ISO 7816-4 Annex F: Use of Secure Messaging
Annex F.1 Abbreviations
For the purpose of this annex, the following abbreviations apply
| CC | Cryptographic checksum |
| CG | Cryptogram |
| CH | Command header (CLA INS P1 P2) |
| CR | Control reference |
| FR | File reference |
| KR | Key reference |
| L | Length |
| PB | Padding bytes (’80’ followed by 0 to k-1 times ’00’ where k is the block length) |
| PI | Padding indicator byte |
| PV | Plain value |
| RD | Response descriptor |
| T | Tag |
| || | Concatenation |
For all the examples, CLA indicates the use of secure messaging by an appropriate value (‘0X’, ‘8X’, ‘9X’ or ‘AX’) where bit b4 of CLA is set to 1 (see table 9 ).
Annex F.2 Use of cryptographic checksums
The use of cryptographic checksums (see 5.6.3.1) is shown for the four cases defined in table 4 and figure 4 .
- Case 1 – No data, no data
Command data field = Tcc||Lcc||CC
Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB
The command of case 1 is transformed into a command of case 3.
- Case 2 – No data, data
Command data field = Tcc||Lcc||CC
Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB
Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC
Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB
- Case 3.a – Data, no data
Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC
Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB
- Case 3.b – Data, no data
Command data field = Tpv1 (b1=0)||Lpv1||PV1||Tpv2 (b1=1)||Lpv2||PV2||Tcc||Lcc||CC
Data covered by CC (b3=1 in CLA) = Data blocks = CH||PB||Tpv (b1=1)||Lpv2||PV2||PB
- Case 4 – Data, data
Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC
Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB
Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC
Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB
Annex F.3 Use of cryptograms
The use of cryptograms (see 5.6.4) is shown with and without padding.
- Case a – Plain data not coded in BER-TLV
Command data field = Tcg||Lcg||PI||CG
Data carried by CG = Data blocks = Non BER-TLV coded data band padding bytes, if indicated in PI.
Annex F.4 Use of control references
The use of control references (see 5.6.5.1 ) is shown.
Command data field = Tcr||Lcr||CR
Where CR = Tfr||Lfr||Tkr||Lkr||KR
Annex F.5 Use of response descriptor
The use of response descriptor (see 5.6.5.1 ) is shown.
Command data field = Trd||Lrd||RD
Where RD = Tpv||’0C’||Tcc||’00’
Response data field = Tpv||Lpv||PV||Tcc||Lcc||CC
Annex F.6 Use of the ENVELOPE command
The use of the ENVELOPE command is shown.
Commad data field = Tcg||Lcg||PI||CG
Data carried by CG = Command APDU starting by CH and padding bytes according to PI
Response data field = Tcg||Lcg||PI||CG
Data carried by CG = Response APDU and padding bytes according to PI
- Easy-to-use chip card integration with .NET library
with C# and VB.NET sample code for Mifare, DESFire EV1, JavaCard, KVK, eGK, SIM, PIV, CAC, HID Prox, iCLASS, SEOS and many more