Versions Compared

Old Version 4

changes.mady.by.user Kim O'Sullivan

Saved on

compared with

New Version Current

changes.mady.by.user Kim O'Sullivan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1

...

Contents

Table of Contents
minLevel1
maxLevel7
excludeContents.*

2

...

Overview

OpenFIPS201 (and PIV in general) places a number of minimum requirements on any smart-card it is installed and used on. If the applet fails to load, it is most likely because the smartcard fails to meet one or more criteria.

...

  • Java Card - Your JCRE/JCVM must be Java Card 3.0.4 or above

  • Global Platform - Version 2.2.1 or higher is required, with:

    • Support for Secure Channel Protocol 03 (SCP03)

    • Support for org.globalplatform.CVM

  • Randomness - Support for the ALG_SECURE_RANDOM random generator type

  • Memory - The base applet takes approximately 19kb of EEPROM and 468 bytes or RAM, but this various by installed platform.

2.1

...

Cryptographic Mechanisms

OpenFIPS201 attempts to be as flexible as possible, when the applet is installed it will attempt to make use of all of the following cryptographic primitives. Any that are not available will simply mean that corresponding mechanism is mechanisms are not available.

PIV Mechanisms

Javacard Primitive

08, 0A, 0C

Cipher.ALG_AES_BLOCK_128_ECB_NOPAD

00,03

Cipher.ALG_DES_ECB_NOPAD

06,07

Cipher.ALG_RSA_NOPAD

11, 14, 27, 2E

KeyAgreement.ALG_EC_SVDP_DH_PLAIN

11, 14, 27, 2E

MessageDigest.ALG_SHA_256

11, 14, 27, 2E

MessageDigest.ALG_SHA_384

11, 14

Signature.ALG_ECDSA_SHA

11, 14

Signature.ALG_ECDSA_SHA_256

11, 14

Signature.ALG_ECDSA_SHA_384

11, 14

Signature.ALG_ECDSA_SHA_512

2.2 Tested Platforms

The following platforms have been tested to work with the OpenFIPS201 applet.

Hardware Platform

Model(s)

Memory

Compatibility Notes

NXP JCOP 3 SecID P60 CS (OSB)

J3H082[nnnn]

J3H145[nnnn]

TBD

All mechanisms supported

NXP P71 JCOP 4

P71D321

TBD

All mechanisms supported

NXP P71 JCOP 4.5

P71D600

TBD

All mechanisms supported

Info

This product was tested using SO28 carrier pre-release engineering samples from Feb 2022, not the final product.

G&D SmartCafe 7.0

SCE 7.0

TBD

Note

TODO: Not tested since v1.2

Infineon Secora Id

???

TBD

Note

Tested externally, need confirmation about support and specific model numbers tested.

Info

Please note that memory requirements are for the base package and a single instance, measured after the first applet selection.

This does not include EEPROM or RAM requirements post-issuance as these amounts can vary significantly depending on the configuration and operational data.