Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6383

Support for FIPS 201-2 PIV FASC-N subjectAltName

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.0
    • Component/s: None
    • Labels:
      None
    • Stakeholder:
      Sales
    • Sprint:
      EJBCA Sprint 4

      Description

      FIPS 201-2 "Personal Identity Verification (PIV) of Federal Employees and Contractors" contains a Federal Agency Smart Credential Number (FASC-N) OtherName that we should support.

      http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.201-2.pdf

      https://www.idmanagement.gov/wp-content/uploads/sites/1171/uploads/fpki-cert-profile-ssp.pdf

      pivFASC-N: 2.16.840.1.101.3.6.6

      The pivFASC-N OID may appear as a name type in
      the otherName field of the subjectAltName extension
      of X.509 certificates or a signed attribute in CMS
      external signatures. Where used as a name type,
      the syntax is OCTET STRING. Where used as an
      attribute, the attribute value is of type OCTET
      STRING. In each case, the value specifies the
      FASC-N of the PIV Card.

      FIPS 201-2 C.1:
      Federal Agency Smart Credential Number (FASC-N): As required by FIPS 201, one of the primary
      identifiers on the PIV Card for physical access control. The FASC-N is a fixed length (25 byte) data
      object, specified in [SP 800-73], and included in several data objects on a PIV Card.

      OpenSSL way seems to be direct use of the OID, e.g.
      otherName = 2.16.840.1.101.3.6.6;FORMAT:HEX,OCT:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA:AA

        Attachments

          Activity

            People

            • Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Johan Eklund
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: