Skip to content

Releases: GSA/piv-conformance

CCT: piv-conformance v1.0.9

16 Oct 18:25
62e8eba
Compare
Choose a tag to compare

This version of the CCT Tool was released with the addition of current federal and test trust chains to the JavaKey Store (JKS) to reduce false positives/errors.

  • File: piv-conformance-v1.0.9.zip.
  • SHA256: 2f5b82458b6c058c94eabb060ba1a9ad5e2610f777a1be3cdf87731496a656cb

What's New

  • Added updated cacerts.jks Keystore file with current trust chains, including the DOD Test CAC.
  • Fixed release zip file structure, now one level, no unzipped folder in folder.
  • Updated version number v1.0.9.
  • No code changes.

User Guide

CCT: piv-conformance

28 Dec 19:56
62e8eba
Compare
Choose a tag to compare

Tool to verify conformance to the PIV data model on PIV cards per current releases of FIPS 201 and associated publications

  • Fixed one-off error related to issue #315
  • File: fips201-card-conformance-tool-1.0.7-20231228185655.zip
  • SHA256: 1eb5ed41340413730f664561474c0831a0b91b1667f97157bfb72ce1ffd6c18f

Support for specifying trust anchor in properties file

20 Feb 15:11
Compare
Choose a tag to compare

Path validation done in PKIX.6 now supports PKI other than FPKI and ICAM. Use defaultAlias in pdval.properties to specify the alias to use, and import the trust anchor to cacerts.jks. Validator will use the default alias to look for the named certificate in the keystore and attempt to build a certificate chain to the end-entity certificates on the card under test.

fips201-card-conformance-tool-1.0.7-20210220075731.zip

SHA256: 248f50cd2c6563aed6834ad0370d5c409e9e36557be371da5924067823ddd342

Log response APDUs

16 Feb 22:43
Compare
Choose a tag to compare
Log response APDUs Pre-release
Pre-release

fips201-card-conformance-tool-1.0.6-20210216213425.zip
SHA-256: 05ea4025cdc2f26457d6b139f1b3367f2e26891fb33adfbaa4cbca7b98719363

Add support for RSASSA-PSS to 78.3

12 Feb 21:23
Compare
Choose a tag to compare
Pre-release

RSASSA-PSS certs are now properly handled in SP80078_3_Test.

fips201-card-conformance-tool-1.0.5-20210212135407.zip
SHA266: 508a1f63347ae0fd074eec57c38cef6be2da3df1d33badcb644e33bda44818f3

Cleanup, add debug message while iterating through datagroup elements

11 Feb 05:34
Compare
Choose a tag to compare

fips201-card-conformance-tool-1.0.4-20210210223228.zip SHA256 = e25c89e337078d81e042a4d04d1dc8b327d1e0d018063e67fa35648d37aa8343

Improved security object error handling, suppress log noise

11 Feb 01:35
Compare
Choose a tag to compare

Modified AtomHelper class to log an error message and return null rather than fail(), which was preventing the atom from reporting the cause of the failure. Suppressed the logging of duplicate debug messages.

fips201-card-conformance-tool-1.0.3-20210210221700.zip
SHA256: 67a31e533fef252311fe88627646abd46334d0cd15f964e26f82fadd8e3be3e2

Support for offline validation

10 Feb 16:30
Compare
Choose a tag to compare
Pre-release

This release adds the ability to supply a .p7c file with intermediate certs for path validation. Clarified requirement and simplified PKIX.25.

fips201-card-conformance-tool-1.0.2-20210210092401.zip SHA256 = ef33ce49dd63d6c72afc47683dffb22b2d1952e981bf82862a6825a152293637

Standardize on JCE X509Certificate

09 Feb 04:24
Compare
Choose a tag to compare
Pre-release

X509Certificate objects' DER encoding is different between JCE and BouncyCastle. Content signing certificates generated with BouncyCastle returned "null" sigGetAlgParams() as DERNull. The specification requires the method to return null.
For all signed objects, X509Certficate objects as well as all X.509 certificate containers, are built by JCE.

SHA256(fips201-card-conformance-tool-1.0.1-release-20210208211231.zip)= b90f55c71152eb3e3394853333b627ec87df4296b788041dc3fef1e0b2cdbb91

Corrected PKIX. 78-4, 73-4, test cases

08 Feb 15:33
Compare
Choose a tag to compare
Pre-release

This release uses PD-VAL to validate the EE certificate for the given policy OID. MIgrated to Java 15. Write certificates in each path to resourceDir.

fips201-card-conformance-tool-1.0.0-release-20210208082848.zip SHA-256: 751e87b069b1aa36e5685e6d579e614b551cf07724696a00cdd3159ee6411501