Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need two atoms for Key History #58

Open
2 tasks
bob-fontana opened this issue Apr 13, 2019 · 0 comments
Open
2 tasks

Need two atoms for Key History #58

bob-fontana opened this issue Apr 13, 2019 · 0 comments
Assignees
@bob-fontana
Labels
bug - sev3 Not a showstopper - must include in release notes parked Not ready to think about it

Comments

@bob-fontana
Copy link
Contributor

bob-fontana commented Apr 13, 2019
edited
Loading

This container is optional, but if present, the 85B tool will rest it. It appears to be in scope.

From 85B:

Step 4: Read and parse the byte array in accordance with BER-TLV format.

If keysWithOnCardCerts = 0 and keysWithOffCardCerts > 0
  Read the certificate(s) and key references (pairs) from the vendor provided URL file. 
  For each key reference value in the range (0x95 – keysWithOffCardCerts + 1) through 0x95, 
    verify that the provided URL file includes that key reference, issue a challenge for that key
    reference and verify the response using the public key from the corresponding certificate from the provided URL file.

If keysWithOnCardCerts > 0 and keyWithOffCardCerts = 0
  For each key reference value in the range 0x82 through (0x82 + keysWithOnCardCerts – 1), 
    read the certificates from the card. Issue a challenge and verify response for each retired private key.

If keysWithOnCardCerts > 0 and keyWithOffCardCerts > 0
  For each key reference value in the range 0x82 through (0x82 + keysWithOnCardCerts – 1) and in the range (0x95 – keysWithOffCardCerts + 1) through 0x95
    verify that the provided URL file includes that key reference, issue a challenge for that key reference, and verify the response using the public key from the corresponding certificate from the provided URL file.
  • 8.14.1: All mandatory tags in “Key History Object” table are present.
  • 8.14.2: And the values associated with keysWithOnCardCerts > 0 and keyWithOffCardCerts are consistent with the data on the card based on the details in step 4.
@bob-fontana bob-fontana added the bug - sev1 Showstopper - Priority One label Apr 13, 2019
@bob-fontana bob-fontana mentioned this issue Apr 14, 2019
Open
@bob-fontana bob-fontana added parked Not ready to think about it and removed bug - sev1 Showstopper - Priority One labels Apr 16, 2019
@bob-fontana bob-fontana added bug - sev3 Not a showstopper - must include in release notes parked Not ready to think about it and removed parked Not ready to think about it labels Apr 24, 2019
@bob-fontana bob-fontana self-assigned this Mar 26, 2020
@bob-fontana bob-fontana mentioned this issue Jul 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bob-fontana bob-fontana

Labels
bug - sev3 Not a showstopper - must include in release notes parked Not ready to think about it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bob-fontana