Mistial Developer
Mistial Developer
@dengert I was speaking more as a workaround for some of the functionality (contactless cert access), not saying they are the same thing. I apologize for the lack of clarity...
It looks like vSEC:CMS does PIV VCI. https://versasec.zendesk.com/hc/en-us/articles/360017812800-PIV-Settings I should have access to that software for testing, if I can figure a card out that works with it.
For your first question, the best reference for what cards support what is going to be this page. https://www.fi.muni.cz/~xsvenda/jcalgtest/table.html As you can see, ALG_RSA_PKCS1 was introduced prior to JC2.2.2, and...
In terms of SP-800-73-4, C.2 seems to require a singular AC tag. "The Application Property Template, which is included in the response to the SELECT command, optionally includes a tag...
> Has the above and it says "algorithms" So there can be more then one. I agree. If you look at 800-73-4, table 3.1.1, it again states "Cryptographic algorithms supported",...
The interface test guidelines are also singular: https://csrc.nist.rip/external/nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-85A-4.pdf > P1, algorithm reference, is set to '27' or '2E', as indicated by the 0xAC tag obtained from the application property template...
> Yes now having a read through the 7816 wording is actually very clear. OF201 was implemented only from the SP800-73 wording and this is in contradiction with the ISO...
> I take your point @mistial-dev and true no-one has complained yet (including the PIV compliance tool), but I've asked the question to NIST anyway because why not and if...
> "The first data object shall be a cryptographic mechanism reference, tag '80' (see Table 33)." > "The second data object shall be an object identifier, tag '06'" > "If...
Looks like @dengert is correct in his interpretation. Thank you for asking the mailing list. I will change the pull request to conform.