Backup test cards
53 views
Skip to first unread message
Jeffrey Walton
Sep 17, 2019, 3:55:29 PM9/17/19
to piv-tes...@list.nist.gov
Hi Everyone,
Please forgive my naive question...
We would like to backup the Test PIV Cards prior to use. We think
there's a good chance we will break a few of them during testing.
Searching the group did not return any results. Search is finding some
hits for backing up smart cards using specific equipment from certain
manufacturers, but I have not found generic instructions.
Does NIST have a procedure to back up the test cards? If so, could
someone point me to the document or procedure?
(Part of me feels it should not be possible to export the private key
associated with a certificate or public key. The only way to know for
sure is ask the folks who created the cards).
Thanks in advance,
Jeffrey Walton
Please forgive my naive question...
We would like to backup the Test PIV Cards prior to use. We think
there's a good chance we will break a few of them during testing.
Searching the group did not return any results. Search is finding some
hits for backing up smart cards using specific equipment from certain
manufacturers, but I have not found generic instructions.
Does NIST have a procedure to back up the test cards? If so, could
someone point me to the document or procedure?
(Part of me feels it should not be possible to export the private key
associated with a certificate or public key. The only way to know for
sure is ask the folks who created the cards).
Thanks in advance,
Jeffrey Walton
Ryan Chapman
Sep 17, 2019, 4:16:56 PM9/17/19
to nolo...@gmail.com, piv-tes...@list.nist.gov
Not sure if this kind of message is allowed here; if not, I apologize.
Hi Jeffrey,
I have a set of NIST cards that I am no longer using. I'd be willing to sell them for $400 (half off retail) if you would like a backup set of authentic cards.
Best regards,
Ryan
> --
> To unsubscribe from this group, send email to piv-test-card...@list.nist.gov
> Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/piv-test-cards
> ---
> To unsubscribe from this group and stop receiving emails from it, send an email to piv-test-card...@list.nist.gov.
>
Hi Jeffrey,
I have a set of NIST cards that I am no longer using. I'd be willing to sell them for $400 (half off retail) if you would like a backup set of authentic cards.
Best regards,
Ryan
> To unsubscribe from this group, send email to piv-test-card...@list.nist.gov
> Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/piv-test-cards
> ---
> To unsubscribe from this group and stop receiving emails from it, send an email to piv-test-card...@list.nist.gov.
>
Douglas E Engert
Sep 17, 2019, 4:43:44 PM9/17/19
to piv-tes...@list.nist.gov
On 9/17/2019 2:52 PM, Jeffrey Walton wrote:
> Hi Everyone,
>
> Please forgive my naive question...
>
> We would like to backup the Test PIV Cards prior to use. We think
> there's a good chance we will break a few of them during testing.
read only. If you want to test writing objects or generating key
you will need to know the 9B key. (See below too.)
>
> Searching the group did not return any results. Search is finding some
> hits for backing up smart cards using specific equipment from certain
> manufacturers, but I have not found generic instructions.
specifications, you will note that card provioning is really left up to
card vendors. sp800-73-* does define GENERATE_KEYPAIR and PUT_DATA but requires
at least the 9B key. Depending on the card vendor, they may or may not use
the 9B admin key.
>
> Does NIST have a procedure to back up the test cards? If so, could
> someone point me to the document or procedure?
>
> (Part of me feels it should not be possible to export the private key
> associated with a certificate or public key. The only way to know for
> sure is ask the folks who created the cards).
to write keys to teh card, which is not in sp800-73-* But each crd vendor may or may
not have a way to export a key that was generated on the card.
Also note that in the test cards I have from years ago, two different types
of cards where used from two different vendors. Your sent may have different cards
from what I have abd from different vendors.
If you want to do real testing of writting, get a set of blank PIV cards from
some vendor who will provide you with the instrictions on how to unlock the cards
and provide you with the keys for you batch of cards.
ALso see https://github.com/OpenSC/OpenSC/wiki/US-PIV which is wht I have been inolved with.
>
> Thanks in advance,
>
> Jeffrey Walton
>
Douglas E. Engert <DEEn...@gmail.com>
David A. Cooper
Sep 17, 2019, 5:43:37 PM9/17/19
to nolo...@gmail.com, piv-tes...@list.nist.gov
As others have noted, there isn't a way to extract the private keys from
the cards, and loading data onto cards is non-trivial given that the
commands needed to write to cards has not been fully standardized.
Why do you expect to "break" cards during testing? By "break" do you
just mean entering an incorrect PIN value enough times to lock the card?
While there is no way to reset the Global PIN on a card once it has been
locked, the PIV Card Application PIN can be reset, thus unlocking the
card. Instructions can be found in a message from me at
https://groups.google.com/a/list.nist.gov/forum/#!topic/piv-test-cards/Sk9H2FGSCWY
the cards, and loading data onto cards is non-trivial given that the
commands needed to write to cards has not been fully standardized.
Why do you expect to "break" cards during testing? By "break" do you
just mean entering an incorrect PIN value enough times to lock the card?
While there is no way to reset the Global PIN on a card once it has been
locked, the PIV Card Application PIN can be reset, thus unlocking the
card. Instructions can be found in a message from me at
https://groups.google.com/a/list.nist.gov/forum/#!topic/piv-test-cards/Sk9H2FGSCWY
Reply all
Reply to author
Forward
0 new messages