stackoom
  简体   繁体   中英

External authenticate with tachograph smartcard

 原文  2021-02-24 14:52:49       c#/ smartcard/ smartcard-reader/ pcsc

Question

I'm using C# with a c# library to read out the identification data from tachograph cards.

I only need to read out the unique card ID and can do this with a driver card, I send the correct APDUs to do the trick. I'm now trying to read out the ID of a company card doing the same things, as described in the documentation I could find (ECE/TRANS/SC.1/2006/2 and sub appendixes). This doesn't work.

If I understand the documentation correctly, the problem is that after selecting a DF and an EF after that, the Authentication has to be redone (on a company card only) to read out the unique identification data from the EF. Now, reading the documentation, I can understand I have to use a "manage security environment" to set/request a public key? Then use an "internal authenticate", "get challenge", run an "external authenticate" and finally use a "read binary" to read out the data. But only after setting the logic to the correct EF. Am I correct in this matter?

If I'm correct, does anyone understand where/how I can request the public key from the card? and what algorithm is used to decrypt the challenge using the public key and eventually, what to send back to the card?

If I did not understand it correctly, can anyone explain the steps in authenticating with a tachograph smartcard? Using idiot terms would be appreciated as I'm completely new in this line of work and still trying to learn.

1 answers

solution1
 1 ACCPTED  2021-02-24 16:07:22

I had no detailed look into Tachograph specification for years, but this might help you to start:

  • a challenge is just a random number, you have to encrypt it (symmetric algorithm) or sign it (asymmetric algorithm) by yourself. The appropriate algorithm has to be defined before, since the card has to follow the same rules for checking.
  • external authenticate is far more likely using symmetric cryptography (nobody likes to sign something unknown, which could also be a hash code for a message)
  • there are two standardized modes for retrieving the public key:
    • either as response to a special Generate Asymmetric Key Pair command (there is one, which just reads but does not generate a new key)
    • or in some file to be read using standard READ commands (eg a certificate which has the advantage, that you may check its signature). Which case applies has to be stated in the specification.
  • Manage Security Environment just informs the card, which key to use for a subsequent operation like PSO, giving its Control Reference Template, id and usage qualifier

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SmartCard security, how do you authenticate the certificate as not fake? How to authenticate an HttpClient connection with an external provider (Google) No authentication handler is configured to authenticate for the scheme: Microsoft.AspNet.Identity.External Authenticate external website using previous logged on website asp.net Active Directory smartcard authorization Smartcard Usb Drive Letter Xamarin/Android, SmartCard, BulkTransfer Decryption with PublicKey of Smartcard Certificate Read certificates on Smartcard PrincipalContext with smartcard inserted
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM