我在Gemalto Smard卡上工作,我尝试获取存储在其上的两个证书的内容。为此,我成功发送了几条APDU命令。但是,我从来没有找到证书的内容。
首先,我得到ODF(对象目录文件):
00 A4 00 0C 02 50 31
00 B0 00 00 3C
我得到以下回复:
A0 06 30 04 04 02 70 02 A1 06 30 04 04 02 70 04 A4 06 30 04 04 02 70 05 A7 06 30 04 04 02 70 06 A8 06 30 04 04 02 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00
现在,我获得了CDF(证书目录文件):
00 A4 00 00 02 70 05
00 B0 00 00 E7
我得到以下回复:
30 6D 30 3D 0C 1B 43 65 72 74 69 66 69 63 61 74 20 53 69 67 6E 61 74 75 72 65 20 49 47 43 2D 43 41 03 02 06 40 30 1A 30 06 03 02 07 80 05 00 30 07 03 02 06 40 04 01 C1 30 07 03 02 04 10 04 01 C1 30 22 04 20 34 63 33 38 38 64 34 31 38 65 39 37 33 39 66 61 30 31 34 65 62 66 35 61 39 38 64 31 32 31 36 35 A1 08 30 06 30 04 04 02 B0 01 30 74 30 44 0C 22 43 65 72 74 69 66 69 63 61 74 20 41 75 74 68 65 6E 74 69 66 69 63 61 74 69 6F 6E 20 49 47 43 2D 43 41 03 02 06 40 30 1A 30 06 03 02 07 80 05 00 30 07 03 02 06 40 04 01 C1 30 07 03 02 04 10 04 01 C1 30 22 04 20 66 34 62 66 65 35 35 34 64 37 65 39 35 36 31 38 35 39 61 38 31 62 65 65 66 36 62 35 36 39 32 33 A1 08 30 06 30 04 04 02 B0 02 FF FF 90 00
当我将上述响应从Hexa转换为ASCII(http://www.rapidtables.com/convert/number/hex-to-ascii.htm)时,我可以读取我的两个证书的名称,后跟一个难以理解的字符串。例如:
第一个证书:
证书名称:" Certificat Signature IGC-CA"
难以理解的字符串:4c388d418e9739fa014ebf5a98d12165
第二个证书:
证书名称:" Certificat Authentification IGC-CA"
难以理解的字符串:f4bfe554d7e9561859a81beef6b56923
所以,有了这个,我认为可以获得我的证书的所有内容,但是如何做到这一点?哪些信息包含"难以理解的字符串"?
答案 0 :(得分:3)
您收到的证书目录文件的响应是证书列表(采用DER tag-length-value编码格式)。您可以根据PKCS #15规范中描述的ASN.1表示法对其进行解码:
30 6D
-> x509Certificate PKCS15Object SEQUENCE
30 3D
-> commonObjectAttributes CommonObjectAttributes SEQUENCE
0C 1B
-> label Label UTF8String
43 65 72 74 69 66 69 63 61 74 20 53 69 67 6E 61
74 75 72 65 20 49 47 43 2D 43 41
-> "Certificat Signature IGC-CA"
03 02
-> flags CommonObjectFlags BIT STRING
06 40
-> "01------" (private = 0, modifiable = 1)
30 1A
-> accessControlRules SEQUENCE OF AccessControlRule
30 06
-> AccessControlRule SEQUENCE
03 02
-> accessMode AccessMode BIT STRING
07 80
-> "1-------" (read = 1)
05 00
-> SecurityCondition NULL
30 07
-> AccessControlRule SEQUENCE
03 02
-> accessMode AccessMode BIT STRING
06 40
-> "01------" (read = 0, update = 1)
04 01
-> securityCondition.authId Identifier OCTET STRING
C1
30 07
-> AccessControlRule SEQUENCE
03 02
-> accessMode AccessMode BIT STRING
04 10
-> "0001----" (read = 0, update = 0, execute = 0, ??? = 1)
04 01
-> securityCondition.authId Identifier OCTET STRING
C1
30 22
-> classAttributes CommonCertificateAttributes SEQUENCE
04 20
-> iD Identifier OCTET STRING
34 63 33 38 38 64 34 31 38 65 39 37 33 39 66 61
30 31 34 65 62 66 35 61 39 38 64 31 32 31 36 35
}
A1 08
-> typeAttributes [1]
30 06
-> X509CertificateAttributes SEQUENCE
30 04
-> value.indirect.path Path SEQUENCE
04 02
-> path OCTET STRING
B0 01
-> ISO/IEC 7816-4 file identifier "B001"
30 74
-> x509Certificate PKCS15Object SEQUENCE
30 44
-> commonObjectAttributes CommonObjectAttributes SEQUENCE
0C 22
-> label Label UTF8String
43 65 72 74 69 66 69 63 61 74 20 41 75 74 68 65
6E 74 69 66 69 63 61 74 69 6F 6E 20 49 47 43 2D
43 41
-> "Certificat Authentification IGC-CA"
03 02
-> flags CommonObjectFlags BIT STRING
06 40
-> "01------" (private = 0, modifiable = 1)
30 1A
-> accessControlRules SEQUENCE OF AccessControlRule
30 06
-> AccessControlRule SEQUENCE
03 02
-> accessMode AccessMode BIT STRING
07 80
-> "1-------" (read = 1)
05 00
-> SecurityCondition NULL
30 07
-> AccessControlRule SEQUENCE
03 02
-> accessMode AccessMode BIT STRING
06 40
-> "01------" (read = 0, update = 1)
04 01
-> securityCondition.authId Identifier OCTET STRING
C1
30 07
-> AccessControlRule SEQUENCE
03 02
-> accessMode AccessMode BIT STRING
04 10
-> "0001----" (read = 0, update = 0, execute = 0, ??? = 1)
04 01
-> securityCondition.authId Identifier OCTET STRING
C1
30 22
-> classAttributes CommonCertificateAttributes SEQUENCE
04 20
-> iD Identifier OCTET STRING
66 34 62 66 65 35 35 34 64 37 65 39 35 36 31 38
35 39 61 38 31 62 65 65 66 36 62 35 36 39 32 33
A1 08
-> typeAttributes [1]
30 06
-> X509CertificateAttributes SEQUENCE
30 04
-> value.indirect.path Path SEQUENCE
04 02
-> path OCTET STRING
B0 02
-> ISO/IEC 7816-4 file identifier "B002"
因此,此列表为您提供包含实际证书
的文件的文件标识符B001
获取第一个证书(名为“Certificat Signature IGC-CA”)和B002
获取第二个证书(名为“Certificat Authentification IGC-CA”)。然后您可以选择这些文件:
00 A4 00 0C 02 <FILE ID>
并使用READ BINARY命令从文件中读取数据。
答案 1 :(得分:1)
经过多次搜索和各种搜索,我终于成功获得了我的两个证书的内容。事实上,在“难以理解的字符串”中,每个证书都有FID。在我的例子中,路径是“B0 01”和“B0 02”。因此,当我启动以下APDU命令时,我已获得证书的内容:
SELECT FILE:00 A4 00 0C 02 B0 01
获取一个证书的所有内容:
获得回应: 00 B0 00 19 E7 00 B0 01 19 E7 00 B0 02 19 E7 00 B0 03 00 04
不幸的是,我还没有理解CDF回应的含义!
答案 2 :(得分:0)
在所有情况下,您都从相应的文件中读取E7字节,这可能是也可能不是完整的数据。因此,要么您查看SELECT响应数据(为此您必须将P2更改为零并提供LE字节)以找出完整大小,或者只是增加重复读取的起始偏移量,直到出现错误为止。< / p>
注意,存储在卡上的证书是从卡的角度来看的任意数据。因此,您的问题不再是特定于智能卡的问题,而是缺少证书结构的描述。