如何在NIST PIV卡上执行VERIFY命令?
[英]How to implement VERIFY command on NIST PIV cards?
问题描述
I must be doing something wrong, but I can't see what. 
我一定做错了,但看不到。
I'm trying to get the VERIFY command to show the number of attempts remaining. 我正在尝试获取VERIFY命令以显示剩余的尝试次数。 (I was trying to enter the PIN as well, but cut back to this when I couldn't get anything to work.) Here's the code fragment that I've been trying: (我也尝试输入PIN,但是当我无法进行任何操作时,请减少此密码。)这是我一直在尝试的代码片段:
for (unsigned int basebyte = 0x00; basebyte != 0x100; basebyte += 0x80) {
for (unsigned char add = 0x01; add != 0x20; ++add) {
smartcard::bytevector_t b;
b.push_back(0x00); // CLA
b.push_back(0x20); // INS
b.push_back(0x00); // P1
b.push_back(basebyte + add); // P2 ("the sensible ranges are 0x01..0x1F and 0x81..0x9F")
//b.push_back(0x00); // Lc field -- length of the following data field
b = card.rawTransmit(b);
if (!card.status()) {
cout << "Received error '" << card.status() << "'" << endl;
} else {
if (b[0] == 0x6a && b[1] == 0x88) {
// "Referenced data not found"
continue;
}
cout << " Attempts remaining (" << std::hex << (basebyte + add) << std::dec << "): ";
cout << std::hex;
for (smartcard::bytevector_t::const_iterator i = b.begin(), ie = b.end();
i != ie; ++i) cout << std::setfill('0') << std::setw(2) << int(*i) << ' ';
cout << std::dec << endl;
}
}
}
The rawTransmit function... rawTransmit函数...
bytevector_t rawTransmit(bytevector_t sendbuffer) {
SCARD_IO_REQUEST pioSendPci, pioRecvPci;
if (mProtocol.value() == SCARD_PROTOCOL_T0) {
pioSendPci = pioRecvPci = *SCARD_PCI_T0;
} else if (mProtocol.value() == SCARD_PROTOCOL_T1) {
pioSendPci = pioRecvPci = *SCARD_PCI_T1;
} else {
std::ostringstream out;
out << "unrecognized protocol '" << mProtocol.str() << "'";
throw std::runtime_error(out.str());
}
DWORD rlen = 256;
bytevector_t recvbuffer(rlen);
mResult = SCardTransmit(mHandle, &pioSendPci, &sendbuffer[0],
DWORD(sendbuffer.size()), &pioRecvPci, &recvbuffer[0], &rlen);
recvbuffer.resize(rlen);
return recvbuffer;
}
( bytevector_t is defined as std::vector<unsigned char> .) ( bytevector_t定义为std::vector<unsigned char> 。)
All the cards using protocol T0 return 0x6a 0x88 ("Referenced data not found") for all P2 values. 对于所有P2值,所有使用协议T0的卡都返回0x6a 0x88(“找不到参考数据”)。 All the cards using T1 do the same, except when P2 is 0x81 -- then they say 0x69 0x84 ("Command not allowed, referenced data invalidated"). 除P2为0x81时,所有使用T1的卡都执行相同的操作-则它们说0x69 0x84(“命令不允许,引用的数据无效”)。
The cards in question definitely DO have PINs, and I can verify the PIN in the "Security Token Configurator" program provided by the middleware vendor, so I know that the card, reader, and middleware stuff are all working. 有问题的卡肯定有PIN,并且我可以在中间件供应商提供的“安全令牌配置器”程序中验证PIN,因此我知道卡,读取器和中间件都可以工作。
It's probably obvious, but I'm new to smartcard programming. 这可能很明显,但是我是智能卡编程的新手。 Can anyone give me a clue where I'm going wrong? 谁能给我一个提示,我要去哪里错了?
1 个解决方案
解决方案1
2 已采纳 2015-11-03 20:55:48
全局PIN的ID为00 ,PIV卡应用程序的PIN为80 (十六进制),因此您的测试不包括已知的PIV卡的PIN ID。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.