Page 1 of 1
What is its data field in EXTERNAL AUTHENTICATE command?
Posted: Thu Dec 10, 2015 5:13 am
by mikegigom
If I want to send EXTERNAL AUTHENTICATE command to the card, what is its data field? I have read GP2.1.1, it's hard for me to understand.
I would be greatly thankful if anybody can explain this authentication process simply with details.
Re: What is its data field in EXTERNAL AUTHENTICATE command?
Posted: Thu Dec 31, 2015 2:42 am
by mabel
The EXTERNAL AUTHENTICATE command is used by the card to authenticate the host and to determine the
level of security required for all subsequent commands.
From the table, you can see the data field sent in the command.
The data field of the command message contains the host cryptogram and the APDU command MAC.
Re: What is its data field in EXTERNAL AUTHENTICATE command?
Posted: Tue Mar 30, 2021 4:40 am
by marcony
Hi,
I tried to understand process of external (mutual) authentication, trying to understand how host application is communicating with my national eID card, but still do not understand how to get info, which crypto mechanism and key reference is used in that process. In fact, looking at traffic between card reader and my eID, I can see the following:
1. MSE-Set APDU is sent: 00 22 C1 A4 06 80010c830184
Parsing data field, I found following in ISO7816-4:
Tag80, L=1, Value=0c - Cryptographic mechanism reference (which document describes, which mechanism reference is used, with value 0x0c?)
Tag83, L=1, Value=84 - File and security object references (could be private or public key, or data. Where to find, what 0x84 value refers to)?
So, having no idea, which crypto mechanism is used, and which reference object is used, I am not sure how to write my own code, and authenticate my host application to the card, in order to get access to some DF/EF.
2. Get challenge APDU is sent - it's obvious, that mutual authentication comes. Card sends challenge value (8 bytes).
3. Externa authentication APDU is sent, which relates to mutual authentication: 00 80 00 00 48 <data field>
This is tricky. As I do not have idea, which crypto mechanism is used, and which sec object reference is used, I cannot understand, what 0x48 bytes on data field represent.
Furthermore, if I look in various documentation, I can expect that data field contains cryptogram and MAC. If MAC should be 8 bytes long, it seems that cryptogram in this External Authentication data field is 0x40 bytes long. Which crypto mechanism is used?
I wonder if anyone can point to good documentation, tutorial or similar, that can get answers on this subject.
