• Registered: 2011-03-26
  • Posts: 1

Topic: ISO7861-4 Extended APDUs (INTERNAL AUTHENTICATE) with DESFire EV 1

Hi @all.

I want to use a DESFire card to encrypt 16B data with an internal stored key.
(No mutual auth, only the Card should be authenticated)

IMHO the ISO7816-4 INTERNAL AUTHENTICATE command  http://www.cardwerk.com/smartcards/smar … x#chap6_13
can be used for that purpose.

As stated in http://ridrix.wordpress.com/2009/09/19/ … n-example/
and http://www.nxp.com/acrobat_download2/ex … DS_N_1.pdf (page 8)
the DESFire EV1 does support that command

I did not found that command used in the libnfc-source (I think you only use native and native-wrapped commands)
but it seems to be used in http://www.springcard.com/support/apido … ml#robo114


I tried to dispatch some ISO7816-4 Commands to the PICC and got responses, but no success with INTERNAL AUTHENTICATE.

CMD-Bytes:

                    byte[] internalAuth = new byte[]{ 
                            0x00,    //CLA    As defined in 5.4.1
                            (byte)0x88,    //INS    '88'  INTERNAL AUTHENTICATE
                            0x00,              //P1    Reference of the algorithm in the card
                            0x00,              //P2    Reference of the secret, see table 65
                            0x10,               //Lc    Length of the subsequent data field
                            
                            0x00,          //Payload, Authentication related data (e.g. challenge)
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,          
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            0x00,
                            
                            0x10        //Le field     Maximum number of bytes expected in response 
                            
                    };

Response

6d 00

according to http://javacard.vetilles.com/2006/09/26 … n-iso7816/
6d means "The instruction code is not supported (usually with XX=00)"

That is nothing I expected,  http://www.cardwerk.com/smartcards/smar … chap6_13_5
lists the response codes for INTERNAL AUTHENTICATE as:

The following specific error conditions may occur. 
SW1='69' with SW2='84': Referenced data invalidated
                  '85': Conditions of use not setisfied
SW1='6A' with SW2='86': Incorrect parameters P1-P2
                  '88': Referenced data not found

Each of that would be fine, but what should I think about 6d, "instruction not supported"?


OK, here are my Questions:
1. What is your opinion about using INTERNAL AUTHENTICATION to challenge/response-sign (arbitrary) 16b data?
2. How can I use ISO-7816-4 APDU's with DESFire (in general)?
3. How to use ISO-7816-4's INTERNAL AUTHENTICATE?

Thanks in advance,
Max