DoD CAC ADPU Commands

Question

I am attempting to allow DoD CAC registration/authentication for a Java application I am writing. I am using the javax.smartcario package to read the card. I can successfully connect and read the GUID. The information I am looking for is the user name that is on the card (LAST.FIRST.M.123456789). I am using the following AID which gives me access to the GUID and certificates:

byte[] aid = {(byte) 0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, 0x10, 0x00};

Is there a different application on the card that houses the user name? Is the username somehow embedded in the certificates? Thanks!

[EDIT]

I am trying to generate a certificate based off the APDU command response but an exception is thrown.

 // X.509 Certificate for PIV auth command
 byte[] apdu = {0x00, (byte)0xCB, 0x3F, 
            (byte)0xFF, 0x05, 0x5C, 0x03, 0x5F, (byte)0xC1, 0x05};
 answer = channel.transmit(new CommandAPDU(apdu));

 CertificateFactory cf = CertificateFactory.getInstance("X.509");
 X509Certificate cert = (X509Certificate)cf.generateCertificate(
                 new ByteArrayInputStream(answer.getBytes()));

Throws the following exception:

java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input

The byte array is not empty. Thanks!

Answer 1

You have to look at both the 0x70 and 0x71 tags.

0x70 has the cert data, and 0x71 tells you the format (an over simplification would be 0 uncompressed and 1 is compressed (gzip))

also the value is likely to be more than a single 255 byte buffer. You will need a few more lines of code before you can have a valid byte[] to pass in the X509 "factory".