EMVTag Series 10-the Public Key Certificate of the issuing bank and the issuing bank of the emvtag Series

EMVTag Series 10-the Public Key Certificate of the issuing bank and the issuing bank of the emvtag Series

Ø 90 issuer's public key (IPK) certificate

L: NCA

-C (conditional): If SDA and DDA are supported

The public key of the CA-authenticated issuer. Used for offline data authentication

 

Ø 9F32 Public Key Index of the issuing bank

L: 1 or 3

-C (conditional): If SDA and DDA are supported

The public key index of the issuing bank, used to verify the static application data of the signature and the IC card Public Key Certificate.

 

Ø 92 remaining public key of the issuing bank

L: NI-NCA + 36

-C (conditional): if necessary

The public key of the issuing bank is not included in the Public Key Certificate of the issuing bank.

 

Ø 8F authentication center Public Key Index

F: B 8

T: 8F

L: 1

-C (conditional): must exist under certain conditions

Used with the RID in SDA or DDA to identify the CA Public Key.

 

 

Note: Use the test CA Public Key with the index number 0x08/0x09/0 x0A/0x0B to issue the card. If your organization wants to use the CA Public Key used in the actual production environment to issue a card, the detection center may not have the public key, and the detection center may ask you for the public key, this may cause unnecessary troubles.

 

 

 Text/Xin Xinyuan Chong  Reprinted please indicate the source http://blog.csdn.net/yxstars/article/details/38405183

 

How to solve RSA algorithm problems in PBOC

The Public Key Certificate of the issuing bank is an RSA key pair generated by the issuing bank. The public key is partly transmitted to the CA. The data obtained by the CA signing the public key information (encrypted with the CA private key) is the Public Key Certificate of the issuing bank.
The process is as follows: the issuing bank sends the following data to the CA
02 // Certificate Format
622800FF // the ID of the issuing bank (3-8 digits at the left of the primary account)
1230 // certificate expiration date
000001 // certificate serial number
01 // hash algorithm ID
01 // ID of the public key algorithm of the issuing bank
80 // length of the public key of the issuing bank
01 // length of the public key index of the issuer
// The complete data of the public key module of the issuing bank is 128 bytes.
Bytes
1766226561f7895ca938ffdf53838e5863e46d11d60b98109125174d7a0df09f
Bytes
Bytes
CA obtains the preceding data and obtains the HASH value of 20 bytes for the HASH operation of the preceding data:
500DC25210B5F2ADDF14429F2A9F3CB781A5717E

Then encrypt the following data with the CA private key
6A // restore the data Header
02 // Certificate Format
622800FF // the ID of the issuing bank (3-8 digits at the left of the primary account)
1230 // certificate expiration date
000001 // certificate serial number
01 // hash algorithm ID
01 // ID of the public key algorithm of the issuing bank
80 // length of the public key of the issuing bank
01 // length of the public key index of the issuer
// The 92-byte data at the leftmost of the public key module of the issuing bank
// (Add the remaining 36-byte Public Key remainder when calculating the hash result, and add the Public Key Index 03)
Bytes
1766226561f7895ca938ffdf53838e5863e46d11d60b98109125174d7a0df09f
AF7C255DDC5A51494D60449B8A7524EE33955363C7CB26CD679A05EB
// The following is the hash result
500DC25210B5F2ADDF14429F2A9F3CB781A5717E

Obtain the Public Key Certificate of the issuing bank:
Bytes
Bytes
Bytes
6f0d1ee0435c69dd4b41e38c9d855a03e194c5321152879375849401bb316166... the remaining full text>

In the public key system using RSA, if the ciphertext c = 10 sent to another user is intercepted, if the public key of this user is e = 5, n = 35, the plaintext content is

This cannot be calculated without a private key!