Clean up yk8 branch by timweri · Pull Request #28 · obelisk/sshcerts

timweri · 2025-04-16T05:18:53Z

Note: The large diff is due to the inclusion of Cargo.lock.

Followed #27 and implemented our own type which implements KeyType, allowing us to avoid importing p256 and p384. However, I used spki for signature verification instead of ring.

These tests work on:

Firmware 5.7.1 with default 3DES management keys:
Firmware 5.7.2 with default AES192 management keys:

cargo run --example yk-provision --features yubikey-support -- \
  --slot R3 --subject "my-test-key" --type p384

cargo run --example yk-provision --features yubikey-support -- \
  --slot R3 --subject "my-test-key" --type p256

cargo run --example yk-generate-csr --features yubikey-support -- -s R3

Management key parsing

When we parse management key, we need to now know the algorithm. So calls like unlock now needs to also query the Yubikey for the algorithm before parsing the management key.

src/yubikey/piv/management.rs

examples/yk-provision.rs

timweri added 10 commits April 16, 2025 00:18

Port x509/mod.rs

c8a501b

WIP PIV verification

4ab3ebb

Merge remote-tracking branch 'origin/main' into yk8-thanh

f90438b

Revert x509-parser -> x509-cert migration

4ae4dd3

Create nongeneric yk::provision variants

005d106

Add generate csr example

530f994

Resolve conflict

e096b5a

cargo

7bbbcbd

merge

5693913

undo

0f88e93

timweri changed the title ~~[WIP] Migrating from x509-parser to x509-cert~~ Clean up yk8 branch Feb 16, 2026

Update API

99c330e

timweri force-pushed the yk8-thanh branch from f689253 to 99c330e Compare February 16, 2026 01:00

timweri added 5 commits February 15, 2026 20:36

First attempt at keytype

8e0c13f

fmt

8e302f7

Remove macro

631736b

Fix test

55fcfbd

Fix generate csr test fail

d927638

timweri commented Feb 16, 2026

View reviewed changes

src/yubikey/piv/management.rs Outdated Show resolved Hide resolved

timweri marked this pull request as ready for review February 16, 2026 02:19

timweri requested a review from obelisk February 16, 2026 02:19

timweri added 5 commits February 15, 2026 21:21

Minimize diff

68bb963

Merge remote-tracking branch 'origin/yk8' into yk8-thanh

f9b7b49

Remove debug

cd529f4

New CTAP2 API

ff0896c

Check all PRs

d029c42

obelisk reviewed Feb 16, 2026

View reviewed changes

examples/yk-provision.rs Show resolved Hide resolved

obelisk approved these changes Feb 16, 2026

View reviewed changes

timweri added 2 commits February 17, 2026 03:27

Support AES

81271fa

Use API to fetch mgm key algorithm

f2db633

breaking yk.unlock

e6d5a71

timweri requested a review from obelisk March 10, 2026 02:05

timweri added 2 commits March 9, 2026 22:12

unbreak

2879395

unbreak

10a1dc1

obelisk merged commit d84039b into yk8 Mar 10, 2026
5 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Clean up yk8 branch#28

Clean up yk8 branch#28
obelisk merged 26 commits intoyk8from
yk8-thanh

timweri commented Apr 16, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

timweri commented Apr 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Management key parsing

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

timweri commented Apr 16, 2025 •

edited

Loading