Menu
▾
▴
Re: [Opensc-devel] Request for object 5C017E in PIV
|
From: William R. <bil...@gm...> - 2014-06-20 15:47:35
|
Im the vendor of the smart card. Im writing the code myself. The card management key is covered by object: 5FC10B Is that correct? Ill probably have to add support for the RSA 2048 into the piv-tool as part of my work. I'll submit patches upstream, do you guys do github requests or should I send patches on the dev mailing list? Thanks, Bill On Fri, Jun 20, 2014 at 6:01 AM, Douglas E Engert <dee...@gm...> wrote: > > > On 6/19/2014 10:32 PM, William Roberts wrote: >> >> Thanks for the response, ahh Ive never seen a raw request for the >> discovery object... normally I see requests come in like in table 6 sp >> 800_73-3_PART_1 where its show as the BER-TLV object in the APDU field >> is: >> '5FC102' for the CHUID. However only 0x7E for the discovery object... > > > The Discovery Object appears to be some industry standard, for more then > PIV. > > >> >> >> RSA 2048 is preferred and supported by the card, but I can try tripple >> des. This might explain why the code just error's out after the >> unknown request as it cannot generate the next command apdu set to >> send out as it cannot handle >> RSA algorithm. > > > Sounds like needs to be on the TODO list. > > > Who is the card vendor? > I have used Oberthur, some older GemAlto, and YubiKey NEO and a lot of > older cards from 8-10 years ago. > > NOTE: The piv-tool was designed to allow a developer to create PIV test > cards > using the commands defined in NIST 800-73-x. It does not have all the > commands needed > to be the basis for a full card management system, as NIST left card > management up to > the card vendors to define. These commands are usually in "confidential" > documents > and may include Global platform commands. These are not added to the OpenSC > code. > The pivtool -s option can be used to issue some of these if you have the > vendor documents. > > To get the -A option to work, you need the management key provided by the > vendor > for the batch of cards when you buy them. Or the vendor provides a way to > reset > the card, and the management key. > > The YubiKey NEO has yubio-piv-tool to do some extra card management commands > for > their card: > > https://github.com/Yubico/yubico-piv-tool > > >> >> >> >> >> On Thu, Jun 19, 2014 at 8:12 PM, Douglas E Engert <dee...@gm...> >> wrote: >>> >>> >>> >>> On 6/19/2014 6:25 PM, William Roberts wrote: >>>> >>>> Having some issues deciphering an APDU its the NIST GET DATA command >>>> with the data element set to BER-TLV 5C017E. >>> >>> >>> Most likely that is a Discovery object, "7E", that is optional. >>> See NIST 800-73-3 part 2 Section 3.1.2 and >>> 800-73-3 part 1 3.2.6 Discovery Object >>> >>> >>> I suspect that the APDU was: >>> 00 CB 3F FF 03 5C 01 7E >>> >>> Since the discovery object defines what pins can be used with the card, >>> the OpenSC tries to read it. >>> >>>> >>>> I generate this by issuing command: >>>> $ piv-tool -A A:9B:07 -G 9A:07 -o foo >>> >>> >>> The -A option is for authenticate. It is vendor card specific. >>> Some use M some use A. >>> >>> The 9B:07 would be a RSA 2048 key. All of the test cards I have used >>> use either 9B:01 (2des) or 9B:03(3des) Current OpenSC code may not handle >>> RSA for this. Check with your card vendor to see what is needed. >>> >>> >>>> >>>> My question is, what container object is this associated with, I cant >>>> find it in the PIV specs by Nist? >>>> >>>> My card is returning 6A82 which is "Object Not Found" >>> >>> >>> The discovery Object is optional. >>> >>>> >>>> Any help? >>>> >>>> Thanks. >>>> >>> >>> -- >>> >>> Douglas E. Engert <DEE...@gm...> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions >>> Find What Matters Most in Your Big Data with HPCC Systems >>> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. >>> Leverages Graph Analysis for Fast Processing & Easy Data Exploration >>> http://p.sf.net/sfu/hpccsystems >>> _______________________________________________ >>> Opensc-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> >> >> >> > > -- > > Douglas E. Engert <DEE...@gm...> > -- Respectfully, William C Roberts |
