PIVKey Tool versions 1.0.0.11 and older have an error that affects how the Admin Key is processed. This error has been fixed in PIVKey Tool version 1.0.0.12.
The PIVKey Admin Key is a Triple DES key of 192 bits represented by 24 hexadecimal, or 48 characters, and it is used primarily for Unblocking the User PIN. The error occurs when the characters A-F are used in the key. If the Admin Key is set to a value containing only the digits 0-9, the error does not occur.
If you changed the Admin Key using PIVKey Tool, and then use the Admin Key to try to unblock the card with another application, such as VSEC_CMS, unblocking may fail. Similarly, if you used another application to change the Admin Key, and then try to unblock the card using PIVKey Tool, this may also fail.
If you have changed the Admin Key using another application, such as vSEC_CMS, upgrade your PIVKey Tool to the latest version (1.0.0.12 or higher) so that the error fix is in place and PIVKey Tool will work as expected with future Admin Key functions.
If you have changed the Admin key using PIVKey Tool Version 1.0.0.11 or lower, you may use the following workaround or resolution:
Workaround: Use one tool when unblocking the user PIN or changing the Admin Key. If you changed the Admin Key with an older version of PIVKey Tool, keep using that version for unblocking. Do not upgrade to the newest version of PIVKey Tool.
Resolution: Use the older version of PIVKey Tool (version 1.0.0.11 or lower) to change the Admin Key to its default value (24 x "00"). Then use the new version (1.0.0.12 or higher) to change the Admin Key to any key of your choice. The Admin Key will now be interoperable with other applications.
Comments
0 comments
Article is closed for comments.