DoD Implementation Guide for CAC PIV End-Point - Common ...
DoD Implementation Guide for CAC PIV End-Point - Common ...
DoD Implementation Guide for CAC PIV End-Point - Common ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>DoD</strong> <strong>Implementation</strong> <strong>Guide</strong> <strong>for</strong> <strong>CAC</strong> <strong>PIV</strong> <strong>End</strong>-<strong>Point</strong><br />
5.2 CHUID (0x3000)<br />
Clarifications of CHUID fields not covered in this document are specified in the “<strong>DoD</strong><br />
<strong>Implementation</strong> <strong>Guide</strong> <strong>for</strong> <strong>CAC</strong> Next Generation (NG)” [NG]. These include FASC-N, Global<br />
Unique Identifier (GUID), Expiration Date, Authentication Key Map, and Error Detection<br />
Code.<br />
See Appendix “Sample Java program: Accessing the CHUID” <strong>for</strong> a code sample on retrieving<br />
the CHUID.<br />
5.2.1 CHUID Usage<br />
As outlined in the NIST Special Publication 800-73-1 the CHUID is defined by the following<br />
table:<br />
Table 6. CHUID Container<br />
Card Holder Unique Identifier 0x3000 Always Read<br />
Data Element (TLV) Tag Type Max Bytes M/O<br />
FASC-N 0x30 Fixed Text 25 M<br />
GUID 0x34 Fixed Numeric 16 M<br />
Expiration Date 0x35 Date (YYYYMMDD) 8 M<br />
Authentication Key Map 0x3D Variable 512 O<br />
Issuer Asymmetric Signature 0x3E Variable 2048 M<br />
Error Detection Code 0xFE LRC 0 O<br />
• The CHUID includes an element, the Federal Agency Smart Credential Number<br />
(FASC-N), which uniquely identifies each card and cardholder.<br />
• The <strong>PIV</strong> CHUID is a free read from both the contact and contactless interfaces of the<br />
<strong>PIV</strong> Card 12 .<br />
• The FASC-N is not allowed to be modified post-issuance.<br />
• In machine readable <strong>for</strong>mat, the expiration date data element specifies when the<br />
card expires. The expiration date <strong>for</strong>mat and encoding rules are as specified in<br />
SP800-73-1. This date is the same as that on the printed card surface. The optional<br />
Printed In<strong>for</strong>mation Buffer is not included.<br />
• Includes the issuer Public Key Certificate in the container.<br />
• The Asymmetric Signature data element of the <strong>PIV</strong> CHUID has been encoded as a<br />
Cryptographic Message Syntax (CMS) external digital signature, as defined in RFC<br />
3852 [RFC3852].<br />
• Algorithm and key size requirements <strong>for</strong> the asymmetric signature are detailed in<br />
[SP800-78].<br />
• Optional fields are not implemented (Grayed out on table above).<br />
12 Applies to both <strong>DoD</strong> <strong>PIV</strong> Auth Activated and Non-activated mode.<br />
15