Applet Security Personalisation
- Kim O'Sullivan
1 Contents
2 Overview
The PIV standard defines commands to write data objects, generate asymmetric keys and change PIN values. It does not however define any administrative mechanism to inject key values. This is always necessary for symmetric keys (such as 9B and optionally 9E), but only required for asymmetric keys (9A, 9C, 9D, 9E and retired keys) if they have been generated off-card (i.e. inside a HSM).
OpenFIPS201 supports key injection to address this need, as well as securely configuring default PIN/PUK values.
OpenFIPS201 does not provide any capability to export any generated OR injected key values. This cannot be enabled by feature and will not be supported now or in the future.
3 Key Injection Command
This command is the equivalent of the CHANGE REFERENCE DATA command APDU, however it is intended to operate on key references that are NOT listed in SP800-73-4.
The main differences to CHANGE REFERENCE DATA are:
It supports updating any key reference that is not covered by CHANGE REFERENCE DATA already
The command will only work under a Secure Channel Protocol session with the CENC and CMAC options set
It does NOT require the old value to be supplied in order to change a key
It also supports updating the PIN/PUK values without requiring knowledge of the old value (The value of P1 does is ignored for PIN/PUK updates)
The APDU supports command chaining for large key values
The data content for this command depends on whether you are updating a PIN or a KEY reference.
For PIN/PUK references, the data simply contains the new value only.
For KEY references, the data contains a BER-TLV formatted ASN.1 object.
3.1.1 ASN.1 Format
Command format information can be found on the Appendix - ASN.1 Schema.
OpenFIPS201_CHANGE_REFERENCE_DATA_ADMIN_Schema DEFINITIONS IMPLICIT TAGS ::=
BEGIN
ChangeReferenceDataKeyRequest ::= SEQUENCE {
element CHOICE {
key [0] OCTET STRING (SIZE(16..32)),
rsaN [1] OCTET STRING (SIZE(128..256)),
rsaE [2] OCTET STRING (SIZE(3)),
rsaP [3] OCTET STRING (SIZE(128..256)),
rsaQ [4] OCTET STRING (SIZE(64..128)),
rsaDP [5] OCTET STRING (SIZE(64..128)),
rsaDQ [6] OCTET STRING (SIZE(64..128)),
rsaPQ [7] OCTET STRING (SIZE(64..128)),
eccW [8] OCTET STRING (SIZE(32..48)),
eccS [9] OCTET STRING (SIZE(32..48)),
smCVC [10] OCTET STRING (SIZE(1..256))
}
}
ENDEach element represents a distinct part of a key and is described as follows:
key - A single-part symmetric key value (i.e. AES, TDEA)
rsaN - The modulus part of an RSA key-pair
rsaE - The public exponent part of an RSA key-pair
rsaD - The private exponent part of an RSA key-pair
rsaP - RFU - The prime exponent P part of an RSA key-pair (CRT mode only)
rsaQ - RFU - The prime exponent Q part of an RSA key-pair (CRT mode only)
rsaDP - RFU - The D mod P - 1 part of an RSA key-pair (CRT mode only)
rsaDQ - RFU - The D mod Q - 1 part of an RSA key-pair (CRT mode only)
rsaPQ - RFU - The Inverse Q part of an RSA key-pair (CRT mode only)
eccW - The curve point part of an ECC key-pair
eccS - The secret key part of an RSA key-pair
smCVC - The card verifiable certificate component of a Secure Messaging key
smCVCHash - The left-most 8 bytes of the SHA-256 of the card verifiable certificate component of a Secure Messaging key
3.1.2 Example Command - Inject Symmetric Key
The following shows an example APDU, which updates a symmetric key value with id '9B' (administrative key) and mechanism '03' (TDEA192).
30 20 # ASN.1 Sequence and Length
80 18 # 'key' element with length 24
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 # key value
3.1.2.1 Complete APDU
0024039B1C301A8018101112131415161718191A1B1C1D1E1F2021222324252627
3.1.3 Example Command - Inject Asymmetric Key
The following shows an example APDU sequence, which updates an asymmetric key value with id '9A' (PIV Authentication Key) and mechanism '07' (RSA2048). This example demonstrates the 'public modulus' element (rsaN) being updated.