Crypto rules changing for ID cards

Specifications for cryptographic algorithms and keys for use on smart government ID cards are being updated to better align them with Federal Information Processing Standards and to extend the use of the SHA-1 hashing algorithm for limited purposes.

The National Institute of Standards and Technology has released a draft of the third revision of Special Publication 800-78, Cryptographic Algorithms and Key Sizes for Personal Identity Verification, for comment. The previous version, SP 800-78 Revision 2, was published early this year. That version was updated to re-align with the Suite B Cryptography specification and with then recently published FIPS standards.

Homeland Security Presidential Directive 12 mandated the creation of new standards for interoperable identity credentials for physical and logical access to federal government facilities and systems. Those standards are implemented in the PIV Card, the civilian counterpart of the military’s Common Access Card. FIPS 201, “Personal Identity Verification of Federal Employees and Contractors,” established standards for identity credentials. SP 800-78 specifies the cryptographic algorithms and key sizes for PIV systems and is a companion document to FIPS 201.

Related coverage:

It identifies acceptable symmetric and asymmetric encryption algorithms, digital signature algorithms, key establishment schemes, and message digest algorithms. It also specifies mechanisms to identify the algorithms associated with PIV keys or digital signatures. All cryptographic algorithms employed in this specification provide at least 80 bits of security strength.

Crypto keys specified in FIPS 201 for the cards are an asymmetric PIV authentication key, a card authentication key that may be either symmetric or asymmetric, and an asymmetric key management key that supports key establishment or key transport. These keys are used for protecting data and applications stored on the card, including X.509 digital certificates, a digitally signed Card Holder Unique Identifier, digitally signed biometrics, and a digitally signed hash table. The publication specifies the algorithms, key sizes and parameters used to protect these objects.

Changes in the draft revision include alterations to the maximum value allowed for the RSA public-key exponent, and rules on the use of certain algorithms for status queries.

The old SHA-1 algorithm, used to authenticate digital data, is due to be retired at the end of this year because of weaknesses. The Public Key Cryptography Standard Version 1.5 published by RSA also is obsolete, but their use is being extended for these limited purposes.

Send comments to PIV_comments@nist.gov with "Comments on draft SP 800-78-3" in the subject line by close of business Dec. 3. Comments should use the template form available here.