How to change the certificates in PIV Test Card?

[y...@vmware.com]

For testing purpose, I want to replace the certificates of PIV Test Card with customized certificate, is there any way to re-write the PIV Test card?

I downloaded the "PIV_Test_Data_Software" form NIST website, but it looks like the version is very old (latest modified in 2007). Does it still work? If it works, does it also work with the PIV Card (SCP03) that purchased form other vendor?

Thanks.

[Douglas E Engert]

On 5/21/2018 8:52 PM, y...@vmware.com wrote:
> For testing purpose, I want to replace the certificates of PIV Test Card with customized certificate, is there any way to re-write the PIV Test card?

It depends on the card and if you know the 9B admin symmetric key used to write objects? I don't believe NIST published the 9B keys for the demo cards.

Are you going to use the existing RSA or EC keys? There may be security issues as every set of DEMO cards uses the same set of keys.

Have you considered using blank cards or other cards/devices that have a PIV Applet on the card? Yubikey from Yubico and PIVKEY from Taglio
are two that are available.

Also have a look at OpenSC'S piv-tool https://github.com/OpenSC/OpenSC/wiki/PivTool
You will still need yo know the 9B admin key for the card.

>
> I downloaded the "PIV_Test_Data_Software" form NIST website, but it looks like the version is very old (latest modified in 2007). Does it still work? If it works, does it also work with the PIV Card
> (SCP03) that purchased form other vendor?
>
> Thanks.
>

> --
> To unsubscribe from this group, send email to piv-test-card...@list.nist.gov
> Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/piv-test-cards
> ---
> You received this message because you are subscribed to the Google Groups "piv-test-cards" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to piv-test-card...@list.nist.gov <mailto:piv-test-card...@list.nist.gov>.

--

Douglas E. Engert <DEEn...@gmail.com>

[y...@vmware.com]

Thanks for you reply.

Looks like without 9B admin key, I could not do change anything for PIV Test Card.

I'll try blank PIV card.

Thanks.

> To unsubscribe from this group and stop receiving emails from it, send an email to piv-test-card...@list.nist.gov <mailto:piv-test-cards+unsub...@list.nist.gov>.