Previous | Table of Contents | Next |
The two cryptographic key files, 000116 and 001116, both have the structure given in Table 5.12.
Byte Number | Description | Sample Values | Interpretation of Sample Values | Comment |
---|---|---|---|---|
1 | Unused | |||
2 | Length of key 0 | 816 | Key 0 is 8 bytes long. | Cryptographic keys can be from 1 to 255 bytes long. |
3 | Algorithm for key 0 | 016 | Use DES with key 0. | |
4-11 | Key 0 | FF16 FF16 FF16 FF16 FF16 FF16 FF16 FF16 | ||
12 | Maximum attempts for key 0 | 0316 | Block key after three successive failed attempts. | |
13 | Remaining attempts for key 0 | 0316 | There are three failures left before the key is blocked. | |
14 | Length of key 1 | 816 | Key 1 is 8 bytes long. | |
15 | Algorithm for key 1 | 016 | Use DES with key 1. | |
16-23 | Key 1 | 4716 4616 5816 4916 3216 5616 7816 4016 | ||
24 | Maximum attempts for key 1 | 0316 | Block key after three sequential failed attempts. | |
25 | Remaining attempts for key 1 | 0316 | There are three failures left before the key is blocked. | |
26 | Length of key 2 | 816 | Key 2 is 8 bytes long. | |
27 | Algorithm for key 2 | 016 | Use DES with key 2. | |
28-35 | Key 2 | FF16 FF16 FF16 FF16 FF16 FF16 FF16 FF16 | ||
36 | Maximum attempts for key 2 | 0316 | Block key after three sequential failed attempts. | |
37 | Remaining attempts for key 2 | 0316 | There are three failures left before the key is blocked. | |
38 | Flag for last key | 016 | There are more keys in this file. | |
Even though you cant read whats in 001116, we will tell you that the content of the transport key file of your Multiflex card is exactly what is in the Sample Values column in Table 5.12. In other words, cryptographic key 1 for the root directory of your 3K Multiflex card is
4716 4616 5816 4916 3216 5616 7816 4016
Adding a PIN file to the Multiflex card will require us to use the Create File command in the root directory, and this in turn requires Authenticated privileges, so we will have to start out by authenticating ourselves. Since we dont think there are any malicious hackers lurking on the serial connection between our laptop and the smart card reader, we will use the Verify Key command rather than the External Authentication command to achieve authenticated status on the card.
With the Verify Key command, we give the key number in the external authentication file that we want to use to authenticate ourselves to the card along with the key itself. Heres the Verify Key command that is sent to the card to achieve Authenticated status:
CLS | INS | P1 | Key Number | Key Length | Key |
---|---|---|---|---|---|
F016 | 2A16 | 0016 | 0116 | 0816 | 4716 4616 |
5816 4916 | |||||
3216 5616 | |||||
7816 4016 |
The card responds with
9016 0016
so we know we have successfully logged in.
Now we issue the Create File command to actually create the PIN file:
CLS | INS | Initialize | No. of Recs | Data Length | Unused | Size |
---|---|---|---|---|---|---|
F016 | E016 | 0016 | FF16 | 1016 | FFFF16 | 001716 |
FID | File Type | Access Levels | Status | Length | Access Keys |
---|---|---|---|---|---|
000016 | 0116 | 316F16416 | 0116 | 0316 | 116116F16 |
416F16F16 | F16116116 | ||||
416416 |
Previous | Table of Contents | Next |