Menu
▾
▴
Re: [Opensc-devel] OpenSC and PIV references in US Gov web sites
|
From: Douglas E E. <dee...@gm...> - 2020-06-15 16:59:04
|
On 6/15/2020 9:23 AM, J.W...@mi... wrote: > Hi Douglas, > > Your message (Or actually one of the referenced URL's) left me slightly confused. > I was (perhaps mistakenly) under the impression that PIV-cards, or PIV-I-cards, could work directly with the opensc-libraries. Yes they can. If the cards follow the NIST 800-73-3 PIV standards. NIST 800-73-4 introduces a number of *optional* features including Secure messaging, Virtual Contact Interface and Pairing code. These allow for access to a PIV card using NFC i.e. contactless interface, with security to prevent sniffing of the data over NFC. IDEMIA (formally Oberthur) makes many different cards for government and commercial use. They can use the same card for multiple usages by loading different applets on the same card, and some cards can have more then one applet. I am not familiar with YPSID most likely it is another applet required in France. PIV is really one of these applets defined by US government (also used by NATO, I see you are from mindef.nl) and many card manufacturers offer cards accredited by NIST as PIV. IDEMIA also offeres CAC/PIV cards. I don't know if you could get a PIV with YPSID. You would have to ask them. In any case OPenSC can use the PIV applet ifit is on a card. And because Microsoft has a built in driver for PIV, on Windows, other manufacturers offer PIV-like-cards (i.e. not approved by NIST) with additional features (and are missing required PIV features), but close enough to work with Windows and OpenSC drivers for example Yubico and PIVKey. There are two PIV applets available on github.com too. Yubico has PIV and OPenPGP applets (and others) on their devices. I sent out the below note to highlight IDEMIA's PIV card has support for Secure Messaging, Virtual Contact Interface and Pairing code and to point out that OpenSC is noted in US government web sites as usable with PIV cards on any platform. I have it on one of my Raspberry Pi's. I have one IDEMIA PIV V 2.4.0 card from them and am expecting a complete set of test cards to test OpenSC support for these optional features. See https://github.com/OpenSC/OpenSC/pull/2053 As far as I know IDEMIA is the first to offer these optional features. IDEMIA also has the optional PIV OCC fingerprint matching on card, which I believe they developed for NIST. OpenSC does not support this, as obtaining a fingerprint from the user is outside of scope, but would be easy to add, as the data needed is well defined, and sent just like a long PIN to the card. > However, noticing the mentioning idemia, does this not also imply the use of their middle ware "YPSID" ?? No it does not. > > -----Original Message----- > From: Douglas E Engert <dee...@gm...> > Sent: Tuesday, June 9, 2020 9:39 PM > To: OpenSC-devel <Ope...@li...> > Subject: [Opensc-devel] OpenSC and PIV references in US Gov web sites > > While looking Googling for: ID-One PIV v 2.4.0 on Cosmo V8.1 https://www.idmanagement.gov/idemia-id-one-piv-v2-4-0-on-cosmos-v8-1-1501381-2/ > > then under playbooks: > https://www.idmanagement.gov/playbooks/ > > then under PIV Usage Guides: > https://piv.idmanagement.gov/ > > then under getting started: > https://piv.idmanagement.gov/start/#middleware > > OpenSC > > -- > > Douglas E. Engert <DEE...@gm...> > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > > Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. > > This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. > -- Douglas E. Engert <DEE...@gm...> |
