On 21/01/14 12:23, Peter Lebbing wrote: > I tried to decode this. ISO 7816-4 is annoyingly expensive to buy
However, I just found out that, being registered as a student at the TU Delft, I can get them for free! \o/ The master I'm doing gives me a registration at multiple universities, and even though I'm studying at the University of Twente, I can still use the facilities of two other universities. > The first apdu "SELECT FILE" seems to request file control information, but > P2=0C is not defined by [1]. The error response by the card is given, as > "Wrong parameter(s) P1-P2" [2]. Hah, the card also doesn't understand P2, I > think. The current ISO 7816-4 defines this first SELECT as "Select MF, DF or EF" identified by the identifier "02 3F" which I could not find. P2 in combination with Le is defined in the current spec, as "No response data". > On to the OpenPGP application. The second APDU is a "SELECT FILE" for the > OpenPGP application, but unfortunately, the card returns 62 85. Which is defined in ISO 7816-9 as "Selected file in termination state", the proper response for a DF that has been terminated with "TERMINATE DF". It seems to me that "DEACTIVATE FILE" would have been more appropriate for the OpenPGP card than "TERMINATE DF", as ISO 7816 defines the latter as a permanent, irreversable action AFAICT. > So I wrote all this, and then tried to find more about "TERMINATE DF". The > reasoning is: normally we select the DF for OpenPGP, and then do a > "TERMINATE DF", right? Selection errors out, so if we could parameterise > "TERMINATE DF" to directly specify the OpenPGP DF, maybe that will work. This parameterisation would in fact be possible under ISO 7816-9, by the way. It would be: scd apdu 00 e6 04 00 06 d2 76 00 01 24 01 Although because of the mixup between "TERMINATE DF" and "ACTIVATE FILE", I think it would be more useful to directly give the DF to "ACTIVATE FILE", which would be: scd apdu 00 44 04 00 06 d2 76 00 01 24 01 Neither command is accepted by the OpenPGP card, though. It only implements the implicitly referenced form where you first "SELECT FILE". Unless I'm making mistakes, obviously. Well, that's it. My curiosity has been satisfied :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
