Reputation: 191
Pin verification for Gemalto .net smart card using c#
I am trying to verify and change pin of gemalto .net card using c#. But when i tried to verify, using -
byte cla_verify = 0;
byte p2_pinReference = 0x80;
CardCommandAPDU quickVerify = new CardCommandAPDU(cla_verify, 0x20, 0x00, p2_pinReference, CardHex.ToByteArray("FFFFFFFFFFFFFFFF"));
CardResponseAPDU aRespAPDU = aCard.SendCommand(quickVerify);
it is returning -SW 27033 (RSP 6999).
Any idea. Whats wrong I am doing?
Upvotes: 1
Views: 2902
Answers (4)
Reputation: 590
You want to verify PIN sending APDU, right. Lookup for document IDPrime .NET Smart Card - Integration Guide (APDU Encoding and Hivecodes). According to this document APDU for method verifyPIN (see Table 16 - Hivecodes for V5) should looks like this (example for role USER = 0x01 and PIN=1234) for:
80C200001BD800056F00C04B4E7FBD506B00044D53434D010000000431323334
Explanation:
APDU = APDU Header + APDU Payload
APDU Header is equal 80C20000 1B where:
- 80C20000 - always the same
- 1B (hex) - 27 (decimal) is 1 byte payload length.
APDU Payload is equal D8 0005 6F 00C04B4E 7FBD 506B 0004 4D53434D 01 00000004 31323334 where:
- D8 - nothing to change
- 0005 - Service Port Number (2 bytes)
- 6F - nothing to change
- 00C04B4E - Service Namespace Hivecode (4 bytes)
- 7FBD - Service Type Hivecode (2 bytes)
- 506B - Method Hivecode which is 506B for VeryfiyPin method (see doc)
- 0004 - Service Name length (0004)
- 4D53434D - UTF8 encoded Service Name (service name - MSCM (4D53434D))
- 01 - User role (USER = 0x01, ADMIN = 0x02, EVERYONE = 0x03)
- 00000004 - data size (PIN length in this case equals 4)
- 31323334 - hex value of PIN = 1234
If PIN is correct You should get 9000 in response.
Another example for PIN = 12345:
80C200001CD800056F00C04B4E7FBD506B00044D53434D01000000053132333435
Upvotes: 0
Reputation: 4504
PIN verification is explained here. You can try this code instead of yours. Looks good to me.
Upvotes: 0
Reputation: 5333
Note, that while your PIN reference states a specific reference, the identifier zero from P2 means: "card shall know the addressed PIN". This may require additional previously sent commands like Manage Security ENvironment in the SET mode, or a certain security environment object or similar. Especially for the following Change Reference Data I would recommend to state the ID explicitly.
Upvotes: 1
Reputation: 4047
Status Word 69XX means: Command not allowed.
I have looked at NETSmartcardFramework.chm provided inside the NET Smartcard Framework SDK. There is no clue what CLA, INS, P1, dan P2, and Lc to be used. Instead, the PIN verification is already wrapped into PIN Class.
To verify a PIN value you can use
// PIN Class members
// PIN.Verify Method
public void Verify(byte[],int,int);
public void Verify(string);
But before that you need to initialize the PIN using constructor PIN(byte[],int,int,int) or PIN(string,int) and do checking if the PIN isBlocked() or isVerified().
Some interesting articles and guides:
- Building Your Own Security Application with the Gemalto .NET Smart Card V2
- Gemalto .NET v2/v2+ Smart Card User Guide
Upvotes: 1
Related Questions
- C# smartcards programming
- Setting smartcard PIN programmatically using GetRSAPrivateKey and .net core
- Gemalto ID Bridge CT-40 with VB.NET
- How to read serial number of a Gemalto smart card?
- How to send a PIN verification CODE to a smartcard using APDU - Using .NET
- Smart card authorization in web form
- Error 6 when connecting Gemalto smart card
- Smart Card Authentication with ASP.NET
- Verify windows log-in via smart card
- Smartcard authentication for .NET