Here's some really minimal docs on the APDUs that PIV cards use.
There's also 2 example apdu sequences:
1) Read certificate
2) Sign piece of data
--
Thomas Harning Jr.
Authentication Engineer @ Identity Alliance
http://www.trustbearer.com/
For PIN commands: replace p2's 80 with 81 for PUK/SO_PIN
Haven't had a chance to test it or verify that it is real
VerifyPIN: (basically ISO)
Send: 00 20 00 80 (
PIN Bytes padded with FF, max 8
)
ChangePIN: (basically ISO)
Send: 00 24 00 80 (
OldPin Bytes padded with FF, max 8
NewPin ....
)
Recv:
63 XX Invalid PIN
69 83 Blocked
90 XX OK
ReadData:
Send: 00 CB 3F FF
5C (Ber encoded Length+Tagvalue)
Le = 0x00
Length and Tags are in the piv_objects table in the source after the OID
Recv Chained data ASN1 encoded
53 (Ber encoded Length+Data)
Chain is as follows:
(Data + 6100)*
[Data + 61XX] (optional, I think, if the data is evenly rounded)
[Data + 9000]
For the most part, you should always read through all of the data that
is
given.
If you read < 256, then some implementations may reset the index counter
or otherwise break. This puts a limitation on readers.
Example reading a cert: @ Appendix A
WriteData:
While Remaining > 255
Send: 10 DB 3F FF
Remaining data : Max 255 bytes
Send: 00 DB 3F FF
Final Remaining Data : Max 255 bytes
Data Format:
5C (Ber Encoded Length+TagValue) Ber encoded data
Expected tags for certificate data:
71: 1 byte, used for compression information, specs/impl are iffy here
0x80 or 0x01 denote that the cert is compressed
70: variable length, used for actual certificate storage
May be compressed with either zlib or gzip encoding. The
finalized
standard went with gzip encoding (adds extra headers that are
actually
quite useless for the most part)
72: MSCUID
RSACrypt:
While Remaining > 255
Send: 10 87 (mech) (keytag)
Remaining data: Max 255 ...
Send: 00 87 (mech) (keytag)
Remaining data: Max 255
Data Format:
7C (
82: 0 bytes
81: crypt-data
)
Receive: (Same as read-data)
Data Format:
7C (
82: crypted data
)
Example RSA-PKCS sign operation @ Appendix B
== Appendix A ==
card-piv.c:284:piv_general_io: calling sc_transmit_apdu flags=1 le=256,
resplen=20000, resp=0x7fffa0c050f0
card.c:285:sc_lock: called
winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed client: 9
winscard.c:1464:SCardTransmit() Send Protocol: T=1
APDU: 00 CB 3F FF 05 5C 03 5F C1 05 00
ifdhandler.c:894:IFDHTransmitToICC() lun: 0
SW: 53 82 04 85 70 82 04 79 78 DA 33 68 62 DB 61 D0 C4 BA 60 01 33 13 23 13 13
57 E1 A4 CE 55 0C 40 20 EC 68 C0 CB C6 A9 D5 E6 D1 F6 9D 97 91 91 95 95 C1 20
D2 50 D4 40 98 8D 8B 73 92 5A E7 E4 4F 3A 29 8C 92 62 AC 39 F9 C9 89 39 86 0A
06 72 28 C2 02 9E 29 A9 79 25 99 25 95 8E 39 39 99 89 79 C9 A9 86 72 06 32 6C
CC A1 2C CC C2 A2 30 29 05 98 9C 82 B3 A3 A1 81 9C 38 AF 81 B9 81 A1 81 91 91
A1 A9 99 81 49 14 90 6B 81 C4 35 88 25 DF 6A 3E 03 1E 88 D5 AC A1 C5 A9 45 C5
86 42 06 02 10 3E 67 48 6A 71 89 02 48 D0 A0 71 3E B2 5F 19 59 19 98 1B 7B 19
0C 1A 3B 99 1A 1B 19 D6 07 95 E5 3E 5C 50 CF DC B2 AC 5B AA E0 EC B5 1D 57 18
BA 3D 74 4B F3 9B 36 DE C8 F5 A8 CD EC 17 F1 79 EB F0 48 76 E6 94 52 83 F4 90
0F FE 33 DC B7 71 7D 98 7C 27 26 4E 86 E1 B3 CF E1 C9 1F 02 FA 5E 5E 61 00
card.c:285:sc_lock: called
winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed client: 9
winscard.c:1464:SCardTransmit() Send Protocol: T=1
APDU: 00 C0 00 00 00
ifdhandler.c:894:IFDHTransmitToICC() lun: 0
SW: 5E CD 74 C1 2C 78 75 1E D3 DE 1E 99 D3 1F FF 6A AC 08 58 7C FF 9B C1 F9 A2
1B E6 47 A4 1F FE 4A 64 E3 DE FA 2A F1 62 E7 EC CB 76 F5 61 35 AB 1E 7E 32 7C
B3 C7 26 E1 54 F9 8C 3D AB DE 32 3C 58 E8 D0 FD 94 89 99 91 81 71 71 13 0B 83
41 13 F3 1F 03 59 A0 DB 65 F9 58 C4 58 44 E6 2C B1 65 65 59 99 AA 13 91 D6 33
E1 F9 AF A6 84 A8 DE 1A 31 03 79 90 B4 32 8B 84 81 58 83 C8 E9 E9 4B 78 A5 B6
76 07 EF 71 13 7C 65 B9 4B F3 EB 0A EF 50 01 83 26 46 47 90 12 79 96 26 46 0B
20 C7 04 88 0D 16 34 31 EA 00 B1 46 5B E3 85 9C 94 C4 02 2B 7D 7D 7D 67 3F 5B
58 40 AA 1A 19 C0 C2 12 C8 04 46 96 0E 50 32 33 25 51 37 25 3F 37 31 33 4F 17
CC 77 76 09 00 51 01 A5 49 39 99 C9 40 65 DE A9 20 7D C1 A9 45 65 99 C9 A9 C5
20 29 64 B6 73 7E 5E 5A 66 7A 69 51 62 49 66 7E 9E 8E 8B B3 2D 7A A4 61 00
card.c:312:sc_unlock: called
card.c:285:sc_lock: called
winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed client: 9
winscard.c:1464:SCardTransmit() Send Protocol: T=1
APDU: 00 C0 00 00 00
ifdhandler.c:894:IFDHTransmitToICC() lun: 0
SW: 81 C4 C0 F1 6B 9F 9C 5A 54 92 99 96 99 9C 58 92 1A 94 5A 06 14 02 69 F1 C9
2C 2E B1 4F 4A 2C 4E B5 CF 4F CA 4A 4D 2E 71 CE 49 2C 2E B6 4D 0E F2 71 01 4A
14 65 26 95 82 14 05 E4 67 E6 95 B4 05 67 94 94 80 7C 84 EC 60 BD 4C A8 75 89
50 EB F4 C0 76 E9 3B 03 ED 72 CD 2B CA CF C9 D1 C7 E9 79 BD E4 A2 1C 60 98 C5
B1 71 68 B3 01 33 05 3B 23 23 30 24 03 80 22 3E 06 8D 87 61 82 06 4C 6D 8D DB
88 0D 4A 47 4F 47 1A 05 9D A3 33 22 F0 B0 04 17 5C 12 68 92 63 69 49 46 7E 11
D0 18 83 C6 66 24 5F 94 93 17 7A 28 CA D1 1D 08 51 1E 8F 2F 84 4B C0 59 56 56
98 91 F1 3F 0B 93 01 83 01 37 88 C7 CF C2 C2 CC C4 BA C0 C0 86 8D 13 E8 3E 16
C6 26 73 51 76 16 7D 03 5D 36 55 18 97 A3 ED DE 9A C2 A6 D6 56 B3 C6 AF DD 42
AD EF B6 86 B7 FD 35 C9 6E 79 D7 CD D7 78 F9 40 2C 13 63 0A 13 23 AB 61 00
card.c:312:sc_unlock: called
card.c:285:sc_lock: called
winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed client: 9
winscard.c:1464:SCardTransmit() Send Protocol: T=1
APDU: 00 C0 00 00 00
ifdhandler.c:894:IFDHTransmitToICC() lun: 0
SW: 81 26 C8 28 55 16 25 03 05 36 8E 84 36 0F C6 54 66 36 0E 36 2E A8 09 22 4C
4C 30 CF 33 33 19 98 22 2C E2 62 D1 30 50 33 E0 42 68 01 3A 10 49 13 48 06 AE
CD 1A 64 83 20 8B 89 81 D1 02 03 24 45 CC 0B 94 78 14 4A 80 25 4E 29 B0 C0 31
74 C0 1E 2A 06 D2 20 CD 9C 2C 22 06 A0 52 0A 6A 26 27 8B 21 8B 30 53 68 30 5A
71 CC DC C4 C8 C8 60 72 D8 32 F6 CE 2F C9 FB B2 47 76 FC AB DE A4 7F 5B EF F4
2B FE FF 0D 8F BE CE 3A 74 F0 FA CE BD 0A 2C 5A 75 BB 19 26 07 17 17 66 3C 90
7E E1 C5 F0 22 B3 26 E1 BE CD 8D 63 37 EF AA 2C AD 58 53 DD 1A FC D6 8A CB E0
53 8D F1 9A B8 F8 E0 3D 56 6F BD F8 4F 4D 10 09 7D BE AA 64 C7 E7 48 7E A6 AC
8B A9 F2 69 DB 82 94 22 D3 7C A4 EA C4 8C F6 6D 10 D2 D8 F0 FF 20 A3 52 AD E7
4A A1 13 36 CF B4 83 2E BE 98 FD 66 7D E7 BE 4A E3 2B 15 86 19 CA 41 61 89
card.c:312:sc_unlock: called
card.c:285:sc_lock: called
winscard_msg_srv.c:274:SHMProcessEventsContext() correctly processed client: 9
winscard.c:1464:SCardTransmit() Send Protocol: T=1
APDU: 00 C0 00 00 00
ifdhandler.c:894:IFDHTransmitToICC() lun: 0
SW: 56 4C 17 DC 32 0E CC C8 7A 54 70 B2 CB F7 9B 14 D7 4E 7E CE F4 CC 72 56 6D
F6 1B 1B 2F 49 AF E2 3D 11 14 7A F7 A9 D0 8B 5F 69 2D 17 36 B6 3D BD 64 C1 B9
F4 F0 F2 25 FD F1 59 33 8C 5E FE 65 33 DF B2 F5 D4 BC F4 CD 4A EA 8F 6F ED 79
7C 56 BA F7 8F FF F9 C9 7F 56 3C 4B 78 96 F5 3E C5 A7 D5 2C F1 F5 C4 00 4B A1
9A 2C 55 C5 8A 6F 3F 24 B4 4D CF 2D 35 BA 65 E3 7A A9 F6 59 22 00 A0 49 43 45
71 01 80 72 03 49 44 41 90 00
=== Appendix B ===
APDU: 00 87 06 9A 88 7C 81 85 82 00 81 81 80 00 01 FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF 00 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 29 B0 E7 87 82 71 64
5F FF B7 EE C7 DB 4A 74 73 A1 C0 0B C1 00
ifdhandler.c:894:IFDHTransmitToICC() lun: 0
SW: 7C 81 83 82 81 80 A4 DB 59 81 C5 50 EA 74 9A 38 D8 A2 00 61 34 A4 F5 65 E2
24 49 9B FA 9F 3C 2E DC 39 D0 66 A2 87 B8 C6 68 45 60 33 5A E3 72 A7 86 79 AE
AC 63 3F A7 A5 39 1B D1 BD 8E 3B 3A 0B AF FA 5D F8 ED FB 90 17 8D 1F 09 CA 17
71 7C F4 D2 F7 CA 2E 6F 08 B3 61 AD F9 FE 22 7E 12 5E 41 F6 62 A7 68 4B F9 12
BB 47 C0 CA 84 E7 24 B5 3F 08 5C 00 45 27 61 6F 8D 28 0B 50 4A D8 4E 53 B5 32
26 92 65 28 3B 90 00
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
