[SmartcardServices-Users] Submitting patches for PIVToken.cpp bugs [Yubikey Neo]

Mon Oct 26 13:50:12 PDT 2015

By definition, there are 7 mandatory objects to be a PIV (Card Capability Container (CCC) and Card Holder Unique Identifier (CHUID) are two of the seven). If you don't have all seven, you have the risk that the card will fail something that is expected as a core capability of all PIV cards.

SP 800-73-4, page 28 has the list of mandatory, conditional, and optional card application data objects.

http://csrc.nist.gov/groups/SNS/piv/standards.html

Keith

----------------------------------------------------------------------

Date: Sun, 25 Oct 2015 10:42:51 +0100
From: david.lloyd at fsmail.net
To: Uri Blumenthal <uri at mit.edu>
Cc: Shawn Geddis <geddis at icloud.com>,	SmartCard Services-Users
	<smartcardservices-users at lists.macosforge.org>
Subject: Re: [SmartcardServices-Users] Submitting patches for
	PIVToken.cpp bugs [Yubikey Neo]
Message-ID: <17361481.1771445766171121.JavaMail.www at wwinf3714>
Content-Type: text/plain; charset=UTF-8

...

I am thinking that rather than a load of "-action setThisAndThat" options, the piv tool would be better off with an "-action initialize" option that adds all the required PIV files.  Where 
"required" from where I am sitting is CCC and CHUID -- PIV experts can feel free to add more.

...

Regards,

David L

P.S.  Is there a good tool in OpenSC that checks to see if a card PIV is ok?   i.e. something that can use for PIV card compliance unit testing?

> Subject: Re: [SmartcardServices-Users] Submitting patches for PIVToken.cpp bugs [Yubikey Neo]
> 
> It would be nice if SmartCardServices tokend could work with a card that doesn't have a CCC object in it. 
> 
> In my experience,  NEO (a) does not have CCC, and (b) does not perform SELECT command properly.
> 
> One workaround I found for another tokend to work with NEO correctly was to generate a CCC object and write it to NEO using piv-tool from OpenSC package.