JAVA Card Application Development (ix) APDU the Mac checksum in the script command

Source: Internet
Author: User

JAVA Card Application Development (ix) APDU the Mac checksum in the script command



The terminal receives 71 or 72 scripts from the background, parses the script instructions, and sends out the cards.
The card executes the script instruction and first verifies that the Mac,mac validation passes before the script is actually executed. Because scripts typically update data, lock/unlock sensitive operations such as apps, you must have a Mac to protect them.


The approximate process for Mac data calculation is:
The issuing bank has a master key. At the time of the card issuing, the issuing bank scattered the master key according to the card number, and the card was given a decentralized key. During the transaction, the issuing bank receives the transaction data containing the card number, obtains the decentralized key according to the card number through the master key, obtains the process key according to the ATC and the decentralized key, encrypts the data using the process key, and obtains the Mac. The card itself has been stored with a decentralized key, in the course of trading, according to ATC and decentralized key, calculate the process key, use the process key to verify the correct Mac.


In my post, TC, ARQC, AAC, and ARPC check modes, you can see how the scatter key and process key are calculated.


Here are two examples:


Scatter key: 8b4f854f0831fbf2635a212e4dddb92a


Example one:
Calculate the process key by the State secret algorithm:
atc:0003
Scatter data: 0000000000000003000000000000FFFC
SM4 encryption Result: b6fa9e085b5773c1e3aa2e4738831f73 (Process key)
For example, a put data script (that is, a loop):
04da9f790a00000010009995fd68f5(four bytes later is Mac data)
Calculate Mac:
04da9f790a + 2-byte ATC + 8-byte application cipher + 17 bytes (command-following content + 80000 ...)
04da9f790a000335304180be2cbd3f0000001000998000000000000000000000 (for this string of data compute Mac, you can get Mac data:95fd68f5)


Example two:
Process key
ATC 0004
Scatter data: 0000000000000004000000000000FFFB
SM4 encryption result, i.e. process key: 836a6e56e99296e68941819eee72a7f7
Script: App Lock
841E000004Af04edd8
Calculate Mac:
841E000004 + 2 bytes ATC + 8 bytes Applied ciphertext + 17 bytes (because there is no subsequent content, directly here is filled into multiples of 16 bytes)
841E0000040004AC0494D24AF1D6B180 (Compute mac for this string of data, get Mac data:Af04edd8)。


Description: "Java Card Application Development" series of blog is I in the process of Learning Java card record, there is a wrong place, please point out.

JAVA Card Application Development (ix) APDU the Mac checksum in the script command

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.