Topic: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1
Hi @all.
I want to use a DESFire card to encrypt 16B data with an internal stored key.
(No mutual auth, only the Card should be authenticated)
IMHO the ISO7816-4 INTERNAL AUTHENTICATE command http://www.cardwerk.com/smartcards/smar … x#chap6_13
can be used for that purpose.
As stated in http://ridrix.wordpress.com/2009/09/19/ … n-example/
and http://www.nxp.com/acrobat_download2/ex … DS_N_1.pdf (page 8)
the DESFire EV1 does support that command
I did not found that command used in the libnfc-source (I think you only use native and native-wrapped commands)
but it seems to be used in http://www.springcard.com/support/apido … ml#robo114
I tried to dispatch some ISO7816-4 Commands to the PICC and got responses, but no success with INTERNAL AUTHENTICATE.
CMD-Bytes:
byte[] internalAuth = new byte[]{
0x00, //CLA As defined in 5.4.1
(byte)0x88, //INS '88' INTERNAL AUTHENTICATE
0x00, //P1 Reference of the algorithm in the card
0x00, //P2 Reference of the secret, see table 65
0x10, //Lc Length of the subsequent data field
0x00, //Payload, Authentication related data (e.g. challenge)
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x00,
0x10 //Le field Maximum number of bytes expected in response
};
Response
6d 00
according to http://javacard.vetilles.com/2006/09/26 … n-iso7816/
6d means "The instruction code is not supported (usually with XX=00)"
That is nothing I expected, http://www.cardwerk.com/smartcards/smar … chap6_13_5
lists the response codes for INTERNAL AUTHENTICATE as:
The following specific error conditions may occur.
SW1='69' with SW2='84': Referenced data invalidated
'85': Conditions of use not setisfied
SW1='6A' with SW2='86': Incorrect parameters P1-P2
'88': Referenced data not found
Each of that would be fine, but what should I think about 6d, "instruction not supported"?
OK, here are my Questions:
1. What is your opinion about using INTERNAL AUTHENTICATION to challenge/response-sign (arbitrary) 16b data?
2. How can I use ISO-7816-4 APDU's with DESFire (in general)?
3. How to use ISO-7816-4's INTERNAL AUTHENTICATE?
Thanks in advance,
Max