By definition, there are 7 mandatory objects to be a PIV (Card Capability Container (CCC) and Card Holder Unique Identifier (CHUID) are two of the seven). If you don't have all seven, you have the risk that the card will fail something that is expected as a core capability of all PIV cards. SP 800-73-4, page 28 has the list of mandatory, conditional, and optional card application data objects. http://csrc.nist.gov/groups/SNS/piv/standards.html Keith ---------------------------------------------------------------------- Date: Sun, 25 Oct 2015 10:42:51 +0100 From: david.lloyd@fsmail.net To: Uri Blumenthal <uri@mit.edu> Cc: Shawn Geddis <geddis@icloud.com>, SmartCard Services-Users <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] Submitting patches for PIVToken.cpp bugs [Yubikey Neo] Message-ID: <17361481.1771445766171121.JavaMail.www@wwinf3714> Content-Type: text/plain; charset=UTF-8 ... I am thinking that rather than a load of "-action setThisAndThat" options, the piv tool would be better off with an "-action initialize" option that adds all the required PIV files. Where "required" from where I am sitting is CCC and CHUID -- PIV experts can feel free to add more. ... Regards, David L P.S. Is there a good tool in OpenSC that checks to see if a card PIV is ok? i.e. something that can use for PIV card compliance unit testing?

Subject: Re: [SmartcardServices-Users] Submitting patches for PIVToken.cpp bugs [Yubikey Neo]

It would be nice if SmartCardServices tokend could work with a card that doesn't have a CCC object in it.

In my experience, NEO (a) does not have CCC, and (b) does not perform SELECT command properly.

One workaround I found for another tokend to work with NEO correctly was to generate a CCC object and write it to NEO using piv-tool from OpenSC package.