Home

OpenFIPS201

This project has been commissioned and funded by the Australian Department of Defence, to provide an open source implementation of the on-card application for the NIST Personal Identity Verification (PIV) standard specified by FIPS PUB 201-2 and SP800-73-4.

To learn more about PIV and this project, see Frequently Asked Questions section.

Getting Started

1. Firstly, make sure your target smart card platform meets the Hardware Requirements

2. Next, grab yourself a hot cap of OpenFIPS201:

   • For those that just want to use the default (standard) setup, just download the latest release from here.
   • If you want to change the more advanced options, you'll need to build the applet from source code.
   • Once you have downloaded or built your a CAP file, you are now ready to install.

3. Install OpenFIPS201 using your favourite applet loader. Want options?

   • Martin Paljak's GlobalPlatformPro - https://github.com/martinpaljak/GlobalPlatformPro
   • GPShell - https://sourceforge.net/p/globalplatform/wiki/GPShell
   • Javacos PyAPDUTool - http://www.javacos.com/developmentkit.php

4. Build the PIV filesystem and key table (see Pre Personalisation)

5. Inject any initial key or PIN values (see Security Personalisation)

6. Finally, personalise your new PIV instance. This can be performed using your favourite PIV Middleware / Application, or OpenFIPS201 supports personalisation over a GP Secure Channel. We strongly recommend the latter for any new rollouts as this provides message encryption and authentication. If your infrastructure cannot support this or you are dealing with legacy administration equipment, you can still personalise using the 9B key.

   • Yubikey PIV Tool - https://developers.yubico.com/yubico-piv-tool
   • OpenSC PIV - https://github.com/OpenSC/OpenSC/wiki/US-PIV
   • Charismathics CSSI https://www.charismathics.com/cssi-smartcard-middleware (Commercial)

Get in touch!

If you would like to contact us, send an email to piv@makina.com.au. In particular, if you're planning on using OpenFIPS201 in your card scheme, please drop us a quick email so we can see how it's being used!