On 1/7/2015 9:49 PM, Sarat Chandra Prasad Gingupalli wrote:
> If you know the SO key, I think you can get any extractable information from the card including the private key of RSA, but generally private keys were written to the card with Non Extract flag set.
The PIV specs as define in 800-73 do not define any extra flags to be written to the card.
Flags returned from PKCS#15 or PKCS#11 are set by the software, based on the policies in 800-73-3 part 1.
3.1.3 X.509 Certificate for PIV Authentication
3.2.3 X.509 Certificate for Digital Signature
3.2.4 X.509 Certificate for Key Management
"key pair may be escrowed"
3.2.5 X.509 Certificate for Card Authentication
> When I dump the my PIV card info I could able to see the setting of Non Extract flag set, so even though I knew the PIN I couldn't able to extract the private key of RSA from my card.
This is based on trying to map 800-73 wording to PKCS#11 attributes.
The SO PIN does *NOT* let you read the private keys. Its basically the unblocking PIN.
For card administration the piv-tool requires the -A option with a 3DES or AES key
for the card to write data to the card.
There is no command in defined 800-73 to read or write a private key, only to generate a key on the card.
But card vendors have additional commands used to write or maybe even read a private key.
These commands are not part of the NIST standards.
NIST has a set of 16 test cards with different keys etc. But each set has identical
data and the data including the private keys printed in printed documentation.
The set I have has Oberthur and GemAlto PIV cards. The keys must have been written
to the cards.
>
> Regards,
>
> Sarat G
>
> ------- *Original Message* -------
>
> *Sender* : William Roberts<
[hidden email]>
>
> *Date* : Jan 08, 2015 10:03 (GMT+09:00)
>
> *Title* : Re: [Opensc-devel] PIV Card Padding Checks
>
> So in throery if I had the pin to a card I could attack it and get the RSA private key. ouch, I hope I am wrong.
>
> On Wed, Jan 7, 2015 at 4:08 PM, Douglas E Engert <
[hidden email] <mailto:
[hidden email]>> wrote:
>
>
>
> On 1/7/2015 12:42 PM, William Roberts wrote:
> > The PIV standard says that the RSA encryption should be done raw and all hashing and padding is done off card, do cards perform any check that a padding has been applied, or do they just encrypt any
> > plaintext that is smaller then the modulus?
>
> The PIV only does RAW RSA which is the APDU operation for encryption and decryption
> the card does not care which one you are really doing, and does not need to check
> the padding.
>
> piv_validate_general_authentication is used to send the block to teh card and get the response.
>
> For RSA, 800-73-3 part 2 A4.1.1.1 and A3.1 are examples. The same APDU is uses as is the data.
> Higher level routines in PKCS#11 or OpenSC do the padding or check the response for the padding.
>
>
> >
> > --
> > Respectfully,
> >
> > William C Roberts
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Dive into the World of Parallel Programming! The Go Parallel Website,
> > sponsored by Intel and developed in partnership with Slashdot Media, is your
> > hub for all things parallel software development, from weekly thought
> > leadership blogs to news, videos, case studies, tutorials and more. Take a
> > look and join the conversation now.
http://goparallel.sourceforge.net <
http://goparallel.sourceforge.net/>
> >
> >
> >
> > _______________________________________________
> > Opensc-devel mailing list
> >
[hidden email] <mailto:
[hidden email]>
> >
https://lists.sourceforge.net/lists/listinfo/opensc-devel> >
>
> --
>
> Douglas E. Engert <
[hidden email] <mailto:
[hidden email]>>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now.
http://goparallel.sourceforge.net <
http://goparallel.sourceforge.net/>
> _______________________________________________
> Opensc-devel mailing list
>
[hidden email] <mailto:
[hidden email]>
>
https://lists.sourceforge.net/lists/listinfo/opensc-devel>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now.
http://goparallel.sourceforge.net>
>
>
> _______________________________________________
> Opensc-devel mailing list
>
[hidden email]
>
https://lists.sourceforge.net/lists/listinfo/opensc-devel>
--
Douglas E. Engert <
[hidden email]>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now.
http://goparallel.sourceforge.net_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Locked
