Yubico Forum :: View topic - [SOLVED] PIVApp: How does the "Key Management" key work

Yubico Forum https://forum.yubico.com/

[SOLVED] PIVApp: How does the "Key Management" key work https://forum.yubico.com/viewtopic.php?f=26&t=1664	Page 1 of 1

Author:	darco [ Tue Dec 16, 2014 9:02 pm ]
Post subject:	[SOLVED] PIVApp: How does the "Key Management" key work
I have been trying to find some detailed documentation on PIV and the limitations/capabilities of each of the four slots. There are: Code: 9a is for PIV Authentication 9c is for Digital Signature (PIN always checked) 9d is for Key Management 9e is for Card Authentication (PIN never checked) So here are my questions: What are all of the differences in capabilities between slots 9a, 9c, 9d, and 9e? I know it says that the PIN is always checked for 9c and never for 9e, but it isn't clear to me what the other differences are, if any. Are there some operations I can perform with 9c that I can't perform with slot 9a, and vise versa? How is the key in the key management slot (9d) used? Can it be used for decrypting and signing like the other slots, or is it limited only to decrypting private keys when importing private keys into the other slots? And how does that work, anyway? As in, how could I use the key management key to securely load an encrypted private key into the app? Is there a good guide describing all of the capabilities of PIV and how it can be used?

Author:	DavidW [ Wed Dec 17, 2014 1:17 am ]
Post subject:	Re: [QUESTION] PIVApp: How does the "Key Management" key wor
The NIST SP 800-73 standards for PIV are available free of charge on the NIST web site. You probably want to be looking at the SP 800-73-3 standards. The Yubico Neo PIV applet doesn't strictly follow the standard in some respects. The PIV standard says that only the 9E slot should be available via a contactless interface - 9E is primarily used for physical access control applications, hence the value of contactless. The Neo makes all slots available via contactless. From what I remember of the PIV standards, 9A is used for a logon certificate, 9C for digital signing such as signing S/MIME e-mail, 9D for decryption of encrypted S/MIME e-mail, and 9E for physical access control. In practice, you can use 9A, 9C and 9D freely according to your applications. I have my StartSSL client certificate in 9A and my StartSSL code signing certificate in 9C (where the requirement to enter the PIN every time is an advantage). I have no real use for 9E as I don't have any access control infrastructure, whilst 9D is spare in case in need a client certificate from another CA.

Author:	darco [ Wed Dec 17, 2014 3:32 am ]
Post subject:	Re: [QUESTION] PIVApp: How does the "Key Management" key wor
Thanks! I'm reading it over now. Here is the direct link, for posterity: http://csrc.nist.gov/publications/nistp ... el-rep.pdf

Author:	darco [ Wed Dec 17, 2014 6:00 am ]
Post subject:	Re: [QUESTION] PIVApp: How does the "Key Management" key wor
OK, so, the "key management" key is the confusing (but technically accurate) description of what one would think of as the "encryption" key. Great. Reading over these docs, I see this tantalizing "retired keys" capability, where we can store up to 20 additional private keys. The yubico-piv-tool doesn't seem to support it, but I'm wondering if the app on the card properly implements retired keys and key history...?

Author:	Klas [ Wed Dec 17, 2014 3:23 pm ]
Post subject:	Re: [QUESTION] PIVApp: How does the "Key Management" key wor
No implementation of retired keys in the Neo PIV. All (most?) functions are exposed in the yubico-piv-tool. The main reason we (I) skipped the retired keys is that it seems mostly unspecified how that works and how you'd access that. We could probably be convinced to add support for this if we where fairly certain it'd work fine in windows and with OpenSC. /klas

Author:	darco [ Wed Dec 17, 2014 7:38 pm ]
Post subject:	Re: [QUESTION] PIVApp: How does the "Key Management" key wor
What a shame. I would love to have the ability to store more keys and certs, and this seems like a logical way to implement that. But maybe there are better ways. Reading over the specification, it seems pretty clear how the keys are used and accessed. The offline cert capability is a little hand-wavey, but for on-card certs it seems well-specified. The only obvious part that seems missing is a way to move a private key from a primary slot to a retired slot if the private key was generated on-device. Seems like an obvious oversight. I guess they are assuming you would always escrow the key management keys, and thus could always just re-upload them. Would have to dig into OpenSC to see if they support key history. I'll mark this thread solved at the end of the day.

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/