How To Use Extended APDU With Windows SmartCard Framework

StackOverflow https://stackoverflow.com/questions/5492843

  •  14-11-2019
  •  | 
  •  

Вопрос

I am using WinSCard to read an ISO 7816 compliant smart card (to be specific, it's a PIV card). The card has a picture on it that is roughly 12 KB. Right now, I connect in T=1 mode and use the SCardTransmit function to send my GET DATA APDU command followed by a bunch of GET RESPONSE APDU commands. I end up getting all the data off the card, but it takes more than 40 calls to SCardTransmit because I can only get 256 bytes per call. Each call is taking about half a second to complete, so it ends up taking almost 20 seconds to read 12 KB of data.

I think I can do this faster. The NIST spec says that "Retrieval Time for 12.5 kilobytes (KB) of data through the contact interface of the reader shall not exceed 2.0 seconds". The spec makes references to extended length APDU, so I think it is supported, but it's use is not documented. I tried to figure it out, but I can't get it to work.

Here's the current command, which returns 256 bytes with a status of 0x61 0x00, meaning there is more data to get.

new byte[] {
     0x00,               // CLA
     0xCB,               // INS
     0x3F,               // P1
     0xFF,               // P2
     0x05,               // Lc
     0x5C, 0x03,         // Data Field
     0x5F, 0xC1, 0x09,   // ... (Data)
     0x00                // Le
};

Part 5.3.2 of the ISO-7815-4 spec says this about encoding Le:

Case 4E - L= 5 + (B2||B3),(B1)=0 and (B2||B3)=0

  • The Lc field consists of the first 3 bytes where B2 and B3 code Lc (!=0) valued from 1 to 65535
  • B4 to Bl-2 are the Lc bytes of the data field
  • The Le field consists of the last 2 bytes Bl-1 and Bl which code Le valued from 1 to 65536

I took this to mean my command should look this:

new byte[] {
     0x00,               // CLA
     0xCB,               // INS
     0x3F,               // P1
     0xFF,               // P2
     0x00, 0x00, 0x05,   // Lc
     0x5C, 0x03,         // Data Field
     0x5F, 0xC1, 0x09,   // ... (Data)
     0x00, 0x00          // Le
};

But this doesn't work. I get the response code 0x67 0x00, meaning "Wrong length" and no data is retrieved from the card. Ideas?

Это было полезно?

Решение

The extended APDU that you are trying to send is correct, but it is possible that your card does not support extended APDUs. The Java Card version on the card should be above 2.2.2 to be able to send such commands.

Другие советы

For more background information (applies to Windows as well): http://pcsclite.alioth.debian.org/ccid_extended_apdu.html

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top