Doug Engert
Doug Engert
The trace in original post does not appear to have anything to do with the CHUID, Is this the wrong trace? The instruction in question: 00 87 11 9E 26...
> The reason I say this is because I want to be able to putData() and getData() some objects without having to do any extra authentication or using a PIN....
That sounds like PIV CHUID authentication. The CHUID can have a GUID, and or a FASC-N (i.e. a user id) and non gov FASC-N start with 99999. NIST PIV docs...
Are you developing this for internal only use or are you developing a product? What do you mean by: "we are using the PIV capabilities for access control"? Are you...
NIST 800-74-4 says the CVC certificate is for the "04" private EC key **used with SM**: Part 2 3.2.4: "The GENERAL AUTHENTICATE command shall be used with the PIV Secure...
Have you tried pkcs11-tool --generate-random opensc-tool only supports short APDU's. It is limited in send_apdu which uses buffers based on: types.h:#define SC_MAX_APDU_BUFFER_SIZE 261 /* takes account of: CLA INS P1...
It is in 0.17.0. Can you build and try 0.17.0? The engine code calls pkcs11. Testing opensc-pkcs11 would be the first step to getting engine to generate random numbers.
> @dengert is there a CMAKE flag to link with boringssl? I have some time to rule that possibility out. I don't know. Can anyone else answer this?
The latest push for this PR are based on 865cb43a8c81b1a8a0a44f0d439b0d50494084a5 pkcs11-curr-v3.0-os section "2.3 Elliptic Curve" includes in CKK_EC_EDWARDS and CKK_EC_MONTGOMERY keys which have a CKA_EC_PARMS, which has an `oID` for...
The name of this PR has changed as support for Yubikey 5 tokens version 5.7 or greater which support the use of EDDSA and XEDDSA in the PIV applet. This...