Release date: September 17th, 2025

Features:

• Support has been added for the following CTAP 2.2 and YubiKey firmware version 5.8 features (#299):

  • Persistent PinUvAuthToken (PPUAT): The GetPersistentPinUvAuthToken() method has been added to retrieve PPUATs for use with read-only FIDO2 credential management operations, including EnumerateRelyingParties(), EnumerateCredentialsForRelyingParty(), and GetCredentialMetadata(). PPUATs enable applications to list discoverable credentials from YubiKeys without requiring repeated PIN entry.

  • thirdPartyPayment extension: The GetThirdPartyPaymentExtension method has been added to check for and return the status of the thirdPartyPayment extension. The thirdPartyPayment extension enables YubiKeys to be used for cross-domain credentials without redirects, as required by Secure Payment Confirmation (SPC) workflows.

  • hmac-secret-mc extension: GetHmacSecretExtension now handles both hmac-secret and hmac-secret-mc extensions when extracting and decrypting secrets. The hmac-secret-mc extension enables PRF (Pseudo-Random Function) during MakeCredential().

  • Additional AuthenticatorInfo properties: The SDK now supports parsing of several new AuthenticatorInfo properties, which are returned when calling the GetInfoCommand(). Properties include AttestationFormats, UvCountSinceLastPinEntry, LongTouchForReset, EncIdentifier, TransportsForReset, PinComplexityPolicy, PinComplexityPolicyUrl, and MaxPinLength.

• The SDK has been updated to target .NET Framework 4.7.2, which provides broad reliability, security, and performance improvements. (#274)

• The NuGet package metadata has been updated for the Yubico.Core.csproj and Yubico.YubiKey.csproj files to improve discoverability, consistency, and clarity. The updates include new PackageId and PackageTags fields as well as a reorganized PackageReleaseNotes field. (#265)

• ToString overrides have been introduced in the CommandApdu and ResponseApdu classes to provide a human-readable string representation of their internal state. These changes improve debugging and logging of APDUs. (#270)

• A new internal HkdfUtilities class has been added to the SDK. This class implements HKDF key derivation using HMAC-SHA256, as specified in RFC 5869, providing a reusable and standards-compliant key derivation utility. (#299)

Bug Fixes:

• Previously, DeleteSlot() and DeleteSlotConfiguration() would throw an exception when the slot configuration was successfully removed as intended. This has been fixed so that no exception occurs following a successful DeleteSlot() or DeleteSlotConfiguration() operation. (#276)

• Prerelease versions of Yubico packages are now prevented from being referenced into published NuGet packages. This fixes an issue where a prerelease version of Yubico.NativeShims was incorrectly referenced by Yubico.Core. (#282)

• The OtpSession logger initialization has been updated to use the correct logger. (#275)

• The detection logic for NativeShimsPath has been improved, ensuring that 32-bit processes on 64-bit systems are correctly mapped to the "x86" directory. (#284)

Documentation:

• The FIDO2 reset documentation has been updated to fix an error in the instructions and clarify timeout durations. (#278)

• The documentation on slot access codes has been updated to improve clarity and examples. (#268)

• The documentation on PIV public and private keys has been updated with new sample code demonstrating how to use the latest factory methods. (#245, #272)

• The documentation for the UseFastTrigger method has been updated to clarify information on behavior and applicability. (#294)

• All hardcoded links to the Yubico.NET.SDK GitHub repository have been updated to point to the HEAD branch. This ensures that links to sample code point to the latest version of that code. (#286, #279)

• An SDK overview designed to help the Copilot coding agent work more efficiently has been added to the Yubico.NET.SDK GitHub repository. (#296)

Dependencies:

• Several dependencies across the Yubico.YubiKey and Yubico.Core projects have been updated to the latest versions. (#274)

What's Changed

• Release 1.13.2 by @DennisDyallo in #259
• docs: 1.13.2 release notes by @equijano21 in #264
• chore: Update copyright file header by @DennisDyallo in #266
• misc(nuget): Add metadata for NuGet by @DennisDyallo in #265
• deps: Update dependencies by @AlexandreEXFO in #260
• docs: additional release note details for 1.13.2 by @equijano21 in #269
• feat: Add ToString override to CommandApdu and ResponseApdu by @DennisDyallo in #270
• docs: improvements to slot access codes how-to by @equijano21 in #268
• fix: Correct logger for OtpSession by @DennisDyallo in #275
• docs: added user manual overview info on public and private keys back in by @equijano21 in #272
• docs: updated fido2 reset information by @equijano21 in #278
• docs: Streamline PIV key handling documentation by @DennisDyallo in #245
• build: Prevent prerelease dependencies from being referenced by @DennisDyallo in #282
• fix(ci): Fix dotnet pack syntax by @DennisDyallo in #283
• docs: updated links to fido2 sample code by @equijano21 in #279
• docs: updated GitHub repo links to point to HEAD branch by @equijano21 in #286
• Suggested documentation changes to UseFastTrigger by @JMarkstrom in #294
• feat: Add Copilot instructions for Yubico.NET.SDK repository by @DennisDyallo in #296
• fix(otp): Handle case when last slot is deleted by @DennisDyallo in #276
• build: Update .NET Framework target to 4.7.2 by @DennisDyallo in #274
• docs: Added API docs for ToString() by @equijano21 in #298
• feat: CTAP 2.2 (Authenticator info fields and extensions) by @DennisDyallo in #299
• fix: Improve detection logic for NativeShims in 32 and 64 bit cases by @DennisDyallo in #284
• refactor: FIDO2 Credential Management Authentication, ApplicationSession by @DennisDyallo in #302
• Release 1.14.0 by @DennisDyallo in #301
• docs: release notes for 1.14 by @equijano21 in #297
• docs: Improved docs by @DennisDyallo in #303
• fix(platforminterop): Fix preprocessor directives for code inclusion by @DennisDyallo in #305
• refactor(build): streamline version handling in build scripts by @DennisDyallo in #304
• build: improved versioning support for the Yubico.NativeShims library by @DennisDyallo...

Release date: July 3rd, 2025

Features:

• A new RawData property, which exposes raw CBOR-encoded data, has been added to the FIDO2 MakeCredentialData class. (#225)
• A new VersionQualifier has been added for handling YubiKey firmware (by version number, type, and iteration). The YubiKeyDeviceInfo class has also been updated to support VersionQualifier. (#240)
• The GitHub Actions workflows have been updated to use the windows-2022 runner instead of windows-2019, which ensures compatibility with newer environments and improves the consistency of the build and publish pipelines. (#242)

Documentation:

• The documentation site has been updated with a new search bar, light/dark mode, new styling, and a modified table of contents. (#241)
• New documentation covering the YubiKey Bio Multi-protocol Edition and its quirks, including the DeviceReset() method, has been added. (#237)
• A discrepancy in the documentation on attestation statement generation has been fixed. (#236)
• The documentation covering the default management key value and algorithm has been clarified. (#233)
• The DER encoding details in the documentation on the PIV AuthenticateSignCommand() have been corrected. (#239)

Bug Fixes:

• NativeShims now outputs Net47 build files into the correct architecture-specific folders. Supported architectures include x86, x64, and Arm64. (#211)
• An ongoing dotnet issue that has broken the resolution of core libraries on macOS 15 prevented the SDK from locating important dependencies on Mac when using .NET8 and above. To fix macOS and .NET compatibility with the SDK, the CoreFoundation, IOKitFramework, and WinSCard constants have been updated to use absolute paths (/System/Library/Frameworks/...) instead of relative paths (.framework/...) to align with macOS system conventions. (#255)
• Use of the deprecated PivPrivateKey and PivPublicKey types when importing into the new PIV methods is now handled correctly (by throwing an exception). (#231)
• An issue affecting the use of the RSA-3072 and RSA-4096 algorithms with attestation certificates has been fixed. (#230)

Dependencies:

• The Yubico.NET.SDK repository now includes the GitHub dependabot to automate dependency updates for the nuget and dotnet-sdk package ecosystems. (#244)
• Several dependencies across the Core (Yubico.Core.csproj), Integration Tests (Yubico.YubiKey.IntegrationTests.csproj), Sandbox (Yubico.YubiKey.TestApp.csproj), Unit Tests (Yubico.YubiKey.UnitTests.csproj), and Utilities (Yubico.YubiKey.TestUtilities.csproj) projects have been updated to newer versions. (#256, #254, #250)

Deprecations:

• PivEccPublic, PivEccPrivateKey, PivRsaPublic, and PivRsaPrivateKey have been marked as obsolete. Use implementations of ECPublicKey, ECPrivateKey, RSAPublicKey, and RSAPrivateKey instead. (#231)
• The CreateFromPkcs8 methods in the Curve25519PublicKey, ECPublicKey, and RSAPublicKey classes have been marked as obsolete and replaced with new CreateFromSubjectPublicKeyInfo methods. (#243)

All changes:

• github: Add issue type to GitHub issue template by @DennisDyallo in #232
• feat: Expose the cbor raw data from a MakeCredential command by @DennisDyallo in #225
• docs: Changed wording for default management key value and algorithm by @equijano21 in #233
• docs: Corrected docs on attestation statement by @equijano21 in #236
• fix: Fixed bug importing PIV private key in legacy classes by @DennisDyallo in #231
• build(deps): bump setuptools from 70.0.0 to 78.1.1 in /Yubico.YubiKey/examples/python/PythonForNet by @dependabot in #238
• fix,tests: Fixed bug where attest cert could not be RSA3072 or RSA4096, removed obsolete tests and consolidated Piv tests by @DennisDyallo in #230
• docs: New docs covering YubiKey Bio MPE quirks and special considerations by @equijano21 in #237
• ci: Updating windows runners to 2022 by @DennisDyallo in #242
• feat: Implement reading of VersionQualifier into YubikeyDeviceInfo by @DennisDyallo in #240
• feat: Improved documentation site with search, dark mode, sitemap.xml and less cluttered navigation by @DennisDyallo in #241
• docs: Fix docs about encodings for PIV signing command by @YourMJK in #239
• ci: Add dependabot scanning for dependency updates by @DennisDyallo in #244
• refactor: Add consistent docs and proper naming for certain methods for creating keys by @DennisDyallo in #243
• ci: Add comprehensive summary for build by @DennisDyallo in #248
• ci: fix links for build output and add image hash by @DennisDyallo in #249
• Bump Microsoft.SourceLink.GitHub and System.Memory by @dependabot in #250
• Bump Microsoft.Extensions.Logging.Console and 4 others by @dependabot in #254
• Bump coverlet.collector and 11 others by @dependabot in #253
• fix(net47): NativeShims correctly outputs net47 dlls in the correct folders by @DennisDyallo in #211
• fix(macOS): Hard coding the default frameworks path in order to resolve macOS frameworks by @DennisDyallo in #255
• Update dependencies by @DennisDyallo in #256
• Replace Moq with NSubstitute by @DennisDyallo in #258
• Update access modifier of VersionQualifier by @DennisDyallo in #261

New Contributors

• @YourMJK made their first contribution in #239

Full Changelog: 1.13.1...1.13.2

Release date: April 28th, 2025

This release mainly addresses an issue that was affecting FIDO2 on YubiKey 5.7.4 and greater as well as adds support for compressed certificates within the PIV application. It also contains miscellaneous and documentation updates.

Features:

• Support for compressed certificates in the PIV application #219
• Ability to create a FirmwareVersion object through parsing a version string (e.g. 1.0.0) #220

Bug fixes:

• PinUvAuthParam was erroneously truncated which caused failures on multiple FIDO2 commands for YubiKey v 5.7.4 #222

Documentation:

• Updates to challenge-response documentation to improve clarity #221

Miscellaneous:

• Integration tests will now run on Bio USB C keys as well a4c4df.

What's changed

• docs: Minor formatting changes to release notes by @equijano21 in #216
• feat: Support compressed PIV certificates by @AdamVe in #219
• feat: Add FirmwareVersion.Parse(versionString) by @DennisDyallo in #220
• fix: Remove incorrect auth token truncation from various commands by @AaFortner in #222
• docs: Updates to challenge-response documentation to improve clarity by @equijano21 in #221
• Release 1.13.1 by @DennisDyallo in #224

Full Changelog: 1.13.0...1.13.1

Release date: April 9th, 2025

Features:

Curve25519 support has been added for PIV #210:

Keys can now be imported or generated using the Ed25519 and X25519 algorithms.
The key agreement operation can be performed with an X25519 key.
Digital signatures can now be created with a Ed25519 key.
New related unit tests have been added.
Unit tests have been added for RSA-3072 and RSA-4096 keys #197.

Support for large APDUs has been improved #208:

When sending large APDU commands to a YubiKey via the smartcard connection, the CommandChainingTransform will now throw an exception when the cumulative APDU data (sent in chunks of up to 255 bytes) exceeds the max APDU size for the given YubiKey (varies based on firmware version; see SmartCardMaxApduSizes).
Support for Ed25519 and P384 credentials has been added for FIDO #186.

Ubuntu runners have been upgraded from version 20.04 to 22.04 to support the compilation of Yubico.NativeShims #188.

Bug fixes:

The default logger now only writes output for the "Error" log level unless another level is specified #185. Previously, the logger wrote output for all log levels, which could become overly long and difficult to evaluate.

Miscellaneous:

The License was updated to remove the information for the AesCmac.cs file from the Bouncy Castle library #196.

What's changed

• docs: Documentation edits for SCP by @DennisDyallo in #180
• fix: The default logger only writes output for the Error log level unless other is specified by @DennisDyallo in #185
• ci: Only package artifacts on manual trigger (nativeshims) by @DennisDyallo in #187
• ci: Upgrade Ubuntu runners from 20.04 to 22.04 by @DennisDyallo in #188
• Fix failing NativeShims build by @DennisDyallo in #189
• Adding Appcompat.md to toc.tml for visibility on the documentation site by @equijano21 in #190
• misc: Removed Bouncy Castle license by @DennisDyallo in #196
• Feature: Supports enumerating Ed25519 and P521 credentials within FIDO by @DennisDyallo in #186
• merged transport article content into overview by @equijano21 in #195
• Consolidated public, private key and certificate test data into manageable class by @DennisDyallo in #197
• Using PolySharp to allow use of C#13 by @DennisDyallo in #132
• feat: Skip waiting for the first connection to the key by @TimLico in #203
• Rework of docfx docs building-process by @DennisDyallo in #201
• docs: add section on build asset attestation to README by @DennisDyallo in #206
• Add workflow to automate deployment of docs by @ajhall in #207
• Update fido2-auth-tokens.md by @joostd in #212
• fix: Stop send short APDUs when exceeded max APDU size by @DennisDyallo in #208
• Tim/revert initial three seconds delay changes by @TimLico in #213
• feature: Added Ed25519 and X25519 keys to the PIV application by @DennisDyallo in #210
• Release notes for 1.13 by @equijano21 in #214

New Contributors

• @TimLico made their first contribution in #203
• @ajhall made their first contribution in #207
• @joostd made their first contribution in #212

Full Changelog: 1.12.1...1.13.0

Release date: December 19th, 2024

What's Changed

Bug Fixes:

• ConnectionFactory incorrectly using SmartCardConnection by @DennisDyallo in #179
• OathSession now correctly disposes the session in #179

Miscellaneous:

• ci: fixed bug in sign.ps1 by @DennisDyallo in #174

• ci: improvements to sign output by @DennisDyallo in #176

• documentation: Including README.md in the NuGet Packages by @DennisDyallo in #175

• documentation: management key algorithm by @equijano21 in #177

• Release 1.12.1 by @DennisDyallo in #181

Full Changelog: 1.12.0...1.12.1

1.12.0

Release date: December 18th, 2024

Features:

• Security Domain application and Secure Channel Protocol (SCP) (#164):

  • SCP11a/b/c is now supported for the PIV, OATH, OTP, and YubiHSM applications.
  • SCP03 support has been extended to the OATH, OTP, and YubiHSM applications (previously PIV only).
  • The Yubico.YubiKey.Scp namespace now provides all SCP and Security Domain functionality. This namepace replaces functionality in the Yubico.YubiKey.Scp03 namespace, which has been deprecated.
  • The new SecurityDomainSession class provides an interface for managing the Security Domain application of a YubiKey. This includes SCP configuration (managing SCP03 key sets and SCP11 asymmetric keys and certificates) and creation of an encrypted communication channel with other YubiKey applications.
  • New key parameter classes have been added: ScpKeyParameters, Scp03KeyParameters, Scp11KeyParameters, ECKeyParameters, ECPrivateKeyParameters, ECPublicKeyParameters.

• YubiKeyDeviceListener has been reconfigured to run the listeners in the background instead of the main thread. In addition, the listeners can now be stopped when needed to reclaim resources. Once stopped, the listeners can be restarted. (#89)

• Microsoft.Extensions.Logging.Console is now the default logger. To enable logging from a dependent project (e.g. unit tests, integration tests, an app), you can either add an appsettings.json to your project or use the ConfigureLoggerFactory. (#139)

• The SDK now uses inferred variable types (var) instead of explicit types in all projects except Yubico.Core. This change aims to improve code readability, reduce verbosity, and enhance developer productivity while maintaining type safety. (#141)

Bug Fixes:

• The PivSession.ChangeManagementKey method was incorrectly assuming Triple-DES was the default management key algorithm for FIPS keys. The SDK now verifies the management key alorithm based on key type and firmware version. (#162, #167)
• The SDK now correctly sets the IYubiKeyDeviceInfo property IsSkySeries to True for YubiKey Security Key Series Enterprise Edition keys. (#158)
• Exceptions are now caught when running PivSession.Dispose. This fixes an issue where the Dispose method could not close the Connection in the event of a disconnected YubiKey. (#104)
• A dynamic DLL resolution based on process architecture (x86/x64) has been implemented for NativeShims.dll. This fixes a reported issue with the NativeShims.dll location for 32-bit processes. (#154)

Miscellaneous:

• Users are now able to verify that the NuGet package has been generated from our repository using Github Attestations (#169) like this:

  > gh attestation verify .\Yubico.Core.1.12.0.nupkg --repo Yubico/Yubico.NET.SDK

Deprecations:

• Yubico.YubiKey/Scp03 namespace.
• All Yubico.Yubikey.StaticKeys endpoints.

Migration Notes:

• Use the SecurityDomainSession for Security Domain operations.
• Review your logging configuration if using custom logging.
• Align with Android/Python SDK naming conventions.

Full Changelog: 1.11.0...1.12.0

Release date: June 28th, 2024

This release introduces significant enhancements and new features for YubiKeys running the latest firmware (version 5.7) and YubiKey Bio/Bio Multi-Protocol Edition keys. Highlights include temporary disablement of NFC connectivity, PIN complexity status, support for RSA 3072 and 4096-bit keys, and support for biometric verification. Additionally, USB reclaim speed has been optimized and adjustments to the touch sensor sensitivity have been implemented. For details on all changes, see below.

Features:

• Support for YubiKeys with the latest firmware (version 5.7):
  • NFC connectivity can now be temporarily disabled with SetIsNfcRestricted() (#91).
  • Additional property pages on the YubiKey are now read into YubiKeyDeviceInfo (#92).
  • PIN complexity:
    • Complexity status can now be checked with IsPinComplexityEnabled (#92).
    • PIN complexity error messages and exceptions have been added (#112).
  • The set of YubiKey applications that are capable of being put into FIPS mode can be retrieved with FipsCapable. The set of YubiKey applications that are in FIPS mode can be retrieved with FipsApproved (#92).
  • The part number for a key’s Secure Element processor, if available, can be retrieved with PartNumber (#92).
  • The set of YubiKey applications that are blocked from being reset can be retrieved with ResetBlocked (#92).
  • PIV:
    • 3072 and 4096 RSA keys can now be generated and imported (#100).
    • Keys can now be moved between all YubiKey PIV slots except for the attestation slot with MoveKeyCommand. Any PIV key can now be deleted from any PIV slot with DeleteKeyCommand (#103).
• Support for YubiKey Bio/Bio Multi-Protocol Edition keys:
  • Bio metadata can now be retrieved with GetBioMetadataCommand (#108).
  • New PIV PIN verification policy enum values (MatchOnce, MatchAlways) have been added (#108).
  • Biometric verification is now supported (#108).
  • A device-wide reset can now be performed on YubiKey Bio Multi-protocol keys with DeviceReset (#110).
• The USB reclaim speed, which controls the time it takes to switch from one YubiKey application to another, has been reduced for compatible YubiKeys. To use the previous 3-second reclaim timeout for all keys, see UseOldReclaimTimeoutBehavior (#93).
• The sensitivity of the YubiKey’s capacitive touch sensor can now be temporarily adjusted with SetTemporaryTouchThreshold (#95).

Bug fixes:

• The ManagementKeyAlgorithm is now updated when the PIV Application is reset (#105).
• macOS input reports are now queued so that large responses aren't dropped (#84).
• Smart card handles are now opened shared by default. To open them exclusively, use OpenSmartCardHandlesExclusively with AppContext.SetSwitch (#83).
• A build issue that occurred when compiling Yubico.NativeShims on MacOS has been fixed (#109).
• The correct certificate OID friendly names are now used for ECDsaCng (nistP256) and ECDsaOpenSsl (ECDSA_P256) (#78).

Miscellaneous:

• The way that YubiKey device info is read by the SDK has changed, and as a result, the following GetDeviceInfo command classes have been deprecated (#91):
  • Yubico.YubiKey.Management.Commands.GetDeviceInfoCommand
  • Yubico.YubiKey.Otp.Commands.GetDeviceInfoCommand
  • Yubico.YubiKey.U2f.Commands.GetDeviceInfoCommand
  • Yubico.YubiKey.Management.Commands.GetDeviceInfoResponse
  • Yubico.YubiKey.Otp.Commands.GetDeviceInfoResponse
  • Yubico.YubiKey.U2f.Commands.GetDeviceInfoResponse
• Integration test guardrails have been added to ensure tests are done only on specified keys. (#100).
• Unit tests were run on all platforms in CI (#80).

Dependencies:

• The test packages xUnit and Microsoft.NET.Test.Sdk have been updated (#94).

New Contributors

• @alanssitis made their first contribution in #78
• @GregDomzalski made their first contribution in #83
• @twistedstream made their first contribution in #97
• @equijano21 made their first contribution in #102
• @AdamVe made their first contribution in #109
• @jamiehankins made their first contribution in #120

Full Changelog: 1.10.0...1.11.0

Release date: April 10th, 2024

This release improves our native dependencies exposed through the Yubico.NativeShims package. We have also worked to improve the build and test experience of this repository by improving our automation and build files.

Changes:

• Yubico.NativeShims targets OpenSSL version 3.x on all platforms - OpenSSL v1.1.x has reached end-of-life. The SDK now removes this dependency on all platforms, now upgrading to the supported 3.x version.
• Dropped support for 32-bit Linux - Yubico.NativeShims no longer builds for 32-bit (x86) Linux. We now depend on Ubuntu releases that contain OpenSSL 3.x by default. These newer releases no longer have mainstream support for this platform.
• Compilation hardening of Yubico.NativeShims - Added commonly used compiler flags to increase security and code quality
  MacOS / Linux:
  -Wformat: Warn about format string issues in printf-like functions.
  -Wformat-nonliteral: Warn about format strings that are not string literals.
  -Wformat-security: Warn about potential security issues related to format strings.
  -Wall: Enable most warning messages
  -Wextra: Enable some additional warning messages not included in -Wall
  -Werror: Treat all warnings as errors
  -Wcast-qual: Warn when casting away const-ness
  -Wshadow: Warn when a local variable shadows another variable
  -pedantic: Issue warnings for language features beyond the C standard
  -pedantic-errors: Treat pedantic warnings as errors
  -Wbad-function-cast: Warn about dubious function pointer casts
  -O2: Optimize code for performance
  -fpic: Generate position-independent code
  -fstack-protector-all: Enable stack protection for all functions
  -D_FORTIFY_SOURCE=2: Enable runtime and compile-time checks for certain security-critical functions
  Windows flags:
  /guard:cf: Enable control flow guard security feature
  /GS: Enable buffer security check
  /Gs: Control stack security check
• Addressed compiler warning concerning Runtime Identifiers (RID)
• Enabled dotnet format - The repository now uses dotnet format to ensure that pull requests adhere to the repository's coding standards. A pass of the tool has been run against the entire repository and a new baseline has been checked in.

Release date: November 14th, 2023

Bug fixes:

• SCard handle contention. Previously, the SDK was opening all smart card handles with
  shared permissions, meaning that other applications and services were still able to interact
  with the YubiKey while the SDK performed smart card operations. However, this allowed these
  other entities (such as smart card minidrivers) to alter the current state of the YubiKey
  without the SDK's knowledge. This would sometimes cause random failures and exceptions to
  occur when using the SDK. The SDK now opens the handle exclusively, which means other
  applications will not be able to open the smart card handle for read and write operations
  while the SDK is using it. Callers should take care to not keep a YubiKey connection or
  session open longer than is needed.
• Config changes over FIDO2. The YubiKey Management commands are now available over all
  three logical USB interfaces (HID keyboard, HID FIDO, and smart card). The SDK will typically
  use the first available interface, giving some preference to the smart card. Previously,
  this operation would have failed on FIDO-only devices as the management commands were not
  properly wired up over this interface.

Miscellaneous:

• Dependency updates. The dependencies of the SDK were updated to the latest packages
  available. Since the SDK itself does not take many dependencies outside of the .NET Base
  Class Libraries (BCL), there should not be much of a noticeable impact. The two that
  affect the SDK itself (and not just test code) are:
  • Microsoft.Extensions.Logging.Abstractions (6.0.1 -> 7.0.1)
  • System.Memory (4.5.4 -> 4.5.5)

Release date: October 13th, 2023

Features:

• FIDO2 PIN Config. The PIN config feature, if supported by the connected YubiKey, is a set of operations: set the minimum PIN length, force a PIN change, and return a minimum PIN length to a relying party.
• FIDO2 GUI option for sample code. There is now a version of the FIDO2 sample code that uses Windows Forms. This GUI version of the sample code is provided mainly to demonstrate how to build touch and fingerprint notifications in a KeyCollector. This sample code runs only in a Windows environment.
• SCP03 CMAC added to CryptographyProviders. SCP03 operations rely on the AES-CMAC algorithm, and, starting in this release, they will call on the CryptogrphyProviders class to retrieve an implementation. The default implementation uses OpenSSL.
• SCP03 keys. This release adds the ability to change SCP03 key sets. This includes replacing the default key set, adding new key sets, and removing key sets. This is done using the new Scp03Session class.
• SCP03 architecture. The process for building an SCP03 connection was updated. The previous method (Yubico.YubiKey.YubiKeyDeviceExtensions.WithScp03()) is now deprecated, and the new method (Yubico.YubiKey.IYubiKeyDevice.ConnectScp03()) simply requires passing in the SCP03 key set in addition to the application to connect to. Additionally, a convenience constructor has been added to PivSession that accepts the SCP03 static keys Yubico.YubiKey.Piv.PivSession(IYubiKeyDevice, Scp03.StaticKeys).
• SCP03 documentation. The User's Manual article on SCP03 was updated to provide more comprehensive information.