Doug Engert

> We're mostly using PIV-I standards, so the FASC-N starts with a bunch of 9s. Is this the situation you are talking about? Yes, missing FASC-N or starts with 99999...

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf says : > Comments on this publication may be submitted to: > National Institute of Standards and Technology Attn: Computer Security Division, Information Technology Laboratory 100 Bureau Drive (Mail...

One other possibility. 800-73-4 has support for Secure Messaging and VCI which can use an optional pairing code. The pairing code is only needed to create the VCI which is...

You are right the pairing code can be read over contact so attacker could read it. Sorry.

> The idea, from what I can tell, is to ensure that contact enrollment and contact PIN+CAK is available. Windows sign-on does not depend on the 9E key, it will...

"Add support for smartcard/vpcd integration" which allows the applet to be run in java simulator and use a socket interface to pcsc. https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html An example of its use: https://github.com/OpenSC/OpenSC/blob/master/.github/test-piv.sh I...

Sorry, no. But I am the main developer for the OpenSC PIV driver, if you have questions. 261 comes from APDU (4) + Lc (1) + max data (255) +...

The support for (optional) SM/VCI in NIST 800-73-4 PIV in OpenSC has stalled. I asked around and no one has asked for it. NIST instead has focused on Derived PIV/CAC...

@martinpaljak I am not sure. This leads to a download: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf There are 3 parts in the one PDF. NIST tends to write detailed requirements and does not reference other...

I started to look at what I had in 2018 for VCI/SM in OpenSC, will see how far I get.