Hi Peter, that depends on the algorithm used for EXTERNAL AUTHENTICATE. Quite typically CardOS uses a Retail-MAC, which is a single DES CBC with IV='00.00.00.00.00.00.00.00' using the left key half applied to all blocks, a decrypt with the right key half and a final encrypt with the left key half applied on the final block (In short: single DES for n-1 blocks, triple DES for last block).
For the Smart Card Shell you could write ---8<------8<------8<------8<------8<------8<------8<------8<------8<--- // // Authenticate against CardOS card // var card = new Card(_scsh3.reader); var crypto = new Crypto(); var key = new Key(); key.setComponent(Key.DES, new ByteString("01010101010101010101010101010101", HEX)); // Get challenge var challenge = card.sendApdu(0x00, 0x84, 0x00, 0x00, 8, [0x9000]); // Crypto.DES_MAC_EMV is a CBC generated Retail-MAC var cipher = crypto.sign(key, Crypto.DES_MAC_EMV, challenge); card.sendApdu(0x00, 0x82, 0x00, 0x81, cipher); print("Card returns " + card.SW.toString(16) + " - " + card.SWMSG); ---8<------8<------8<------8<------8<------8<------8<------8<------8<--- However you will need to know the key value for the authentication key, unless your system uses some way to derive the key from the PIN code (Using SHA-1 for example). This is quite uncommon, so I would assume that the PIN verification is done sometime before authentication takes place (using VERIFY INS=20 APDU). Andreas Peter Koch schrieb: > Hi all! > > I'm trying to do an EXTERNAL AUTHENTICATE against a CardOS 4.01 card. > > Requesting the challenge is easy. But how do I calculate the response? > > Here's an example that I captured with an USB-sniffer: > > APDU 1: 00840000 08, Response 584eb56f6d9f13c5 9000 > APDU 2: 00820081 08 cdddb92642a38d3b, Response 9000 > > Does anybody know how response cdddb92642a38d3b was calculated > from challenge 584eb56f6d9f13c5 using PIN 123456. > > I have already tried stuff like > > echo -en '\x58\x4e\xb5\x6f\x6d\x9f\x13\xc5' |\ > openssl enc -des-ede3-ofb -K 313233343536 -iv 0 |\ > od -tx1 > > with different cyphers. Unfortunately I don't know what IV-value > must be used. Any ideas? > > Peter > _______________________________________________________________ > SMS schreiben mit WEB.DE FreeMail - einfach, schnell und > kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 171 8334920 --------- http://www.cardcontact.de _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel