开发者

How To Use Extended APDU With Windows SmartCard Framework

问答 作者:

I am using WinSCard to read an ISO 7816 compliant smart card (to be specific, it's a PIV card). The card has a picture on it that is roughly 12 KB. Right now, I connect in T=1 mode and use the SCardTransmit function to send my GET DATA APDU command followed by a bunch of GET RESPONSE APDU commands. I end up getting all the data off the card, but it takes more than 40 calls to SCardTransmit because I can only get 256 bytes per call. Each call is taking about half a second to complete, so it ends up taking almost 20 seconds to read 12 KB of data.

I think I can do this faster. The NIST spec says that "Retrieval Time for 12.5 kilobytes (KB) of data through the contact interface of the reader shall not exceed 2.0 seconds". The spec makes references to extended length APDU, so I think it is supported, but it's use is not documented. I tried to figure it out, but I can't get it to work.

Here's the current command, which returns 256 bytes with a status of 0x61 0x00, meaning there is more data to get.

new byte[] {
     0x00,               // CLA
     0xCB,               // INS
     0x3F,               // P1
     0xFF,               // P2
     0x05,               // Lc
     0x5C, 0x03,         // Data Field
     0x5F, 0xC1, 0x09,   // ... (Data)
     0x00                // Le
};

Part 5.3.2 of the ISO-7815-4 spec says this about encoding Le:

Case 4E - L= 5 + (B2||B3),(B1)=0 and (B2||B3)=0

  • The Lc field consists of the first 3 bytes where B2 and B3 code Lc (!=0) valued from 1 to 65535
  • B4 to Bl-2 are the Lc bytes of the data field
  • The Le field consists of the last 2 bytes Bl-1 and Bl which code Le valued from 1 to 65536

I took this to mean my command should look this:

new byte[] {
     0x00,               // CLA
     0xCB,               // INS
     0x3F,               // P1
     0xFF,               // P2
     0x00, 0x00, 0x05,   // Lc
     0x5C, 0x03,         // Data Field
     0x5F, 0xC1, 0x09,   // ... (Data)
   开发者_JAVA技巧  0x00, 0x00          // Le
};

But this doesn't work. I get the response code 0x67 0x00, meaning "Wrong length" and no data is retrieved from the card. Ideas?

The extended APDU that you are trying to send is correct, but it is possible that your card does not support extended APDUs. The Java Card version on the card should be above 2.2.2 to be able to send such commands.

For more background information (applies to Windows as well): http://pcsclite.alioth.debian.org/ccid_extended_apdu.html

继续阅读:smartcardwindowswinscard

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9