makinako
commented
1 week ago Hi @easydaniel, apologies on the delay for this. The reasons for not implementing R_ENC/R_MAC were more about dealing with the implementation of command/response handling in the applet and less to do with sound arguments of security. Since administrative commands were traditionally sent over plaintext with the 9B key, it was seen as sufficient to improve this by ensuring the command payload was protected, especially for key injection.
The responses are largely just acknowedgements, with the notable exception of GEN ASYM KEYPAIR which is just returning public modulus. Having said this, attestation is a great case for protecting the response integrity, and also given the use of SCP03 for network-based updates, protecting even just acknowledgements is a good idea.
It's been a while since I looked at implementing R_ENC/R_MAC, but I'll have a closer look in the next couple of weeks and in the meantime if you find a workable solution, make a PR for sure.
I'm recently working on a project that requires attestation of generated keypair public key. Would like to know what is the reason not having R-MAC/ENC supported. Though I do see in documentation said it's not enforced, I wonder if this is simply reusing existing GP libraries. Which would be something looking like:
I tried this customizing code snippet but the R-MAC value is not correct when receiving the response from the applet. Any suggestion making this work? I can help sending out MRs to get this supported.
Also though PIV spec doesn't specify the authenticity of the key generated, is there a recommended security scheme that how we can generate an signature from the applet as an option when generating keypair? Thanks