Skip to content

Generating 9C key with nistp256 fails with 6982 #623

New issue
New issue
Open
Open
Generating 9C key with nistp256 fails with 6982#623
@dengert

Description

@dengert
dengert
opened on Feb 7, 2025

nitropy-v0.7.3-x64-windows-binary.exe nk3 piv --experimental generate-key --admin-key 010203040506070801020304050607080102030405060708 --key 9C --algo nistp256 --subject-name "Doug-N3A-01" --domain-component "gamil.com" --subject-alt-name-upn "[email protected]" --pin 123456 --path "c:\tmp\n3a-01-9C-req"

nitropy.log.rrehh3s1.txt

585        INFO     pivapp Sending 135 '0087039b047c028000'
693        INFO     pivapp Received [610c] 
695        INFO     pivapp Received [9000] 7c0a8008f8174ba5a8eeacf3
695        INFO     pivapp Received final data: [9000] '7c0a8008f8174ba5a8eeacf3'
695        INFO     pivapp Decoded received: 7c0a8008f8174ba5a8eeacf3
697        INFO     pivapp Sending 135 '0087039b167c1480087ea1a98fd4edcd8381084775be27d3337db9'
789        INFO     pivapp Received [610c] 
791        INFO     pivapp Received [9000] 7c0a8208e6f5c231113e7f57
791        INFO     pivapp Received final data: [9000] '7c0a8208e6f5c231113e7f57'
791        INFO     pivapp Decoded received: 7c0a8208e6f5c231113e7f57
791        INFO     pivapp Sending 32 '0020008008313233343536ffff'
3062       INFO     pivapp Received [9000] 
3063       INFO     pivapp Sending 71 '0047009c05ac03800111'
6617       INFO     pivapp Received [6146] 
6620       INFO     pivapp Received [9000] 7f49438641040345b375ecfbed3295fe57f533f7306ea0adc360d0bb235e4d1d171f663d7d4e35d433ed88b3bbb1a7afc770eee84551508348d498c53018ad3cb6b4dded2131
6620       INFO     pivapp Received final data: [9000] '7f49438641040345b375ecfbed3295fe57f533f7306ea0adc360d0bb235e4d1d171f663d7d4e35d433ed88b3bbb1a7afc770eee84551508348d498c53018ad3cb6b4dded2131'
6620       INFO     pivapp Decoded received: 7f49438641040345b375ecfbed3295fe57f533f7306ea0adc360d0bb235e4d1d171f663d7d4e35d433ed88b3bbb1a7afc770eee84551508348d498c53018ad3cb6b4dded2131
6627       INFO     pivapp Sending 135 '0087119c267c24 812096e962450421dcbb7ce4b1bff6cacaa802e8b29bc9005ac3f779030a530d49048200'
6630       INFO     pivapp Received [6982]

This looks like the key was generated, and pubkey returned 7f49 43 86 41 04|x|y

The next APDU returns '69' '82' Security status not satisfied. I don't see where the user pin was verified. (not logged?)
Nist 800-74-4-2016 "Part 1" 3.2.1 X.509 Certificate for Digital Signature The 9C key is "PIN Always"
(I also pressed the touch button too.)

If the operation was meant to be a ECDSA sign: it also look wrong:
` 00 87 11 9c 26 7C 24 81 20 96e9624...

NIST 800-74-4-2016 "Part 2" "A.4.2 ECDSA" says "Data Field '7C' – L1 { '82' '00' '81' L2 {hash value of message}}"
i.e. the `82' '00' is missing.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions