如何将扩展 APDU 与 Windows 智能卡框架结合使用
我正在使用 WinSCard 读取符合 ISO 7816 标准的智能卡(具体来说,它是 PIV 卡)。该卡上有一张大约 12 KB 的图片。现在,我以 T=1 模式进行连接,并使用 SCardTransmit 函数发送 GET DATA APDU 命令,后跟一堆 GET RESPONSE APDU 命令。我最终从卡上获取了所有数据,但需要 40 多次调用 SCardTransmit,因为每次调用只能获取 256 字节。每个调用大约需要半秒才能完成,因此最终需要近 20 秒才能读取 12 KB 的数据。
我想我可以做得更快。 NIST 规范规定“通过阅读器接触式接口检索 12.5 KB 数据的时间不得超过 2.0 秒”。该规范引用了扩展长度 APDU,因此我认为它是受支持的,但它的使用没有记录。我试图弄清楚它,但我无法让它发挥作用。
这是当前命令,它返回 256 字节,状态为 0x61 0x00,这意味着还有更多数据需要获取。
new byte[] {
0x00, // CLA
0xCB, // INS
0x3F, // P1
0xFF, // P2
0x05, // Lc
0x5C, 0x03, // Data Field
0x5F, 0xC1, 0x09, // ... (Data)
0x00 // Le
};
ISO-7815-4 规范的第 5.3.2 部分对于 Le 编码有这样的规定:
情况 4E - L= 5 + (B2||B3),(B1)=0 且 (B2||B3)=0
- Lc 字段由前 3 个字节组成,其中 B2 和 B3 代码为 Lc (!=0) 值从 1 到 65535
- B4到Bl-2是数据字段的Lc字节
- Le 字段由最后 2 个字节 Bl-1 和 Bl 组成,其中代码 Le 值 从 1 到 65536
我认为这意味着我的命令应该如下所示:
new byte[] {
0x00, // CLA
0xCB, // INS
0x3F, // P1
0xFF, // P2
0x00, 0x00, 0x05, // Lc
0x5C, 0x03, // Data Field
0x5F, 0xC1, 0x09, // ... (Data)
0x00, 0x00 // Le
};
但这不起作用。我收到响应代码 0x67 0x00,意思是“长度错误”,并且没有从卡中检索到数据。有想法吗?
I am using WinSCard to read an ISO 7816 compliant smart card (to be specific, it's a PIV card). The card has a picture on it that is roughly 12 KB. Right now, I connect in T=1 mode and use the SCardTransmit function to send my GET DATA APDU command followed by a bunch of GET RESPONSE APDU commands. I end up getting all the data off the card, but it takes more than 40 calls to SCardTransmit because I can only get 256 bytes per call. Each call is taking about half a second to complete, so it ends up taking almost 20 seconds to read 12 KB of data.
I think I can do this faster. The NIST spec says that "Retrieval Time for 12.5 kilobytes (KB) of data through the contact interface of the reader shall not exceed 2.0 seconds". The spec makes references to extended length APDU, so I think it is supported, but it's use is not documented. I tried to figure it out, but I can't get it to work.
Here's the current command, which returns 256 bytes with a status of 0x61 0x00, meaning there is more data to get.
new byte[] {
0x00, // CLA
0xCB, // INS
0x3F, // P1
0xFF, // P2
0x05, // Lc
0x5C, 0x03, // Data Field
0x5F, 0xC1, 0x09, // ... (Data)
0x00 // Le
};
Part 5.3.2 of the ISO-7815-4 spec says this about encoding Le:
Case 4E - L= 5 + (B2||B3),(B1)=0 and
(B2||B3)=0
- The Lc field consists of the first 3 bytes where B2 and B3 code Lc (!=0)
valued from 1 to 65535- B4 to Bl-2 are the Lc bytes of the data field
- The Le field consists of the last 2 bytes Bl-1 and Bl which code Le valued
from 1 to 65536
I took this to mean my command should look this:
new byte[] {
0x00, // CLA
0xCB, // INS
0x3F, // P1
0xFF, // P2
0x00, 0x00, 0x05, // Lc
0x5C, 0x03, // Data Field
0x5F, 0xC1, 0x09, // ... (Data)
0x00, 0x00 // Le
};
But this doesn't work. I get the response code 0x67 0x00, meaning "Wrong length" and no data is retrieved from the card. Ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您尝试发送的扩展 APDU 是正确的,但您的卡可能不支持扩展 APDU。卡上的 Java Card 版本应高于 2.2.2 才能发送此类命令。
The extended APDU that you are trying to send is correct, but it is possible that your card does not support extended APDUs. The Java Card version on the card should be above 2.2.2 to be able to send such commands.
再试一次。
新字节[] {
0x00,//CLA
0xCB, // INS
0x3F // P1
0xFF, // P2
0x05, // LC
0x5C, 0x03, // 数据字段
0x5F、0xC1、0x09、//...(数据)
0x00, 0x00 // 乐
}
Try again.
new byte[] {
0x00, // CLA
0xCB, // INS
0x3F, // P1
0xFF, // P2
0x05, // Lc
0x5C, 0x03, // Data Field
0x5F, 0xC1, 0x09, // ... (Data)
0x00, 0x00 // Le
}