Menu
▾
▴
Re: [Opensc-devel] Request for object 5C017E in PIV
|
From: Douglas E E. <dee...@gm...> - 2014-06-20 13:06:09
|
On 6/19/2014 10:32 PM, William Roberts wrote: > Thanks for the response, ahh Ive never seen a raw request for the > discovery object... normally I see requests come in like in table 6 sp > 800_73-3_PART_1 where its show as the BER-TLV object in the APDU field > is: > '5FC102' for the CHUID. However only 0x7E for the discovery object... The Discovery Object appears to be some industry standard, for more then PIV. > > > RSA 2048 is preferred and supported by the card, but I can try tripple > des. This might explain why the code just error's out after the > unknown request as it cannot generate the next command apdu set to > send out as it cannot handle > RSA algorithm. Sounds like needs to be on the TODO list. Who is the card vendor? I have used Oberthur, some older GemAlto, and YubiKey NEO and a lot of older cards from 8-10 years ago. NOTE: The piv-tool was designed to allow a developer to create PIV test cards using the commands defined in NIST 800-73-x. It does not have all the commands needed to be the basis for a full card management system, as NIST left card management up to the card vendors to define. These commands are usually in "confidential" documents and may include Global platform commands. These are not added to the OpenSC code. The pivtool -s option can be used to issue some of these if you have the vendor documents. To get the -A option to work, you need the management key provided by the vendor for the batch of cards when you buy them. Or the vendor provides a way to reset the card, and the management key. The YubiKey NEO has yubio-piv-tool to do some extra card management commands for their card: https://github.com/Yubico/yubico-piv-tool > > > > > On Thu, Jun 19, 2014 at 8:12 PM, Douglas E Engert <dee...@gm...> wrote: >> >> >> On 6/19/2014 6:25 PM, William Roberts wrote: >>> Having some issues deciphering an APDU its the NIST GET DATA command >>> with the data element set to BER-TLV 5C017E. >> >> Most likely that is a Discovery object, "7E", that is optional. >> See NIST 800-73-3 part 2 Section 3.1.2 and >> 800-73-3 part 1 3.2.6 Discovery Object >> >> >> I suspect that the APDU was: >> 00 CB 3F FF 03 5C 01 7E >> >> Since the discovery object defines what pins can be used with the card, >> the OpenSC tries to read it. >> >>> >>> I generate this by issuing command: >>> $ piv-tool -A A:9B:07 -G 9A:07 -o foo >> >> The -A option is for authenticate. It is vendor card specific. >> Some use M some use A. >> >> The 9B:07 would be a RSA 2048 key. All of the test cards I have used >> use either 9B:01 (2des) or 9B:03(3des) Current OpenSC code may not handle >> RSA for this. Check with your card vendor to see what is needed. >> >> >>> >>> My question is, what container object is this associated with, I cant >>> find it in the PIV specs by Nist? >>> >>> My card is returning 6A82 which is "Object Not Found" >> >> The discovery Object is optional. >> >>> >>> Any help? >>> >>> Thanks. >>> >> >> -- >> >> Douglas E. Engert <DEE...@gm...> >> >> >> ------------------------------------------------------------------------------ >> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions >> Find What Matters Most in Your Big Data with HPCC Systems >> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. >> Leverages Graph Analysis for Fast Processing & Easy Data Exploration >> http://p.sf.net/sfu/hpccsystems >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel > > > -- Douglas E. Engert <DEE...@gm...> |
