Updates were committed today (4767) for the PIV card driver to support the new features as defined in NIST 800-73-3 [1] These include the History Object that lists which older keys and/or certificates are on the card, and where to find off card certificates; and the Discovery object that specifies which PIN, global card PIN or the PIV application PIN should be used for login.
Although I don't have one of these cards, a sample History object as well as the offline list of certificates provided by NIST was used to test the logic. The PIV driver only supports RSA, but NIST 800-73-3 and NIST 800-78-2 [1] also defines the use of ECC, with 2 specific curves, and the ECDSA using SHA-256 and SHA-384. These have not been implemented yet. The PIV driver can now be built without OpenSSL. OpenSSL is still needed for card administration with the piv-tool. #ifdef ENABLE_OPENSSL now only remove the admin code, and ctx.c was change to allow card-piv.c to be built without OpenSSL. cardctl.h was changed to add some PIV specific control codes as well as define a PIV structure. [1] http://csrc.nist.gov/publications/PubsSPs.html (800-73-3 is in 4 parts. 800-78-2 is one part) -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
