4

I am able to connect to the card and now I need to verify the PIN but I´m not able to figure out which code should I use to perform the verification

// Verify PIN
//HERE IS WHAT I´M NOT SURE WHAT TO USE - Just an Example
byte[] pin = new byte[] { 0x31, 0x32, 0x33, 0x34, 0xFF, 0xFF, 0xFF, 0xFF };
APDUParam apduParam = new APDUParam();
apduParam.Data = pin;
apduVerifyCHV.Update(apduParam);
apduResp = iCard.Transmit(apduVerifyCHV);

It is a smart card that uses an 7 digits PIN. It is always 7 digits.

**Example:**
{CLA, INS, P1, P2, Lc, b1, b2, b3, b4, b5, b6, b7}

Here I have the basic CLA, INS, P1, P2, LC bytes. Should I set + 3 bytes or 6 bytes for the PIN of 7 digits And shall be the actual PIN or just a 0xFF value

Ex. {CLA, INS, P1, P2, Lc, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF} +7 Bytes

in the spec I found examples for 8 Digits min and max and min 4 and max 12 bytes...

worldofjr
  • 3,868
  • 8
  • 37
  • 49
Guilherme Longo
  • 2,278
  • 7
  • 44
  • 64

1 Answers1

4

This is simpler than I tought...

When PIN uses ASCII format conversion with padding

PIN entered is 1357 (min size =4 and max size=8 digits)

  • • Left justification
  • • Default display behavior for the CCID

  • • The CCID sends to the ICC the command

    CLA INS P1 P2 Lc 31 33 35 37 FF FF FF FF

When PIN uses BCD right justification and control field

PIN entered is 13579 (min size =4 and max size=8 digits)

  • • Right justification. The personal code contains less than 8 digits; therefore, the most significant digits of the eight-digit code must be filled with zeroes.
  • • The frame integrates a specific control field “01” before the PIN conversion.
  • • No messages

  • • The CCID sends to the ICC the command

    CLA INS P1 P2 Lc 01 00 01 35 79

so, all I had to do was to set the proper values. In my case using ASCII method with left justification:

0x00 0x20 0x00 0x01 0x08 0x30 0x31 0x34 0x37 0x34 0x31 0x30 0xFF

3 - refers to the padding

3x - x refers to the actual pin number at a given position (left justification) as I have a PIN of 7 digits the bytes not used shall default to 0xFF

Hope that helps some one

Guilherme Longo
  • 2,278
  • 7
  • 44
  • 64
  • 1
    It is quite uncommon, that the host application has to perform a padding, since typically the valid character set is not restricted and 0xFF would be a legal character. Also the maximum length is not necessarily known outside. If only digits are permitted, ISO 9564 defines some variants. – guidot Mar 31 '13 at 17:21
  • Hi, can anyone provide the reference of standards which has **Verify PIN** and **Verify ADM** commands? Is it in **ETSI** or **ISO** or **3GPP**? – Dr. Essen Nov 09 '17 at 09:10
  • @Ac3_DeXt3R ISO/IEC 7816-4. It's behind a $170 USD paywall. – Space Bear Jun 21 '19 at 13:41