Menu
▾
▴
Re: [Opensc-devel] Elliptic Curve support and suggested cards?
|
From: Douglas E. E. <dee...@an...> - 2013-06-25 14:30:25
|
On 6/25/2013 5:59 AM, Daniel Pocock wrote: > > Hi, > > Can anybody comment on the Elliptic Curve support in OpenSC and which > cards are suggested? > > I found this ticket about ECDSA with PIV card support but it is not > clear if this is also supported for other cards now: > > https://www.opensc-project.org/opensc/ticket/295 > > Is the PIV card concept only relevant to those in organisations that use > PIV cards, or can these cards be useful for any arbitrary project? Yes and no. The PIV standards from NIST were designed for the US government and its contractors, which also defined Government ID info to be in some objects, such as the FASC-N in the CHUID. But there are PIV-I (Interoperable) not issued by the US government, and could be trusted somewhat. And PIV-C (Compatible) cards that use the same cards but not trusted by the US Government. The the CHUID object on the card contains a GUID and a FASCN starting with 9999 that indicates that this is not a PIV but a PIV-C card. The Smart Card Alliance has started calling them CIV cards. Google for PIV-C or piv-compatible smart cards or CIV smart cards. This is a nice starting point: http://www.smartcardalliance.org/pages/publications-piv-i-for-non-federal-issuers http://www.securitysystemsnews.com/article/civ-cards-just-piv-cards-commercial-market?page=0,0 http://www.quantumsecure.com/solutions/functional-solutions/civ-credential/ The same cards are used in each, its the information on the card and the PKI used that is different. The OpenSC operates at the card level, and is not concerned with the differences between PIV, PIV-I or PIV-C. (as does the Microsoft Windows CAPI.) The bare minimum card would have a PIV Authentication certificate and key and a CHUID using the FASC-N=9999... and GUID. The Microsoft CAPI has built in support for PIV, and expects a CHUID. You will still need some type of card management system and cards. > > I found that some of the Athena cards offer ECC support, I understand > these are on the OpenSC supported list, but it's not clear if the ECC > support is in all variations of the card: > http://www.athena-scs.com/docs/products-solutions-datasheets/athena-idprotect-client.pdf > > Regards, > > Daniel > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
