Document toolboxDocument toolbox

Applet Security Personalisation

1 Contents

2 Overview

The PIV standard defines commands to write data objects, generate asymmetric keys and change PIN values. It does not however define any administrative mechanism to inject key values. This is always necessary for symmetric keys (such as 9B and optionally 9E), but only required for asymmetric keys (9A, 9C, 9D, 9E and retired keys) if they have been generated off-card (i.e. inside a HSM).

OpenFIPS201 supports key injection to address this need, as well as securely configuring default PIN/PUK values.

OpenFIPS201 does not provide any capability to export any generated OR injected key values. This cannot be enabled by feature and will not be supported now or in the future.

3 Key Injection Command

This command is the equivalent of the CHANGE REFERENCE DATA command APDU, however it is intended to operate on key references that are NOT listed in SP800-73-4.

The main differences to CHANGE REFERENCE DATA are:

  • It supports updating any key reference that is not covered by CHANGE REFERENCE DATA already

  • The command will only work under a Secure Channel Protocol session with the CENC and CMAC options set

  • It does NOT require the old value to be supplied in order to change a key

  • It also supports updating the PIN/PUK values without requiring knowledge of the old value (The value of P1 does is ignored for PIN/PUK updates)

  • The APDU supports command chaining for large key values

The data content for this command depends on whether you are updating a PIN or a KEY reference.

  • For PIN/PUK references, the data simply contains the new value only.

  • For KEY references, the data contains a BER-TLV formatted ASN.1 object.

3.1.1 ASN.1 Format

Command format information can be found on the Appendix - ASN.1 Schema.

OpenFIPS201_CHANGE_REFERENCE_DATA_ADMIN_Schema DEFINITIONS IMPLICIT TAGS ::= BEGIN ChangeReferenceDataKeyRequest ::= SEQUENCE { element CHOICE { key [0] OCTET STRING (SIZE(16..32)), rsaN [1] OCTET STRING (SIZE(128..256)), rsaE [2] OCTET STRING (SIZE(3)), rsaP [3] OCTET STRING (SIZE(128..256)), rsaQ [4] OCTET STRING (SIZE(64..128)), rsaDP [5] OCTET STRING (SIZE(64..128)), rsaDQ [6] OCTET STRING (SIZE(64..128)), rsaPQ [7] OCTET STRING (SIZE(64..128)), eccW [8] OCTET STRING (SIZE(32..48)), eccS [9] OCTET STRING (SIZE(32..48)), smCVC [10] OCTET STRING (SIZE(1..256)) } } END

Each element represents a distinct part of a key and is described as follows:

  • key - A single-part symmetric key value (i.e. AES, TDEA)

  • rsaN - The modulus part of an RSA key-pair

  • rsaE - The public exponent part of an RSA key-pair

  • rsaD - The private exponent part of an RSA key-pair

  • rsaP - RFU - The prime exponent P part of an RSA key-pair (CRT mode only)

  • rsaQ - RFU - The prime exponent Q part of an RSA key-pair (CRT mode only)

  • rsaDP - RFU - The D mod P - 1 part of an RSA key-pair (CRT mode only)

  • rsaDQ - RFU - The D mod Q - 1 part of an RSA key-pair (CRT mode only)

  • rsaPQ - RFU - The Inverse Q part of an RSA key-pair (CRT mode only)

  • eccW - The curve point part of an ECC key-pair

  • eccS - The secret key part of an RSA key-pair

  • smCVC - The card verifiable certificate component of a Secure Messaging key

  • smCVCHash - The left-most 8 bytes of the SHA-256 of the card verifiable certificate component of a Secure Messaging key

3.1.2 Example Command - Inject Symmetric Key

The following shows an example APDU, which updates a symmetric key value with id '9B' (administrative key) and mechanism '03' (TDEA192).

30 20 # ASN.1 Sequence and Length 80 18 # 'key' element with length 24 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 # key value

3.1.2.1 Complete APDU

0024039B1C301A8018101112131415161718191A1B1C1D1E1F2021222324252627

3.1.3 Example Command - Inject Asymmetric Key

The following shows an example APDU sequence, which updates an asymmetric key value with id '9A' (PIV Authentication Key) and mechanism '07' (RSA2048). This example demonstrates the 'public modulus' element (rsaN) being updated.

3.1.3.1 Complete APDU Chain