Personal Identity Verification (PIV)

FIPS 201 for Android Smartphones and Tablets

PIV has been standardized by the National Institute for Standards and Technology (NIST) in FIPS 201-2. The relevant hardware security specifications are provided in SP 800-73-4 and SP 800-78-4. It was originally specified for use by the US Federal government. Nowadays, it is also widely deployed in the private sector.

Using our SDK you can easily bring PIV support to your Android app:

PIV authentication
TLS certificate authentication with PIV
SSH authentication with PIV
VPN connections
Document signatures
Low-level digital signatures and encryption

Try Hardware Security SDK in your app today.

PIV cards and Security Keys

Supports a wide range of Security Keys, such as the YubiKey 4 and 5 Series over USB. YubiKey 5 NFC and YubiKey NEO are also supported over NFC.

Full list of supported hardware

Certificate Handling

Automatic retrieval and usage of certificates stored on the security hardware.

Integrates with Modern Android Libraries

Out-of-the-box integration with OkHttp 3.

Make Your App work with PIV

TLS Client Certificate

public class MainActivity extends AppCompatActivity implements SecurityKeyDialogCallback<PivSecurityKey> {

    private void showSecurityKeyDialog() {
        SecurityKeyDialogOptions options = SecurityKeyDialogOptions.builder()
                //.setPinLength(4) // smartcards with a fixed PIN and PUK length improve the UX
                //.setPukLength(8)
                .build();

        SecurityKeyDialogFragment<PivSecurityKey> securityKeyDialogFragment =
                PivSecurityKeyDialogFragment.newInstance(options);
        securityKeyDialogFragment.show(getSupportFragmentManager());
    }

    @Override
    public void onSecurityKeyDialogDiscovered(SecurityKeyDialogInterface dialogInterface,
                                              PivSecurityKey securityKey, PinProvider pinProvider) throws IOException {
        SecurityKeyTlsClientCertificateAuthenticator clientCertificateAuthenticator =
                securityKey.createSecurityKeyClientCertificateAuthenticator(pinProvider);
        SSLContext sslContext = clientCertificateAuthenticator.buildInitializedSslContext();

        // connection with OkHttp
        OkHttpClient httpClient = new OkHttpClient.Builder()
                .sslSocketFactory(sslContext.getSocketFactory())
                .build();
        Request request = new Request.Builder()
                .url("https://tls.hwsecurity.dev")
                .build();
        Response response = httpClient.newCall(request).execute();
    }
}

Complete Guide Full List of Supported Hardware

Learn More

Developer Documentation

Learn about the features of the Hardware Security SDK in detail. The guides, API reference, and example projects will help you get up and running in no time.

View Documentation

Technical Support

If you ever need help, you get direct access to the developers and cryptographers who built the product. Whether you have questions getting started or you want to know how to best integrate SDK features into your app, we’re here to help you find a solution.

Join our Slack channel

Join Matrix room using element.io
There are also other ways of joining the room.

Contact us at
support@hwsecurity.dev.