Constructed data objects on the OpenPGP card

Achim Pietig achim at pietig.com
Fri Sep 22 17:28:13 CEST 2017


Hi Fabian,

a GET DATA command returns only the content of a DO, the given Tag (e. g. 6E) in P1/P2 is never present in the answer of GET DATA.
The meaning of the sentence "Constructed DOs (C, marked yellow) are returned including their tag and length" relates only to the Sub-Tags under the main Tag 6E - I see that this may not be clearly
enough. I added this to separate the "normal" behaviour of GET DATA from variants that read a tag or data list - in that case only the contents of all sub-tags are returned in a sequence without
tag/lenght.

Regards
Achim


Am 22.09.2017 um 15:46 schrieb Fabian Henneke via Gnupg-devel:
> Hi,
> 
> in the process of developing Chrome/Chromium extensions that support decryption and authentication using OpenPGP cards, I may have found an aspect in which the OpenPGP smart card (the physical device)
> deviates from the OpenPGP card specification (https://g10code.com/docs/openpgp-card-2.1.pdf). As it is very well possible that either my interpretation of the spec or my implementation are at fault, I
> would like to obtain confirmation in this way.
> 
> The OpenPGP card specification in version 2.1 says in Section 4.3.1, "DOs for GET DATA": "Constructed DOs (C, marked yellow) are returned including their tag and length.". I take this to mean that if
> for example I were to send a GET DATA request for the Application Related Data (Tag 6E), I would expect to see a single constructed tag 6E in the TLV-encoded response, which then contains as its value
> a list of the subtags of this constructed tag (e.g. the Application Identifier and PW Status Bytes). I found this interpretation to be consistent with some implementations of the OpenPGP applet (for
> example on Yubikeys). 
> A log of the communication with the card that a user with an OpenPGP smart card (the physical device, version 2.1) sent me shows that it exhibits a different behavior: All the "subtags" of constructed
> tag 6E are returned sequentially as a list of tags with no encompassing 6E tag.
> 
> I would be grateful for any confirmation of the general structure of constructed tags I should expect as responses to GET DATA requests. I have ordered an OpenPGP smart card and will also conduct my
> own experiments.
> 
> Fabian
> 
> 
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
> 



More information about the Gnupg-devel mailing list