I'm writing a JAVA-app to access my OpenPGP-Card V2.0. The card terminal im using is a "REINER SCT cyberJack RFID standard" which only supports PC/SC under OSX, and now I want to implement the PC/SC 2.0-command "VERIFY_PIN_DIRECT".
I tried the following control sequence, the bytes after the | are the APDU-bytes (my testing pin is "140396"):
Index: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 | 19 20 21 22 23 24 25 26 27 28 29
Seq 0: 0F 0F 88 86 14 08 04 02 01 09 04 00 00 00 00 0B 00 00 00 | 00 20 00 81 06 FF FF FF FF FF FF
Some important byte meanings (useful doc: http://www.acs.com.hk/download-manual/1207/API-ACR83-1.06.pdf):
Index 02: PIN format options
Index 03: PIN-block format
Index 04: Position of PIN-length information in the APDU-command
Index 15 - 18: APDU-length
Index 19 - end: APDU-command
But if I send this command, I always get 69 82 which means accordingly to the OpenPGP-Card datasheet (PDF):
Security status not satisfied:
PW wrong
PW not checked (command not allowed)
Secure messaging incorrect (checksum and/or cryptogram)
The APDU-command seems to be correct, because if I send the following command 00 20 00 81 06 31 34 30 33 39 36 to the card, the PIN is accepted. So it seems my control-command is wrong. Where is my mistake?
Update:
A working command is:
Index: 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 | 19 20 21 22
Seq 0: 0F_0F 02_0F_00 0F_06 02 01 09_04 00 00_00_00 04_00_00_00 | 00 20 00 81
A better value then 0F_06 (at index 05) would be 20_06 because the OpenPGP-Card supports PINs up to a length of 32 chars, but my card terminal complains Invalid Value...
P.S.: The underscores symbolize related bytes and are of course stripped out during parsing.
