JavacardOS will not accept order any more, please contact our partner Feitian online Store:
https://ftsafe.en.alibaba.com/index.html

What is its data field in EXTERNAL AUTHENTICATE command?

Card Products

Moderator: horse dream

mikegigom
Posts: 15
Joined: Fri Nov 27, 2015 1:38 am
Points :101
Contact:

What is its data field in EXTERNAL AUTHENTICATE command?

Post by mikegigom » Thu Dec 10, 2015 5:13 am

If I want to send EXTERNAL AUTHENTICATE command to the card, what is its data field? I have read GP2.1.1, it's hard for me to understand.
I would be greatly thankful if anybody can explain this authentication process simply with details.

User avatar
mabel
Posts: 237
Joined: Mon May 18, 2015 3:09 am
Points :1705
Contact:

Re: What is its data field in EXTERNAL AUTHENTICATE command?

Post by mabel » Thu Dec 31, 2015 2:42 am

The EXTERNAL AUTHENTICATE command is used by the card to authenticate the host and to determine the
level of security required for all subsequent commands.



From the table, you can see the data field sent in the command.
The data field of the command message contains the host cryptogram and the APDU command MAC.
You do not have the required permissions to view the files attached to this post. Please login first.

marcony
Posts: 2
Joined: Mon Mar 29, 2021 1:28 pm
Points :26
Contact:

Re: What is its data field in EXTERNAL AUTHENTICATE command?

Post by marcony » Tue Mar 30, 2021 4:40 am

Hi,

I tried to understand process of external (mutual) authentication, trying to understand how host application is communicating with my national eID card, but still do not understand how to get info, which crypto mechanism and key reference is used in that process. In fact, looking at traffic between card reader and my eID, I can see the following:

1. MSE-Set APDU is sent: 00 22 C1 A4 06 80010c830184
Parsing data field, I found following in ISO7816-4:
Tag80, L=1, Value=0c - Cryptographic mechanism reference (which document describes, which mechanism reference is used, with value 0x0c?)
Tag83, L=1, Value=84 - File and security object references (could be private or public key, or data. Where to find, what 0x84 value refers to)?

So, having no idea, which crypto mechanism is used, and which reference object is used, I am not sure how to write my own code, and authenticate my host application to the card, in order to get access to some DF/EF.

2. Get challenge APDU is sent - it's obvious, that mutual authentication comes. Card sends challenge value (8 bytes).

3. Externa authentication APDU is sent, which relates to mutual authentication: 00 80 00 00 48 <data field>
This is tricky. As I do not have idea, which crypto mechanism is used, and which sec object reference is used, I cannot understand, what 0x48 bytes on data field represent.
Furthermore, if I look in various documentation, I can expect that data field contains cryptogram and MAC. If MAC should be 8 bytes long, it seems that cryptogram in this External Authentication data field is 0x40 bytes long. Which crypto mechanism is used?

I wonder if anyone can point to good documentation, tutorial or similar, that can get answers on this subject.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 4 guests

JavaCard OS : Disclaimer