智能卡从 CA 证书中检索公钥
[英]Smart Card Retrieve public key from CA certificate
问题描述
I'm trying to read out a tachograph company smart card.
我正在尝试读取行驶记录仪公司的智能卡。 I can read all data just fine except the identification part.除了识别部分,我可以很好地读取所有数据。 Which is the part I actually need.这是我真正需要的部分。 When I select that DF the security environment is reset and I have to re-authenticate.当我 select 表示 DF 安全环境被重置并且我必须重新进行身份验证时。 This process is described in sub appendix-11 of ECE/TRANS/SC.1/2006/2/Add.1.该过程在 ECE/TRANS/SC.1/2006/2/Add.1 的子附录 11 中进行了描述。 Although this document is a bit hard to understand for me.虽然这份文件对我来说有点难以理解。
In this picture you see the data structure of a tachograph company card.在这张图片中,您可以看到行驶记录仪公司卡的数据结构。 The "AUT" behind the ID part tells you that you need to authenticate. ID 部分后面的“AUT”告诉您需要进行身份验证。
After asking another question on SO and doing a lot of research on how public/private keys are used I think I have some basic understanding on how I should do the authentication.在问了另一个关于 SO 的问题并对如何使用公钥/私钥进行了大量研究之后,我想我对应该如何进行身份验证有了一些基本的了解。 In the documentation, there is also a pretty detailed flow chart on how to get the authentication done.在文档中,还有一个关于如何完成身份验证的非常详细的流程图。 It's to big unfortunately to place here.不幸的是,放在这里太大了。 But I have a question about this part:但我对这部分有一个问题:
Now, I'm counting from the top, downwards.现在,我从上往下数。 So the first top left square is step one, the last bottom left is step 7. The middle section arrows are APDU commands that need to be send to the card, and the right section is the smart card.所以左上角的第一个方块是第一步,左下角的最后一个方块是第七步。中间部分的箭头是需要发送到卡的 APDU 命令,而右边的部分是智能卡。 PK means public key. PK 表示公钥。 CA means certificate authority. CA 表示证书颁发机构。
If you do not know the public keys, you see you need to get both the card and the CA certificate.如果您不知道公钥,您会看到需要同时获得卡和 CA 证书。 I've done that and I can read them from the card.我已经这样做了,我可以从卡上读取它们。 The part I don't understand are step 6 and 7. You see I need to verify the Card CA.C (which is some part of the certificate) with the European Public key.我不明白的部分是第 6 步和第 7 步。您知道我需要使用欧洲公钥验证卡 CA.C(这是证书的一部分)。 Where do I get the European public key and what algorithm is used to decrypt it?我在哪里可以获得欧洲公钥以及使用什么算法来解密它?
EDIT : Is this the Verification process?编辑:这是验证过程吗? And if so, it says to open the sign with the CA public key, How do I get this?如果是这样,它说用 CA 公钥打开标志,我怎么得到这个?
EDIT 2 : I've found the European public key from this link .编辑 2 :我从这个链接中找到了欧洲公钥。 The CAR part of the CA certificate on the card matches the first 8 bytes from the public key.卡上 CA 证书的 CAR 部分与公钥的前 8 个字节匹配。 Meaning it is the correct public key.这意味着它是正确的公钥。 Now If I understand correctly, I need to Open the sign following step three from CSM_019 from the picture above.现在,如果我理解正确,我需要按照上图中 CSM_019 的第三步打开标志。 To open the sign, I need the correct algorithm using the public key I quess?要打开标志,我需要使用我询问的公钥的正确算法吗? Does anyone know what algorithm is used?有谁知道使用什么算法?
1 个解决方案
解决方案1
1 2021-03-03 14:41:44
Step 6: Nothing to decrypt here: You verify the signature, also part of the certificate (Card.CA.C), and if it is correct the contained key (public key of card CA) may be extracted and used for the next step.第 6 步:这里没有要解密的内容:您验证签名,也是证书的一部分 (Card.CA.C),如果正确,则可以提取包含的密钥(卡 CA 的公钥)并用于下一步.
Step 7: You verify the signature of card certificate (made with the card.ca key just retrieved) and if it is correct you now have the public key of the card (with the certainty, that it is correct, otherwise signature would have mismatched).第 7 步:您验证卡证书的签名(使用刚刚检索到的 card.ca 密钥制作),如果正确,您现在拥有卡的公钥(可以肯定,它是正确的,否则签名会不匹配)。
The scheme uses this two-step approach, so that only the Eur.PK public key is needed instead of the keys of all card CAs.该方案使用这种两步法,因此只需要 Eur.PK 公钥,而不需要所有卡 CA 的密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.