Version 2 CA certificates
43 views
Skip to first unread message
Suman Rajaraman
May 6, 2024, 3:29:39 PM5/6/24
to piv-test-cards, Rashmi Bhaiya
The above link only have the CA certs for Version 1 and not 2.
while testing we found that cert length was coming 0 and that was due to the CA cert chain we have got last time was for version 1 cards, not version 2. We verified cert chains using openssl X509 API to see if it is a valid cert chain for the user certificate and it was not.
We searched on google, however couldn't find the matching CA / ROOT certs. Can you help us get the matching ones?
David A. Cooper
May 6, 2024, 3:45:32 PM5/6/24
to Suman Rajaraman, Rashmi Bhaiya, piv-test-cards
Hello Suman,
The CA certificates for the version 2 test cards are available at
https://csrc.nist.gov/projects/piv/nist-piv-test-cards. Everything on
that page before the "Version 1 Test Cards" header is about the version
2 test cards.
The CA certificates for the version 2 test cards are available at
https://csrc.nist.gov/projects/piv/nist-piv-test-cards. Everything on
that page before the "Version 1 Test Cards" header is about the version
2 test cards.
Michael Maz
May 6, 2024, 4:15:02 PM5/6/24
to Suman Rajaraman, piv-test-cards, Rashmi Bhaiya
Suman,
You will want to reference this Doc, NISTIR 8347, related to the V2 cards.
https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8347.pdf
The public key information is stored in the Authority Information Access field of a give cert per each card which is the same across the all the test cards for example:
The public key information is stored in the Authority Information Access field of a give cert per each card which is the same across the all the test cards for example:
URI:http://smime2.nist.gov/PIVTest2/CACertsIssuedToRSA2048IssuingCA.p7c NISTIR 8347 will better outline the features of the V2 test cards, most of your questions can probably be answered by that document.
Kind regards,
Michael
--
To unsubscribe from this group, send email to piv-test-card...@list.nist.gov
Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/piv-test-cards
To unsubscribe from this group and stop receiving emails from it, send an email to piv-test-card...@list.nist.gov.
Suman Rajaraman
May 7, 2024, 8:55:19 AM5/7/24
to Michael Maz, Rashmi Bhaiya, piv-test-cards
Thank you for the information.
Suman Rajaraman
Jul 18, 2024, 10:25:24 AM7/18/24
to Michael Maz, Rashmi Bhaiya, piv-test-cards, Mani Shukla, Pooja Bagga
Can someone help on how to unlock the test PIV cards.
"While testing the smartcard based authentication I was trying the userlock out scenario and so tried with 10 unsuccessful login attempts with invalid pins and my card/user is locked now.
Can you please help in identifying the steps to unlock the card/user for this scenario."
Can you please help in identifying the steps to unlock the card/user for this scenario."
David A. Cooper
Jul 18, 2024, 1:35:09 PM7/18/24
to Suman Rajaraman, Rashmi Bhaiya, piv-test-cards, Mani Shukla, Pooja Bagga
The PIV Card Application PIN on the
test cards may be unlocked using the RESET RETRY COUNTER command
(Section 3.2.3 of
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73pt2-5.pdf).
You provide the PIN Unblocking Key (PUK) and the value you want to
set the PIN to, and it will set the PIN and reset the counter. The
value of the PUK for the test cards may be found in Appendix B of
https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8347.pdf.
For further information, you can read
previous discussions on this topic on this mailing list
(https://groups.google.com/a/list.nist.gov/g/piv-test-cards/search?q=PUK).
Pooja Bagga
Jul 23, 2024, 8:08:19 AM7/23/24
to David A. Cooper, Suman Rajaraman, Rashmi Bhaiya, piv-test-cards, Mani Shukla
Have observed that the browser will cache the Certificate and the session will be active. Can someone please recommend if there is any configuration which does not allow browsers to cache the certificates?
Regards,
Pooja Bagga
Reply all
Reply to author
Forward
0 new messages