PIV Cryptographic Algorithm Identifier Template (Tag 'AC') does not match ISO-7816-4 or NIST 800-73-4

[dengert]

Using OpenSC. SELECT AID

Outgoing APDU (15 bytes):
00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 00 ...............

P:135484; T:0x124841010767872 12:09:04.935 [opensc-tool] reader-pcsc.c:245:pcsc_internal_transmit: called
P:135484; T:0x124841010767872 12:09:04.938 [opensc-tool] reader-pcsc.c:337:pcsc_transmit: 
Incoming APDU (106 bytes):
61 66 4F 06 00 00 10 00 01 00 50 0C 4E 69 74 72 afO.......P.Nitr
6F 6B 65 79 20 50 49 56 5F 50 2D 68 74 74 70 73 okey PIV_P-https
3A 2F 2F 67 69 74 68 75 62 2E 63 6F 6D 2F 4E 69 ://github.com/Ni
74 72 6F 6B 65 79 2F 70 69 76 2D 61 75 74 68 65 trokey/piv-authe
6E 74 69 63 61 74 6F 72 AC 15 80 01 03 80 01 0C nticator........
80 01 11 80 01 E2 80 01 E3 80 01 07 06 01 00 79 ...............y
07 4F 05 A0 00 00 03 08 90 00      :w

Nist 800-73-4 "3.1.1 SELECT Card Command" "Part 2"
"Table 5. Data Objects in a Cryptographic Algorithm Identifier Template (Tag 'AC')"
was really added for Secure messaging and would only have one. "Tag 0xAC shall be present and indicate algorithm identifier 0x27 or 0x2E (but not both)"
"Table 5. Data Objects in a Cryptographic Algorithm Identifier Template (Tag 'AC')"
says there is a '80' entry which if Secure Messaging would be 0x27 or 0x2E and a '06' entry value is set to 0x00

The version of ISO 7816-4-2013 I found: "9.2 Cryptographic mechanism identifier template" says: " One or more cryptographic mechanism identifier DO'AC' may be present ... Each one explicitly indicates the meaning of a cryptographic mechanism ... The template shall consist of two or more DOs."
"The first shall be a cryptographic mechanism reference, DO'80'"
"The second DO shall be an object identifier, DO'06', ..."
"If present, one or more subsequent DOs (DO'06' or DO'13') ... "

So if supported mechanisms are to be listed, each should have its own AC 06 80 01 xx 06 01 00 and could have the second 06 (ASN1 OID) Since there are issues with mapping Algorithm Identifiers for example E2 between Yubikey and Nitrokey an OID would say what is the intending algorithm.

NIST never required any AC for the required Algorithms, on till 800-74-4 to indicate SM was supported SM.

An Idemia test card which supports Secure Messaging responds with a single AC and compliant with both NIST and ISO

Outgoing APDU (15 bytes):
00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 00 ...............

P:135750; T:0x133590212024320 13:01:35.464 [opensc-tool] reader-pcsc.c:245:pcsc_internal_transmit: called
P:135750; T:0x133590212024320 13:01:35.496 [opensc-tool] reader-pcsc.c:337:pcsc_transmit: 
Incoming APDU (59 bytes):
61 2C 4F 0B A0 00 00 03 08 00 00 10 00 01 00 50 a,O............P
0A 49 44 2D 4F 6E 65 20 50 49 56 61 09 79 07 4F .ID-One PIVa.y.O
05 A0 00 00 03 08 AC 06 80 01 2E 06 01 00 7F 66 ...............f
08 02 02 03 F8 02 02 7F FF 90 00 

Note: OpenSC configured with "--enable-piv-sm" Supports the PIV Secure Messaging, which you could be helpful in testing SM on Nitrokey applet.