3
votes

I have a ACR38 samrt-card-reader and a number of Javacard [2.1.1] compliant with GP Spec [02].

As I know, there is two kind of APDU, Short-APDU [APDU with LC or/and LE shorter than 255] and Extended-APDU [APDU with LC or/and LE greater than 255].

is that right?

We send Short-APDU in T=0 protocol and send Extended-APDU in T=1 protocol.

is that right?


I sent Short-APDU to my card successfully. [via GPJ, GPShell, OpenSC-Tool].

And now, I want to know:

1: if I want to use Extended APDU, my card must support it? or my Reader must support it? or both!? or all the cards and all the readers support both Short-APDUs and Extended-APDUs?

2: if them must support EXTENDED-APDU, how I can check those are compliant or not?

3: Am I need another tool or I can use same GPJ,GPShell and Opensc-tool to send Extended-APDU? how?


Update: I found below data here, but I'll be thankful if someone give me more detailed data :

To be able to use an extended APDU you need to have:

  • A T=1 card
  • A smart card reader working in TPDU or Extended APDU

A smart card reader can work using 4 different exchange levels:

  • Character
  • TPDU
  • Short APDU
  • Short and extended APDU

Character level: Only very few readers work using this method. I don't know if/how they support extended APDU.

TPDU level: With this exchange level a lot of the work is done in the driver. In particular support of extended APDU is managed by the driver and the CCID driver implements it.

Short APDU: These readers are easy to use at a driver point of view but are then limited to short APDU only. Support of extended APDU is then not possible.

Some readers claim they support short APDU only but can use extended APDU when used with the manufacturer Windows driver. Maybe the Windows driver switches the reader in TPDU mode or something similar. That is not a documented CCID feature and so is not used in my CCID driver. If you can get information on this from the reader manufacturer I may include support of extended APDU for the reader in my driver.

Short and extended APDU: Support of extended APDU is offered by the reader.

I think base on the above update section I conclude that the card and the reader must support EXTENDED-APDU.and for check if those are compliant with extended APDU, I must search for the product documents and also the sites that give us a list of readers that support extended APDU. is it right?

1
You have reached to answer of your question by yourself. Is there something more that you want to ask?Anurag Sharma
FYI...you can send Extended APDU in T=0 as well but for that your card must be supported "javacardx.apdu". Please refer javadoc linkAnurag Sharma
dear @AnuragSharma I don't know the answer of section 3 in my question yet . Am I need any other tools? or GPJ and opensc-tool is enough? and how I can understand that my card support "javacardx.apdu" or not? thanksTheGoodUser
To know does your card support javacardx.apdu you can code an applet which implement this interface then load that cap file on ur card if success then ur card supports this. I dont have deeper knowledge abt these tools(so leaving fr someone else to answer).Anurag Sharma

1 Answers

2
votes

you can send Extended APDU in T=0 as well but for that your card must be supported "javacardx.apdu". Please refer javadoc link

Here is method to know what is supported by your card.

00 A4 04 00 <length of Card manager AID> <AID> [Select card manager]

00 20 00 00 08 <Card manager PIN> [verify card manager PIN]

00 80 F2 20 00 02 4F 00 - [get status command with P1 20] and [Executable Load Files and Executable Modules 4F00]

You will get all the package AID in response of this command then search for AID "A0000000620209".

if available then javacardx.apdu is supported. For more info abt "Get status" command please refer GP 2.2.1