堆栈内存溢出
  简体   繁体   English

ISO 7816 如何多次使用Calculate Signature Command APDU

[英]ISO 7816 How to Use Calculate Signature Command APDU Multiple Times

 原文  2022-04-25 08:32:42       digital-signature/ smartcard/ apdu/ iso-7816-4

问题描述

I do the following steps for signing a single data with a smart card with the ISO7816 standard.我执行以下步骤,使用符合 ISO7816 标准的智能卡对单个数据进行签名。

  1. Select MF Select 中频
  2. Select DF Select 东风
  3. Verify Pin验证密码
  4. Manage security environment管理安全环境
  5. Compute digital signature计算数字签名

If I want to sign multiple data then I follow these steps:如果我想签署多个数据,那么我会按照以下步骤操作:

  1. Select MF Select 中频
  2. Select DF Select 东风
  3. Verify Pin验证密码
  4. Manage security environment管理安全环境
  5. Compute digital signature 1计算数字签名 1
  6. Verify Pin验证密码
  7. Manage security environment管理安全环境
  8. Compute digital signature 2计算数字签名 2
  9. Verify Pin验证密码
  10. Manage security environment管理安全环境
  11. Compute digital signature 3计算数字签名 3

Do i have to do VerifyPin and manage security environment steps everytime?我是否必须每次都执行 VerifyPin 和管理安全环境步骤?

If I try these steps:如果我尝试这些步骤:

  1. Select MF Select 中频
  2. Select DF Select 东风
  3. Verify Pin验证密码
  4. Manage security environment管理安全环境
  5. Compute digital signature 1计算数字签名 1
  6. Compute digital signature 2计算数字签名 2

I'm getting 69 82 (Security condition not satisfied.) in step 6.我在第 6 步中收到 69 82(不满足安全条件。)。

1 个解决方案

解决方案1
 1 已采纳  2022-04-28 08:53:39

What you are describing is the concept typically called bulk signature .您所描述的是通常称为bulk signature的概念。 It is supported by some cards, but most likely this requires a modification of the personalization sequence used to setup the card before issuance or a different ordering option.某些卡支持它,但这很可能需要在发行前修改用于设置卡的个性化序列或不同的订购选项。 The more secure standard behavior (as you observe in the example) is, that the acquired access right is exhausted by the signing process.更安全的标准行为(如您在示例中观察到的那样)是,所获得的访问权限已被签名过程耗尽。

There are serious legal obstacles, since digital signatures are considered as a willful act , so imply that you were aware of what you signed and intended to do so by entering the PIN.存在严重的法律障碍,因为数字签名被认为是一种故意行为,因此暗示您知道您签署的内容并打算通过输入 PIN 这样做。 Under conditions asking for a bulk signature , typically considerable organizational security provisions have to be supplemented to the environment, so a doctor, who intends to sign electronic prescriptions, has to make plausible, that the card reader is under his/her continuous supervision.在要求批量签名的情况下,通常必须为环境补充相当多的组织安全规定,因此打算签署电子处方的医生必须证明读卡器处于他/她的持续监督之下。

There are more restricted forms of bulk signature, where the PIN has not to be entered every time, but eg every 10th time, since the unlimited signature capability is too dangerous.批量签名限制较多的是forms,PIN码不是每次都要输入,比如每10次输入一次,无限的签名能力太危险了。

Just to clarify this: if a card is hardwired for single signature per PIN entry, there is nothing an application can do to achieve bulk signature instead.只是为了澄清这一点:如果一张卡被硬连线用于每个 PIN 条目的单一签名,则应用程序无法执行任何操作来实现批量签名。

Summarized: While a PIN entry proves the presence of the legitimate card holder, this is insufficent for the willful act aspect of digital signatures.总结:虽然 PIN 条目证明了合法持卡人的存在,但这对于数字签名的故意行为方面是不够的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在响应APDU中发送签名数据-Java卡 - Sending signature data in response APDU - Java Card (智能卡)APDU命令进行签名 - (Smart Card) APDU Command to sign itextsharp 在不同时间签署多个数字签名 - itextsharp signing multiple digital signature at different times 如何使用NTRU进行签名? - How to use NTRU for signature? XML签名:如何计算摘要值? - XML Signature: How to calculate the digest value? 如何使用EVP_Sign函数计算签名 - How to calculate a signature with EVP_Sign functions PDFBox多重签名给无效签名Java - PDFBox multiple signature giving invalid signature Java 用什么? 电子签名? - What to use? Digital signature? 多重签名不起作用 - Multiple signature not working Google/Tink:如何使用公钥验证签名 - Google/Tink: How use public key to verify signature
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM