Kim O'Sullivan
Kim O'Sullivan
Hi @SudharsanKrishnamoorthy, have you had any progress with this? I think I've come to the same problem.
A few options: 1. Define a 'GENERAL AUTHENTICATE EXTENDED' APDU which is identical except for the INS value (and we can then use any mechanism we like). This might seem...
Yes in that case that makes total sense! There seems to be a bit more to this though. When I looked at what was happening in my code, I saw...
This is by design, since 'VCI' is essentially about the conditions where the contactless interface may be treated the same as the contact interface. So instead of defining a separate...
This is true, though 800-73 has a general rule in 5.5 that prohibits VCI for administrative operations altogether. This logic is reflected in the `Options.restrictContactlessAdmin` parameter, though the default is...
Having looked a bit more into it, public key validation for ECDH is described in [SP.800-56A](https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final) in section 5.6.2.3 as a mandatory (shall) procedure for ECDH and this in turn...
> Are you saying a PIV card or PIV applet is required to verify the EC pubkey used as input to ECDH? I think there's a clear case for this...
Revisiting this, a few points: - FIPS 140-3 specifically mandates this as @dmercer-google already mentioned. That being said, there isn't a single 140-3 accredited module on the market yet so...
Hi @mistial-dev yes this is issue #55 appearing, with the CHUID read being interrupted half-way. Even though this is already patched in the FIPS build, I think it's worthy of...
The occ parameter was put there a bit prematurely in anticpation of functionality that hasn't been implemented yet. But it is and so we should do it correctly. We have...