Tags · mjec/khefin

v0.6.1

Release 0.6.1

* Fix PIN support for disk encryption scripts (issue #31)
* Change initcpio scripts to use ramfs instead of encrypted loopback device
* Add --passphrase-file option
* Stop dropping privileges when run under sudo (issue #35)
* Bump warrant canary to 17 January 2021

Jan 17, 2021
12726f1
zip
tar.gz
Notes
Downloads

v0.6.0

Release 0.6.0

* Add PIN support (issue #28)
* Truncate newline from the end of passphrase provided non-interactively on STDIN

Nov 1, 2020
13f7d0b
zip
tar.gz
Notes
Downloads

v0.5.1

Release 0.5.1

* Bumped warrant canary to 30 October 2020
* Fix misleading section of the manual relating to reading passphrase on STDIN (issue #29)
* Add missing arguments in bash completion script
* `enumerate` prints devices even if they are not FIDO2-compatible (issue #23)

Oct 30, 2020
80bddd7
zip
tar.gz
Notes
Downloads

v0.5.0

Release 0.5.0

* Renamed to khefin
* Added initramfs-tools scripts (issue #19)
* Prompt for authenticator if not present during boot (issue #21)
* Small bug fixes and improvements

May 25, 2020
2ee183b
zip
tar.gz
Notes
Downloads

v0.4.3

Release v0.4.2

Adds ssh-askpass implementation

Jan 26, 2020
e3bf0c5
zip
tar.gz
Notes
Downloads

v0.4.2

Add --mixin parameter to generate

Jan 11, 2020
e313423
zip
tar.gz
Notes
Downloads

v0.4.1

Stable release

* Refactor code to make it possible to compile with GCC without warnings
* Update CI to run make against gcc as well as clang

Jan 11, 2020
7a7494d
zip
tar.gz
Notes
Downloads

v0.4.0

Stable release

* Make passphrase prompt output on STDERR instead of STDOUT
* Add fido2-hmac-secret-add-luks-key script (issue #1)
* Add setcap cap_ipc_lock+ep in install target, SETCAP_BINARY install flag (defaults to on), and remove setuid (issue #3)
* Change ALWAYS_SILENCE_MEMORY_LOCK_ERRORS to WARN_ON_MEMORY_LOCK_ERRORS and have it default to on
* Remove FIDO2_HMAC_SECRET_SILENCE_MEMLOCK_ERRORS environment variable
* Move bash-completion script from docs/ to scripts/
* Do not generate bash-completion script by default
* Include reasons for setuid root in README, and add ALWAYS_SILENCE_MEMORY_LOCK_ERRORS compile option (issue #3)
* Permit passphrase to be supplied on STDIN, if not a tty (issue #2)

Jan 11, 2020
fba8023
zip
tar.gz

v0.3.0

mkinitcpio hooks and bug fixes

* Add mkinitcpio hooks for using this with encrypted root device on Arch Linux
* Change "password" to "passphrase" everywhere
* Change `get_secret_consuming_authenticator_params` to stop consuming params, thus avoiding double-free
* Fix bug where providing an invalid subcommand did not print usage and exit with EXIT_BAD_INVOCATION
* Improve bash completion, removing invalid options for `generate`

Jan 2, 2020
ab86638
zip
tar.gz

52FD

v0.2.0

Change file format

* Remove use of device vendor & product ID, replace with AAGUID
* Fix double free bugs when the wrong authenticator device is used
* Fix reference to algorithm as uint32 in serialzie.c
* Add escaping for `-` in manpage.m4
* Convert spaces to tabs in bash-completion.m4

Jan 1, 2020
2933558
zip
tar.gz

PreviousNext

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.6.1

v0.6.0

v0.5.1

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

Tags: mjec/khefin