Skip to content

Releases: Yubico/Yubico.NET.SDK

1.17.0

03 Jun 09:55
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.17.0
5951e47
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.17.0 Latest
Latest

1.17.0

Release date: June 2nd, 2026

Features:

  • The FIDO2 application now supports the WebAuthn previewSign extension for YubiKeys with firmware version 5.8 and above. (#468)

  • The FIDO2 application now supports the CTAP 2.1 authenticatorSelection command, including SDK APIs, sample application support, documentation, and tests. (#480)

Dependencies:

  • Several dependencies across the Yubico.Core project, GitHub Actions workflows, and Docker-based documentation image have been updated to newer versions. (#478, #481, #482, #483, #484, #485)

1.16.x Releases

Full Changelog: 1.16.1...1.17.0

Assets 7
Loading

1.16.1 - April release

29 Apr 21:22
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.16.1
9dffc9d

Choose a tag to compare

View all tags
1.16.1 - April release

Release date: April 29th, 2026

Bug Fixes:

  • Fixed an issue where HID and SmartCard transport events were logged at Info level, causing excessive noise in application logs. These events have been downgraded to Debug level. (#473)

  • Fixed an issue where high idle CPU usage occurred in RDS/Terminal Server environments due to SCARD_E_INVALID_HANDLE errors in the smart card listener loop. (#445)

  • Several bugs discovered through fuzz testing have been fixed, including issues in TLV parsing and CBOR decoding. A SharpFuzz fuzzing harness and CodeQL scheduled analysis have also been added. (#458)

Documentation:

  • The documentation on EncIdentifier has been corrected with updated details and relevant links. (#456)

  • Important FIDO2 SCP support information has been added to the user's manual. (#442)

  • Inconsistencies and obsolete class references in the documentation have been addressed. (#441)

Miscellaneous:

  • The Yubico.NativeShims dependency has been switched to a floating version with packages.lock.json for safer dependency management. (#474)

  • NativeShims export sanity checks and interop known-answer tests have been added, and Hkdf tests have been relocated. (#472)

  • An SCP03 command chaining regression test has been added. (#452)

Dependencies:

  • Several dependencies across the Yubico.Core, Yubico.YubiKey, and GitHub Actions workflows have been updated to newer versions. (#449, #453, #454, #461, #462, #463, #464, #470, #471)

Full Changelog: 1.16.0...1.16.1

Loading

1.16.0

20 Apr 11:13
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.16.0
9894e8f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.16.0

Release date: March 31st, 2026

Features:

  • The FIDO2 application now supports SCP03 and SCP11 secure channels over USB CCID on YubiKeys with firmware version 5.8 and above. This enables encrypted communication with the FIDO2 application, matching the SCP support already available for PIV, OATH, OTP, and YubiHSM Auth. (#428)

  • ZLib compression and decompression support has been added via a new ZlibStream class. The PivSession.KeyPairs property now correctly handles compressed certificate formats. (#417)

Bug Fixes:

  • The MSVC C runtime is now statically linked in Yubico.NativeShims, removing the dependency on the Visual C++ Redistributable. Additionally, cmake_minimum_required has been bumped to 3.15 for proper CMP0091 policy support, and an explicit exit /b 0 has been added to prevent findstr exit codes from leaking into the build process. (#427)

Documentation:

  • NFC requirements and SCP usage examples have been added to the Fido2Session documentation. (#428)

  • Comments and logical grouping have been added to the NativeShims CMakeLists and readme. (#427)

Miscellaneous:

  • The Serilog dependency has been removed from integration tests and the sandbox app, simplifying the test project dependencies.

Dependencies:

  • Several dependencies across the Yubico.Core, Yubico.YubiKey, and GitHub Actions workflows have been updated to newer versions. (#424, #429, #430, #432, #433, #435, #436, #437, #438)

Full Changelog: 1.15.2...1.16.0

Loading
0 Join discussion

1.15.2 - February release

28 Feb 21:00
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.15.2
f773e1a

Choose a tag to compare

View all tags
1.15.2 - February release

Release date: February 28th, 2026

Features:

  • Added support for YubiHSM Logon with ECC P-256 for ECC-based authentication workflows. (#407)

Bug Fixes:

  • Fixed an issue where ghost device entries remained in the YubiKeyDeviceListener cache after a FIDO reset operation. (#418)
  • Fixed an issue where trailing NUL bytes in HID device paths could corrupt log output. The device path string is now properly trimmed to remove null characters. (#416)

Documentation:

  • The documentation on PIV PIN and touch policies has been updated with improved clarity, FIPS-specific details, and updated sample code. (#411)

Dependencies:

  • Several dependencies across the Yubico.Core and GitHub Actions workflows have been updated to newer versions. (#419, #420)

What's Changed

Full Changelog: 1.15.1...1.15.2

Contributors

DennisDyallo, jamiehankins, and 3 other contributors
Loading
0 Join discussion

1.15.1 - January release

28 Jan 13:47
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.15.1
94050ff
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.15.1 - January release

Release date: January 28th, 2026

Bug Fixes:

  • A regression in the PIV sample app's digital signature functionality caused by a misalignment of RSA key size and format has been fixed. New unit tests covering digest computation logic have also been added. (#398)
    Documentation:

  • The documentation on PIV certificate sizes has been restructured to improve clarity and readability. Additionally, firmware behavior details and practical examples have been added/updated. (#356)

Dependencies:

  • Several dependencies across integration, unit, and utilities test projects, the test app, and the Yubico.Core and Yubico.YubiKey projects have been updated. (#388, #387, #386, #384)

What's Changed:

New Contributors

Full Changelog: 1.15.0...1.15.1

Contributors

DennisDyallo, dependabot, and 2 other contributors
Loading
0 Join discussion

1.15.0 - December release

04 Dec 13:45
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.15.0
7f84637
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.15.0 - December release

1.15.0

Release date: December 3rd, 2025

Features:

  • The SDK now supports CTAP 2.3's EncCredStoreState (encrypted credential store state) AuthenticatorInfo property, which is available on YubiKeys with firmware version 5.8 and above. This property, which must be decrypted using a YubiKey's PPUAT, can be used by platforms to detect when credentials have been added and removed or when the YubiKey has been reset. The Fido2Session property, AuthenticatorCredStoreState, has been added to simplify the process of retrieving and decrypting the EncCredStoreState value. (#354)
  • It is now possible to toggle serial number visibility (over API, USB, or button press) when calling any of the OTP application slot configuration methods, including ConfigureChallengeResponse, ConfigureHotp, ConfigureStaticPassword, ConfigureYubicoOtp, and ConfigureNdef. (#328)
  • The Yubico.NativeShims library's Linux build is now compiled with Zig and targets glibc 2.23 for broad Linux distribution compatibility. (#337)

Bug Fixes:

  • The YubiKeyDevice properties, ChallengeResponseTimeout, AutoEjectTimeout, IsNfcRestricted, DeviceFlags, and ConfigurationLocked, have been modified so that they are set immediately after their respective configuration methods are called instead of after a refresh. YubiKeyDevice integration tests have also been updated to improve error handling and validate the modified YubiKeyDevice properties. (#348)

Documentation:

  • Comprehensive docs covering SDK support for the Persistent PinUvAuthToken (PPUAT) have been added to the User's Manual. (#333)
  • NFC instructions have been added to the FIDO2 reset docs. (#341)
  • The PIV sample code has been updated to use the newer IPublicKey and IPrivateKey classes and support the Ed25519 and X25519 key types. (#343)

Full changelog:

New Contributors

Full Changelog: 1.14.1-2...1.15.0

Contributors

DennisDyallo, dependabot, and 2 other contributors
Loading
0 Join discussion

1.14.1 - Patch release

24 Oct 00:42
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.14.1-2
240dac4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.14.1 - Patch release

1.14.1

Release date: October 23rd, 2025

Bug Fixes:

  • The validation logic in the AddPermissions() method has been improved, which resolved an issue where the Fido2Session would incorrectly throw exceptions during calls to AddPermissions() on older YubiKeys. (#316)

  • Multiple updates have been added to prevent background thread crashes caused by rapidly unplugging and reinserting YubiKeys (#318, #325):

    • Improved device listening and disposal behavior, including logging, error messages, and exception handling, across base, HID (Linux, Windows, macOS), and smart card device listener classes.
    • Added and improved device listener disposal and integration tests.
    • Added new CmDevice class methods (FromDevicePath, FromDeviceInstance).

Dependencies:

  • Multiple dependencies across the following projects have been updated to newer versions (#317, #327):

    • Yubico.Core
    • Yubico.Core.UnitTests
    • Yubico.YubiKey
    • Yubico.YubiKey.IntegrationTests
    • Yubico.YubiKey.TestApp
    • Yubico.YubiKey.UnitTests
    • Yubico.YubiKey.TestUtilities

Documentation:

  • Errors in the User's Manual documentation regarding YubiKey support for FIDO2 PINs and U2F private key behavior have been corrected. (#321, #322)
Loading
0 Join discussion

1.14.0 - September release

17 Sep 20:14
@DennisDyallo DennisDyallo
Immutable release. Only release title and notes can be modified.
1.14.0
eb87aed
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.14.0 - September release

Release date: September 17th, 2025

Features:

  • Support has been added for the following CTAP 2.2 and YubiKey firmware version 5.8 features (#299):

    • Persistent PinUvAuthToken (PPUAT): The GetPersistentPinUvAuthToken() method has been added to retrieve PPUATs for use with read-only FIDO2 credential management operations, including EnumerateRelyingParties(), EnumerateCredentialsForRelyingParty(), and GetCredentialMetadata(). PPUATs enable applications to list discoverable credentials from YubiKeys without requiring repeated PIN entry.

    • thirdPartyPayment extension: The GetThirdPartyPaymentExtension method has been added to check for and return the status of the thirdPartyPayment extension. The thirdPartyPayment extension enables YubiKeys to be used for cross-domain credentials without redirects, as required by Secure Payment Confirmation (SPC) workflows.

    • hmac-secret-mc extension: GetHmacSecretExtension now handles both hmac-secret and hmac-secret-mc extensions when extracting and decrypting secrets. The hmac-secret-mc extension enables PRF (Pseudo-Random Function) during MakeCredential().

    • Additional AuthenticatorInfo properties: The SDK now supports parsing of several new AuthenticatorInfo properties, which are returned when calling the GetInfoCommand(). Properties include AttestationFormats, UvCountSinceLastPinEntry, LongTouchForReset, EncIdentifier, TransportsForReset, PinComplexityPolicy, PinComplexityPolicyUrl, and MaxPinLength.

  • The SDK has been updated to target .NET Framework 4.7.2, which provides broad reliability, security, and performance improvements. (#274)

  • The NuGet package metadata has been updated for the Yubico.Core.csproj and Yubico.YubiKey.csproj files to improve discoverability, consistency, and clarity. The updates include new PackageId and PackageTags fields as well as a reorganized PackageReleaseNotes field. (#265)

  • ToString overrides have been introduced in the CommandApdu and ResponseApdu classes to provide a human-readable string representation of their internal state. These changes improve debugging and logging of APDUs. (#270)

  • A new internal HkdfUtilities class has been added to the SDK. This class implements HKDF key derivation using HMAC-SHA256, as specified in RFC 5869, providing a reusable and standards-compliant key derivation utility. (#299)

Bug Fixes:

  • Previously, DeleteSlot() and DeleteSlotConfiguration() would throw an exception when the slot configuration was successfully removed as intended. This has been fixed so that no exception occurs following a successful DeleteSlot() or DeleteSlotConfiguration() operation. (#276)

  • Prerelease versions of Yubico packages are now prevented from being referenced into published NuGet packages. This fixes an issue where a prerelease version of Yubico.NativeShims was incorrectly referenced by Yubico.Core. (#282)

  • The OtpSession logger initialization has been updated to use the correct logger. (#275)

  • The detection logic for NativeShimsPath has been improved, ensuring that 32-bit processes on 64-bit systems are correctly mapped to the "x86" directory. (#284)

Documentation:

  • The FIDO2 reset documentation has been updated to fix an error in the instructions and clarify timeout durations. (#278)

  • The documentation on slot access codes has been updated to improve clarity and examples. (#268)

  • The documentation on PIV public and private keys has been updated with new sample code demonstrating how to use the latest factory methods. (#245, #272)

  • The documentation for the UseFastTrigger method has been updated to clarify information on behavior and applicability. (#294)

  • All hardcoded links to the Yubico.NET.SDK GitHub repository have been updated to point to the HEAD branch. This ensures that links to sample code point to the latest version of that code. (#286, #279)

  • An SDK overview designed to help the Copilot coding agent work more efficiently has been added to the Yubico.NET.SDK GitHub repository. (#296)

Dependencies:

  • Several dependencies across the Yubico.YubiKey and Yubico.Core projects have been updated to the latest versions. (#274)

What's Changed

Read more

Contributors

DennisDyallo, JMarkstrom, and 2 other contributors
Loading
0 Join discussion

1.13.2 - July release

03 Jul 09:34
@DennisDyallo DennisDyallo
1.13.2
64cc862
This commit was signed with the committer’s verified signature. The key has expired.
DennisDyallo Dennis Dyallo
GPG key ID: 89A6930F443556F5
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.13.2 - July release

Release date: July 3rd, 2025

Features:

  • A new RawData property, which exposes raw CBOR-encoded data, has been added to the FIDO2 MakeCredentialData class. (#225)
  • A new VersionQualifier has been added for handling YubiKey firmware (by version number, type, and iteration). The YubiKeyDeviceInfo class has also been updated to support VersionQualifier. (#240)
  • The GitHub Actions workflows have been updated to use the windows-2022 runner instead of windows-2019, which ensures compatibility with newer environments and improves the consistency of the build and publish pipelines. (#242)

Documentation:

  • The documentation site has been updated with a new search bar, light/dark mode, new styling, and a modified table of contents. (#241)
  • New documentation covering the YubiKey Bio Multi-protocol Edition and its quirks, including the DeviceReset() method, has been added. (#237)
  • A discrepancy in the documentation on attestation statement generation has been fixed. (#236)
  • The documentation covering the default management key value and algorithm has been clarified. (#233)
  • The DER encoding details in the documentation on the PIV AuthenticateSignCommand() have been corrected. (#239)

Bug Fixes:

  • NativeShims now outputs Net47 build files into the correct architecture-specific folders. Supported architectures include x86, x64, and Arm64. (#211)
  • An ongoing dotnet issue that has broken the resolution of core libraries on macOS 15 prevented the SDK from locating important dependencies on Mac when using .NET8 and above. To fix macOS and .NET compatibility with the SDK, the CoreFoundation, IOKitFramework, and WinSCard constants have been updated to use absolute paths (/System/Library/Frameworks/...) instead of relative paths (.framework/...) to align with macOS system conventions. (#255)
  • Use of the deprecated PivPrivateKey and PivPublicKey types when importing into the new PIV methods is now handled correctly (by throwing an exception). (#231)
  • An issue affecting the use of the RSA-3072 and RSA-4096 algorithms with attestation certificates has been fixed. (#230)

Dependencies:

  • The Yubico.NET.SDK repository now includes the GitHub dependabot to automate dependency updates for the nuget and dotnet-sdk package ecosystems. (#244)
  • Several dependencies across the Core (Yubico.Core.csproj), Integration Tests (Yubico.YubiKey.IntegrationTests.csproj), Sandbox (Yubico.YubiKey.TestApp.csproj), Unit Tests (Yubico.YubiKey.UnitTests.csproj), and Utilities (Yubico.YubiKey.TestUtilities.csproj) projects have been updated to newer versions. (#256, #254, #250)

Deprecations:

  • PivEccPublic, PivEccPrivateKey, PivRsaPublic, and PivRsaPrivateKey have been marked as obsolete. Use implementations of ECPublicKey, ECPrivateKey, RSAPublicKey, and RSAPrivateKey instead. (#231)
  • The CreateFromPkcs8 methods in the Curve25519PublicKey, ECPublicKey, and RSAPublicKey classes have been marked as obsolete and replaced with new CreateFromSubjectPublicKeyInfo methods. (#243)

All changes:

  • github: Add issue type to GitHub issue template by @DennisDyallo in #232
  • feat: Expose the cbor raw data from a MakeCredential command by @DennisDyallo in #225
  • docs: Changed wording for default management key value and algorithm by @equijano21 in #233
  • docs: Corrected docs on attestation statement by @equijano21 in #236
  • fix: Fixed bug importing PIV private key in legacy classes by @DennisDyallo in #231
  • build(deps): bump setuptools from 70.0.0 to 78.1.1 in /Yubico.YubiKey/examples/python/PythonForNet by @dependabot in #238
  • fix,tests: Fixed bug where attest cert could not be RSA3072 or RSA4096, removed obsolete tests and consolidated Piv tests by @DennisDyallo in #230
  • docs: New docs covering YubiKey Bio MPE quirks and special considerations by @equijano21 in #237
  • ci: Updating windows runners to 2022 by @DennisDyallo in #242
  • feat: Implement reading of VersionQualifier into YubikeyDeviceInfo by @DennisDyallo in #240
  • feat: Improved documentation site with search, dark mode, sitemap.xml and less cluttered navigation by @DennisDyallo in #241
  • docs: Fix docs about encodings for PIV signing command by @YourMJK in #239
  • ci: Add dependabot scanning for dependency updates by @DennisDyallo in #244
  • refactor: Add consistent docs and proper naming for certain methods for creating keys by @DennisDyallo in #243
  • ci: Add comprehensive summary for build by @DennisDyallo in #248
  • ci: fix links for build output and add image hash by @DennisDyallo in #249
  • Bump Microsoft.SourceLink.GitHub and System.Memory by @dependabot in #250
  • Bump Microsoft.Extensions.Logging.Console and 4 others by @dependabot in #254
  • Bump coverlet.collector and 11 others by @dependabot in #253
  • fix(net47): NativeShims correctly outputs net47 dlls in the correct folders by @DennisDyallo in #211
  • fix(macOS): Hard coding the default frameworks path in order to resolve macOS frameworks by @DennisDyallo in #255
  • Update dependencies by @DennisDyallo in #256
  • Replace Moq with NSubstitute by @DennisDyallo in #258
  • Update access modifier of VersionQualifier by @DennisDyallo in #261

New Contributors

Full Changelog: 1.13.1...1.13.2

Contributors

DennisDyallo, dependabot, and 2 other contributors
Loading
0 Join discussion

1.13.1 - Patch release

28 Apr 08:50
@DennisDyallo DennisDyallo
1.13.1
3d805dc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.13.1 - Patch release

Release date: April 28th, 2025

This release mainly addresses an issue that was affecting FIDO2 on YubiKey 5.7.4 and greater as well as adds support for compressed certificates within the PIV application. It also contains miscellaneous and documentation updates.

Features:

  • Support for compressed certificates in the PIV application #219
  • Ability to create a FirmwareVersion object through parsing a version string (e.g. 1.0.0) #220

Bug fixes:

  • PinUvAuthParam was erroneously truncated which caused failures on multiple FIDO2 commands for YubiKey v 5.7.4 #222

Documentation:

  • Updates to challenge-response documentation to improve clarity #221

Miscellaneous:

  • Integration tests will now run on Bio USB C keys as well a4c4df.

What's changed

Full Changelog: 1.13.0...1.13.1

Contributors

AdamVe, DennisDyallo, and 2 other contributors
Loading
0 Join discussion