General - OpenFIPS201 and PIV Administration

[makinako]

This is the place to discuss all things administrative, including general issuance, pre-perso, perso, data population, key management, etc etc.

[makinako]

To kick this discussion off, here is a copy of the NIST bulk pre-perso script. Bulk commands don't yet have good examples on the wiki and these will eventually go there, but for now here they are.

NOTES:

• This includes all NIST/default pre-perso configuration, data objects and key containers.
• It includes all mechanism types so it is a very good idea to cut these down to the objects/keys/mechanisms you want to use.
• Hopefully one day we will have a simple Javascript editor to create these pre-perso scripts from a UI.

PUT DATA - CONFIGURATION

00 DB 3F 00 5D 68 5B A0 24 80 01 FF 81 01 00 82
01 00 83 01 00 84 01 06 85 01 08 86 01 06 87 01
05 88 01 00 89 01 00 8A 01 00 8B 01 00 A1 12 80
01 FF 81 01 00 82 01 08 83 01 0A 84 01 09 85 01
00 A2 03 80 01 00 A3 03 80 01 00 A4 15 80 01 00
81 01 00 82 01 00 83 01 00 84 01 00 85 01 00 86
01 00

PUT DATA - BULK ADD DATA OBJECTS

• 5FC107, 5FC102, 5FC105, 5FC103, 5FC106, 5FC108,
• 5FC101, 5FC10A, 5FC10B, 5FC109, 5FC122, 7E,
• 5FC10C, 5FC10D, 5FC10E, 5FC10F, 5FC110, 5FC111

00 DB 3F 00 EB 6A 81 E8 64 0B 8B 03 5F C1 07 8C
01 7F 8D 01 00 64 0B 8B 03 5F C1 02 8C 01 7F 8D
01 7F 64 0B 8B 03 5F C1 05 8C 01 7F 8D 01 00 64
0B 8B 03 5F C1 03 8C 01 01 8D 01 00 64 0B 8B 03
5F C1 06 8C 01 7F 8D 01 00 64 0B 8B 03 5F C1 08
8C 01 01 8D 01 00 64 0B 8B 03 5F C1 01 8C 01 7F
8D 01 7F 64 0B 8B 03 5F C1 0A 8C 01 7F 8D 01 00
64 0B 8B 03 5F C1 0B 8C 01 7F 8D 01 00 64 0B 8B
03 5F C1 09 8C 01 01 8D 01 00 64 0B 8B 03 5F C1
22 8C 01 7F 8D 01 7F 64 09 8B 01 7E 8C 01 7F 8D
01 7F 64 0B 8B 03 5F C1 0C 8C 01 7F 8D 01 00 64
0B 8B 03 5F C1 0D 8C 01 7F 8D 01 00 64 0B 8B 03
5F C1 0E 8C 01 7F 8D 01 00 64 0B 8B 03 5F C1 0F
8C 01 7F 8D 01 00 64 0B 8B 03 5F C1 10 8C 01 7F
8D 01 00 64 0B 8B 03 5F C1 11 8C 01 7F 8D 01 00

PUT DATA - BULK ADD DATA OBJECTS

• 5FC113, 5FC114, 5FC115, 5FC116, 5FC117, 5FC118,
• 5FC119, 5FC11A, 5FC11B, 5FC11C, 5FC11D, 5FC11E,
• 5FC11F, 5FC120, 5FC121, 7F61

00 DB 3F 00 DF 6A 81 DC 64 0B 8B 03 5F C1 12 8C
01 7F 8D 01 00 64 0B 8B 03 5F C1 13 8C 01 7F 8D
01 00 64 0B 8B 03 5F C1 14 8C 01 7F 8D 01 00 64
0B 8B 03 5F C1 15 8C 01 7F 8D 01 00 64 0B 8B 03
5F C1 16 8C 01 7F 8D 01 00 64 0B 8B 03 5F C1 17
8C 01 7F 8D 01 00 64 0B 8B 03 5F C1 18 8C 01 7F
8D 01 00 64 0B 8B 03 5F C1 19 8C 01 7F 8D 01 00
64 0B 8B 03 5F C1 1A 8C 01 7F 8D 01 00 64 0B 8B
03 5F C1 1B 8C 01 7F 8D 01 00 64 0B 8B 03 5F C1
1C 8C 01 7F 8D 01 00 64 0B 8B 03 5F C1 1D 8C 01
7F 8D 01 00 64 0B 8B 03 5F C1 1E 8C 01 7F 8D 01
00 64 0B 8B 03 5F C1 1F 8C 01 7F 8D 01 00 64 0B
8B 03 5F C1 20 8C 01 7F 8D 01 00 64 0B 8B 03 5F
C1 21 8C 01 01 8D 01 00 64 0A 8B 02 7F 61 8C 01
7F 8D 01 7F

PUT DATA - BULK ADD KEYS

• 04/CS2, 04/CS7, 9A/RSA2048, 9A/ECC256, 9B/TDEA192, 9B/AES128,
• 9B/AES192, 9B/AES256, 9C/RSA2048, 9C/ECC256, 9C/ECC384

00 DB 3F 00 DF 6A 81 DC 66 12 8B 01 04 8C 01 7F
8D 01 7F 8E 01 27 8F 01 10 90 01 10 66 12 8B 01
04 8C 01 7F 8D 01 7F 8E 01 2E 8F 01 10 90 01 10
66 12 8B 01 9A 8C 01 01 8D 01 00 8E 01 07 8F 01
04 90 01 10 66 12 8B 01 9A 8C 01 01 8D 01 00 8E
01 11 8F 01 04 90 01 10 66 12 8B 01 9B 8C 01 7F
8D 01 00 8E 01 03 8F 01 01 90 01 11 66 12 8B 01
9B 8C 01 7F 8D 01 00 8E 01 08 8F 01 01 90 01 11
66 12 8B 01 9B 8C 01 7F 8D 01 00 8E 01 0A 8F 01
01 90 01 11 66 12 8B 01 9B 8C 01 7F 8D 01 00 8E
01 0C 8F 01 01 90 01 11 66 12 8B 01 9C 8C 01 02
8D 01 00 8E 01 07 8F 01 04 90 01 10 66 12 8B 01
9C 8C 01 02 8D 01 00 8E 01 11 8F 01 04 90 01 10
66 12 8B 01 9C 8C 01 02 8D 01 00 8E 01 14 8F 01
04 90 01 10

PUT DATA - BULK ADD KEYS

• 9D/RSA2048, 9D/ECC256, 9D/ECC384, 9E/RSA2048,
• 9E/ECC256, 9E/TDEA192, 9E/AES128, 9E/AES192, 9E/AES256,
• 82/RSA2048, 83/RSA2048

00 DB 3F 00 DF 6A 81 DC 66 12 8B 01 9D 8C 01 01
8D 01 00 8E 01 07 8F 01 02 90 01 10 66 12 8B 01
9D 8C 01 01 8D 01 00 8E 01 11 8F 01 02 90 01 10
66 12 8B 01 9D 8C 01 01 8D 01 00 8E 01 14 8F 01
02 90 01 10 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E
01 07 8F 01 04 90 01 10 66 12 8B 01 9E 8C 01 7F
8D 01 7F 8E 01 11 8F 01 04 90 01 10 66 12 8B 01
9E 8C 01 7F 8D 01 7F 8E 01 03 8F 01 01 90 01 10
66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E 01 08 8F 01
01 90 01 10 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E
01 0A 8F 01 01 90 01 10 66 12 8B 01 9E 8C 01 7F
8D 01 7F 8E 01 0C 8F 01 01 90 01 10 66 12 8B 01
82 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10
66 12 8B 01 83 8C 01 01 8D 01 00 8E 01 07 8F 01
02 90 01 10

PUT DATA - BULK ADD KEYS

• 84/RSA2048, 85/RSA2048, 86/RSA2048, 87/RSA2048, 88/RSA2048,
• 89/RSA2048, 8A/RSA2048, 8B/RSA2048, 8C/RSA2048, 8D/RSA2048,
• 8E/RSA2048

00 DB 3F 00 DF 6A 81 DC 66 12 8B 01 84 8C 01 01
8D 01 00 8E 01 07 8F 01 02 90 01 10 66 12 8B 01
85 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10
66 12 8B 01 86 8C 01 01 8D 01 00 8E 01 07 8F 01
02 90 01 10 66 12 8B 01 87 8C 01 01 8D 01 00 8E
01 07 8F 01 02 90 01 10 66 12 8B 01 88 8C 01 01
8D 01 00 8E 01 07 8F 01 02 90 01 10 66 12 8B 01
89 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10
66 12 8B 01 8A 8C 01 01 8D 01 00 8E 01 07 8F 01
02 90 01 10 66 12 8B 01 8B 8C 01 01 8D 01 00 8E
01 07 8F 01 02 90 01 10 66 12 8B 01 8C 8C 01 01
8D 01 00 8E 01 07 8F 01 02 90 01 10 66 12 8B 01
8D 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10
66 12 8B 01 8E 8C 01 01 8D 01 00 8E 01 07 8F 01
02 90 01 10

PUT DATA - BULK ADD KEYS

• 8F/RSA2048, 90/RSA2048, 91/RSA2048, 92/RSA2048, 93/RSA2048,
• 94/RSA2048, 95/RSA2048

00 DB 3F 00 8F 6A 81 8C 66 12 8B 01 8F 8C 01 01
8D 01 00 8E 01 07 8F 01 02 90 01 10 66 12 8B 01
90 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10
66 12 8B 01 91 8C 01 01 8D 01 00 8E 01 07 8F 01
02 90 01 10 66 12 8B 01 92 8C 01 01 8D 01 00 8E
01 07 8F 01 02 90 01 10 66 12 8B 01 93 8C 01 01
8D 01 00 8E 01 07 8F 01 02 90 01 10 66 12 8B 01
94 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10
66 12 8B 01 95 8C 01 01 8D 01 00 8E 01 07 8F 01
02 90 01 10

[makinako]

Also you can use this great ASN.1 Decoder to view the values of the above commands in an easier to consume format.

Don't forget to remove the APDU header bytes first! (The first 5 bytes of each command)

[der2of6]

One Question regarding the pre-perso configuration script. How do i execute the commands?
I used thw GlobalPlatformPro to install the applet. But i have troube to understand, how do i inject the commands into the card.

[makinako]

Using GlobalPlatform you can establish a secure channel with MAC and encryption (minimum requirement) enabled, then send administrative commands over this channel using:
gp --mode mac --mode enc --debug --sdaid a000000308000010000100 -s [APDU GOES HERE]

so for example the first APDU (configuration):
gp --mode mac --mode enc --debug --sdaid a000000308000010000100 -s 00DB3F005D685BA0248001FF8101008201008301008401068501088601068701058801008901008A01008B0100A1128001FF81010082010883010A840109850100A203800100A303800100A415800100810100820100830100840100850100860100

Would send a configuration update.

A few things to remember:

1. Don't make your APDU commands too big (leave space for the MAC and the encryption padding to be added to the end. A maximum of 224 data bytes per frame is pretty fail-safe no matter what your secure channel config I believe)
2. If you are chaining a single command over multiple APDU's, keep adding additional -s [second apdu] -s [third apdu] to the same GP command. If you don't, it will re-select and authenticate each time, which will erase the chain buffer.

[scj643]

Can we have an example of generating a key pair using global platform. I end up just getting a 6A80 every time.

[makinako]

Sure thing, this is an example to generate an RSA-2048 keypair (mechanism 07) for key 9A.

00 47 00 9A 05 AC 03 80 01 07 00

If your command is formatted as above, I would confirm that you have created the appropriate key/mechanism record using the pre-personalisation commands (use the NIST compliant profile as the basis).

Please feel free to post a log output if you're still having any issues.

[scj643]

Thanks I kind of figured it out by having ykman do key operations on my yubikey and listening to the sent APDUs. Would be nice if we had some more easily accessible documentation on the APDUs that are in the standard. For example maybe document the "Control reference template" mentioned in the generate asymmetric keypair.

I am working on a way to make management easier at some point.

[scj643]

I just need to make a way to do secure channel using Python. Probably will have to do it with subprocess and call global platform from inside of Python.

[scj643]

Also noticed when using openssl with opensc-pkcs11.so I can't seem to actually use the keys.

[makinako]

Thanks I kind of figured it out by having ykman do key operations on my yubikey and listening to the sent APDUs. Would be nice if we had some more easily accessible documentation on the APDUs that are in the standard. For example maybe document the "Control reference template" mentioned in the generate asymmetric keypair.

Good to hear you got it working and I take your point that it is not very well documented with examples in either the standard or the OpenFIPS201 wiki.

I am working on a way to make management easier at some point.

We have given a lot of thought to an issuance framework and tools for OpenFIPS201 but it hasn't happened yet. Because the standard doesn't allow for common administration tools very well, this does reduce the general accessibility of the applet outside the larger organisations and this is something we would very much like to fix in the future.

I just need to make a way to do secure channel using Python. Probably will have to do it with subprocess and call global platform from inside of Python.

I imagine wrapping one of the libraries like GPShell (C) or GlobalPlatformPro (Java) is a good approach, either that or just pre-process your data objects in Python and then use the above tools in shell scripts.

Also noticed when using openssl with opensc-pkcs11.so I can't seem to actually use the keys.

I believe @dengert has addressed this later in the comments?

[dengert]

Would be nice if we had some more easily accessible documentation on the APDUs that are in the standard.

The NIST Standards for PIV, NIST 800-73-4
does not define how PIV cards are to be initialized. They left that up to card vendors and card management systems to give vendors and CMS vendors a competitive advantage in this area.

But they did leave two commands in: "Part 2: 3.3 PIV Card Application Card Commands for Credential Initialization and Administration" PUT_DATA and GENERATE ASYMMETRIC KEY PAIR. The also left "Appendix A—Examples of the Use of the GENERAL AUTHENTICATE Command" But some vendors implement this, but others may not.

Note: NIST do not define how to load a private key on to card - only how to generate a key pair on the card. This made it possible in the early days to do some testing using PUT_DATA and GENERATE ASYMMETRIC KEY PAIR and GENERAL AUTHENTICATE.

Yubico and others, like makinako can chose how to do card administration.

[scj643]

What I meant was having a table of the generate key pair commands.

[scj643]

Since the FIPS documentation for key generation is not the easiest to understand.

[dengert]

They don't give a example of key generation but do have:
See
800-73-4 Part1 Table 5. Cryptographic Mechanism Identifiers
800-73-4 Part 2 3.3.2 GENERATE ASYMMETRIC KEY PAIR Card Command

You can also look at OpenSC https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-piv.c#L2689-L2801 which is indirectly called from https://github.com/OpenSC/OpenSC/blob/master/src/tools/piv-tool.c#L284-L547

You will note that at one time RSA 1024 and RSA 3072 where in earlier 800-73 versions but not in 800-73-4. RSA 3072 might be back in the next version of 800-73.

[dengert]

NIST 800-73-4 defines the optional Secure Messaging "Part 1 - 5.4 Secure Messaging
If implemented, SM for non-card-management operations shall only be established using the PIV Secure Messaging key specified in Table 4b and the SM protocol in accordance with the specifications in Section 4 of Part 2."

800-73-4 "Part 2 - 4.1 The Key Establishment Protocol
The key establishment protocol for the PIV Card Application uses the One-Pass Diffie-Hellman, C(1e, 1s, ECC CDH) Scheme from [SP800-56A] in a manner that is based on a simplified profile of OPACITY with Zero Key Management [ANSI504-1], as depicted below."

OpenSC 0.24.0 can be built with configuration option --enable-piv-sm and was tested with "ID-One PIV 2.4.1 CIV configuration IDEMIA test cards".

If you have such a card or makinako was to implement PIV SM, You could use "python pkcs11" with OpenSC PKCS11 with SM to the device.

The use of Global Platform SM used by makinako (and some other vendors) is not part of the PIV standards and as noted above shall not be used for "non-card-management operations".

@makinako are you interested in adding PIV SM?

[dengert]

What do you get if you run OpenSC pkcs11-tool --login --test and pkcs11-tool -O?

I am not familiar with the card initialization process used above. But it looks like all that does is define the possible keys and objects that can be written to the card, it does not look like it generates any keys.

NIST 800-73 -* does not actually store the public key on the card but rather if there is a certificate with the SubjectPublicKeyInfo any middleware can read the certificate, extract the SPKI and determine the key type RSA/EC and key size.

If you used the Yubikey piv-tool when you generate a key, it also writes a dummy certificate with the pubkey in the SPKI to the card.

Can we have an example of generating a key pair using global platform. I end up just getting a 6A80 every time.
Sure thing, this is an example to generate an RSA-2048 keypair (mechanism 07) for key 9A.
00 47 00 9A 05 AC 03 80 01 07 00

6A80 is SC_ERROR_INCORRECT_PARAMETERS

The 00 on the end request the card s to return up to 256 bytes of the public key and return 9000 if done or 61xx where xx is how many more bytes, where 00 means 256 or more are still to come. See Get Response.

That APDU looks correct when done without GlobalPlatform, I don't know if it will work with GP.

[scj643]

The issue I was having was that I was using the wrong command originally for generating keys

[scj643]

pkcs11-tool --login --test

Using slot 0 with a present token (0x0)
Logging in to "PIV_II".
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  ERR: C_GenerateRandom failed: CKR_FUNCTION_NOT_SUPPORTED (0x54)
Digests:
  all 4 digest functions seem to work
  MD5: OK
  RIPEMD160: OK
  SHA-1: OK
  SHA256: OK
Signatures (currently only for RSA)
Signatures: no private key found in this slot
Verify (currently only for RSA)
  No private key found for testing
Decryption (currently only for RSA)
1 errors

pkcs11-tool -O

Using slot 0 with a present token (0x0)
Data object 3971389152
  label:          'Card Capability Container'
  application:    'Card Capability Container'
  app_id:         2.16.840.1.101.3.7.1.219.0
  flags:          <empty>
Data object 3971389248
  label:          'Card Holder Unique Identifier'
  application:    'Card Holder Unique Identifier'
  app_id:         2.16.840.1.101.3.7.2.48.0
  flags:          <empty>
Data object 3971389344
  label:          'Unsigned Card Holder Unique Identifier'
  application:    'Unsigned Card Holder Unique Identifier'
  app_id:         2.16.840.1.101.3.7.2.48.2
  flags:          <empty>
Data object 3971389440
  label:          'X.509 Certificate for PIV Authentication'
  application:    'X.509 Certificate for PIV Authentication'
  app_id:         2.16.840.1.101.3.7.2.1.1
  flags:          <empty>
Data object 3971389824
  label:          'X.509 Certificate for Digital Signature'
  application:    'X.509 Certificate for Digital Signature'
  app_id:         2.16.840.1.101.3.7.2.1.0
  flags:          <empty>
Data object 3971389920
  label:          'X.509 Certificate for Key Management'
  application:    'X.509 Certificate for Key Management'
  app_id:         2.16.840.1.101.3.7.2.1.2
  flags:          <empty>
Data object 3971390016
  label:          'X.509 Certificate for Card Authentication'
  application:    'X.509 Certificate for Card Authentication'
  app_id:         2.16.840.1.101.3.7.2.5.0
  flags:          <empty>
Data object 3971390112
  label:          'Security Object'
  application:    'Security Object'
  app_id:         2.16.840.1.101.3.7.2.144.0
  flags:          <empty>
Data object 3971390208
  label:          'Discovery Object'
  application:    'Discovery Object'
  app_id:         2.16.840.1.101.3.7.2.96.80
  flags:          <empty>
Profile object 3971393568
  profile_id:          CKP_AUTHENTICATION_TOKEN (3)

[scj643]

I've generated rsa2048 keys in slot 9a, 9c, 9d, and 9e. Though I am more interested in using elliptic curve keys

[dengert]

The card contains a number of applets, each of which can define the APDUs they can handle. Global Platform is one applet and the NIST 800-73-4 is a different applet. A select AID command may be the only command in common and handled by the Java code to switch active applet. PIV select AID looks like:
00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 00 and return something like this with the AID included:

61 2A 4F 0B A0 00 00 03 08 00 00 10 00 01 00 79 a*O............y
07 4F 05 A0 00 00 03 08 50 0A 49 44 2D 4F 6E 65 .O......P.ID-One
20 50 49 56 AC 06 80 01 27 06 01 00 7F 66 08 02  PIV....'....f..
02 04 05 02 02 7F FF      90 00

The Global platform AID should be 'A000000151000000 00 A4 04 00is a select file, and theA0` is an internationally registered name space, use to change what applet is active.

The makinako people would know if you can run PIV APDUs from the GP SM.

[scj643]

Result of gp -l

ISD: A000000151000000 (INITIALIZED)
     Parent:   A000000151000000
     From:     A0000001515350
     Privs:    SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration

APP: F276A288BCFBA69D34F31001 (SELECTABLE)
     Parent:   A000000151000000
     From:     F276A288BCFBA69D34F310

APP: A000000308000010000100 (SELECTABLE)
     Parent:   A000000151000000
     From:     A00000030800001000

PKG: A0000001515350 (LOADED)
     Parent:   A000000151000000
     Version:  255.255
     Applet:   A000000151535041

PKG: F276A288BCFBA69D34F310 (LOADED)
     Parent:   A000000151000000
     Version:  1.0
     Applet:   F276A288BCFBA69D34F31001

PKG: A00000030800001000 (LOADED)
     Parent:   A000000151000000
     Version:  1.10
     Applet:   A000000308000010000100

[dengert]

I've generated rsa2048 keys in slot 9a, 9c, 9d, and 9e. Though I am more interested in using elliptic curve keys

How did you do it?
Did you save the public key somewhere?

The PIV middleware can only find a key if there is a certificate on the card with the matching public key.

The OpenSC piv-tool will save the public key as a disk file as returned by the generate key. This is the only time the public key is returned from the card. As I said earlier Yubico piv-tool will save the public key in a dummy certificate and write it to the card so it meet the following:

" 800-73-4 - Part 1 - C.1 PIV Algorithm Identifier Discovery for Asymmetric Cryptographic Authentication"

Both OpenSC and Yubico need to read the certificate to find the key type "and Step 1: Algorithm Type Discovery:" and key size or curve "Step 2: Key Size Discovery:"

OpenSC pkcs15-piv.c
will look if no certificate is found on card to see of piv-tool.c has save a pubkey and env is set.

[scj643]

I did save the public key to disk

[scj643]

Could you give me an example workflow in linux for storing and using the public key to sign a certificate? I am stuck at the encoding of the public key into a format that openssl or pkcs11-tool can use. I'm using ec256 keys.

[dengert]

You can not use the pubkey to sign a certificate, it can only verify a signature. Only the private key can do a sign operation and it is on the smartcard.

Have you looked at https://github.com/OpenSC/OpenSC/blob/master/.github/test-piv.sh which has examples to create 4 keys with self-signed certificates?

And have you looked at all the guides at : https://developers.yubico.com/PIV/

https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html

https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html

Note PIV specs say the 9A key used for authentication, 9C for signatures. 9D for encryption or key derivation, and 9E of the card to authenticate but does not require a PIN.

EC keys can do authentication, signature and key derivation using ECDH

[scj643]

My actual intention was to use the keypair. My current issue is getting the private key on the card to sign a certificate

[scj643]

I currently use a Yubikey for mTLS and that's what I want to replicate.

[dengert]

Lets take a step back.

What are you really trying to do here?

Are you doing this for yourself or are you trying to develop a card management system for your employer?

I see you have forked https://github.com/scj643/yubikey-openssl-ca Have you got anywhere with it?

You said you where interested in using python.

You said you where trying to use Secure Messaging, is that a real requirement?

Myself:
I wrote OpenSC PIV driver starting in 2004, after HSPD-12 was announced, and NIST published 800-73-1.
My employer, a US DOE lab, would eventually be required to use PIV cards issued by the government.
It was clear Microsoft would support PIV, but we use many operating systems and there was no open source PIV middleware. I was able to get some demo cards from a few vendors and NIST to use in development.

I have not been interested in card management as we would be using gov issued cards. I only need to develop
the PIV end user interface and for development - use the 800-73 commands to generate a key and write a certificate. and a few other objects.

Since then there are multiple PIV card vendors, and multiple card vendors with "PIV-like" applets preinstalled on their cards designed to let an end user create certificates and keys. Yubico is one of these.

Before I retired, we were required to use gov issued PIV cards which is also their ID badge and I did develop a simple CMS used to issue temporary PIV cards for new users waiting to receive their official gov issued cards, if their card broke or they left it at home! PIV can be used (or is required in some cases) for login to AD, Linux or Shibboleth https://www.shibboleth.net/

I am now retired, but still contribute to OpenSC. I added the 800-73-4 Secure Messaging to OpenSC as it is designed to be used over NFC connections. Idemia was kind enough to give me some demo cards that support PIV SM.

I am not interested in python, writing card management systems or using GP or GP SM.

OpenSC does have a test script that uses another PIV applet loaded into Java, and uaes Yubico piv-tool to generate keys to run tests on the OpenSC PIV card driver: https://github.com/OpenSC/OpenSC/blob/master/.github/test-piv.sh this might be helpful.

[dengert]

I currently use a Yubikey for mTLS and that's what I want to replicate.

Are you trying to replicate this on another Yubikey with the same keypairs?

On the original Yubikey what commands did you use to either generate or load the keypair on the card?

If you originally generated the keypair ON the card you can NOT retrieve the private key and thus can not replicate the token.
The point of the smart cards is the private key can not be read from the card. (There are some cards that can.) But PIV specs and PIV applets do not allow reading a private key.

If you originally generated the keypair in software and still have a copy you could write the private key and certificate to the new card and write the certificate too.

[dengert]

My use case for this is to replace the Yubikey as my homelqb HSM.

Did you mean homelab HSM ?

Google for: Yubikey PIV guides homelab

Here is an example HSM built on self contained computer with hardware random number generator and Certificate Management System using a Yubikey 5:

https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/

[scj643]

Yes I am familiar with how to do it on a Yubikey. My question is how can I do it using OpenFIPS. Also by replicate I don't mean the keys but the process of generating a key on the card and then signing a CSR with my homelab CA.

[dengert]

As I said PIV card vendors i.e. applet vendors can provide their own card provisioning software. OpenFIPS201 is a PIV applet, as is Yubikey.

What you may be missing is how to use the private key to sign a certificate request, CSR, then get a CA to sign the CSR creating a certificate. You can use OpenSSL (version < 3.0.0) with a pkcs11 engine or OpenSSL (>= 3.0.0) pkcs11 provider to have OpenSSL call PKCS11 module that can access the card.

https://github.com/OpenSC/libp11 has a OpenSLL engine.

https://github.com/latchset/pkcs11-provider has an OpenSSL provider.

You can use the OpenSC PKCS11 module, as the operation to sign is defined in 800-73.

You then have to write the certificate to the card using some vendor provide tool.

[scj643]

Yes I'm aware of that. The part that I'm stuck on is I have the key on the card (using OpenFIPS201) in slot 9a and have the public key. I just can't seem to get OpenSSL to find the private key on the card.

[dengert]

From my phone. Can you print out the file in hex.

…

On Tue, Feb 6, 2024, 9:34 AM Chloe Surett ***@***.***> wrote: Yes I'm aware of that. The part that I'm stuck on is I have the key on the card (using OpenFIPS201) in slot 9a and have the public key. I just can't seem to get OpenSSL to find the private key on the card. — Reply to this email directly, view it on GitHub <#52 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGTIMPFWZ4TKAI3Y4BRZUDYSJERBAVCNFSM6AAAAAAQFAXMI6VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DGOBUGIYDI> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[scj643]

The file I have is the pem encoded public key that is secp256r1. I can see the private key using pkcs15-tool when PIV_9A_KEY is set.

[dengert]

Can you send me a copy of the pen file

…

On Tue, Feb 6, 2024, 10:29 AM Chloe Surett ***@***.***> wrote: The file I have is the pen encoded public key that is secp256r1 — Reply to this email directly, view it on GitHub <#52 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGTIMN3JWXG6OHLEX7RENTYSJK5VAVCNFSM6AAAAAAQFAXMI6VHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DGOBUHAZDK> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[scj643]

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExAwgHcBhpnxCkRQyPad6OIO+4Nzm
4MarVZr6Ocy/S59Ndu7Ow6PH6ZsXJYVMiOM2erkvVv+x+WXKKRw9I1Ms+Q==
-----END PUBLIC KEY-----

[dengert]

The PIV specs have a "catch22". The public key is not stored on the card. The only way the middleware knows if there is a private key on the card is to read the certificate associated with the key and extract the public key from the subjectPublicKeyInfo. The usual way middleware get a certificate is to have the card sign a CSR using the private key. But the certificate is not created yet!

I don't know what tool you used to generate the key, but the file you have is a subjectPublicKeyInfo in PEM format.

There three ways I know how to get around the "catch22":

• The OpenSC piv-tool when generating a key save the public key in subjectPublicKeyInfo in DER format. Later when the OpenSC PIV driver is looking for certificates (to read their public keys) and does not find a certificate on the card it will do a getenv("PIV_9A_KEY") which should point to the key saved by the piv-tool. (Replace the 9A with 9C, 9D or 9E for the other keys.)

• Yubikey piv tool when generating a key, creates a dummy certificate right a way and write it to the card. So there is always a certificate with the subjectPublicKeyInfo on the card.

• OpenSSL csr and other commands have -force_pubkey that when creating a certificate force the use of a pubkey from a file. This could be used to create a temporary certificate without using the card then writing the card which could be used to sign an actual CSR. (I have tried this.)

• I don't know if the tools you use have a way around the "catc22".

You can convert the pem file to der with something like:
openssl pkey -pubin -inform PEM -outform DER -i your-pubkey.pem -o pubkey.der

Then to sign a CSR use OpenSSL with pkcs11 engine or pkcs11-provider and opensc-pkcs11.so and have env PIV_9A_KEY=pubkey.der

[dengert]

Should have said: (I have NOT tried this.)

The other piece missing is how to format a certificate object to be written to the card. OpenSC piv-tool and Yubikey piv-tool know how to put the certificate into a certificate and GZIP it too. See "NIST 800-73-4 Part1 Table 10. X.509 Certificate for PIV Authentication" Search for GZIP too.

When using APDUs directly see the PUT DATA in "800-73-4 Part 2 Table 10. Data Field of the PUT DATA Card Command for all other PIV Data Objects"