I'm writing a JAVA-app to access my OpenPGP-Card V2.0. The card terminal im using is a "REINER SCT cyberJack RFID standard" which only supports PC/SC under OSX, and now I want to implement the PC/SC 2.0-command "VERIFY_PIN_DIRECT".
I tried the following control sequence, the bytes after the | are the APDU-bytes (my testing pin is "140396"):
Index: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 | 19 20 21 22 23 24 25 26 27 28 29
Seq 0: 0F 0F 88 86 14 08 04 02 01 09 04 00 00 00 00 0B 00 00 00 | 00 20 00 81 06 FF FF FF FF FF FF
Some important byte meanings (useful doc: http://www.acs.com.hk/download-manual/1207/API-ACR83-1.06.pdf):
Index 02: PIN format options
Index 03: PIN-block format
Index 04: Position of PIN-length information in the APDU-command
Index 15 - 18: APDU-length
Index 19 - end: APDU-command
But if I send this command, I always get 69 82 which means accordingly to the OpenPGP-Card datasheet (PDF):
Security status not satisfied:
PW wrong
PW not checked (command not allowed)
Secure messaging incorrect (checksum and/or cryptogram)
The APDU-command seems to be correct, because if I send the following command 00 20 00 81 06 31 34 30 33 39 36 to the card, the PIN is accepted. So it seems my control-command is wrong. Where is my mistake?
Update:
A working command is:
Index: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 | 19 20 21 22
Seq 0: 0F_0F 02_0F_00 0F_06 02 01 09_04 00 00_00_00 04_00_00_00 | 00 20 00 81
A better value then 0F_06 (at index 05) would be 20_06 because the OpenPGP-Card supports PINs up to a length of 32 chars, but my card terminal complains Invalid Value...
P.S.: The underscores symbolize related bytes and are of course stripped out during parsing.
OpenPGP uses variable length PIN and the PIN block must by popular convention (this case is not covered in the CCID specification) be sent as empty APDU with only the APDU header.
See here for a hint: https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/reader-pcsc.c#L1391
Also, is your app open source? Maybe you want to contribute some CCID control block code which I've not yet written to apdu4j: https://github.com/martinpaljak/apdu4j