First of all, the piv-tool was designed to be used for test cards only, and only supports the commands from NIST 800-73-3, as each card vendor may have additional commands and requirements, such as Global Platform commands, or the need to finalize a card. NIST 800-73-3 does not provide a way to write a private key to or from the card, thus there is no standard way to escrow a key. That said, piv-tool does have a -s option to allow other commands to be sent to the card, asnd can be used with the vendor documentation.
You will need a lot more then piv-tool to do proper card management. http://fips201ep.cio.gov/apl.php has a list of approved products, including card management. On 9/26/2012 7:07 PM, Ravneet Singh Khalsa wrote: > Hello experts, > > I am considering using PIV-tool for certificate enrollment for PIV cards for > my company. I am following the instructions specified in the link > http://www.opensc-project.org/opensc/wiki/PivTool. I have > downloaded the opensc-i686-w64-mingw32-011-base build on my windows 7 client > machine. The instructions on the above link looks like UNIX instructions. Can > I get equivalent windows instructions ? I was > able to generate public key using piv-tool, but I could not generate > certificate request using SSL. Is there equivalent command for Windows > specific environment ? > > The command seems to be pointing to engine_pkcs11.so and opensc-pkcs11.so > files. I couldn’t find these files anywhere. > As Peter saind look for the .dlls I do have a set of scripts to manage test cards, but they are Unix. I can send them, but they are not in top shape, and get changed as needed. > Any help would be appreciated. > > Thanks, > > Ravneet > > I am a programmer and I understand only programming languages. > > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
