-1

I'm sending this apdu command to write data to a smart card:

0xFF, 0xD6, 0x00, 0x01, 0x10, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc,0xc

This is the part of the command where the data is:

 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc, 0xc,0xc

Now how do I go about writing a larger amount of data..? for instance lets say I have a byte array of an image.. how do I write that to the smart card..?

the1.9gpaProgrammer
  • 95
  • 1
  • 10
  • 1
    You might want to have a look [here](https://stackoverflow.com/q/32994936/5128464) (besides using extended APDU if available). Good luck with your project! – vlp Nov 10 '22 at 07:10
  • @vlp I'm sorry but I'm not sure how this link helps.. Maybe Its because I only have a basic understanding of apdu commands.. I was wondering if you could provide an example apdu command that saves a large amount of data to the card? – the1.9gpaProgrammer Nov 10 '22 at 15:58
  • CLA=FF - is forbidden by ISO7816. It means you use not a smart card, but some sort of memory card. Command you send is called Pseudo-APDU. It is designated to reader driver (not to card itself) and driver translates it into special command which memory card can accept. In this case ability to write large amount of data depends on card memory model. – nvf Nov 17 '22 at 07:53

1 Answers1

0

The technical issue is well addressed by the linked question given by @vlp, (rehash: LC has to signal extended length, so it is transmitted as long-indicator 0, hi-lc, lo-lc, followed by command data field, followed by le-high, le-low) so I step a bit back.

The more basic question is: what benefit would you have storing a picture on the smart card? For a passport card surely an image and some fingerprints are useful and the tight access control for reading and modifying the picture (if allowed at all) is an essential property.

But this is a special case. Smart cards are complicated to handle and have neither exactly high communication bandwidth nor storage capacity, so an SD-type memory card may be a more appropriate approach. If security is an issue, you could store the picture in encrypted form in the cloud and use the smart card just for access to the corresponding key.

There are many similar real-world issues, like generating a digital signature over a huge data blob. While the card could compute the hash value and sign it, this approach requires to send the whole blob to the card. Most often, however, the hash is computed outside and the card just computes the signature for performance reasons.

guidot
  • 5,095
  • 2
  • 25
  • 37
  • I'm not really in the position to think existentially about this.. I don't understand how the link @vlp provided helps in this case..? I was hoping you could provide an apdu command that would save a large amount of data to the card... – the1.9gpaProgrammer Nov 10 '22 at 15:56
  • @the1.9gpaProgrammer: If long APDUs are supported (T=1 protocol and existing card support assumed), the command is the same as for short APDU, just the LC specification has to encode a long value, see ISO 7816-4. – guidot Nov 10 '22 at 19:58
  • yes I see from this quote "If LC is present as an extended field, then it will be three bytes in length: byte one will be 00, bytes two and three will contain a 16-bit value representing the length of the data Nc with values between 1 and 65535." but I don't really understand what that would look like in an apdu command "0xFF, 0xD6, 0x00, 0x01, 0x00, (what goes here?), (what goes here?), (long data maybe like a length of 16,000)" – the1.9gpaProgrammer Nov 10 '22 at 20:08