Smart card : Get certificates content with APDU commands

Question

I works on a Gemalto Smard Card and I try to get the content of two certificates stored on this. For this, I've sent several APDU commands with success. But, I've never found the content of my certificates.

First, I get the ODF (Object Directory File):

00 A4 00 0C 02 50 31
00 B0 00 00 3C

I obtain the following response:

A0 06 30 04 04 02 70 02 A1 06 30 04 04 02 70 04 A4 06 30 04 04 02 70 05 A7 06 30 04 04 02 70 06 A8 06 30 04 04 02 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 00

Now, I get the CDF (Certificate Directory File):

00 A4 00 00 02 70 05
00 B0 00 00 E7

I obtain the following response:

30 6D 30 3D 0C 1B 43 65 72 74 69 66 69 63 61 74 20 53 69 67 6E 61 74 75 72 65 20 49 47 43 2D 43 41 03 02 06 40 30 1A 30 06 03 02 07 80 05 00 30 07 03 02 06 40 04 01 C1 30 07 03 02 04 10 04 01 C1 30 22 04 20 34 63 33 38 38 64 34 31 38 65 39 37 33 39 66 61 30 31 34 65 62 66 35 61 39 38 64 31 32 31 36 35 A1 08 30 06 30 04 04 02 B0 01 30 74 30 44 0C 22 43 65 72 74 69 66 69 63 61 74 20 41 75 74 68 65 6E 74 69 66 69 63 61 74 69 6F 6E 20 49 47 43 2D 43 41 03 02 06 40 30 1A 30 06 03 02 07 80 05 00 30 07 03 02 06 40 04 01 C1 30 07 03 02 04 10 04 01 C1 30 22 04 20 66 34 62 66 65 35 35 34 64 37 65 39 35 36 31 38 35 39 61 38 31 62 65 65 66 36 62 35 36 39 32 33 A1 08 30 06 30 04 04 02 B0 02 FF FF 90 00

When I translate this response above from Hexa to ASCII (http://www.rapidtables.com/convert/number/hex-to-ascii.htm), I can read the name of my two certificates followed by an incomprehensible string. For example:

First certificate:

Name of certificate : "Certificat Signature IGC-CA"

Incomprehensible string : 4c388d418e9739fa014ebf5a98d12165

Second certificate:

Name of certificate : "Certificat Authentification IGC-CA"

Incomprehensible string : f4bfe554d7e9561859a81beef6b56923

So, with that, I think that is possible to get all the content of my certificate, but how to do this? What informations contains the "Incomprehensible string"?

Answer 1

The response that you received for the certificate directory file is a list of certificates (in DER tag-length-value encoded format). You can decode it based on the ASN.1 notation described in the PKCS #15 specification:

30 6D
-> x509Certificate PKCS15Object SEQUENCE
    30 3D
    -> commonObjectAttributes CommonObjectAttributes SEQUENCE
        0C 1B
        -> label Label UTF8String
            43 65 72 74 69 66 69 63  61 74 20 53 69 67 6E 61
            74 75 72 65 20 49 47 43  2D 43 41
            -> "Certificat Signature IGC-CA"
        03 02
        -> flags CommonObjectFlags BIT STRING
            06 40
            -> "01------" (private = 0, modifiable = 1)
        30 1A
        -> accessControlRules SEQUENCE OF AccessControlRule
            30 06
            -> AccessControlRule SEQUENCE
                03 02
                -> accessMode AccessMode BIT STRING
                     07 80
                     -> "1-------" (read = 1)
                05 00
                -> SecurityCondition NULL 
            30 07
            -> AccessControlRule SEQUENCE
                03 02
                -> accessMode AccessMode BIT STRING
                    06 40
                    -> "01------" (read = 0, update = 1)
                04 01
                -> securityCondition.authId Identifier OCTET STRING
                    C1
            30 07
            -> AccessControlRule SEQUENCE
                03 02
                -> accessMode AccessMode BIT STRING
                    04 10
                    -> "0001----" (read = 0, update = 0, execute = 0, ??? = 1)
                04 01
                -> securityCondition.authId Identifier OCTET STRING
                    C1
    30 22
    -> classAttributes CommonCertificateAttributes SEQUENCE
        04 20
        -> iD Identifier OCTET STRING
            34 63 33 38 38 64 34 31  38 65 39 37 33 39 66 61
            30 31 34 65 62 66 35 61  39 38 64 31 32 31 36 35
    }
    A1 08
    -> typeAttributes [1]
        30 06
        -> X509CertificateAttributes SEQUENCE
            30 04
            -> value.indirect.path Path SEQUENCE
                04 02
                -> path OCTET STRING
                    B0 01
                    -> ISO/IEC 7816-4 file identifier "B001"
30 74
-> x509Certificate PKCS15Object SEQUENCE
    30 44
    -> commonObjectAttributes CommonObjectAttributes SEQUENCE
        0C 22
        -> label Label UTF8String
            43 65 72 74 69 66 69 63  61 74 20 41 75 74 68 65
            6E 74 69 66 69 63 61 74  69 6F 6E 20 49 47 43 2D
            43 41
            -> "Certificat Authentification IGC-CA"
        03 02
        -> flags CommonObjectFlags BIT STRING
            06 40
            -> "01------" (private = 0, modifiable = 1)
        30 1A
        -> accessControlRules SEQUENCE OF AccessControlRule
            30 06
            -> AccessControlRule SEQUENCE
                03 02
                -> accessMode AccessMode BIT STRING
                     07 80
                     -> "1-------" (read = 1)
                05 00
                -> SecurityCondition NULL 
            30 07
            -> AccessControlRule SEQUENCE
                03 02
                -> accessMode AccessMode BIT STRING
                    06 40
                    -> "01------" (read = 0, update = 1)
                04 01
                -> securityCondition.authId Identifier OCTET STRING
                    C1
            30 07
            -> AccessControlRule SEQUENCE
                03 02
                -> accessMode AccessMode BIT STRING
                    04 10
                    -> "0001----" (read = 0, update = 0, execute = 0, ??? = 1)
                04 01
                -> securityCondition.authId Identifier OCTET STRING
                    C1
    30 22
    -> classAttributes CommonCertificateAttributes SEQUENCE
        04 20
        -> iD Identifier OCTET STRING
            66 34 62 66 65 35 35 34  64 37 65 39 35 36 31 38
            35 39 61 38 31 62 65 65  66 36 62 35 36 39 32 33
    A1 08
    -> typeAttributes [1]
        30 06
        -> X509CertificateAttributes SEQUENCE
            30 04
            -> value.indirect.path Path SEQUENCE
                04 02
                -> path OCTET STRING
                    B0 02
                    -> ISO/IEC 7816-4 file identifier "B002"

So this list gives you the file identifiers of the files that contain the actual certificates as

• B001 for the first certificate (named "Certificat Signature IGC-CA"), and
• B002 for the second certificate (named "Certificat Authentification IGC-CA").

You can then SELECT those files:

00 A4 00 0C 02 <FILE ID>

and read the data from the file using the READ BINARY command.

Answer 2

After several searches and various, I have finally succeeded to get the content of my two certificates. In fact, in the "incomprehensible string", there is the FID of each certificate. In my example, the path is "B0 01" and "B0 02". So, when I launched the following APDU command, I've obtained the content of my certificate:

SELECT FILE : 00 A4 00 0C 02 B0 01

To Get all content of one certificate :

GET RESPONSE : 00 B0 00 19 E7 00 B0 01 19 E7 00 B0 02 19 E7 00 B0 03 00 04

Unfortunately, I have not yet understood the meaning of the response of the CDF!

Answer 3

In all cases you are reading E7 bytes from the corresponding file, which may or may not be the complete data. So either you look into the SELECT response data (for this you would have to change P2 to zero and provide a LE byte) to find out the full size, or you just increment the start offset for repetitive reads until you get an error.

Note, that a certificate stored on the card is from the card point of view just arbitrary data. So your problem is no longer a smart card specific one, but a missing description of the certificate structure.