ship with SHA256SUMS and GitHub build-provenance
  attestation, a cargo audit job watches advisories, and the fuzzing suite
  grew new targets (CTAP typed parsers, encrypted-vault handling).

Imports

• Encrypted Aegis vault parameters are capped against decompression-bomb
  style abuse; imported TOTP seeds are wiped end to end.
• Stricter base32/otpauth validation rejects malformed entries before
  anything is written to a device.
• Multi-code QR screenshots now salvage every readable code instead of
  failing the whole image on one damaged QR.

Desktop app

• Slow work (QR decode, vault decryption, every Molto2 operation) runs off
  the UI thread — no more frozen window during "Sync time (all)".
• Capability panes share one consistent scroll layout with a proper
  scrollbar gutter.
• Copied OTP codes auto-clear from the clipboard; seed fields clear after a
  successful write; warnings for factory-default customer keys and device
  clock drift.

Note for upgraders

The udev rule now matches FIDO devices by ID_SECURITY_TOKEN instead of the
HID interface class. If FIDO operations stop working after upgrading,
re-install the rule: copy udev/70-keyroost-fido.rules to
/etc/udev/rules.d/ and run sudo udevadm control --reload.

v0.3.0

What's Changed

• Cross-platform port (macOS/Windows) + three-OS CI matrix by @framefilter in #4
• Verify Fedora & Arch builds; document per-distro prerequisites by @framefilter in #5
• Release artifacts for macOS (universal2) and Windows by @framefilter in #6
• Publish a GitHub Release with artifacts on tag push by @framefilter in #7

Full Changelog: v0.2.0...v0.3.0