CAC and PIV support

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CAC and PIV support

David Karam
Hello, we wish to use OpenSC in an application that should support CAC and PIV cards.

From the supported cards page for OpenSC I can only see PIV, but am confused what the difference between them is. CAC seems to be for military personnel while PIV is for the wider civilian gov population. Also CAC seems to be PIV-compliant but am not sure if that means OpenSC can read that.

So am a bit confused here and was hoping someone with more experience on the subject can clear this up!


Thanks,
David

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: CAC and PIV support

Douglas E Engert


On 5/19/2015 5:24 PM, David Karam wrote:
> Hello, we wish to use OpenSC in an application that should support CAC and PIV cards.
>
>  From the supported cards <https://www.opensc-project.org/opensc/wiki/SupportedHardware> page for OpenSC I can only see PIV, but am confused what the difference between them is. CAC seems to be for
> military personnel while PIV is for the wider civilian gov population. Also CAC seems to be PIV-compliant but am not sure if that means OpenSC can read that.

http://www.cac.mil/

CAC was the original DOD card and were from a single vendor. HSPD-12 (August 2004):

  http://www.dhs.gov/homeland-security-presidential-directive-12

mandated that all federal agencies including DOD would adopt a common smart card and NIST being part of Commerce
wrote the PIV specifications and FIPS 201 so that multiple vendors would produce the cards and infrastructure:

   http://csrc.nist.gov/groups/SNS/piv/

DOD started issuing PIV_compliant cards that were also CAC cards to comply with HSPD-12 and the NIST standards.

You might find this interesting:
  https://militarycac.com/


Here is an online version of why I got involved with writing the PIV drivers:

   http://workshop.openafs.org/afsbpw07/talks/deengert.pdf

ALso see:

  http://csrc.nist.gov/publications/nistir/ir7427/NISTIR7427_PKI_2007.pdf

So to answer your question, the OpenSC code can use CAC cards if they are PIV compliant. The CAC card
may have additional data on the card that is not PIV compliant, and may vary by branch of DOD.

OpenSC does not implement the full PIV middl eware but implements a PKCS#11 interface
to used any of the PIV certificates/keys on the card for use with COTS programs that
can use PKCS#11.

>
> So am a bit confused here and was hoping someone with more experience on the subject can clear this up!
>
>
> Thanks,
> David
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>


------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel