Add.
This commit is contained in:
@@ -0,0 +1,53 @@
|
|||||||
|
Introduction to the YubiKey NEO PIV Applet
|
||||||
|
==========================================
|
||||||
|
|
||||||
|
The YubiKey NEO supports the Privilege and Identification Card (PIV)
|
||||||
|
interface specified in NIST SP 800-73 document "Cryptographic
|
||||||
|
Algorithms and Key Sizes for PIV". This enables you to perform RSA or
|
||||||
|
ECC sign/decrypt operations using a private key stored on the
|
||||||
|
smartcard, through common interfaces like PKCS#11.
|
||||||
|
|
||||||
|
References:
|
||||||
|
* SP 800-73-3 http://csrc.nist.gov/publications/PubsSPs.html
|
||||||
|
* NIST SP 800-73-4 (draft)
|
||||||
|
http://csrc.nist.gov/publications/PubsDrafts.html#800-73-4
|
||||||
|
|
||||||
|
General information
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
The default PIN code is 123456. The default PUK code is 12345678.
|
||||||
|
|
||||||
|
The default 3DES management key (9B) is
|
||||||
|
01:02:03:04:05:06:07:08:01:02:03:04:05:06:07:08:01:02:03:04:05:06:07:08.
|
||||||
|
|
||||||
|
The following key slots exists:
|
||||||
|
|
||||||
|
* 9A, 9C, 9D, 9E: RSA 1024, RSA 2048, or ECC secp256r1 keys
|
||||||
|
(algorithms 6, 7, 11 respectively).
|
||||||
|
|
||||||
|
* 9B: Triple-DES key (algorithm 3) for PIV management.
|
||||||
|
|
||||||
|
The maximum size of stored objects is 2005 bytes.
|
||||||
|
|
||||||
|
Currently all functionality are available over both contact and
|
||||||
|
contactless interfaces (contrary to what the specifications mandate).
|
||||||
|
|
||||||
|
Software
|
||||||
|
--------
|
||||||
|
|
||||||
|
Card management has been tested with the tools from the OpenSC
|
||||||
|
project, specifically piv-tool, and Yubico's yubico-piv-tool. Basic
|
||||||
|
features should work with any PIV compliant middleware.
|
||||||
|
|
||||||
|
* https://github.com/OpenSC/OpenSC/wiki
|
||||||
|
* https://developers.yubico.com/yubico-piv-tool/
|
||||||
|
* https://github.com/OpenSC/OpenSC/wiki/US-PIV
|
||||||
|
* https://github.com/OpenSC/OpenSC/wiki/PivTool
|
||||||
|
|
||||||
|
Card Holder Unique Identifier
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
For the applet to be usable in windows the object CHUID (Card Holder
|
||||||
|
Unique Identifier) has to be set and unique. The card contents are
|
||||||
|
also aggressively cached so the CHUID has to be changed if the card
|
||||||
|
contents change.
|
||||||
Reference in New Issue
Block a user