FIPS 201 PIV Profiles (ActivID Applets, Face to Face Issuance)

Note: These profiles are deprecated and can no longer be used to create new device policies. They are included for legacy purposes.
Note:

  • For ActivID PIV+ profiles (preloaded with ActivID Applet packages v2.6.2a), the following default configurations are supported by ActivID CMS:

    • Oberthur: BAP #85034

    • Gemalto: C1022470

    • G&D SmartCafe v3.2 144K: CONFIGURATION3

  • For ActivID PIV+ profiles (preloaded with ActivID Applet packages v2.6.2b), the following default configuration is supported by ActivID CMS:

    • G&D SmartCafe v3.2 144K with ActivID Applet v2.6.2b [CONFIGURATION4]

    • G&D SmartCafe v5.0 144K with ActivID Applet v2.6.2b [CONFIGURATION40]

    • For the other configuration (non-PIV), this card is requested in [CONFIGURATION1]

    • G&D Smart Café Expert v3.2 80K is delivered in [CONFIGURATION25]

PIV FIPS201 F2F Java Card – AI 1024-2048

Standard PIV+ Profile with ActivID Applet v2.6.2 (All PKI 2048 except last extended PKI 1024-bit)

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Unique Identifier (stored in the card): 2011000000000000000000E5

  • Cards with ActivID Applets v2.6.2a packages preloaded (ASClib, ACA, GC/PKI, PIV and SKI).

  • Full set of PIV buffers loaded by ActivID CMS

  • 4 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS

  • 2 2048-bit keys PKI Objects loaded by ActivID CMS

  • 1 1024-bit keys PKI Object loaded by ActivID CMS

  • 1 synchronous SKI Object loaded by ActivID CMS

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

0000000052

ContactLogicalDescription

0000000026

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

0000000052

ContactlessLogicalDescription

0000000026

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000026

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

0000000053

ContactlessLogicalDescription

0000000026

Description

Full Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000005

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000026

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

0000000053

ContactlessLogicalDescription

0000000026

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000052

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000056

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Gemalto TOP DM GX4 FIPS Standard with AI PIV EP applet

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV TEST Key 2

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_2_ENC

KMC_CM_GEM_PIV_TEST_OPSC_2_MAC

KMC_CM_GEM_PIV_TEST_OPSC_2_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

000000007A

ContactLogicalDescription

0000000027

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

000000007A

ContactlessLogicalDescription

0000000027

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key 2

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_2_ENC

KMC_CM_GEM_PIV_PROD_OPSC_2_MAC

KMC_CM_GEM_PIV_PROD_OPSC_2_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

000000007B

ContactLogicalDescription

0000000027

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

000000007B

ContactlessLogicalDescription

0000000027

Description

Full Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key 2

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_2_ENC

KMC_CM_GEM_PIV_PROD_OPSC_2_MAC

KMC_CM_GEM_PIV_PROD_OPSC_2_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000005

ContactKeyConfigID

000000007B

ContactLogicalDescription

0000000027

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

000000007B

ContactlessLogicalDescription

0000000027

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000067

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000067

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

G&D SmartCafe Expert v3.2 144K with AI PIV EP applet

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV TEST Key

Manufacturer Key Set

KMC_CM_GDA_PIV_TEST_OPSC_1_ENC

KMC_CM_GDA_PIV_TEST_OPSC_1_MAC

KMC_CM_GDA_PIV_TEST_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

GDA-01

CardProductID

0000000030

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

000000007C

ContactLogicalDescription

0000000028

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

000000007C

ContactlessLogicalDescription

0000000028

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_GDA_PIV_PROD_OPSC_1_ENC

KMC_CM_GDA_PIV_PROD_OPSC_1_MAC

KMC_CM_GDA_PIV_PROD_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

GDA-01

CardProductID

0000000030

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

000000007D

ContactLogicalDescription

0000000028

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

000000007D

ContactlessLogicalDescription

0000000028

Description

Full Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_GDA_PIV_PROD_OPSC_1_ENC

KMC_CM_GDA_PIV_PROD_OPSC_1_MAC

KMC_CM_GDA_PIV_PROD_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

GDA-01

CardProductID

0000000030

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

000000007D

ContactLogicalDescription

0000000028

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

000000007D

ContactlessLogicalDescription

0000000028

PIV FIPS201 F2F Java Card – AI 1024-2048 (2)

Standard PIV+ Profile with ActivID Applet v2.6.2 (All PKI 2048 except PIV AUTH, CARD AUTH: 1024-bit).

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Unique Identifier (stored in the card): 2011000000000000000000E7

  • Cards with either ActivID Applets v2.6.2a packages preloaded (ASClib, ACA, GC/PKI, PIV and SKI) or loaded with Gemalto PIV applet SafeSite v1.20 or loaded with Oberthur PIV applet v1.08.

  • Full set of PIV buffers loaded by ActivID CMS.

  • 2 2048-bit keys PIV PKI Objects (PIV Digital Signature, PIV Key Management Key) loaded by ActivID CMS.

  • 2 1024-bit keys PIV PKI Objects (PIV Authentication, PIV Card Authentication) loaded by ActivID CMS.

  • 3 2048-bit keys PKI Objects loaded by ActivID CMS.

  • 1 synchronous SKI Object loaded by ActivID CMS.

Supported Devices

Supported Pre-Issuance IDs

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000052

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000056

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Description

Oberthur ID-One Cosmo 64 V5.2 D (Dual Interface) Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Initial 9B key Label

PIV_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

01

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000020

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000057

ContactlessLogicalDescription

0000000020

Oberthur ID-One Cosmo v5.2D 64K Fast ATR with PIV application SDK

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV TEST Key

Manufacturer Key Set

KMC_CM_OCS_PIV_TEST_OPSC_1_ENC

KMC_CM_OCS_PIV_TEST_OPSC_1_MAC

KMC_CM_OCS_PIV_TEST_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

0000000052

ContactLogicalDescription

0000000026

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

0000000052

ContactlessLogicalDescription

0000000026

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000026

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

0000000053

ContactlessLogicalDescription

0000000026

Description

Full Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_OCS_PIV_PROD_OPSC_1_ENC

KMC_CM_OCS_PIV_PROD_OPSC_1_MAC

KMC_CM_OCS_PIV_PROD_OPSC_1_KEK

Diversification

GP211

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Oberthur-01

CardProductID

0000000014

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000005

ContactKeyConfigID

0000000053

ContactLogicalDescription

0000000026

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

0000000053

ContactlessLogicalDescription

0000000026

Gemalto TOP DM GX4 FIPS Standard with PIV application

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000067

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000067

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

Gemalto TOP DM GX4 FIPS Standard with AI PIV EP applet

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV TEST Key 2

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_2_ENC

KMC_CM_GEM_PIV_TEST_OPSC_2_MAC

KMC_CM_GEM_PIV_TEST_OPSC_2_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

000000007A

ContactLogicalDescription

0000000027

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

000000007A

ContactlessLogicalDescription

0000000027

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key 2

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_2_ENC

KMC_CM_GEM_PIV_PROD_OPSC_2_MAC

KMC_CM_GEM_PIV_PROD_OPSC_2_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000005

ContactKeyConfigID

000000007B

ContactLogicalDescription

0000000027

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

000000007B

ContactlessLogicalDescription

0000000027

Description

Full Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key 2

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_2_ENC

KMC_CM_GEM_PIV_PROD_OPSC_2_MAC

KMC_CM_GEM_PIV_PROD_OPSC_2_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000005

ContactKeyConfigID

000000007B

ContactLogicalDescription

0000000027

ContactlessRequirementID

0000000005

ContactlessKeyConfigID

000000007B

ContactlessLogicalDescription

0000000027

G&D SmartCafe Expert v3.2 144K with AI PIV EP applet

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV TEST Key

Manufacturer Key Set

KMC_CM_GDA_PIV_TEST_OPSC_1_ENC

KMC_CM_GDA_PIV_TEST_OPSC_1_MAC

KMC_CM_GDA_PIV_TEST_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

GDA-01

CardProductID

0000000030

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

000000007C

ContactLogicalDescription

0000000028

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

000000007C

ContactlessLogicalDescription

0000000028

Description

Sample Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_GDA_PIV_PROD_OPSC_1_ENC

KMC_CM_GDA_PIV_PROD_OPSC_1_MAC

KMC_CM_GDA_PIV_PROD_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

GDA-01

CardProductID

0000000030

PhysicalDescriptionID

0000000005

PackageConfigID

0000000002

ContactRequirementID

0000000007

ContactKeyConfigID

000000007D

ContactLogicalDescription

0000000028

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

000000007D

ContactlessLogicalDescription

0000000028

Description

Full Stack with 2.6.2A Pre-loaded Applets and PIV PROD Key

Manufacturer Key Set

KMC_CM_GDA_PIV_PROD_OPSC_1_ENC

KMC_CM_GDA_PIV_PROD_OPSC_1_MAC

KMC_CM_GDA_PIV_PROD_OPSC_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

GDA-01

CardProductID

0000000030

PhysicalDescriptionID

0000000005

PackageConfigID

0000000001

ContactRequirementID

0000000007

ContactKeyConfigID

000000007D

ContactLogicalDescription

0000000028

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

000000007D

ContactlessLogicalDescription

0000000028

PIV FIPS201 F2F Java Card – AI 2048

PIV2 Profile with ActivID Applet v2.6.2

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Unique Identifier (stored in the card): 2011000000000000000000FF

  • Cards loaded with Gemalto PIV applet SafeSite v1.20. ActivID Applets v2.6.2 based.

  • Full set of PIV buffers loaded by ActivID CMS

  • 4 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS

  • 2 2048-bit keys PKI Objects loaded by ActivID CMS. The name in the ActivID CMS Device Policy is PKI5/PKI6

Supported Devices

Supported Pre-Issuance IDs

Gemalto TOP DM GX4 FIPS Standard with PIV application

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000067

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000067

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

PIV FIPS201 F2F Java Card – AI 2048 (2)

Standard PIV2 Profile with ActivID Applet v2.6.2 with renamed PKI containers.

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Unique Identifier (stored in the card): 201100000000000000000106

  • Replaces “PIV FIPS201 F2F Java Card – AI 2048” profile cards. The only difference is the name of PKI extensions that are now PKI1/PKI2 instead of PKI5/PKI6.

  • Full set of PIV buffers loaded by ActivID CMS

  • 4 2048-bit keys PIV PKI Objects (PIV Authentication, PIV Digital Signature, PIV Key Management Key, PIV Card Authentication) loaded by ActivID CMS

  • 2 2048-bit keys PKI Objects loaded by ActivID CMS. The name in the ActivID CMS Device Policy is PKI1/PKI2

Supported Devices

Supported Pre-Issuance IDs

Gemalto TOP DM GX4 FIPS Standard with PIV application

Description

Gemplus GCX4 PIV Sample Stack with PIV TEST Key

Manufacturer Key Set

KMC_CM_GEM_PIV_TEST_OPSC_1_ENC

KMC_CM_GEM_PIV_TEST_OPSC_1_MAC

KMC_CM_GEM_PIV_TEST_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000067

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000067

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Sample Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000002

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

Description

Gemplus GCX4 PIV Full Stack with PIV PROD Key

Manufacturer Key Set

KMC_CM_GEM_PIV_PROD_OPSC_1_ENC

KMC_CM_GEM_PIV_PROD_OPSC_1_MAC

KMC_CM_GEM_PIV_PROD_OPSC_1_KEK

Diversification

OP202

Key Set Version / Index

0x01/0x01

Initial 9B key Label

PIV_GEM_CARD_ADMINISTRATOR_KEY_SB

Initial 9B Key AlgoID

03

Logical Scheme

2

ManufacturerID

Gemplus-01

CardProductID

0000000020

PhysicalDescriptionID

0000000003

PackageConfigID

0000000001

ContactRequirementID

0000000004

ContactKeyConfigID

0000000068

ContactLogicalDescription

0000000022

ContactlessRequirementID

0000000002

ContactlessKeyConfigID

0000000068

ContactlessLogicalDescription

0000000022

PIV - Crescendo C2300 FIPS

PIV profile for Crescendo C2300 FIPS with Applet v3 (SP800-73-4)

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Unique Identifier (stored in the card): 201100000000000000000139

  • Replaced by PIV / CIV - Crescendo FIPS profile. 

  • Cards with ActivID Applets v3.0 packages preloaded (ASClib, ACA, HMAClib and PIVEXT).

  • Profile based on ActivID Applets 3.0.

  • 14 keys PIV PKI Objects (PIV Authentication, PIV Digital Signature PIN Always, PIV Key Management Key, PIV Card Authentication (RSA 2048, ECC 256 or ECC 384), and 10 Retired Key Management Keys) loaded by ActivID CMS

    Note: In the current version of ActivID CMS, ECC keys can only be used with Card Authentication applications for the Microsoft CA. In addition, ECC certificates only support the ECDSA_256 and ECDSA_384 algorithms.

  • PIV EP Buffer Objects, except Iris object

  • NIST SP 800-73-4 Support

  • PIN Numeric Only

  • In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

    • MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

Supported Devices

Supported Pre-Issuance IDs

Crescendo C2300 FIPS (JCOP 3 SecID P60 CS) preloaded with ActivID Applet 3.0

Description

HID Crescendo 2300 FIPS (Dual Interface) Cards with Default Key and Applets 3.0 Pre-loaded

Manufacturer Key Set

VOP_ISK_AES_16_1_ENC

VOP_ISK_AES_16_1_MAC

VOP_ISK_AES_16_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

HID-01

CardProductID

0000000084

PhysicalDescriptionID

0000000005

PackageConfigID

FREE

ContactRequirementID

0000000007

ContactKeyConfigID

VOP_ISK_AES_16

ContactLogicalDescription

0000000058

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

VOP_ISK_AES_16

ContactlessLogicalDescription

0000000058

Description

HID Crescendo 2300 FIPS (Dual Interface) Cards with CUSTOM Key and Applets 3.0 Pre-loaded

Manufacturer Key Set

KMC_CM_HIDCRESC_CUST_AES_16_1

Diversification

GPSCP03

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

HID-01

CardProductID

0000000084

PhysicalDescriptionID

0000000005

PackageConfigID

FREE

ContactRequirementID

0000000007

ContactKeyConfigID

0000000118

ContactLogicalDescription

0000000058

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

0000000118

ContactlessLogicalDescription

0000000058

PIV - Crescendo Key FIPS

PIV Profile for Crescendo Key FIPS with Applet v3 (SP800-73-4)

Note: This profile is deprecated and can no longer be used to create new device policies. It is included for legacy purposes.

  • Unique Identifier (stored in the card): 20110000000000000000014B

  • Replaced by PIV / CIV - Crescendo FIPS profile. 

  • USB Keys with token button with ActivID Applets v3.0 packages preloaded (ASClib, ACA, HMAClib and PIVEXT).

  • Profile based on ActivID Applets 3.0.

  • 14 keys PIV PKI Objects (PIV Authentication, PIV Digital Signature PIN Always, PIV Key Management Key, PIV Card Authentication (RSA 2048, ECC 256 or ECC 384), and 10 Retired Key Management Keys) loaded by ActivID CMS

    Note: In the current version of ActivID CMS, ECC keys can only be used with Card Authentication applications for the Microsoft CA. In addition, ECC certificates only support the ECDSA_256 and ECDSA_384 algorithms.

  • PIV EP Buffer Objects, except Iris object

  • NIST SP 800-73-4 Support

  • PIN Numeric Only

  • In addition to the card pre-issuance keys, the following keys must be present in the HSM for profile issuance. As these keys are post-issuance keys, they should be generated in the HSM:

    • MK_CM_ACE_AES_16_OPSC_1_ENC, _MAC, _KEK, PIV_CARD_ADMINISTRATOR_KEY_9B_AES_16 (16-byte AES keys)

Supported Devices

Supported Pre-Issuance IDs

Crescendo Key FIPS (JCOP 3 SecID P60 CS) preloaded with ActivID Applet 3.0

Description

HID Crescendo Key FIPS with Default Key and Applets 3.0 Pre-loaded

Manufacturer Key Set

VOP_ISK_AES_16_1_ENC

VOP_ISK_AES_16_1_MAC

VOP_ISK_AES_16_1_KEK

Diversification

NONE

Key Set Version / Index

0x01/0x00

Logical Scheme

2

ManufacturerID

HID-01

CardProductID

0000000089

PhysicalDescriptionID

0000000005

PackageConfigID

FREE

ContactRequirementID

0000000007

ContactKeyConfigID

VOP_ISK_AES_16

ContactLogicalDescription

0000000058

ContactlessRequirementID

0000000007

ContactlessKeyConfigID

VOP_ISK_AES_16

ContactlessLogicalDescription

0000000058