Document toolboxDocument toolbox

Applet Pre-Personalisation

Owned by Kim O'Sullivan
Last updated: Feb 28, 2023Version comment
14 min read

1 Contents

2 Overview

OpenFIPS201 is intended to be highly flexible to support a variety of usage scenarios whilst being capable of fully complying with the PIV card application standard.

To support this:

  1. It has a dynamic file system, which can describe any number of data objects, including access permissions

  2. It has a dynamic key store, which permits any combination of keys and mechanisms (algorithms), with flexible access permissions, key roles and attributes.

  3. The applet has a number of configuration parameters which drive behaviour of the applet. These can be dynamically configured during issuance, post-issuance or even left untouched to make use of NIST-compliant default values.

  4. All of the above can be managed securely using a GlobalPlatform Secure Channel either locally or over a network.

 

3 Personalisation Steps

  1. Apply any Configuration changes required (this should be done first as it may effect subsequent steps)

  2. Define which Data Objects and Keys are required on the card.

  3. Populate data objects using standard PIV interoperable commands.

  4. Generate or Inject Key values using either standard PIV interoperable commands or the Secure Messaging interface.

 

4 Configuration

OpenFIPS201 configuration parameters can be applied at any time during the card life-cycle, so long as it is done under a GlobalPlatform Secure Channel or using Delegated Administrative Commands.

Configuration is broken down into the following groups:

  • Applet options that effect general behaviour

  • Policies relating to usage of the Cardholder PINs

  • Policies relating to usage of the Security Officer PUK

  • Policies relating to Secure Messaging and the Virtual Contact Interface

  • Policies relating to Biometric On-Card Comparison

All commands are sent via the PUT DATA ADMIN command and constructed using BER-TLV encoded ASN.1. The schema for this command can be found on the Appendix - ASN.1 Schema | 5 Command PUT DATA ADMIN page, which includes encoding examples.

All configuration parameters are marked as OPTIONAL, which means you can update all configuration parameters or only a single one.

If you do not update configuration at all, the Default values described in the tables below will apply. These values have been chosen to comply with the NIST PIV interoperability requirements.

4.1 Applet Options

Element

Description

Effect

Default Value

Element

Description

Effect

Default Value

Options.restrictContactlessGlobal

Type: BOOLEAN

Possible Values:

  • If set to True, the contactless interface is globally disabled regardless of individual data object or key permissions.

  • If set to False, contactless is generally enabled and specific file system rules apply as normal.

If this parameter is set to True, the applet will no longer be selectable on the contactless interface.

Next applet selection

False

Options.restrictContactlessAdmin

Type: BOOLEAN

  • If set to True, the contactless interface is disabled for all administrative operations. This includes PIV administration (9B) key and GlobalPlatform Secure Channel.

  • If set to False, the contactless interface may be used for administrative operations.

Next authentication

False

Options.restrictEnumeration

Type: BOOLEAN

Possible Values:

  • If set to True, the host will not be able to list data objects and keys.

  • If set to False, the host will be able to list data objects and keys.

Immediate

False

Options.restrictSingleKey

Type: BOOLEAN

Possible Values:

  • If set to True, the applet will prevent multiple keys with the same identifier but different mechanisms from being defined in the key store.

  • If set to False, the applet will allow multiple keys with the same identifier but different mechanisms to be defined in the key store.

Immediate

False

Options.ignoreContactlessAcl

Type: BOOLEAN

This option can be used to treat both the Contact and the Contactless interface the same for the purposes of checking file permissions. This is useful for environments where the standard operating environment uses contactless readers.

Possible Values:

  • If set to True, the Contactless permissions defined for data objects and keys are ignored and the Contact access control rules are evaluated when assessing permissions.

  • If set to False, the application follows normal permission checks based on the current communications interface.

Next applet selection

False

Options.readEmptyDataObject

Type: BOOLEAN

Possible Values:

  • If set to True, a call to GET DATA for an object that exists in the file system, but which has not been initialised with data will result in SW_FILE_NOT_FOUND.

  • If set to False, it will return an empty data field with SW_OK.

Immediate

False

Options.useRSACRT

Type: BOOLEAN

Possible Values:

  • If set to True, RSA keys will be generated and injected using the Chinese Remainder Theorem method.

  • If set to False, RSA keys will be generated

Immediate

False

4.2 PIN Policy

Element

Description

Effect

Default Value

Element

Description

Effect

Default Value

PinPolicy.enableLocal

Type: BOOLEAN

Possible Values:

  • If set to True, the local (Application) PIN may be used as a verification method.

  • If set to False, the local (Application) PIN may not be used as a verification method.

Immediate

True

PinPolicy.enableGlobal

Type: BOOLEAN

Possible Values:

  • If set to True, the global (Card) PIN may be used as a verification method.

  • If set to False, the global (Card) PIN may not be used as a verification method.

Immediate

False

PinPolicy.preferGlobal

Type: BOOLEAN

Possible Values:

  • If set to True, the Discovery Object will indicate that the global (Card) PIN is the preferred PIN to use.

  • If set to False, the Discovery Object will indicate that the local (Application) PIN is the preferred PIN to use.

Immediate

False

PinPolicy.permitContactless

Type: BOOLEAN

Possible Values:

  • If set to True, the PIN may be presented over the contactless interface without the VCI condition satisfied.

  • If set to False, the PIN may only be presented over the contactless interface when the VCI condition is satisfied.

Immediate

False

PinPolicy.minLength

Type: INTEGER (4 to 16)

Indicates the minimum permitted length of the cardholder PIN verification value.

Immediate

6

PinPolicy.maxLength

Type: INTEGER (4 to 16)

Indicates the maximum permitted length of the cardholder PIN verification value.

Immediate

8

PinPolicy.MaxRetriesContact

Type: INTEGER (1 to 15)

Indicates how many failed PIN verification attempts may be made over the Contact interface before the PIN object is locked and requires privileged intervention.

Immediate

6

PinPolicy.MaxRetriesContactless

Type: INTEGER (1 to 15)

Indicates how many failed PIN verification attempts may be made over the Contactless interface before the PIN object is locked and requires privileged intervention.

Immediate

5

PinPolicy.Charset

Type: Enumeration

Possible Values:

  • If set to Numeric (0), only the digits 0 to 9 may be used in the PIN value

  • If set to AlphaCaseVariant (1), ASCII values 20h (Space) to 7Eh (~) may be used, but all lowe-case values will be automatically converted to their upper-case equivalents when setting or comparing the PIN values.

  • If set to AlphaCaseInvariant (2), ASCII values 20h (Space) to 7Eh (~) may be used.

  • If set to Raw (3), PIN digits may be comprised of any byte value 00h to FFh.

  • All other values are reserved

Immediate

0 - Numeric

PinPolicy.History

Type: INTEGER (0 to 8)

Possible Values:

  • If set to Zero (0), no PIN history check is performed when changing PIN values

  • If set to any other valid number [n], the Application will record the last [n] rolling PIN values and prevent them from being used again.

Immediate

0 (Disabled)

PinPolicy.RuleSequence

Type: INTEGER (0 to 16)

This value is used to prevent common weak PIN values whereby consecutive sequences of numbers are used, for example 123456 or ABCDEF.

Possible Values:

  • If set to Zero (0), no checking of this rule applies

  • If set to any other number [n], prevents a PIN being set where [n] or more characters are in ascending or descending sequence in the ASCII table.

Next PIN change

0 (Disabled)

PinPolicy.RuleDistinct

Type: INTEGER (0 to 16)

This value is used to prevent common weak PIN values, whereby the same digit is used too many times, for example 111111 or AAAAAA.

Possible Values:

  • If set to Zero (0), no checking of this rule applies

  • If set to any other number [n], prevents a PIN being set where a single digit is used [n] or more times anywhere in the PIN value.

Next PIN change

0 (Disabled)

4.3 PUK Policy

Element

Description

Effect

Default Value

Element

Description

Effect

Default Value

PukPolicy.Enabled

Type: BOOLEAN

Possible Values:

  • If set to True, the PUK may be used to reset and/or unblock the PIN value.

  • If set to False, the PUK may not be used to reset and/or unblock the PIN value.

Immediate

True

PukPolicy.Length

Type: INTEGER (4 to 16)

Sets the permissible length of the PUK value. Unlike the PIN value there is no minimum and maximum for PUK’s, since they are typically generated by systems, not people.

Immediate

True

PukPolicy.PermitContactless

Type: BOOLEAN

Possible Values:

  • If set to True, the PUK may be presented over the contactless interface without the VCI condition satisfied.

  • If set to False, the PUK may only be presented over the contactless interface when the VCI condition is satisfied.

Immediate

False

PukPolicy.MaxRetriesContact

Type: INTEGER (1 to 15)

Indicates how many failed PIN verification attempts may be made over the Contact interface before the PUK object is locked and requires privileged intervention.

Immediate

8

PukPolicy.MaxRetriesContactless

Type: INTEGER (1 to 15)

Indicates how many failed PIN verification attempts may be made over the Contactless interface before the PUK object is locked and requires privileged intervention.

Immediate

10

 

PukPolicy.Updateable

TYPE: BOOLEAN

Possible Values:

  • If set to True, the PUK may be changed using the PIV CHANGE REFERENCE DATA command.

  • If set to False, the PUK may not be changed using the PIV CHANGE REFERENCE DATA command.

Immediate

9

4.4 VCI Policy

Element

Description

Effect

Default

Element

Description

Effect

Default

VCIPolicy.Mode

Type: BOOLEAN

N/A

0 (Disabled)

4.5 OCC Policy

Element

Description

Effect

Default

Element

Description

Effect

Default

OCCPolicy.Mode

Type: INTEGER (0 to n)

N/A

0 (Disabled)

 

5 Data and Key Objects

All data and key in OpenFIPS201 can be dynamically managed at any point in the card life cycle, providing a great deal of flexibility. Each object has a number of common parameters that govern basic attributes such as identifiers and conditions of access.

OpenFIPS201 allows a number of additional capabilities which can be controlled through these parameters.

5.1 Common Parameters

Common parameters are used for all objects. These are described below.

Element

Description

Element

Description

Id

TYPE: OCTET STRING (1 to 3 bytes for data objects, 1 byte for keys)

The unique identifier for this object on the card.

Mode Contact

Type: Enumeration

Provides access control restrictions and permissions for this object when connecting over the Contact interface.

Mode Contactless

Type: Enumeration

Provides access control restrictions and permissions for this object when connecting over the Contactless interface.

Admin Key

Type: OCTET STRING (1 byte) OPTIONAL

Specifies which symmetric key can be used for managing this object using the PUT DATA or GENERATE ASSYMETRIC KEYPAIR command.

This is useful where a particular implementation wishes to define specific Data or Key objects that are managed by a third party, where it is desirable to compartmentalise access to only those objects.

Key Mechanism

Type: Enumeration

Describes which cryptographic primitive (mechanism) will be associated with this key.

Key Role

Type: Enumeration

Specifies what role(s) this key may perform for GENERAL AUTHENTICATE commands.

Key Attribute

Type: Enumeration

Specifies what special attributes / options are flagged against this key.

Element

Description

Element

Description

Id

TYPE: OCTET STRING (1 to 3 bytes for data objects, 1 byte for keys)

The unique identifier for this object on the card.

Mode Contact

Type: Enumeration

Provides access control restrictions and permissions for this object when connecting over the Contact interface.

Mode Contactless

Type: Enumeration

Provides access control restrictions and permissions for this object when connecting over the Contactless interface.

Admin Key

Type: OCTET STRING (1 byte) OPTIONAL

Specifies which symmetric key can be used for managing this object using the PUT DATA or GENERATE ASSYMETRIC KEYPAIR command.

This is useful where a particular implementation wishes to define specific Data or Key objects that are managed by a third party, where it is desirable to compartmentalise access to only those objects.

5.1.1 Enumeration - Access Mode

Element

Description

Element

Description

Never

The object may not be read or used under any circumstances.

Pin

The object may be accessed only after PIN authentication.

Pin Always

The object may be accessed only IMMEDIATELY after PIN authentication in the current session.

Occ

The object may be accessed only after a successful Biometric On-Card Comparison in the current session.

User Admin

The object may be managed after the access conditions have been successfully met.

Always

The object may be read or used without any authentication.

 

5.2 Key Object Parameters

Element

Description

Element

Description

Key Mechanism

Type: Enumeration

Describes which cryptographic primitive (mechanism) will be associated with this key.

Key Role

Type: Enumeration

Specifies what role(s) this key may perform for GENERAL AUTHENTICATE commands.

Key Attribute

Type: Enumeration

Specifies what special attributes / options are flagged against this key.

5.2.1 Enumeration - Key Mechanism

This defines the supported cryptographic primitives as specified by NIST SP 800-78-4.

Element

Description

Element

Description

TDEA192

Triple-DES-ECB using 3-key length (192 bits)

RSA1024

RSA Asymmetric Keypair, 1024-bit key length

RSA2048

RSA Asymmetric Keypair, 2048-bit key length

AES128

Advanced Encryption Standard, 128-bit key length

AES192

Advanced Encryption Standard, 192-bit key length

AES256

Advanced Encryption Standard, 256-bit key length

ECC256

Elliptic Curve using curve NIST P-256

ECC384

Elliptic Curve using curve NIST P-384

SMCS2

Cipher Suite 2 - Used for Secure Messaging (PIV Opacity ZKM) based on curve NIST P256, SHA-256 and AES 128-bit

SMCS7

Cipher Suite 7 - Used for Secure Messaging (PIV Opacity ZKM) based on curve NIST P384, SHA-384 and AES 256-bit

5.2.2 Enumeration - Key Role

Element

Description

Element

Description

Authenticate

This key can be used for card (internal), host (external) or card/host (mutual) authentication.

  • For TDEA or AES key types, this role indicates the key may be used for authentication operations.

  • For RSA key types, this role is not supported.

  • For ECC key types, this role is not supported.

  • For SM key types, this role is not supported.

Key Establish

This key can be used for key establishment schemes.

  • For TDEA or AES key types, this role is not supported.

  • For RSA key types, this role indicates the key may be used for RSA Key Transport.

  • For ECC key types, this role indicates the key may be used for Elliptic-Curve Diffie-Helman Agreements (ECDH).

  • For SM key types, this role indicates the key may be used for PIV Opacity Zero-Key Management (ZKM).

Sign

This key can be used for digital signature mechanisms.

  • For TDEA or AES key types, this role is not currently supported.

  • For RSA key types, this role indicates the key may be used for RSA Digital Signatures against pre-formatted signature blocks.

  • For ECC key types, this role indicates the key may be used for Elliptic-Curve Digital Signature Algorithm operations (ECDSA).

  • For SM key types, this role is not supported.

Verify

Reserved for future use

Encrypt

Reserved for future use

Decrypt

Reserved for future use

5.2.3 Enumeration - Key Attributes

Element

Description

Element

Description

Permit Internal

Symmetric Keys Only - Permits the PIV General Authenticate command to used to request an INTERNAL authentication.

Permit External

Symmetric Keys Only - Permits the PIV General Authenticate command to used to request an INTERNAL authentication.

Importable

Permits the key value to be injected instead of generated on the card. If this is set to False, only the GENERATE ASSYMETRIC KEYPAIR command may be used to generate key pairs.

 

6 NIST-Compliant Pre-Personalisation Scripts

A set of APDU scripts to provide NIST compliance with the full range of mandatory and optional configuration, data objects, and keys has been created here: Appendix - NIST Compliant Profile

Â