Search code examples
androidemv

EMV - Generate AC - Authenticate Code

I'm developing a Mobile POS Application on Android with ISO 14443 cards and I am facing a rather important problem.

At the moment, I can read all the public data from the card by sending all the correct APDU commands through IsoDep.transceive

I currently have to deal with the CDOL1, in particular with the Data Authenticate Code Here are three CDOL I gather from testing cards:

9F0206 9F0306 9F1A02 9505 5F2A02 9A03 9C01 9F3704 9F3501 9F4502 9F4C08 9F3403

9F0206 9F0306 9F1A02 9505 5F2A02 9A03 9C01 9F3704 9F3501 9F4502 9F4C08 9F3403 9F2103 9F4005

9F0206 9F0306 9F1A02 9505 5F2A02 9A03 9C01 9F3704 9F3501 9F4502 9F4C08 9F3403 9F5301

EMV Book 2 says :

In order to obtain the Recovered Data specified in Table 7, apply the recovery function specified in Annex A2.1 on the Signed Static Application Data using the Issuer Public Key in conjunction with the corresponding algorithm. If the Recovered Data Trailer is not equal to 'BC', SDA has failed.

I know that the first step before decrypting the Recovered Data is to get the Issuer Public Key (with the RID, five first bytes of AID, and the Certificate Authority Public Key Index) then use it with the recovery function to decrypt the Signed Application Data.

So my questions are :

  1. How do I get this Issuer Public Key with RID and Public Key Index ?

  2. Can anyone help me understand this recovery function in order to develop a function or is there any existing function in Java to do it ?

PS : In the case of an existing function, I'd also like an explanation if possible ^^

Solution 
  • How do I get this Issuer Public Key with RID and Public Key Index ?

    In Real scenario, Issuer send the Self sign certificate to CA , and in revert CA gives certificate along with its public key - CA PUBLIC KEY.

    same public key is stored in terminal.

    When terminal read the AFL data of EMV card, it read Tag 90 - Issuer Public Key Certificate and Decrypt it with using stored CA public key,

    It gives Issuer public key to terminal and then terminal use issuer public key accordingly.

    hope this helps to understand certificate concept of EMV.