Want to set yubico serial number at instantiation

arekinath / PivApplet

PIV applet for JavaCard 2.2.2 and 3.0.4+ with full ECDSA/ECDH support

110 stars 37 forks source link

Want to set yubico serial number at instantiation #31

Open arekinath opened 4 years ago

arekinath commented 4 years ago

In #28 and #25 it's become apparent that it would be nice to be able to customise the Yubico serial number used by the applet, probably at applet instantiation time

kategray commented 4 years ago

This would potentially be useful for key derivation schemes.

I'm planning on using Thales HSMs to generate a management key at some point, and it would be nice to generate a serial number at the same time as the key, with the key being a function of the generated serial.

mistial-dev commented 2 years ago

I have an in-progress patch that has this as one of the features. I'll be doing a pull request once it's cleaned up and fleshed out.

I'm using the tag 0x80 (context sensitive) for the parameter collection, and 0xFD (from the APDU to get the serial number). I'm also going to be adding tags to set the FASC-N and CHUID, and strict contactless mode.