Releases: GSA/piv-conformance
CCT: piv-conformance v1.0.9
This version of the CCT Tool was released with the addition of current federal and test trust chains to the JavaKey Store (JKS) to reduce false positives/errors.
- File:
piv-conformance-v1.0.9.zip
. - SHA256:
2f5b82458b6c058c94eabb060ba1a9ad5e2610f777a1be3cdf87731496a656cb
What's New
- Added updated
cacerts.jks
Keystore file with current trust chains, including the DOD Test CAC. - Fixed release zip file structure, now one level, no unzipped folder in folder.
- Updated version number
v1.0.9
. - No code changes.
User Guide
CCT: piv-conformance
Tool to verify conformance to the PIV data model on PIV cards per current releases of FIPS 201 and associated publications
- Fixed one-off error related to issue #315
- File: fips201-card-conformance-tool-1.0.7-20231228185655.zip
SHA256: 1eb5ed41340413730f664561474c0831a0b91b1667f97157bfb72ce1ffd6c18f
Support for specifying trust anchor in properties file
Path validation done in PKIX.6 now supports PKI other than FPKI and ICAM. Use defaultAlias
in pdval.properties
to specify the alias to use, and import the trust anchor to cacerts.jks
. Validator will use the default alias to look for the named certificate in the keystore and attempt to build a certificate chain to the end-entity certificates on the card under test.
fips201-card-conformance-tool-1.0.7-20210220075731.zip
SHA256: 248f50cd2c6563aed6834ad0370d5c409e9e36557be371da5924067823ddd342
Log response APDUs
fips201-card-conformance-tool-1.0.6-20210216213425.zip
SHA-256: 05ea4025cdc2f26457d6b139f1b3367f2e26891fb33adfbaa4cbca7b98719363
Add support for RSASSA-PSS to 78.3
RSASSA-PSS certs are now properly handled in SP80078_3_Test.
fips201-card-conformance-tool-1.0.5-20210212135407.zip
SHA266: 508a1f63347ae0fd074eec57c38cef6be2da3df1d33badcb644e33bda44818f3
Cleanup, add debug message while iterating through datagroup elements
fips201-card-conformance-tool-1.0.4-20210210223228.zip SHA256 = e25c89e337078d81e042a4d04d1dc8b327d1e0d018063e67fa35648d37aa8343
Improved security object error handling, suppress log noise
Modified AtomHelper class to log an error message and return null rather than fail(), which was preventing the atom from reporting the cause of the failure. Suppressed the logging of duplicate debug messages.
fips201-card-conformance-tool-1.0.3-20210210221700.zip
SHA256: 67a31e533fef252311fe88627646abd46334d0cd15f964e26f82fadd8e3be3e2
Support for offline validation
This release adds the ability to supply a .p7c file with intermediate certs for path validation. Clarified requirement and simplified PKIX.25.
fips201-card-conformance-tool-1.0.2-20210210092401.zip SHA256 = ef33ce49dd63d6c72afc47683dffb22b2d1952e981bf82862a6825a152293637
Standardize on JCE X509Certificate
X509Certificate objects' DER encoding is different between JCE and BouncyCastle. Content signing certificates generated with BouncyCastle returned "null" sigGetAlgParams() as DERNull. The specification requires the method to return null.
For all signed objects, X509Certficate objects as well as all X.509 certificate containers, are built by JCE.
SHA256(fips201-card-conformance-tool-1.0.1-release-20210208211231.zip)= b90f55c71152eb3e3394853333b627ec87df4296b788041dc3fef1e0b2cdbb91
Corrected PKIX. 78-4, 73-4, test cases
This release uses PD-VAL to validate the EE certificate for the given policy OID. MIgrated to Java 15. Write certificates in each path to resourceDir.
fips201-card-conformance-tool-1.0.0-release-20210208082848.zip SHA-256: 751e87b069b1aa36e5685e6d579e614b551cf07724696a00cdd3159ee6411501