CardWerk smarter card solutions

ISO 7816-4: Annex F: Use of Secure Messaging

SmartCard API for .NET

Easy smart card integration with our smart card framework for .NET with C# and VB.NET sample code.

smart card API for C#

Sample code available for KVK, eGK, SIM, PIV, CAC, HID Prox and many more

Get SmartCard API NOW
download smart card API for C#, VB.NET and Visual Studio

ISO 7816 [part 1] [part 2] [part 3] [part4] [section..1 2 3 4 5 6 7 8 9 annex.. A B C D E F]

Annex F: Use of Secure Messaging

Annex F.1 Abbreviations

For the purpose of this annex, the following abbreviations apply

CC Cryptographic checksum
CG Cryptogram
CH Command header (CLA INS P1 P2)
CR Control reference
FR File reference
KR Key reference
L Length
PB Padding bytes ('80' followed by 0 to k-1 times '00' where k is the block length)
PI Padding indicator byte
PV Plain value
RD Response descriptor
T Tag
|| Concatenation

For all the examples, CLA indicates the use of secure messaging by an appropriate value ('0X', '8X', '9X' or 'AX') where bit b4 of CLA is set to 1 (see table 9 ).

Annex F.2 Use of cryptographic checksums

The use of cryptographic checksums (see 5.6.3.1) is shown for the four cases defined in table 4 and figure 4 .

  • Case 1 - No data, no data

    Command data field = Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB

    The command of case 1 is transformed into a command of case 3.

  • Case 2 - No data, data

    Command data field = Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = First and only data block = CH||PB

    Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB

  • Case 3.a - Data, no data

    Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB

  • Case 3.b - Data, no data

    Command data field = Tpv1 (b1=0)||Lpv1||PV1||Tpv2 (b1=1)||Lpv2||PV2||Tcc||Lcc||CC

    Data covered by CC (b3=1 in CLA) = Data blocks = CH||PB||Tpv (b1=1)||Lpv2||PV2||PB

  • Case 4 - Data, data

    Command data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC (b3=0 in CLA) = Data blocks = Tpv (b1=1)||Lpv||PV||PB

    Response data field = Tpv (b1=1)||Lpv||PV||Tcc||Lcc||CC

    Data covered by CC = Data blocks = Tpv (b1=1)||Lpv||PV||PB

Annex F.3 Use of cryptograms

The use of cryptograms (see 5.6.4) is shown with and without padding.

  • Case a - Plain data not coded in BER-TLV

    Command data field = Tcg||Lcg||PI||CG

    Data carried by CG = Data blocks = Non BER-TLV coded data band padding bytes, if indicated in PI.

Annex F.4 Use of control references

The use of control references (see 5.6.5.1 ) is shown.

Command data field = Tcr||Lcr||CR
Where CR = Tfr||Lfr||Tkr||Lkr||KR

Annex F.5 Use of response descriptor

The use of response descriptor (see 5.6.5.1 ) is shown.

Command data field = Trd||Lrd||RD
Where RD = Tpv||'0C'||Tcc||'00'

Response data field = Tpv||Lpv||PV||Tcc||Lcc||CC

Annex F.6 Use of the ENVELOPE command

The use of the ENVELOPE command is shown.

Commad data field = Tcg||Lcg||PI||CG

Data carried by CG = Command APDU starting by CH and padding bytes according to PI

Response data field = Tcg||Lcg||PI||CG

Data carried by CG = Response APDU and padding bytes according to PI

[Home] | [Services] | [Solutions] | [Knowledge Base] | [Search] | [Contact]

Copyright 1999-2016 Jacquinot Consulting, Inc.
All rights reserved. Legal disclaimer Last modified September 17, 2016