Mistial Developer
Mistial Developer
> Just for the clarity: WebAuthn, also referred to as "passwordLESS", is actually replacing the 1st factor - namely the password - not the second factor. It is not a...
They require a PIN for tokens like yubikeys, because otherwise it would be one factor.On Sun, Dec 18, 2022 at 1:56 PM, debbiegoldsmith ***@***.***> wrote: Right, there is no need...
When I generate the key on card and issue a certificate based around that key, it seems to work.
> Just looking at the logs, it looks like you are creating both an RSA and EC key for the 9A and 9E keys. I shouldn't be. I was previously...
It's HID, so I'd expect the length to be correct. The operation that's failing seems to be chained `10 87 07 9e` (0x6985) and `00 87 07 9e` (0x6984). These...
Sanity checking the 9e CHANGE REFERENCE DATA ADMIN APDUs: ``` print Change Reference Data 9E send_apdu -sc 1 -APDU 1024079EC83082010481820100C1829E4EAE1556822C8E6A97E3BB10255B5EF24496B4E55629BB426F3810FBD325127329908D98268D7F9BF961819D638A8DDC9E14A2355B8E85F7E178A7A52B3EFB71245B6A354C21DA0CDE996DA3C98A659791F34EE91AD224F0B7A7BBF6F53BE8B609AB8BDC4FA0B4E1422B6FA74DB16CE7D553CFA27F8B53D4F1E78B9E10132D5D2DAEF80BC64A940C4F6B92CFEC6094C8A0BF613C7B570C50D7622E9DABAB1BC53DB607BAD45CB03BD0FB8519EF0DFAEA6D80DF886EA0789BB6499F2951 send_apdu -sc 1 -APDU 0024079E40EEAD63D118041330B785803771FFB302B0A1CCB18A71B74D0850A717CC323108105C2B22BE91016323B2E2B5A2D34E6DA7129C88A93C1309A8932E96C5C07987 send_apdu -sc 1 -APDU 0024079E0730058203010001...
The card works fine on a gallagher reader, over contactless. I think this may be a duplicate of https://github.com/makinako/OpenFIPS201/issues/55 .
Would this fall under FIPS 201 2.9.2? > A PIV Card post issuance update may be done locally (performed with the issuer in physical custody of the PIV Card) or...
Reading through the comments of SP 800-73-4, https://csrc.nist.gov/CSRC/media/Publications/sp/800-73/4/archive/2015-05-29/documents/sp800_73-4_2013_draft_comments_and_dispositions.pdf , NIST seems to make it clear that card management itself is out of scope (so is fine to use SCP03 or...
> Some kind of relay attack where malware installed on the host relays APDUs to the card which originated on a physical access control reader? That is precisely the concern,...