Skip to content

Clean up yk8 branch#28

Merged
obelisk merged 26 commits into
yk8from
yk8-thanh
Mar 10, 2026
Merged

Clean up yk8 branch#28
obelisk merged 26 commits into
yk8from
yk8-thanh

Conversation

@timweri
Copy link
Copy Markdown
Collaborator

@timweri timweri commented Apr 16, 2025
edited
Loading

Note: The large diff is due to the inclusion of Cargo.lock.

Followed #27 and implemented our own type which implements KeyType, allowing us to avoid importing p256 and p384. However, I used spki for signature verification instead of ring.

These tests work on:

  • Firmware 5.7.1 with default 3DES management keys:
  • Firmware 5.7.2 with default AES192 management keys:
cargo run --example yk-provision --features yubikey-support -- \
  --slot R3 --subject "my-test-key" --type p384

cargo run --example yk-provision --features yubikey-support -- \
  --slot R3 --subject "my-test-key" --type p256

cargo run --example yk-generate-csr --features yubikey-support -- -s R3

Management key parsing

When we parse management key, we need to now know the algorithm. So calls like unlock now needs to also query the Yubikey for the algorithm before parsing the management key.

@timweri timweri changed the title [WIP] Migrating from x509-parser to x509-cert Clean up yk8 branch Feb 16, 2026
timweri
timweri commented Feb 16, 2026
View reviewed changes
Comment thread src/yubikey/piv/management.rs Outdated
@timweri timweri marked this pull request as ready for review February 16, 2026 02:19
@timweri timweri requested a review from obelisk February 16, 2026 02:19
obelisk
obelisk reviewed Feb 16, 2026
View reviewed changes
Comment thread examples/yk-provision.rs
@timweri timweri requested a review from obelisk March 10, 2026 02:05
@obelisk obelisk merged commit d84039b into yk8 Mar 10, 2026
5 checks passed
obelisk added a commit that referenced this pull request Apr 30, 2026
@timweri @obelisk
Yk9 (#32)
bc18692 
* builds

* Works but not good

* More tested

* Bump authentictor-rs

* Remove x509-parser from piv management module

* Clean up test

* Clean up yk8 branch (#28)

* Port x509/mod.rs

* WIP PIV verification

* Revert x509-parser -> x509-cert migration

* Create nongeneric yk::provision variants

* Add generate csr example

* Resolve conflict

* cargo

* undo

* Update API

* First attempt at keytype

* fmt

* Remove macro

* Fix test

* Fix generate csr test fail

* Minimize diff

* Remove debug

* New CTAP2 API

* Check all PRs

* Support AES

* Use API to fetch mgm key algorithm

* breaking yk.unlock

* unbreak

* unbreak

* bump to 0.15.0

* Bump to yk9

* clean

* copilot fix

* Copilot fix

---------

Co-authored-by: Mitchell Grenier <mitchell@confurious.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@obelisk obelisk Awaiting requested review from obelisk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timweri @obelisk