智能卡从CA证书中检索公钥 [英] Smart Card Retrieve public key from CA certificate
问题描述
我正在尝试读出行车记录仪公司的智能卡.除了识别部分,我可以读取所有数据.这是我真正需要的部分.当我选择该DF时,将重置安全环境,并且我必须重新进行身份验证.该过程在ECE/TRANS/SC.1/2006/2/Add.1的附录11中进行了描述.尽管这份文件对我来说有点难以理解.
I'm trying to read out a tachograph company smart card. I can read all data just fine except the identification part. Which is the part I actually need. When I select that DF the security environment is reset and I have to re-authenticate. This process is described in sub appendix-11 of ECE/TRANS/SC.1/2006/2/Add.1. Although this document is a bit hard to understand for me.
在这张照片中,您可以看到行车记录仪公司名片的数据结构."AUT"指的是"AUT".ID部分后面的内容告诉您您需要进行身份验证.
In this picture you see the data structure of a tachograph company card. The "AUT" behind the ID part tells you that you need to authenticate.
问了关于SO的另一个问题后,就进行了
After asking another question on SO and doing a lot of research on how public/private keys are used I think I have some basic understanding on how I should do the authentication. In the documentation, there is also a pretty detailed flow chart on how to get the authentication done. It's to big unfortunately to place here. But I have a question about this part:
现在,我从上往下数.因此,第一个左上角的方块是第一个步骤,最后一个左下角的方块是第7步.中间部分的箭头是需要发送到卡的APDU命令,而右边的部分是智能卡.PK表示公钥.CA表示证书颁发机构.
Now, I'm counting from the top, downwards. So the first top left square is step one, the last bottom left is step 7. The middle section arrows are APDU commands that need to be send to the card, and the right section is the smart card. PK means public key. CA means certificate authority.
如果您不知道公共密钥,则会看到需要同时获得卡和CA证书.我已经做到了,我可以从卡中读取它们.我不了解的部分是第6步和第7步.您看到我需要使用欧洲公共密钥来验证Card CA.C(这是证书的一部分).在哪里可以获取欧洲公共密钥,以及使用什么算法对其进行解密?
If you do not know the public keys, you see you need to get both the card and the CA certificate. I've done that and I can read them from the card. The part I don't understand are step 6 and 7. You see I need to verify the Card CA.C (which is some part of the certificate) with the European Public key. Where do I get the European public key and what algorithm is used to decrypt it?
编辑:这是验证过程吗?如果是这样,它说用CA公钥打开标志,我该怎么办?
EDIT: Is this the Verification process? And if so, it says to open the sign with the CA public key, How do I get this?
编辑2 :我已经从此链接找到了欧洲公钥.卡上CA证书的CAR部分与公钥中的前8个字节匹配.表示它是正确的公钥.现在,如果我理解正确,则需要从上图从CSM_019的第三步开始打开标志.要打开标志,我需要使用我所查询的公钥使用正确的算法吗?有人知道使用什么算法吗?
EDIT 2: I've found the European public key from this link. The CAR part of the CA certificate on the card matches the first 8 bytes from the public key. Meaning it is the correct public key. Now If I understand correctly, I need to Open the sign following step three from CSM_019 from the picture above. To open the sign, I need the correct algorithm using the public key I quess? Does anyone know what algorithm is used?
推荐答案
步骤6:在此处无需解密:您可以验证签名,也可以是证书(Card.CA.C)的一部分,如果正确,还可以包含其中的内容.可以提取密钥(卡CA的公共密钥)并将其用于下一步.
Step 6: Nothing to decrypt here: You verify the signature, also part of the certificate (Card.CA.C), and if it is correct the contained key (public key of card CA) may be extracted and used for the next step.
第7步:您验证卡证书的签名(使用刚刚检索到的card.ca密钥制作),如果正确,则现在拥有卡的公共密钥(可以肯定的是正确的,否则签名)会不匹配).
Step 7: You verify the signature of card certificate (made with the card.ca key just retrieved) and if it is correct you now have the public key of the card (with the certainty, that it is correct, otherwise signature would have mismatched).
该方案使用了两步方法,因此仅需要Eur.PK公钥,而不是所有卡CA的密钥.
The scheme uses this two-step approach, so that only the Eur.PK public key is needed instead of the keys of all card CAs.
这篇关于智能卡从CA证书中检索公钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
