Previous Table of Contents Next


The two cryptographic key files, 000116 and 001116, both have the structure given in Table 5.12.

Table 5.12. Format of internal and external authentication key files.
Byte Number Description Sample Values Interpretation of Sample Values Comment

1 Unused
2 Length of key 0 816 Key 0 is 8 bytes long. Cryptographic keys can be from 1 to 255 bytes long.
3 Algorithm for key 0 016 Use DES with key 0.
4-11 Key 0 FF16 FF16 FF16 FF16 FF16 FF16 FF16 FF16
12 Maximum attempts for key 0 0316 Block key after three successive failed attempts.
13 Remaining attempts for key 0 0316 There are three failures left before the key is blocked.
14 Length of key 1 816 Key 1 is 8 bytes long.
15 Algorithm for key 1 016 Use DES with key 1.
16-23 Key 1 4716 4616 5816 4916 3216 5616 7816 4016
24 Maximum attempts for key 1 0316 Block key after three sequential failed attempts.
25 Remaining attempts for key 1 0316 There are three failures left before the key is blocked.
26 Length of key 2 816 Key 2 is 8 bytes long.
27 Algorithm for key 2 016 Use DES with key 2.
28-35 Key 2 FF16 FF16 FF16 FF16 FF16 FF16 FF16 FF16
36 Maximum attempts for key 2 0316 Block key after three sequential failed attempts.
37 Remaining attempts for key 2 0316 There are three failures left before the key is blocked.
38 Flag for last key 016 There are more keys in this file.

Even though you can’t read what’s in 001116, we will tell you that the content of the transport key file of your Multiflex card is exactly what is in the Sample Values column in Table 5.12. In other words, cryptographic key 1 for the root directory of your 3K Multiflex card is

4716 4616 5816 4916 3216 5616 7816 4016

Creating a PIN File and Updating the External Authentication Key File

Adding a PIN file to the Multiflex card will require us to use the Create File command in the root directory, and this in turn requires Authenticated privileges, so we will have to start out by authenticating ourselves. Since we don’t think there are any malicious hackers lurking on the serial connection between our laptop and the smart card reader, we will use the Verify Key command rather than the External Authentication command to achieve authenticated status on the card.

With the Verify Key command, we give the key number in the external authentication file that we want to use to authenticate ourselves to the card along with the key itself. Here’s the Verify Key command that is sent to the card to achieve Authenticated status:

CLS INS P1 Key Number Key Length Key

F016 2A16 0016 0116 0816 4716 4616
5816 4916
3216 5616
7816 4016

The card responds with

9016 0016

so we know we have successfully logged in.

Now we issue the Create File command to actually create the PIN file:

CLS INS Initialize No. of Recs Data Length Unused Size

F016 E016 0016 FF16 1016 FFFF16 001716
FID File Type Access Levels Status Length Access Keys

000016 0116 316F16416 0116 0316 116116F16
416F16F16 F16116116
416416


Previous Table of Contents Next