Nightly Stable

This is a stable nightly build.

Nightly Development

This is a development nightly automatic build.

Version 5.12

This is a release which solves some bugs and adds enhancements.

New

• Add support to ESP32-S3.
• Add support to RP2350 MCU.
• Add support to multiple boards with RP2350.

Enhancements

• Add EF.DIR list AID.
• Emulation uses pthread thread synchronization for a reliable integration.
• CCID interface is better thread synchronized.
• Upgrade to Pico SDK 2.0.

Changes

• Rewritten HID interface to minimize the number of memcpy's. Now, it uses a single internal buffer, which speeds notably the overall performance.
• HID manages thread synchronicity more precisely.
• RP2350 boards use partitions to prevent data space be overwritten by firmware.
• Emulation does not use crt_dbrg since it is not reliable.

Bugfixes

• Fix Windows compatibility.
• Fix potential infinite loop when bad ASN1 is processed.
• Fix idVendor, idProduct allocation for Pico Patcher.
• Fix memory boundary check.
• Fix non-freed context.
• Fix TinyUSB vendor interface numbering.
• Fix thread cancellation in ESP32.
• Fix CBOR encoding.
• Fix OATH selection.
• Fix OTP crash.
• Fix U2F/FIDO app selection.

Full Changelog: v5.10...v5.12

Version 5.12 EdDSA 1

This release brings EdDSA to version 4.2.

Important: EdDSA cannot work in ESP32, since Espressif uses its own MbedTLS fork.

This is an experimental release. It adds support for EdDSA with Ed25519 and Ed448 curves.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Full Changelog: v5.10...v5.12-eddsa1

v5.10

This release is a maintenance release to fix the following bugs:

Enhancements

• Upgrade to MbedTLS 3.6.
• Increase internal number of memory pages.
• Added support for WebCCID.
• Added support for ESP32 boards.
• Added support for APDU chaining.
• Added -DVIDPID= for easier build.

Bug fixes

• Fix Pico Patcher.
• Fix potential infinite ASN1 loop.
• Fix EF.DIR.
• Fix BCD for Windows.
• Fix potential overflow.
• Add support for PHY file.
• Upgrade internal page buffer.
• Fix X509 generation.
• Added 3DES for compatibility (NOT RECOMMENDED!)
• Fix chained responses.
• Fix ASN1 initialization.
• Fix HID buffer sizes.
• Fix Windows emulation.
• Fix wrapped APDU.
• Fix byte chain for long RAPDU.
• Fix SM verification.
• Fix ATR overwrite.
• Fix Apple emulation.

Full Changelog: v5.8...v5.10

Version 5.8

This release includes the following enhancements:

• Added support for Pico W LED.
• Added backfall compatibility.
• Added Windows/Linux backend for backup/restore python utility.
• Added support for --pin flag in Pico-fido tool.

and fixes:

• Fix FIDO app selection.
• Fix Pico W build.
• Fix memory leak.
• Fix potential crash with button.
• Fix OTP reading through HID.
• Fix config vendor command with python-fido2.
• Fix secure key generation in macOS.
• Use new Pico Keys SDK.
• Fix max length of OTP static passwords.

What's Changed

• Update pico-fido-patch-vidpid.sh by @sylvainpelissier in #26

New Contributors

• @sylvainpelissier made their first contribution in #26

Full Changelog: v5.4...v5.8

Version 5.8 Eddsa 1

This release includes release 5.8 and EdDSA support.

Full Changelog: v5.6-eddsa1...v5.8-eddsa1

Version 5.6

This new release includes the following enhancements:

• Added support for Secp256k1 curve, in the form of ES256K algorithm.
• Added support for ES256K algorithm.
• Added support for thirdPartyPayment extension.
• Added support for management via Yubikey Manager to enable/disable specific interfaces individually.
• Added support to Nitrokey's nitropy tool.
• Added support for ssh-keygen.

and the following bug fixes:

• Added tests for ES256K algorithm.
• Fixed pubKeyCredParams verification.
• Fixed return errors for pubKeyCredParams verification.
• Fixed Secp521r1 key load.
• Fixed credential creation for ES512 algorithm.
• Fixed chained response.
• Fixed OTP applet selection.
• Fixed signature computation for ES384 and ES512 algorithms.
• Fixed enabled capabilities detection.
• Fixed enabled cap detection when applet is already selected.
• Fixed OTP slot deletion.
• Fixed return error when no applet is selected.
• Fixed return error of CBOR.
• Fix credential creation when not supported algorithm is provided.

Full Changelog: v5.4...v5.6

Version 5.6 EdDSA 1

This is an experimental release. It adds support for EdDSA and Ed25519 curve.

Since EdDSA is not officially approved by MbedTLS, it is considered experimental and in beta stage. Though it is deeply tested, it might contain bugs.

Use with caution.

Version 5.4

This release includes support for Yubikey emulation. With this release, Pico Fido key can be used with Yubico tools.

Enhancements:

• Added support for OTP (HOTP and TOTP).
• Added support for OATH (YKOATH protocol).
• Added support for challenge-response generation.
• Added support for emulated keyboard.
• If configured, when BOOTSEL button is pressed, an OTP is typed directly by emulating a keyboard. So, the OTP is introduced in the box where cursor is placed.
• Added support for YKMAN tool.
• Added support for YubiOTP specification.
• Added support for U2F applet selection.

This release brings support to Yubico OTP. In contrast to Yubikey slot selection (short and long button press), slots in Pico Fido are selected by pressing BOOTSEL button multiple times (1 press selects 1st slot, 2 consecutive presses select 2nd slot, etc).

This release jumps from previous v3.0 to v5.4 to enable Yubico compatibility, as it depends on the specific version +5.4.

Full Changelog: v3.0...v5.4