From bf2be6b730d0deb01b7c6e3158a990e13870cdfa Mon Sep 17 00:00:00 2001
From: Thanh Nguyen <thanh@timweri.me>
Date: Sun, 15 Feb 2026 22:16:57 -0500
Subject: [PATCH 1/2] Prepare for yk8 bump

---
 Cargo.lock                          | 447 ++++++++++++++++++++++++----
 rustica-agent-cli/Cargo.toml        |   2 +-
 rustica-agent/Cargo.toml            |   5 +-
 rustica-agent/src/ffi/enrollment.rs |   9 +-
 rustica-agent/src/lib.rs            |   3 +-
 5 files changed, 389 insertions(+), 77 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 20bc0235..b887d254 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -584,9 +584,9 @@ dependencies = [
 
 [[package]]
 name = "authenticator"
-version = "0.4.0-alpha.24"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be346361f2602704c3a48d71530df852a59558b9774a144432d91fdfe775f298"
+checksum = "82d71e457dc518a15eecc90d3b0660dee4b51623b34ac4262c9326e0d7e0f8e2"
 dependencies = [
  "base64 0.21.7",
  "bitflags 1.3.2",
@@ -1010,6 +1010,12 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce"
 
+[[package]]
+name = "base16ct"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
+
 [[package]]
 name = "base64"
 version = "0.12.3"
@@ -1052,15 +1058,13 @@ checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
 
 [[package]]
 name = "bcrypt-pbkdf"
-version = "0.6.1"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12621b8e87feb183a6e5dbb315e49026b2229c4398797ee0ae2d1bc00aef41b9"
+checksum = "6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2"
 dependencies = [
  "blowfish",
- "crypto-mac",
- "pbkdf2 0.8.0",
- "sha2 0.9.9",
- "zeroize",
+ "pbkdf2 0.12.2",
+ "sha2 0.10.8",
 ]
 
 [[package]]
@@ -1164,13 +1168,12 @@ dependencies = [
 
 [[package]]
 name = "blowfish"
-version = "0.8.0"
+version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe3ff3fc1de48c1ac2e3341c4df38b0d1bfb8fdf04632a187c8b75aaa319a7ab"
+checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
 dependencies = [
  "byteorder",
- "cipher 0.3.0",
- "opaque-debug",
+ "cipher 0.4.4",
 ]
 
 [[package]]
@@ -1506,23 +1509,25 @@ dependencies = [
 ]
 
 [[package]]
-name = "crypto-common"
-version = "0.1.6"
+name = "crypto-bigint"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76"
 dependencies = [
  "generic-array",
- "typenum",
+ "rand_core",
+ "subtle",
+ "zeroize",
 ]
 
 [[package]]
-name = "crypto-mac"
-version = "0.11.1"
+name = "crypto-common"
+version = "0.1.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
 dependencies = [
  "generic-array",
- "subtle",
+ "typenum",
 ]
 
 [[package]]
@@ -1605,10 +1610,29 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
 dependencies = [
  "const-oid",
- "pem-rfc7468",
+ "pem-rfc7468 0.6.0",
+ "zeroize",
+]
+
+[[package]]
+name = "der"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
+dependencies = [
+ "const-oid",
+ "der_derive",
+ "flagset",
+ "pem-rfc7468 0.7.0",
  "zeroize",
 ]
 
+[[package]]
+name = "der"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71fd89660b2dc699704064e59e9dba0147b903e85319429e131620d022be411b"
+
 [[package]]
 name = "der-oid-macro"
 version = "0.4.0"
@@ -1661,6 +1685,17 @@ dependencies = [
  "rusticata-macros 4.1.0",
 ]
 
+[[package]]
+name = "der_derive"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.116",
+]
+
 [[package]]
 name = "deranged"
 version = "0.5.6"
@@ -1827,10 +1862,24 @@ version = "0.14.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
 dependencies = [
- "der",
- "elliptic-curve",
- "rfc6979",
- "signature",
+ "der 0.6.1",
+ "elliptic-curve 0.12.3",
+ "rfc6979 0.3.1",
+ "signature 1.6.4",
+]
+
+[[package]]
+name = "ecdsa"
+version = "0.16.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
+dependencies = [
+ "der 0.7.10",
+ "digest 0.10.7",
+ "elliptic-curve 0.13.8",
+ "rfc6979 0.4.0",
+ "signature 2.2.0",
+ "spki 0.7.3",
 ]
 
 [[package]]
@@ -1927,18 +1976,39 @@ version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
 dependencies = [
- "base16ct",
- "crypto-bigint",
- "der",
+ "base16ct 0.1.1",
+ "crypto-bigint 0.4.9",
+ "der 0.6.1",
+ "digest 0.10.7",
+ "ff 0.12.1",
+ "generic-array",
+ "group 0.12.1",
+ "hkdf",
+ "pem-rfc7468 0.6.0",
+ "pkcs8 0.9.0",
+ "rand_core",
+ "sec1 0.3.0",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "elliptic-curve"
+version = "0.13.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
+dependencies = [
+ "base16ct 0.2.0",
+ "crypto-bigint 0.5.5",
  "digest 0.10.7",
- "ff",
+ "ff 0.13.1",
  "generic-array",
- "group",
+ "group 0.13.0",
  "hkdf",
- "pem-rfc7468",
- "pkcs8",
+ "pem-rfc7468 0.7.0",
+ "pkcs8 0.10.2",
  "rand_core",
- "sec1",
+ "sec1 0.7.3",
  "subtle",
  "zeroize",
 ]
@@ -2127,6 +2197,16 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "ff"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
+dependencies = [
+ "rand_core",
+ "subtle",
+]
+
 [[package]]
 name = "find-msvc-tools"
 version = "0.1.9"
@@ -2139,6 +2219,12 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"
 
+[[package]]
+name = "flagset"
+version = "0.4.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe"
+
 [[package]]
 name = "flate2"
 version = "1.0.30"
@@ -2310,6 +2396,7 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
 dependencies = [
  "typenum",
  "version_check",
+ "zeroize",
 ]
 
 [[package]]
@@ -2432,7 +2519,18 @@ version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
 dependencies = [
- "ff",
+ "ff 0.12.1",
+ "rand_core",
+ "subtle",
+]
+
+[[package]]
+name = "group"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
+dependencies = [
+ "ff 0.13.1",
  "rand_core",
  "subtle",
 ]
@@ -3611,8 +3709,20 @@ version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594"
 dependencies = [
- "ecdsa",
- "elliptic-curve",
+ "ecdsa 0.14.8",
+ "elliptic-curve 0.12.3",
+ "sha2 0.10.8",
+]
+
+[[package]]
+name = "p256"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
+dependencies = [
+ "ecdsa 0.16.9",
+ "elliptic-curve 0.13.8",
+ "primeorder",
  "sha2 0.10.8",
 ]
 
@@ -3622,8 +3732,20 @@ version = "0.11.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa"
 dependencies = [
- "ecdsa",
- "elliptic-curve",
+ "ecdsa 0.14.8",
+ "elliptic-curve 0.12.3",
+ "sha2 0.10.8",
+]
+
+[[package]]
+name = "p384"
+version = "0.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6"
+dependencies = [
+ "ecdsa 0.16.9",
+ "elliptic-curve 0.13.8",
+ "primeorder",
  "sha2 0.10.8",
 ]
 
@@ -3673,20 +3795,21 @@ checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
 
 [[package]]
 name = "pbkdf2"
-version = "0.8.0"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d95f5254224e617595d2cc3cc73ff0a5eaf2637519e25f03388154e9378b6ffa"
+checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917"
 dependencies = [
- "crypto-mac",
+ "digest 0.10.7",
 ]
 
 [[package]]
 name = "pbkdf2"
-version = "0.11.0"
+version = "0.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917"
+checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
 dependencies = [
  "digest 0.10.7",
+ "hmac",
 ]
 
 [[package]]
@@ -3727,6 +3850,15 @@ dependencies = [
  "base64ct",
 ]
 
+[[package]]
+name = "pem-rfc7468"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
+dependencies = [
+ "base64ct",
+]
+
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -3792,20 +3924,41 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719"
 dependencies = [
- "der",
- "pkcs8",
- "spki",
+ "der 0.6.1",
+ "pkcs8 0.9.0",
+ "spki 0.6.0",
  "zeroize",
 ]
 
+[[package]]
+name = "pkcs1"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
+dependencies = [
+ "der 0.7.10",
+ "pkcs8 0.10.2",
+ "spki 0.7.3",
+]
+
 [[package]]
 name = "pkcs8"
 version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
 dependencies = [
- "der",
- "spki",
+ "der 0.6.1",
+ "spki 0.6.0",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der 0.7.10",
+ "spki 0.7.3",
 ]
 
 [[package]]
@@ -3880,6 +4033,15 @@ dependencies = [
  "syn 1.0.109",
 ]
 
+[[package]]
+name = "primeorder"
+version = "0.13.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
+dependencies = [
+ "elliptic-curve 0.13.8",
+]
+
 [[package]]
 name = "proc-macro-crate"
 version = "1.3.1"
@@ -4140,11 +4302,21 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
 dependencies = [
- "crypto-bigint",
+ "crypto-bigint 0.4.9",
  "hmac",
  "zeroize",
 ]
 
+[[package]]
+name = "rfc6979"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
+dependencies = [
+ "hmac",
+ "subtle",
+]
+
 [[package]]
 name = "ring"
 version = "0.16.20"
@@ -4186,15 +4358,36 @@ dependencies = [
  "num-integer",
  "num-iter",
  "num-traits",
- "pkcs1",
- "pkcs8",
+ "pkcs1 0.4.1",
+ "pkcs8 0.9.0",
  "rand_core",
- "signature",
+ "signature 1.6.4",
  "smallvec",
  "subtle",
  "zeroize",
 ]
 
+[[package]]
+name = "rsa"
+version = "0.9.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40a0376c50d0358279d9d643e4bf7b7be212f1f4ff1da9070a7b54d22ef75c88"
+dependencies = [
+ "const-oid",
+ "digest 0.10.7",
+ "num-bigint-dig",
+ "num-integer",
+ "num-traits",
+ "pkcs1 0.7.5",
+ "pkcs8 0.10.2",
+ "rand_core",
+ "sha2 0.10.8",
+ "signature 2.2.0",
+ "spki 0.7.3",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "runloop"
 version = "0.1.0"
@@ -4241,7 +4434,7 @@ dependencies = [
  "ring 0.17.13",
  "serde",
  "serde_json",
- "sshcerts",
+ "sshcerts 0.14.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "tokio",
  "toml 0.5.11",
  "tonic",
@@ -4265,13 +4458,13 @@ dependencies = [
  "serde",
  "serde_derive",
  "sha2 0.9.9",
- "sshcerts",
+ "sshcerts 0.14.0 (git+https://github.com/obelisk/sshcerts?branch=yk8-thanh)",
  "tokio",
  "toml 0.7.8",
  "tonic",
  "tonic-build",
  "x509-parser 0.15.1",
- "yubikey",
+ "yubikey 0.8.0",
  "zstd",
 ]
 
@@ -4287,7 +4480,7 @@ dependencies = [
  "rustica-agent",
  "tokio",
  "toml 0.7.8",
- "yubikey",
+ "yubikey 0.8.0",
 ]
 
 [[package]]
@@ -4463,10 +4656,24 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"
 dependencies = [
- "base16ct",
- "der",
+ "base16ct 0.1.1",
+ "der 0.6.1",
+ "generic-array",
+ "pkcs8 0.9.0",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "sec1"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
+dependencies = [
+ "base16ct 0.2.0",
+ "der 0.7.10",
  "generic-array",
- "pkcs8",
+ "pkcs8 0.10.2",
  "subtle",
  "zeroize",
 ]
@@ -4670,6 +4877,16 @@ dependencies = [
  "rand_core",
 ]
 
+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest 0.10.7",
+ "rand_core",
+]
+
 [[package]]
 name = "simd-adler32"
 version = "0.3.7"
@@ -4774,7 +4991,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
 dependencies = [
  "base64ct",
- "der",
+ "der 0.6.1",
+]
+
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der 0.7.10",
 ]
 
 [[package]]
@@ -4782,6 +5009,23 @@ name = "sshcerts"
 version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ea86255551f89d85d725a8aa6c795e87f582c4a152563defec247f76600416ee"
+dependencies = [
+ "base64 0.13.1",
+ "chrono",
+ "der-parser 5.1.2",
+ "minicbor",
+ "rcgen",
+ "ring 0.17.13",
+ "x509",
+ "x509-parser 0.15.1",
+ "yubikey 0.7.0",
+ "zeroize",
+]
+
+[[package]]
+name = "sshcerts"
+version = "0.14.0"
+source = "git+https://github.com/obelisk/sshcerts?branch=yk8-thanh#d029c4270c6be0510e21f7379430176a887d579a"
 dependencies = [
  "aes 0.7.5",
  "authenticator",
@@ -4790,15 +5034,18 @@ dependencies = [
  "chrono",
  "ctap-hid-fido2",
  "ctr",
+ "der 0.8.0",
  "der-parser 5.1.2",
  "minicbor",
  "num-bigint",
  "rcgen",
  "ring 0.17.13",
+ "signature 2.2.0",
  "simple_asn1",
  "x509",
+ "x509-cert",
  "x509-parser 0.15.1",
- "yubikey",
+ "yubikey 0.8.0",
  "zeroize",
 ]
 
@@ -5067,6 +5314,27 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
+[[package]]
+name = "tls_codec"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a"
+dependencies = [
+ "tls_codec_derive",
+ "zeroize",
+]
+
+[[package]]
+name = "tls_codec_derive"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.116",
+]
+
 [[package]]
 name = "tokio"
 version = "1.37.0"
@@ -6069,6 +6337,20 @@ dependencies = [
  "cookie-factory",
 ]
 
+[[package]]
+name = "x509-cert"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94"
+dependencies = [
+ "const-oid",
+ "der 0.7.10",
+ "sha1",
+ "signature 2.2.0",
+ "spki 0.7.3",
+ "tls_codec",
+]
+
 [[package]]
 name = "x509-parser"
 version = "0.14.0"
@@ -6165,24 +6447,24 @@ version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "10e6fa9476951a9b93d9a31aa5554b5bbac7aafdc5b23e663eb3f9b635c86053"
 dependencies = [
- "base16ct",
+ "base16ct 0.1.1",
  "chrono",
  "cookie-factory",
  "der-parser 8.2.0",
  "des",
- "elliptic-curve",
+ "elliptic-curve 0.12.3",
  "hmac",
  "log",
  "nom 7.1.3",
  "num-bigint-dig",
  "num-integer",
  "num-traits",
- "p256",
- "p384",
+ "p256 0.11.1",
+ "p384 0.11.2",
  "pbkdf2 0.11.0",
  "pcsc",
  "rand_core",
- "rsa",
+ "rsa 0.7.2",
  "secrecy",
  "sha1",
  "sha2 0.10.8",
@@ -6193,6 +6475,39 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "yubikey"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d1efb43c1e3edd4cf871c8dc500d900abfa083c1f2bab10b781ea8ffcadedcb"
+dependencies = [
+ "base16ct 0.2.0",
+ "der 0.7.10",
+ "des",
+ "ecdsa 0.16.9",
+ "elliptic-curve 0.13.8",
+ "hmac",
+ "log",
+ "nom 7.1.3",
+ "num-bigint-dig",
+ "num-integer",
+ "num-traits",
+ "p256 0.13.2",
+ "p384 0.13.1",
+ "pbkdf2 0.12.2",
+ "pcsc",
+ "rand_core",
+ "rsa 0.9.9",
+ "secrecy",
+ "sha1",
+ "sha2 0.10.8",
+ "signature 2.2.0",
+ "subtle",
+ "uuid",
+ "x509-cert",
+ "zeroize",
+]
+
 [[package]]
 name = "zbus"
 version = "3.15.2"
diff --git a/rustica-agent-cli/Cargo.toml b/rustica-agent-cli/Cargo.toml
index 9f9dc342..3799adfd 100644
--- a/rustica-agent-cli/Cargo.toml
+++ b/rustica-agent-cli/Cargo.toml
@@ -17,4 +17,4 @@ notify-rust = "4"
 rustica-agent = { path = "../rustica-agent", default-features = false }
 tokio = { version = "1", features = ["full"] }
 toml = "0.7"
-yubikey = "0.7"
+yubikey = "0.8"
diff --git a/rustica-agent/Cargo.toml b/rustica-agent/Cargo.toml
index acabe0b1..9f781b8d 100644
--- a/rustica-agent/Cargo.toml
+++ b/rustica-agent/Cargo.toml
@@ -24,7 +24,8 @@ serde = "1.0.97"
 serde_derive = "1.0"
 sha2 = "0.9.2"
 # For Production
-sshcerts = { version = "0.14.0" }
+# sshcerts = { version = "0.14.0" }
+sshcerts = { git = "https://github.com/obelisk/sshcerts", branch = "yk8-thanh" }
 # For Development
 # sshcerts = { path = "../../sshcerts", features = [
 #     "yubikey-support",
@@ -33,7 +34,7 @@ sshcerts = { version = "0.14.0" }
 tokio = { version = "1", features = ["full"] }
 toml = "0.7"
 tonic = { version = "0.9", features = ["tls"] }
-yubikey = { version = "0.7", features = ["untested"] }
+yubikey = { version = "0.8", features = ["untested"] }
 x509-parser = { version = "0.15", features = ["verify"] }
 
 # Dependencies for allowed_signers feature
diff --git a/rustica-agent/src/ffi/enrollment.rs b/rustica-agent/src/ffi/enrollment.rs
index 39232449..69c3a9eb 100644
--- a/rustica-agent/src/ffi/enrollment.rs
+++ b/rustica-agent/src/ffi/enrollment.rs
@@ -8,7 +8,7 @@ use crate::{PIVAttestation, Signatory, YubikeySigner};
 use sshcerts::error::Error as SSHCertsError;
 use sshcerts::fido::generate::generate_new_ssh_key;
 use sshcerts::fido::Error as FidoError;
-use sshcerts::yubikey::piv::{AlgorithmId, PinPolicy, SlotId, TouchPolicy, Yubikey};
+use sshcerts::yubikey::piv::{PinPolicy, SlotId, TouchPolicy, Yubikey};
 use std::fs::File;
 use tokio::runtime::Runtime;
 
@@ -213,7 +213,6 @@ pub unsafe extern "C" fn generate_and_enroll(
     let management_key = hex::decode(&management_key.to_str().unwrap()).unwrap();
     let subject = CStr::from_ptr(subject);
 
-    let alg = AlgorithmId::EccP384;
     let slot = SlotId::try_from(slot).unwrap();
 
     let touch_policy = match touch_policy {
@@ -238,10 +237,9 @@ pub unsafe extern "C" fn generate_and_enroll(
         return false;
     }
 
-    let key_config = match yk.provision(
+    let key_config = match yk.provision_p384(
         &slot,
         subject.to_str().unwrap(),
-        alg,
         touch_policy,
         pin_policy,
     ) {
@@ -300,7 +298,6 @@ pub unsafe extern "C" fn provision_piv(
     pin: *const c_char,
     management_key: *const c_char,
 ) -> bool {
-    let alg = AlgorithmId::EccP384;
     let slot = SlotId::try_from(slot).unwrap();
 
     println!("Provisioning new PIV key in slot {:?}", slot);
@@ -318,5 +315,5 @@ pub unsafe extern "C" fn provision_piv(
         return false
     }
 
-    yk.provision(&slot, subject.to_str().unwrap(), alg, policy, PinPolicy::Never).is_ok()
+    yk.provision_p384(&slot, subject.to_str().unwrap(), policy, PinPolicy::Never).is_ok()
 }
diff --git a/rustica-agent/src/lib.rs b/rustica-agent/src/lib.rs
index f8b08fd9..df86972b 100644
--- a/rustica-agent/src/lib.rs
+++ b/rustica-agent/src/lib.rs
@@ -527,10 +527,9 @@ pub async fn provision_new_key(
         return None;
     }
 
-    match yk.provision(
+    match yk.provision_p384(
         &yubikey.slot,
         subj,
-        AlgorithmId::EccP384,
         policy,
         pin_policy,
     ) {

From 9e99420308c09fc63e1f442c82a389e1c572c707 Mon Sep 17 00:00:00 2001
From: Thanh Nguyen <thanh@timweri.me>
Date: Sun, 15 Feb 2026 22:19:48 -0500
Subject: [PATCH 2/2] Bump sshcerts

---
 Cargo.lock         | 370 ++++++---------------------------------------
 rustica/Cargo.toml |   9 +-
 2 files changed, 51 insertions(+), 328 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b887d254..817e3b00 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1004,12 +1004,6 @@ dependencies = [
  "rustc-demangle",
 ]
 
-[[package]]
-name = "base16ct"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce"
-
 [[package]]
 name = "base16ct"
 version = "0.2.0"
@@ -1063,7 +1057,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2"
 dependencies = [
  "blowfish",
- "pbkdf2 0.12.2",
+ "pbkdf2",
  "sha2 0.10.8",
 ]
 
@@ -1496,18 +1490,6 @@ version = "0.8.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345"
 
-[[package]]
-name = "crypto-bigint"
-version = "0.4.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
-dependencies = [
- "generic-array",
- "rand_core",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "crypto-bigint"
 version = "0.5.5"
@@ -1603,17 +1585,6 @@ version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2"
 
-[[package]]
-name = "der"
-version = "0.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
-dependencies = [
- "const-oid",
- "pem-rfc7468 0.6.0",
- "zeroize",
-]
-
 [[package]]
 name = "der"
 version = "0.7.10"
@@ -1623,7 +1594,7 @@ dependencies = [
  "const-oid",
  "der_derive",
  "flagset",
- "pem-rfc7468 0.7.0",
+ "pem-rfc7468",
  "zeroize",
 ]
 
@@ -1856,18 +1827,6 @@ dependencies = [
  "syn 2.0.116",
 ]
 
-[[package]]
-name = "ecdsa"
-version = "0.14.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
-dependencies = [
- "der 0.6.1",
- "elliptic-curve 0.12.3",
- "rfc6979 0.3.1",
- "signature 1.6.4",
-]
-
 [[package]]
 name = "ecdsa"
 version = "0.16.9"
@@ -1876,10 +1835,10 @@ checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
 dependencies = [
  "der 0.7.10",
  "digest 0.10.7",
- "elliptic-curve 0.13.8",
- "rfc6979 0.4.0",
- "signature 2.2.0",
- "spki 0.7.3",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+ "spki",
 ]
 
 [[package]]
@@ -1970,45 +1929,23 @@ version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2"
 
-[[package]]
-name = "elliptic-curve"
-version = "0.12.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
-dependencies = [
- "base16ct 0.1.1",
- "crypto-bigint 0.4.9",
- "der 0.6.1",
- "digest 0.10.7",
- "ff 0.12.1",
- "generic-array",
- "group 0.12.1",
- "hkdf",
- "pem-rfc7468 0.6.0",
- "pkcs8 0.9.0",
- "rand_core",
- "sec1 0.3.0",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "elliptic-curve"
 version = "0.13.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
 dependencies = [
- "base16ct 0.2.0",
- "crypto-bigint 0.5.5",
+ "base16ct",
+ "crypto-bigint",
  "digest 0.10.7",
- "ff 0.13.1",
+ "ff",
  "generic-array",
- "group 0.13.0",
+ "group",
  "hkdf",
- "pem-rfc7468 0.7.0",
- "pkcs8 0.10.2",
+ "pem-rfc7468",
+ "pkcs8",
  "rand_core",
- "sec1 0.7.3",
+ "sec1",
  "subtle",
  "zeroize",
 ]
@@ -2187,16 +2124,6 @@ dependencies = [
  "simd-adler32",
 ]
 
-[[package]]
-name = "ff"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
-dependencies = [
- "rand_core",
- "subtle",
-]
-
 [[package]]
 name = "ff"
 version = "0.13.1"
@@ -2513,24 +2440,13 @@ dependencies = [
  "gl_generator",
 ]
 
-[[package]]
-name = "group"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
-dependencies = [
- "ff 0.12.1",
- "rand_core",
- "subtle",
-]
-
 [[package]]
 name = "group"
 version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
 dependencies = [
- "ff 0.13.1",
+ "ff",
  "rand_core",
  "subtle",
 ]
@@ -3703,48 +3619,26 @@ dependencies = [
  "ttf-parser",
 ]
 
-[[package]]
-name = "p256"
-version = "0.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594"
-dependencies = [
- "ecdsa 0.14.8",
- "elliptic-curve 0.12.3",
- "sha2 0.10.8",
-]
-
 [[package]]
 name = "p256"
 version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
 dependencies = [
- "ecdsa 0.16.9",
- "elliptic-curve 0.13.8",
+ "ecdsa",
+ "elliptic-curve",
  "primeorder",
  "sha2 0.10.8",
 ]
 
-[[package]]
-name = "p384"
-version = "0.11.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa"
-dependencies = [
- "ecdsa 0.14.8",
- "elliptic-curve 0.12.3",
- "sha2 0.10.8",
-]
-
 [[package]]
 name = "p384"
 version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6"
 dependencies = [
- "ecdsa 0.16.9",
- "elliptic-curve 0.13.8",
+ "ecdsa",
+ "elliptic-curve",
  "primeorder",
  "sha2 0.10.8",
 ]
@@ -3793,15 +3687,6 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
 
-[[package]]
-name = "pbkdf2"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917"
-dependencies = [
- "digest 0.10.7",
-]
-
 [[package]]
 name = "pbkdf2"
 version = "0.12.2"
@@ -3841,15 +3726,6 @@ dependencies = [
  "serde",
 ]
 
-[[package]]
-name = "pem-rfc7468"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac"
-dependencies = [
- "base64ct",
-]
-
 [[package]]
 name = "pem-rfc7468"
 version = "0.7.0"
@@ -3918,18 +3794,6 @@ dependencies = [
  "futures-io",
 ]
 
-[[package]]
-name = "pkcs1"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719"
-dependencies = [
- "der 0.6.1",
- "pkcs8 0.9.0",
- "spki 0.6.0",
- "zeroize",
-]
-
 [[package]]
 name = "pkcs1"
 version = "0.7.5"
@@ -3937,18 +3801,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
 dependencies = [
  "der 0.7.10",
- "pkcs8 0.10.2",
- "spki 0.7.3",
-]
-
-[[package]]
-name = "pkcs8"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
-dependencies = [
- "der 0.6.1",
- "spki 0.6.0",
+ "pkcs8",
+ "spki",
 ]
 
 [[package]]
@@ -3958,7 +3812,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
 dependencies = [
  "der 0.7.10",
- "spki 0.7.3",
+ "spki",
 ]
 
 [[package]]
@@ -4039,7 +3893,7 @@ version = "0.13.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6"
 dependencies = [
- "elliptic-curve 0.13.8",
+ "elliptic-curve",
 ]
 
 [[package]]
@@ -4296,17 +4150,6 @@ dependencies = [
  "winreg",
 ]
 
-[[package]]
-name = "rfc6979"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
-dependencies = [
- "crypto-bigint 0.4.9",
- "hmac",
- "zeroize",
-]
-
 [[package]]
 name = "rfc6979"
 version = "0.4.0"
@@ -4346,27 +4189,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "rsa"
-version = "0.7.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
-dependencies = [
- "byteorder",
- "digest 0.10.7",
- "num-bigint-dig",
- "num-integer",
- "num-iter",
- "num-traits",
- "pkcs1 0.4.1",
- "pkcs8 0.9.0",
- "rand_core",
- "signature 1.6.4",
- "smallvec",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "rsa"
 version = "0.9.9"
@@ -4378,12 +4200,12 @@ dependencies = [
  "num-bigint-dig",
  "num-integer",
  "num-traits",
- "pkcs1 0.7.5",
- "pkcs8 0.10.2",
+ "pkcs1",
+ "pkcs8",
  "rand_core",
  "sha2 0.10.8",
- "signature 2.2.0",
- "spki 0.7.3",
+ "signature",
+ "spki",
  "subtle",
  "zeroize",
 ]
@@ -4434,7 +4256,7 @@ dependencies = [
  "ring 0.17.13",
  "serde",
  "serde_json",
- "sshcerts 0.14.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "sshcerts",
  "tokio",
  "toml 0.5.11",
  "tonic",
@@ -4458,13 +4280,13 @@ dependencies = [
  "serde",
  "serde_derive",
  "sha2 0.9.9",
- "sshcerts 0.14.0 (git+https://github.com/obelisk/sshcerts?branch=yk8-thanh)",
+ "sshcerts",
  "tokio",
  "toml 0.7.8",
  "tonic",
  "tonic-build",
  "x509-parser 0.15.1",
- "yubikey 0.8.0",
+ "yubikey",
  "zstd",
 ]
 
@@ -4480,7 +4302,7 @@ dependencies = [
  "rustica-agent",
  "tokio",
  "toml 0.7.8",
- "yubikey 0.8.0",
+ "yubikey",
 ]
 
 [[package]]
@@ -4650,30 +4472,16 @@ dependencies = [
  "tiny-skia",
 ]
 
-[[package]]
-name = "sec1"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"
-dependencies = [
- "base16ct 0.1.1",
- "der 0.6.1",
- "generic-array",
- "pkcs8 0.9.0",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "sec1"
 version = "0.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
 dependencies = [
- "base16ct 0.2.0",
+ "base16ct",
  "der 0.7.10",
  "generic-array",
- "pkcs8 0.10.2",
+ "pkcs8",
  "subtle",
  "zeroize",
 ]
@@ -4867,16 +4675,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "signature"
-version = "1.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
-dependencies = [
- "digest 0.10.7",
- "rand_core",
-]
-
 [[package]]
 name = "signature"
 version = "2.2.0"
@@ -4984,16 +4782,6 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
-[[package]]
-name = "spki"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
-dependencies = [
- "base64ct",
- "der 0.6.1",
-]
-
 [[package]]
 name = "spki"
 version = "0.7.3"
@@ -5004,24 +4792,6 @@ dependencies = [
  "der 0.7.10",
 ]
 
-[[package]]
-name = "sshcerts"
-version = "0.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea86255551f89d85d725a8aa6c795e87f582c4a152563defec247f76600416ee"
-dependencies = [
- "base64 0.13.1",
- "chrono",
- "der-parser 5.1.2",
- "minicbor",
- "rcgen",
- "ring 0.17.13",
- "x509",
- "x509-parser 0.15.1",
- "yubikey 0.7.0",
- "zeroize",
-]
-
 [[package]]
 name = "sshcerts"
 version = "0.14.0"
@@ -5040,12 +4810,12 @@ dependencies = [
  "num-bigint",
  "rcgen",
  "ring 0.17.13",
- "signature 2.2.0",
+ "signature",
  "simple_asn1",
  "x509",
  "x509-cert",
  "x509-parser 0.15.1",
- "yubikey 0.8.0",
+ "yubikey",
  "zeroize",
 ]
 
@@ -6346,29 +6116,11 @@ dependencies = [
  "const-oid",
  "der 0.7.10",
  "sha1",
- "signature 2.2.0",
- "spki 0.7.3",
+ "signature",
+ "spki",
  "tls_codec",
 ]
 
-[[package]]
-name = "x509-parser"
-version = "0.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0ecbeb7b67ce215e40e3cc7f2ff902f94a223acf44995934763467e7b1febc8"
-dependencies = [
- "asn1-rs 0.5.2",
- "base64 0.13.1",
- "data-encoding",
- "der-parser 8.2.0",
- "lazy_static",
- "nom 7.1.3",
- "oid-registry 0.6.1",
- "rusticata-macros 4.1.0",
- "thiserror",
- "time",
-]
-
 [[package]]
 name = "x509-parser"
 version = "0.15.1"
@@ -6441,67 +6193,33 @@ dependencies = [
  "time",
 ]
 
-[[package]]
-name = "yubikey"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10e6fa9476951a9b93d9a31aa5554b5bbac7aafdc5b23e663eb3f9b635c86053"
-dependencies = [
- "base16ct 0.1.1",
- "chrono",
- "cookie-factory",
- "der-parser 8.2.0",
- "des",
- "elliptic-curve 0.12.3",
- "hmac",
- "log",
- "nom 7.1.3",
- "num-bigint-dig",
- "num-integer",
- "num-traits",
- "p256 0.11.1",
- "p384 0.11.2",
- "pbkdf2 0.11.0",
- "pcsc",
- "rand_core",
- "rsa 0.7.2",
- "secrecy",
- "sha1",
- "sha2 0.10.8",
- "subtle",
- "uuid",
- "x509",
- "x509-parser 0.14.0",
- "zeroize",
-]
-
 [[package]]
 name = "yubikey"
 version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d1efb43c1e3edd4cf871c8dc500d900abfa083c1f2bab10b781ea8ffcadedcb"
 dependencies = [
- "base16ct 0.2.0",
+ "base16ct",
  "der 0.7.10",
  "des",
- "ecdsa 0.16.9",
- "elliptic-curve 0.13.8",
+ "ecdsa",
+ "elliptic-curve",
  "hmac",
  "log",
  "nom 7.1.3",
  "num-bigint-dig",
  "num-integer",
  "num-traits",
- "p256 0.13.2",
- "p384 0.13.1",
- "pbkdf2 0.12.2",
+ "p256",
+ "p384",
+ "pbkdf2",
  "pcsc",
  "rand_core",
- "rsa 0.9.9",
+ "rsa",
  "secrecy",
  "sha1",
  "sha2 0.10.8",
- "signature 2.2.0",
+ "signature",
  "subtle",
  "uuid",
  "x509-cert",
diff --git a/rustica/Cargo.toml b/rustica/Cargo.toml
index d466f130..8004b850 100644
--- a/rustica/Cargo.toml
+++ b/rustica/Cargo.toml
@@ -40,12 +40,17 @@ serde = { version = "1.0", features = ["derive"] }
 #     "x509-support",
 #     "yubikey-lite",
 # ] }
-# For Development
-sshcerts = { version = "0.14.0", default-features = false, features = [
+sshcerts = { git = "https://github.com/obelisk/sshcerts", branch = "yk8-thanh", default-features = false, features = [
     "fido-lite",
     "x509-support",
     "yubikey-lite",
 ] }
+# For Development
+# sshcerts = { version = "0.14.0", default-features = false, features = [
+#     "fido-lite",
+#     "x509-support",
+#     "yubikey-lite",
+# ] }
 # sshcerts = { path = "../../sshcerts", default-features = false, features = [
 #     "fido-lite",
 #     "x509-support",