PACE 期间作为签名终端 (ST) 的非接触式智能卡身份验证失败
我正在尝试访问智能卡的eSign应用程序。如果我理解正确的话,我首先需要在 PACE 期间作为签名终端 (ST) 进行身份验证。 (因为目前如果我尝试选择eSign应用程序,我会发现文件未找到。)
这是我在MSESetAT期间发送的APDU以实现这一点:
0x00 - instruction class
0x22 - instruction code
0xC1 - p1
0xA4 - p2
0x20 - length
0x80 - oid tag
0x0A - oid length
0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x04, 0x02, 0x04 - PACE oid
0x83, 0x01, 0x02 - CAN password id
0x7F, 0x4C - Certificate Holder Authorization Template
0x0E - length
0x06 - oid tag
0x09 - oid length
0x04, 0x00, 0x7F, 0x00, 0x07, 0x03, 0x01, 0x02, 0x03 - id-ST oid (0.4.0.127.0.7.3.1.2.3)
0x53 - tag for data
0x01 - length of data
0x03 - 2 lowest bits set for generating qualified electronic signature, and electronic signature
0x00 - expected response length
我得到的响应是< code>sw1 - 0x6A、sw2 - 0x80 对应于:数据字段中的参数不正确。
但是,如果我将 id-ST oid 与 id-AT oid 交换: 0x04、0x00、0x7F、0x00、0x07、0x03、0x01、0x02、0x02 ,它成功了,我得到了 sw1 - 0x90, sw2 - 0x00
我是否忘记了什么,或者甚至可能无法通过 NFC 实现?
我尝试使用的智能卡是克罗地亚的国民身份证,并且遵循 TR-03110 规范。
I am trying to access eSign application of the smart card. If I understood correctly for that I first need to authenticate as Signature Terminal (ST) during PACE. (Because currently if I try to select eSign application I get file not found.)
This is the APDU I am sending during MSESetAT to achieve that:
0x00 - instruction class
0x22 - instruction code
0xC1 - p1
0xA4 - p2
0x20 - length
0x80 - oid tag
0x0A - oid length
0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x04, 0x02, 0x04 - PACE oid
0x83, 0x01, 0x02 - CAN password id
0x7F, 0x4C - Certificate Holder Authorization Template
0x0E - length
0x06 - oid tag
0x09 - oid length
0x04, 0x00, 0x7F, 0x00, 0x07, 0x03, 0x01, 0x02, 0x03 - id-ST oid (0.4.0.127.0.7.3.1.2.3)
0x53 - tag for data
0x01 - length of data
0x03 - 2 lowest bits set for generating qualified electronic signature, and electronic signature
0x00 - expected response length
The response I get is sw1 - 0x6A, sw2 - 0x80 which corresponds to: Incorrect parameters in the data field.
However, if I swap the id-ST oid with id-AT oid: 0x04, 0x00, 0x7F, 0x00, 0x07, 0x03, 0x01, 0x02, 0x02, it succeeds and I get sw1 - 0x90, sw2 - 0x00
Am I forgetting something or is it maybe not even possible to achieve over NFC?
The smart card I am trying with is a national ID card of Croatia, and I am following TR-03110 specifications.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论