如何在Windows SmartCard Framework中使用扩展APDU
[英]How To Use Extended APDU With Windows SmartCard Framework
问题描述
I am using WinSCard to read an ISO 7816 compliant smart card (to be specific, it's a PIV card). 
我正在使用WinSCard来读取符合ISO 7816标准的智能卡(具体来说,它是一张PIV卡)。 The card has a picture on it that is roughly 12 KB. 该卡上有一张大约12 KB的图片。 Right now, I connect in T=1 mode and use the SCardTransmit function to send my GET DATA APDU command followed by a bunch of GET RESPONSE APDU commands. 现在,我以T = 1模式连接并使用SCardTransmit函数发送我的GET DATA APDU命令,然后发送一堆GET RESPONSE APDU命令。 I end up getting all the data off the card, but it takes more than 40 calls to SCardTransmit because I can only get 256 bytes per call. 我最终从卡上获取了所有数据,但是对SCardTransmit的调用超过40次,因为每次调用只能获得256个字节。 Each call is taking about half a second to complete, so it ends up taking almost 20 seconds to read 12 KB of data. 每次调用都需要大约半秒才能完成,因此最终花费大约20秒来读取12 KB的数据。
I think I can do this faster. 我想我可以更快地做到这一点。 The NIST spec says that "Retrieval Time for 12.5 kilobytes (KB) of data through the contact interface of the reader shall not exceed 2.0 seconds". NIST规范称“通过阅读器的接触界面获取12.5千字节(KB)数据的时间不应超过2.0秒”。 The spec makes references to extended length APDU, so I think it is supported, but it's use is not documented. 规范引用了扩展长度的APDU,所以我认为它是受支持的,但它的使用没有记录。 I tried to figure it out, but I can't get it to work. 我试图搞清楚,但我无法让它发挥作用。
Here's the current command, which returns 256 bytes with a status of 0x61 0x00, meaning there is more data to get. 这是当前命令,它返回256个字节,状态为0x61 0x00,这意味着需要获取更多数据。
new byte[] {
0x00, // CLA
0xCB, // INS
0x3F, // P1
0xFF, // P2
0x05, // Lc
0x5C, 0x03, // Data Field
0x5F, 0xC1, 0x09, // ... (Data)
0x00 // Le
};
Part 5.3.2 of the ISO-7815-4 spec says this about encoding Le: ISO-7815-4规范的第5.3.2部分说明了编码Le:
Case 4E - L= 5 + (B2||B3),(B1)=0 and (B2||B3)=0
- The Lc field consists of the first 3 bytes where B2 and B3 code Lc (!=0) valued from 1 to 65535
- B4 to Bl-2 are the Lc bytes of the data field
- The Le field consists of the last 2 bytes Bl-1 and Bl which code Le valued from 1 to 65536
I took this to mean my command should look this: 我认为这意味着我的命令应该是这样的:
new byte[] {
0x00, // CLA
0xCB, // INS
0x3F, // P1
0xFF, // P2
0x00, 0x00, 0x05, // Lc
0x5C, 0x03, // Data Field
0x5F, 0xC1, 0x09, // ... (Data)
0x00, 0x00 // Le
};
But this doesn't work. 但这不起作用。 I get the response code 0x67 0x00, meaning "Wrong length" and no data is retrieved from the card. 我得到响应代码0x67 0x00,意思是“错误的长度”,并且没有从卡中检索数据。 Ideas? 想法?
2 个解决方案
解决方案1
4 已采纳 2011-04-01 12:10:03
The extended APDU that you are trying to send is correct, but it is possible that your card does not support extended APDUs. 您尝试发送的扩展APDU是正确的,但您的卡可能不支持扩展APDU。 The Java Card version on the card should be above 2.2.2 to be able to send such commands. 卡上的Java Card版本应高于2.2.2才能发送此类命令。
解决方案2
0 2011-04-05 14:15:17
有关更多背景信息(也适用于Windows): http : //pcsclite.alioth.debian.org/ccid_extended_apdu.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.