1.5.1

Release date: November 18th, 2022

Bug fixes:

• Fixed a bug in Yubico.NativeShims where a function parameter wasn't properly initialized. This
  affected enumeration of smart cards in some cases.
• Upgraded System.Formats.Cbor to 7.0.0 now that .NET 7 has been released.
• FIDO2 re-initializes the auth protocol after a failed PIN attempt. This now matches spec behavior.
• Upgraded the version of OpenSSL that Yubico.NativeShims uses to 3.0.7. Note: the SDK was not affected by any of
  the November 2022 security advisories.

1.5.0 - October 2022 release

Release date: October 28th, 2022

Features:

• YubiHSM Auth. YubiHSM Auth is a YubiKey application that stores the long-lived credentials used to
  establish secure sessions with a YubiHSM 2. The secure session protocol is based on Secure Channel Protocol
  3 (SCP03). The SDK adds full support for this application. This includes both management of credentials
  and creating the session keys for communicating with a YubiHSM 2.
• FIDO2 partial support. The basic building blocks for FIDO2 are now available. Making credentials and
  generating assertions are now possible using the SDK, along with verification using both PIN and biometric
  touch. Both PIN protocols are also available. Future releases will add additional FIDO2 functionality.

1.4.2

Release date: September 27th, 2022

Bug fixes:

• The UWP .NET Native toolchain has slightly different rules around P/Invoke name resolution than normal .NET,
  which caused UWP projects to crash when enumerating YubiKeys. Additional annotation has been added to some of
  the Windows API P/Invoke definitions to help the native compiler resolve the APIs and prevent these crashes.

1.4.1

Release date: September 12th, 2022

Bug fixes:

• TOTP calculations in the OATH application were incorrect. The OATH application was mistakenly using a random
  challenge instead of the time for calculation of TOTP credentials. This has been resolved.
• The device listener was attempting to modify a collection that it was also iterating over in a loop. This is
  not allowed by .NET. The list to iterate over is now a clone of the original list.
• MacOS does not always return properties of HID devices (including Vendor and Product IDs). This can cause
  the enumeration code path to fail on certain MacOS based devices, including Apple Silicon devices. The SDK now
  expects all HID properties to be optional and will skip over devices that don't have the minimum set required.

1.4.0 - June 2022 release

Release date: June 30th, 2022

Features:

• AES-based PIV management keys. Newer versions of the YubiKey (firmware 5.4.2 and above) have the ability to use AES-based encryption for the management key. This is in addition to the existing Triple-DES based management keys. Read the updated PIN, PUK, and Management Key article for more information.
• FIDO U2F. Applications using this SDK can now use the YubiKey's FIDO U2F application. This means that the SDK is now also enumerating the HID FIDO device, in addition to the HID keyboard and smart card devices exposed by the YubiKey. Use this feature if your application wants to handle U2F registration or authentication. Note that on Microsoft Windows, applications must run with elevated privileges in order to talk to FIDO devices. This is a requirement set in place by Microsoft. See FIDO U2F overview for more information.
• SCP03. Secure Channel Protocol 03 (also referred to as SCP03) is a Global Platform specification that allows clients of smart cards to encrypt all traffic to and from the card. Since the YubiKey can act as a smart card, this means that it is now possible to encrypt all traffic for the OATH, PIV, and OpenPGP applications. In order for this to work, however, your YubiKey must be pre-configured for this feature. Read more about SCP03 here.
• Debian, RHEL, and CentOS support. Our testing of Linux platforms has expanded to include the Debian, Red Hat Enterprise Linux (RHEL), and CentOS distributions. Please read running on Linux for more details.

Bug fixes:

• High CPU usage when the SDK can't connect to the smart card subsystem.
• Yubico.NativeShims DLL not found when using .NET Framework 4.x. Note that there is an additional issue with packages.config that is not able to be resolved. Developers are urged to upgrade to the newer method if at all possible. Manual installation of the Yubico.NativeShims library will be necessary if you are stuck on packages.config.
• "Duplicate resource" error when compiling for UWP applications.

1.3.1

Bug fixes:

• Applications targeting .NET Core 3.x, .NET 5, or higher would encounter an exception that said
  Microsoft.BCL.HashCode could not be found. Adding that NuGet reference manually would work around
  the issue. This issue has now been addressed and a work around is no longer required.
• An exception would be thrown if a YubiKey with a non-visible serial number was plugged in. This was
  a regression in behavior and has now been fixed.
• The reference to the newly introduced assembly Yubico.NativeShims was pinned to a pre-release version. This
  has been fixed and now points to the latest publicly listed package.

1.3.0 - March 2022 release

This release brings enhancements across the SDK.

Features:

• PIV Objects. There is now a new namespace, Yubico.YubiKey.Piv.Objects that contains high level representations of common PIV objects such as CHUID, CCC, and KeyHistory. These objects, paired with two new methods ReadObject and WriteObject provide a much easier mechanism for interacting with common PIV objects.
• Direct credential gathering. Some applications, such as PIV and OATH, require a user to authenticate using a PIN or password. The SDK has a robust mechanism called the KeyCollector for gathering credentials. Supplying a key collector will mean that your application will always be notified for the right credential at the right time. Sometimes, though, you may not want to use a key collector, and supplying the credential directly to the session is preferable. For this, we've added overloads to the most common credential gathering routines (e.g. TryVerifyPin) that allow you to provide the credential directly, without the need for a key collector.
• Feature queries. Rather than keeping track of YubiKey firmware versions and other properties, your application can now directly query a YubiKey to see whether it supports a particular feature.
• Protected PIV management keys. Some applications, such as YubiKey Manager or the YubiKey Smart Card Mini-Driver, may opt to only use the PIV PIN. It does this by storing the PIV management key in a PIN protected object and using the PIN to unlock the smart card. The SDK has been enlightened to these modes of operations and the PivSession will automatically detect and act appropriately. That is, the KeyCollector will automatically ask for a PIN instead of the Management key for keys that are configured in this way. No extra handling is required by your application.
• Yubico.NativeShims. A new internal-use library has been introduced to help facilitate better interoperability with the underlying native platform libraries. No functional changes should have occurred as a result of this change. This will instead open the door to broader support of platforms, specifically with regards to Linux distributions.

Bug fixes:

• Fixed a high CPU usage issue on Windows that was introduced in 1.2.0. This bug was encountered when multiple YubiKeys were plugged into a single computer, and the user reduced the number of keys to one.
• Fixed an issue where the interfaces and applications were not being reported correctly for YubiKey NEOs.

1.2.0 - February 2022 release

This release adds support for device notifications. Now, applications can be notified in real-time that a
YubiKey has been inserted or removed from the computer.

Device notifications are supported on all currently supported platforms.

1.1.0 - December release

This release marks the beginning of support for Linux platforms. The primary target for testing has been against Ubuntu Linux 20.04 LTS and 21.10. Other Ubuntu-based distributions should work as well. Additional Linux platforms may work based on their ABI compatibility with Ubuntu. Further distributions will be added to the supported list once thorough testing on those platforms has been completed.

Limited smart card only support may be present for additional distributions, as they depend on the PCSC-lite library.

1.0.1

Bug fixes:

• PIV: Fixed an issue that was preventing the SDK from allowing attestation to occur on certain slots.
• OATH Sample code: Fixed an issue that was causing an exception to be thrown during RunGetCredentials.
• PIV Sample code: Worked around an issue in the .NET BCL where certificate generation behavior was different on macOS from Windows.