yubikey-manager 5.5.1

Version 5.5.1 (released 2024-07-1)

• Bugfix: CLI - Don't use formatting that doesn't work on older Python versions.
  Note: As the 5.5.0 installers bundle Python 3.12, this will be a source-only release.
  Existing installers are unaffected by this issue.

yubikey-manager 5.5.0

Version 5.5.0 (released 2024-06-26)

• Add Secure Channel support to smartcard sessions.
• Support extended APDUs in the "apdu" command (this is now the default).
• HSMAuth: Treat management key as a PIN/password instead of a key, adding new CLI commands.
• PIV: Deprecate explicit passing of management key type when authenticating.
• CLI: Add "config nfc --restrict" command to set "NFC restricted mode".
• CLI: Display more information about PIN complexity and FIPS status for compatible YubiKeys.
• CLI: Improved error messages for illegal values of PIV PIN and PUK.
• CLI: Drop error messages for old 3.x commands.
• CLI: Removal of --upload for YubiCloud credentials. Export to CSV and upload via web instead.
• CLI: Add more detailed information to the CLI output for several commands.

yubikey-manager 5.4.0

Version 5.4.0 (released 2024-03-27)

• Support for YubiKey Bio Multi-protocol Edition.
• CLI: Improve error messages for several failures.
• Attempt to send SIGHUP to yubikey-agent if it is blocking the connection.
• Bugfix: Allow "fido config" to work when no PIN is set on the YubiKey.
• Bugfix: MacOS - Fix race condition resulting in unneeded delay in fido commands over USB.
• Bugfix: Linux - Fix error when listing OTP devices when no YubiKeys are attached.
• Bugfix: OpenPGP - Fix RSA key generation on YubiKey NEO.

yubikey-manager 5.3.0

Version 5.3.0 (released 2024-01-31)

• FIDO: Add new CLI commands for PIN management and authenticator config (force-change, set-min-length, toggle-always-uv, enable-ep-attestation).
• PIV: Improve handling of legacy "PUK blocked" flag.
• PIV: Improve handling of malformed certificates.
• PIV: Display key information in "piv info" output on supported devices.
• OTP: Fix some commands incorrectly showing errors when used over NFC/CCID.
• Add tab-completion for YubiKey serial numbers and NFC readers.

yubikey-manager 5.2.1

Version 5.2.1 (released 2023-10-10)

• Add support for Python 3.12.
• OATH: detect and remove corrupted credentials.
• Bugfix: HSMAUTH: Fix order of CLI arguments.

yubikey-manager 5.2.0

Version 5.2.0 (released 2023-08-21)

• PIV: Support for compressed certificates.
• OpenPGP: Use InvalidPinError for wrong PIN.
• Add YubiHSM Auth application support.
• Improved API documentation.
• Scripting: Add name attribute to device.
• Bugfix: PIV: don't throw InvalidPasswordError on malformed PEM private key.

yubikey-manager 5.1.1

Version 5.1.1 (released 2023-04-27)

• Bugfix: PIV: string representation of SLOT caused infinite loop on Python <3.11.
• Bugfix: Fix errors in 'ykman config nfc' on YubiKeys without NFC capability.
• Bugfix: Fix error message shown when invalid modhex input length given for YubiOTP.

yubikey-manager 5.1.0

Version 5.1.0 (released 2023-04-17)

• Add OpenPGP functionality to supported API.
• Add PIV key info command to CLI.
• PIV: Support signing prehashed data via API.
• Bugfix: Fix signing PIV certificates/CSRs with key that always requires PIN.
• Bugfix: Fix incorrect display name detection for certain keys over NFC.

yubikey-manager 5.0.1

Version 5.0.1 (released 2023-01-17)

• Bugfix: Fix the interactive confirmation prompt for some CLI commands.
• Bugfix: OpenPGP Signature PIN policy values were swapped.
• Bugfix: FIDO: Handle discoverable credentials that are missing name or displayName.
• Add support for Python 3.11.
• Remove extra whitespace characters from CLI into command output.

yubikey-manager 5.0.0

Version 5.0.0 (released 2022-10-19)

• Various cleanups and improvements to the API.
• Improvements to the handling of YubiKeys and connections.
• Command aliases for ykman 3.x (introduced in ykman 4.0) have now been dropped.
• Installers for ykman are now provided for Windows (amd64) and MacOS (universal2).
• Logging has been improved, and a new TRAFFIC level has been introduced.
• The codebase has been improved for scripting usage, either directly as a Python module, or via the new "ykman script" command.
  See doc/Scripting.adoc, doc/Library_Usage.adoc, and examples/ for more details.
• PIV: Add support for dotted-string OIDs when parsing RFC4514 strings.
• PIV: Drop support for signing certificates and CSRs with SHA-1.
• FIDO: Credential management commands have been improved to deal with ambiguity in certain cases.
• OATH: Access Keys ("remembered" passwords) are now stored in the system keyring.
• OpenPGP: Commands have been added to manage PINs.