CardWerk

ISO 7816 part 4, section..1 2 3 4 5 6 7 8 9 annex.. A B C D E F]

For the latest version of ISO7816 part 4, please contact ISO in Switzerland.

ISO 7816-4 Annex F: Use of Secure Messaging

 

Annex F.1 Abbreviations

For the purpose of this annex, the following abbreviations apply

CCCryptographic checksum
CGCryptogram
CHCommand header (CLA INS P1 P2)
CRControl reference
FRFile reference
KRKey reference
LLength
PBPadding bytes ('80' followed by 0 to k-1 times '00' where k is the block length)
PIPadding indicator byte
PVPlain value
RDResponse descriptor
TTag
||Concatenation

For all the examples, CLA indicates the use of secure messaging by an appropriate value ('0X', '8X', '9X' or 'AX') where bit b4 of CLA is set to 1 (see table 9 ).

Annex F.2 Use of cryptographic checksums

The use of cryptographic checksums (see 5.6.3.1) is shown for the four cases defined in table 4 and figure 4 .

  • Case 1 - No data, no data

    Command data field = Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB

    The command of case 1 is transformed into a command of case 3.

  • Case 2 - No data, data

    Command data field = Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB

    Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB

  • Case 3.a - Data, no data

    Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB

  • Case 3.b - Data, no data

    Command data field = Tpv1 (b1=0)||Lpv1||PV1||Tpv2 (b1=1)||Lpv2||PV2||Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = Data blocks = CH||PB||Tpv (b1=1)||Lpv2||PV2||PB

  • Case 4 - Data, data

    Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB

    Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB

Annex F.3 Use of cryptograms

The use of cryptograms (see 5.6.4) is shown with and without padding.

  • Case a - Plain data not coded in BER-TLV

    Command data field = Tcg||Lcg||PI||CG

    Data carried by CG = Data blocks = Non BER-TLV coded data band padding bytes, if indicated in PI.

Annex F.4 Use of control references

The use of control references (see 5.6.5.1 ) is shown.

Command data field = Tcr||Lcr||CR 
Where CR = Tfr||Lfr||Tkr||Lkr||KR

Annex F.5 Use of response descriptor

The use of response descriptor (see 5.6.5.1 ) is shown.

Command data field = Trd||Lrd||RD 
Where RD = Tpv||'0C'||Tcc||'00'

Response data field = Tpv||Lpv||PV||Tcc||Lcc||CC

Annex F.6 Use of the ENVELOPE command

The use of the ENVELOPE command is shown.

Commad data field = Tcg||Lcg||PI||CG

Data carried by CG = Command APDU starting by CH and padding bytes according to PI

Response data field = Tcg||Lcg||PI||CG

Data carried by CG = Response APDU and padding bytes according to PI