1 Contents
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
...
2 Overview
The following scripts can be executed with your favourite smartcard utility to pre-personalise OpenFIPS201 to be fully compliant with the SP800-73-4 data object, configuration and key requirements.
...
Info |
---|
All commands below must be executed under a GlobalPlatform Secure Channel session with the C_ENCRYPTION and C_MAC options set (SCP03). |
...
3 Configuration Scripts
This script serves only as a reference for the NIST compliant values and does not need to be sent if you don’t wish to change any values.
Code Block |
---|
# UPDATE CONFIGURATION 00 DB 3F 00 5D 68 5B A0 24 80 01 FF 81 01 00 82 01 00 83 01 00 84 01 06 85 01 08 86 01 06 87 01 05 88 01 00 89 01 04 8A 01 0400 8B 01 0400 A1 12 80 01 FF 81 01 00 82 01 08 83 01 06 84 01 05 85 01 00 A2 03 80 01 00 A3 03 80 01 00 A4 15 80 01 00 81 01 00 82 01 00 83 01 00 84 01 FF 85 01 00 86 01 00 |
...
4 PIN / PUK Scripts
The following scripts will set the cardholder reference values to the following defaults:
...
Code Block |
---|
# CHANGE REFERENCE DATA - PIN (80) to 123456 00 24 FF 80 08 31 32 33 34 35 36 FF FF # CHANGE REFERENCE DATA - PUK (81) to 12345678 00 24 FF 81 08 31 32 33 34 35 36 37 38 |
...
5 Data Object Scripts
...
5.1 Mandatory
Code Block |
---|
# CREATE DATA OBJECT - 5FC107 - Card Capability Container 00 DB 3F 00 0D 64 0B 8B 03 5F C1 07 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC102 - Cardholder Unique Identifier 00 DB 3F 00 0D 64 0B 8B 03 5F C1 02 8C 01 7F 8D 01 7F # CREATE DATA OBJECT - 5FC105 - X509 Certificate for PIV Authentication 00 DB 3F 00 0D 64 0B 8B 03 5F C1 05 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC101 - X509 Certificate for Card Authentication 00 DB 3F 00 0D 64 0B 8B 03 5F C1 01 8C 01 7F 8D 01 7F # CREATE DATA OBJECT - 5FC103 - Cardholder Fingerprints 00 DB 3F 00 0D 64 0B 8B 03 5F C1 03 8C 01 01 8D 01 00 # CREATE DATA OBJECT - 5FC108 - Cardholder Facial Image 00 DB 3F 00 0D 64 0B 8B 03 5F C1 08 8C 01 01 8D 01 00 # CREATE DATA OBJECT - 5FC106 - Security Object 00 DB 3F 00 0D 64 0B 8B 03 5F C1 06 8C 01 7F 8D 01 00 # # Mandatory only for US-Government Issued PIV Credentials # # CREATE DATA OBJECT - 5FC10A - X509 Certificate for Digital Signature 00 DB 3F 00 0D 64 0B 8B 03 5F C1 0A 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC10B - X509 Certificate for Key Management 00 DB 3F 00 0D 64 0B 8B 03 5F C1 0B 8C 01 7F 8D 01 00 |
...
5.2 Optional
Code Block |
---|
# CREATE DATA OBJECT - 5FC109 - Printed Information 00 DB 3F 00 0D 64 0B 8B 03 5F C1 09 8C 01 01 8D 01 00 # CREATE DATA OBJECT - 5FC122 - Secure Messaging Signer 00 DB 3F 00 0D 64 0B 8B 03 5F C1 22 8C 01 7F 8D 01 7F # CREATE DATA OBJECT - 7E - Discovery Object 00 DB 3F 00 0B 64 09 8B 01 7E 8C 01 7F 8D 01 7F # CREATE DATA OBJECT - 5FC10C - Key History Object 00 DB 3F 00 0D 64 0B 8B 03 5F C1 0C 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC10D - Retired X509 Certificate for Key Management 1 00 DB 3F 00 0D 64 0B 8B 03 5F C1 0D 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC10E - Retired X509 Certificate for Key Management 2 00 DB 3F 00 0D 64 0B 8B 03 5F C1 0E 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC10F - Retired X509 Certificate for Key Management 3 00 DB 3F 00 0D 64 0B 8B 03 5F C1 0F 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC110 - Retired X509 Certificate for Key Management 4 00 DB 3F 00 0D 64 0B 8B 03 5F C1 10 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC111 - Retired X509 Certificate for Key Management 5 00 DB 3F 00 0D 64 0B 8B 03 5F C1 11 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC112 - Retired X509 Certificate for Key Management 6 00 DB 3F 00 0D 64 0B 8B 03 5F C1 12 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC113 - Retired X509 Certificate for Key Management 7 00 DB 3F 00 0D 64 0B 8B 03 5F C1 13 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC114 - Retired X509 Certificate for Key Management 8 00 DB 3F 00 0D 64 0B 8B 03 5F C1 14 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC115 - Retired X509 Certificate for Key Management 9 00 DB 3F 00 0D 64 0B 8B 03 5F C1 15 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC116 - Retired X509 Certificate for Key Management 10 00 DB 3F 00 0D 64 0B 8B 03 5F C1 16 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC117 - Retired X509 Certificate for Key Management 11 00 DB 3F 00 0D 64 0B 8B 03 5F C1 17 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC118 - Retired X509 Certificate for Key Management 12 00 DB 3F 00 0D 64 0B 8B 03 5F C1 18 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC119 - Retired X509 Certificate for Key Management 13 00 DB 3F 00 0D 64 0B 8B 03 5F C1 19 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC11A - Retired X509 Certificate for Key Management 14 00 DB 3F 00 0D 64 0B 8B 03 5F C1 1A 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC11B - Retired X509 Certificate for Key Management 15 00 DB 3F 00 0D 64 0B 8B 03 5F C1 1B 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC11C - Retired X509 Certificate for Key Management 16 00 DB 3F 00 0D 64 0B 8B 03 5F C1 1C 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC11D - Retired X509 Certificate for Key Management 17 00 DB 3F 00 0D 64 0B 8B 03 5F C1 1D 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC11E - Retired X509 Certificate for Key Management 18 00 DB 3F 00 0D 64 0B 8B 03 5F C1 1E 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC11F - Retired X509 Certificate for Key Management 19 00 DB 3F 00 0D 64 0B 8B 03 5F C1 1F 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC120 - Retired X509 Certificate for Key Management 20 00 DB 3F 00 0D 64 0B 8B 03 5F C1 20 8C 01 7F 8D 01 00 # CREATE DATA OBJECT - 5FC121 - Cardholder Iris Images 00 DB 3F 00 0D 64 0B 8B 03 5F C1 21 8C 01 01 8D 01 00 # CREATE DATA OBJECT - 7F61 - Biometric Information Templates Group Template 00 DB 3F 00 0C 64 0A 8B 02 7F 61 8C 01 7F 8D 01 7F |
...
6 Key Object Scripts
...
6.1 TDEA-128 Mechanism
Code Block |
---|
# CREATE KEY - 9B - Application Administration Key (TDEA3KEY) 00 DB 3F 00 14 66 12 8B 01 9B 8C 01 7F 8D 01 00 8E 01 03 8F 01 01 90 01 11 # CREATE KEY - 9E - Card Authentication Key (TDEA3KEY) 00 DB 3F 00 14 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E 01 03 8F 01 01 90 01 10 |
...
6.2 AES-128 Mechanism
Code Block |
---|
# CREATE KEY - 9B - Application Administration Key (AES128) 00 DB 3F 00 14 66 12 8B 01 9B 8C 01 7F 8D 01 00 8E 01 08 8F 01 01 90 01 11 # CREATE KEY - 9E - Card Authentication Key (AES128) 00 DB 3F 00 14 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E 01 08 8F 01 01 90 01 10 |
...
6.3 AES-192 Mechanism
Code Block |
---|
# CREATE KEY - 9B - Application Administration Key (AES192) 00 DB 3F 00 14 66 12 8B 01 9B 8C 01 7F 8D 01 00 8E 01 0A 8F 01 01 90 01 11 # CREATE KEY - 9E - Card Authentication Key (AES192) 00 DB 3F 00 14 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E 01 0A 8F 01 01 90 01 10 |
...
6.4 AES-256 Mechanism
Code Block |
---|
# CREATE KEY - 9B - Application Administration Key (AES256) 00 DB 3F 00 14 66 12 8B 01 9B 8C 01 7F 8D 01 00 8E 01 0C 8F 01 01 90 01 11 # CREATE KEY - 9E - Card Authentication Key (AES256) 00 DB 3F 00 14 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E 01 0C 8F 01 01 90 01 10 |
...
6.5 RSA-1024 Mechanism
Code Block |
---|
TBD |
...
6.6 RSA-2048 Mechanism
Code Block |
---|
# CREATE KEY - 9A - PIV Authentication Key (RSA2048) 00 DB 3F 00 14 66 12 8B 01 9A 8C 01 01 8D 01 00 8E 01 07 8F 01 04 90 01 10 # CREATE KEY - 9C - Digital Signature Key (RSA2048) 00 DB 3F 00 14 66 12 8B 01 9C 8C 01 02 8D 01 00 8E 01 07 8F 01 04 90 01 10 # CREATE KEY - 9D - Key Management Key (RSA2048) 00 DB 3F 00 14 66 12 8B 01 9D 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 9E - Card Authentication Key (RSA2048) 00 DB 3F 00 14 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E 01 07 8F 01 04 90 01 10 # # RETIRED KEYS # # CREATE KEY - 82 - Retired Key Management Key 01 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 82 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 83 - Retired Key Management Key 02 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 83 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 84 - Retired Key Management Key 03 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 84 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 85 - Retired Key Management Key 04 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 85 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 86 - Retired Key Management Key 05 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 86 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 87 - Retired Key Management Key 06 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 87 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 88 - Retired Key Management Key 07 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 88 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 89 - Retired Key Management Key 08 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 89 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 8A - Retired Key Management Key 09 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 8A 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 8B - Retired Key Management Key 10 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 8B 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 8C - Retired Key Management Key 11 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 8C 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 8D - Retired Key Management Key 12 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 8D 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 8E - Retired Key Management Key 13 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 8E 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 8F - Retired Key Management Key 14 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 8F 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 90 - Retired Key Management Key 15 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 90 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 91 - Retired Key Management Key 16 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 91 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 92 - Retired Key Management Key 17 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 92 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 93 - Retired Key Management Key 18 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 93 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 94 - Retired Key Management Key 19 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 94 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 # CREATE KEY - 95 - Retired Key Management Key 20 (RSA2048) 00 DB 3F 00 14 66 12 8B 01 95 8C 01 01 8D 01 00 8E 01 07 8F 01 02 90 01 10 |
...
6.7 ECC-256 Mechanism
Code Block |
---|
# CREATE KEY - 9A - PIV Authentication Key (ECC256) 00 DB 3F 00 14 66 12 8B 01 9A 8C 01 01 8D 01 00 8E 01 11 8F 01 04 90 01 10 # CREATE KEY - 9C - Digital Signature Key (ECC256) 00 DB 3F 00 14 66 12 8B 01 9C 8C 01 02 8D 01 00 8E 01 11 8F 01 04 90 01 10 # CREATE KEY - 9D - Key Management Key (ECC256) 00 DB 3F 00 14 66 12 8B 01 9D 8C 01 01 8D 01 00 8E 01 11 8F 01 02 90 01 10 # CREATE KEY - 9E - Card Authentication Key (ECC256) 00 DB 3F 00 14 66 12 8B 01 9E 8C 01 7F 8D 01 7F 8E 01 11 8F 01 04 90 01 10 |
...
6.8 ECC-384 Mechanism
Code Block |
---|
# CREATE KEY - 9C - Digital Signature Key (ECC384) 00 DB 3F 00 14 66 12 8B 01 9C 8C 01 02 8D 01 00 8E 01 14 8F 01 04 90 01 10 # CREATE KEY - 9D - Key Management Key (ECC384) 00 DB 3F 00 14 66 12 8B 01 9D 8C 01 01 8D 01 00 8E 01 14 8F 01 02 90 01 10 |