Comments (7)
lachellel
commented on September 15, 2024
a table aligning all FPKI certificates with its intended purpose.
- Not for all FPKI certificates - but specific to PIV:
- https://piv.idmanagement.gov/details/#understanding-piv-certificates
a guide on how to identify each certificate.
- might want to break out the details into smaller chunks of information and side nav
Little harder, what to do if the intended certificate does not have the appropriate extensions.
- this is a compliance issue and generally the intended audience for this playbook isn't involved in compliance - they are trying to make something "work"
- we can move this one elsewhere or create a compliance focused link
from piv-guides.
rt-smithee
commented on September 15, 2024
IMO it should say "SHA-256" not "SHA-2" because SHA-2 is a hash family including e.g. SHA-384, SHA-512, SHA-224, etc.
from piv-guides.
godadada
commented on September 15, 2024
https://ocio.nih.gov/Smartcard/Pages/Your-PIV-Certificates.aspx#TYPE
Types of Certificates on your PIV card
Your PIV card contains four types of digital certificates:
Authentication Certificate used to log you on to applications and computers.
This certificate usually has an -A after your name.
Encryption Certificate used to encrypted email messages send to you.
This certificate usually has an -E after your name.
Signing Certificate used to digatally sign emails and documents.
This certificate usually has an -S after your name.
Card Management Certificate which is not currently used at NIH.
This certificate is issued to PIV or PIV Users.
The new 128K PIV Cards (see below) may also contain up to five of your prior encryption certificates to make it easier for you to read old encrypted emails. These certificates will have older expiration dates and may, or may not, have an -E after your name.
Note: If you have a 64K PIV card, or need to read very old encrypted emails, you will need to recover the old certificates and associated keys used to encrypt them.
from piv-guides.
godadada
commented on September 15, 2024
commited:
https://github.com/GSA/piv-guides/blob/piv-cert-typs/pages/piv-certificate-types.md
from piv-guides.
clstmbrly
commented on September 15, 2024
Putting on hold, per @lachellel on 8/29/2017.
from piv-guides.
clstmbrly
commented on September 15, 2024
This Issue is very similar to FPKI-Guides' Issue #159, "Distinguishing between certs on a PIV." Combined request from FPKI-Guides' #159 with PIV-Guides' #101--more applicable location. FPKI-Guides' #159 is now closed.
@ryancdickson
from piv-guides.
maxwellfunk
commented on September 15, 2024
due to lack of consistency across all PIV issuers in adding suffixes to the common names (-A, -E, -S) the only way to distinguish certs by profile is a combination of KU and EKU which is accounted or in the table of the following page:
https://piv.idmanagement.gov/details/#understanding-piv-certificates
from piv-guides.
Related Issues (20)
- Redcloth vulnerability HOT 1
- Steps for Digital Signing in MS Word HOT 7
- Firefox page missing certificate installation HOT 2
- Add Search Box To PIV Guides HOT 2
- tree -accept
- Update network retrieval and timeout settings for Microsoft domains HOT 1
- uilt -repairstore HOT 1
- Need script for AD to update EDIPI UPN field with PIV UPN HOT 1
- PIV credential graphic HOT 2
- PIV code signing support HOT 1
- How to configure Windows web server to only accept PIV certificate HOT 1
- update jQuery
- How to configure authentication to office 365/Azure AD with on-prem AD using PIV (UPN identifier) HOT 3
- Remove EOL versions (Windows 7 and 2008R2) HOT 1
- Remove issuance of domain controller certs
- Add reference to FPKI-Guides PIV CAs and Agencies List
- Digitital Signatures During pandemic. HOT 3
- Common Policy Root CA - new root, updates to PIV guides HOT 1
- 1st attempt HOT 1
- Broken link in PIV Usage Guides page HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from piv-guides.