(OT) ISO 7816 communications defined

Peter Lebbing peter at digitalbrains.com
Wed Jan 22 14:06:34 CET 2014

On 21/01/14 12:23, Peter Lebbing wrote:
> I tried to decode this. ISO 7816-4 is annoyingly expensive to buy

However, I just found out that, being registered as a student at the TU Delft, I
can get them for free! \o/ The master I'm doing gives me a registration at
multiple universities, and even though I'm studying at the University of Twente,
I can still use the facilities of two other universities.

> The first apdu "SELECT FILE" seems to request file control information, but
> P2=0C is not defined by [1]. The error response by the card is given, as
> "Wrong parameter(s) P1-P2" [2]. Hah, the card also doesn't understand P2, I
> think.

The current ISO 7816-4 defines this first SELECT as "Select MF, DF or EF"
identified by the identifier "02 3F" which I could not find. P2 in combination
with Le is defined in the current spec, as "No response data".

> On to the OpenPGP application. The second APDU is a "SELECT FILE" for the 
> OpenPGP application, but unfortunately, the card returns 62 85.

Which is defined in ISO 7816-9 as "Selected file in termination state", the
proper response for a DF that has been terminated with "TERMINATE DF".

It seems to me that "DEACTIVATE FILE" would have been more appropriate for the
OpenPGP card than "TERMINATE DF", as ISO 7816 defines the latter as a permanent,
irreversable action AFAICT.

> So I wrote all this, and then tried to find more about "TERMINATE DF". The 
> reasoning is: normally we select the DF for OpenPGP, and then do a
> "TERMINATE DF", right? Selection errors out, so if we could parameterise
> "TERMINATE DF" to directly specify the OpenPGP DF, maybe that will work.

This parameterisation would in fact be possible under ISO 7816-9, by the way. It
would be:

scd apdu 00 e6 04 00 06 d2 76 00 01 24 01

Although because of the mixup between "TERMINATE DF" and "ACTIVATE FILE", I
think it would be more useful to directly give the DF to "ACTIVATE FILE", which
would be:

scd apdu 00 44 04 00 06 d2 76 00 01 24 01

Neither command is accepted by the OpenPGP card, though. It only implements the
implicitly referenced form where you first "SELECT FILE". Unless I'm making
mistakes, obviously.

Well, that's it. My curiosity has been satisfied :).


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list