Document toolboxDocument toolbox

OpenFIPS201 Documentation

Introduction

OpenFIPS201 has been commissioned and funded by the Australian Department of Defence, to provide an open source implementation of the on-card application for the National Institute of Standards and Technology (NIST) Personal Identity Verification (PIV) standard specified by FIPS PUB 201 and SP800-73.

This project aims to be a complete, production ready and straight-forward implementation of the SP 800-73 Card Application specification. It has a number of key implementation philosophies that drive architecture and development:

  1. To provide a production quality implementation that can be openly used, shared and reviewed by the wider industry, in keeping with Kerkchoff's Principle.

  2. To serve as a commonly shared reference between departments and organisations that wish to interoperate using FIPS-201 for logical and physical access control, both within the context of government departments and the industry at large (i.e. Commercial Identity Verification, or CIV).

  3. To provide an openly described solution to the gaps in the PIV standard, particularly with regards to card management functions and personalisation.

  4. To provide a foundation for a fully accredited open source PIV implementation that will provide a high assurance alternative to commercial solutions on the market, operating on FIPS 140 accredited tokens with Javacard 3.0.4 and Global Platform 2.1.1 or above

  5. To be accreditable against FIPS PUB 201 and SP 800-73 under the NIST NPIVP program.

Getting Started

1 - Want to know what OpenFIPS201 can do? Check out Applet Features.

2 - Next, make sure your target smart card platform meets the Applet Requirements.

3 - Next, grab a copy of the of OpenFIPS201:

  • For those that just want to use the standard release, just download it from the Releases section on the right side of this page.

  • If you want to build it yourself from source code, head on over to the Applet Development page.

  • Once you have downloaded or built your CAP file, you are now ready to install.

Make sure that the applet is installed with the Card Reset or Default Selected applet privilege, which is required by the PIV standard.

4 - Install OpenFIPS201 using your favourite applet loader. Want options?

5 - Build the PIV file system, key store and apply any configuration settings (see Applet Pre-Personalisation).

6 - Inject any initial key or PIN values (see Applet Security Personalisation).

7 - Finally, personalise your new PIV instance in two possible ways:

 

Â