Smart Card development- Class not supported error

121 views Asked by At

I am developing application for smart cards using ISO/IEC 7816-4 standard. I sucessfully finished Applet Selection (it uses class 00), but when trying PIN verification (it uses class 88), I encountered 6E 00 respond, which corresponds to Class not supported error.

I have this requirements:

IsoCase: Case3Short Class: 0x88 Instruction: 0x11 P1-P2: 0x0400 Command Length (Lc): 0x04 Command Data: 4 bytes where each represents one PIN digit Expected Length (Le): 0

Here is the link for documentation: https://www.gnupg.org/ftp/specs/openpgp-card-2.1.pdf

This is the code I used, do you know what could be a possible problem and what I should change?

`

using System;
using PCSC;
using PCSC.Iso7816;

class Program
{
static void Main()
{
var contextFactory = ContextFactory.Instance;
using (var context = contextFactory.Establish(SCardScope.System))
{
Console.WriteLine("Currently connected readers: ");
var readerNames = context.GetReaders();
foreach (var readerName in readerNames)
{
Console.WriteLine("\\t" + readerName);
}

            using (var isoReader = new IsoReader(context, "Gemplus USB SmartCard Reader 0",                                        SCardShareMode.Shared, SCardProtocol.Any, false))
            {
                // Replace '2346' with the actual PIN you want to verify
                var pinToVerify = new byte[] { 0x01, 0x02, 0x03, 0x04 };
    
                // APDU command for PIN verification
                var apduCommand = new CommandApdu(IsoCase.Case3Short, isoReader.ActiveProtocol)
                {
                    CLA = 0x88,
                    INS = 0x11,
                    P1 = 0x04,
                    P2 = 0x00,
                    Data = pinToVerify
                };
    
                // Send the APDU command
                var response = isoReader.Transmit(apduCommand);
    
                // Check the response status word
                if (response.SW1 == 0x90 && response.SW2 == 0x00)
                {
                    Console.WriteLine("PIN verification successful!");
                }
                else if (response.SW1 == 0x63 && response.SW2 == 0x02)
                {
                    Console.WriteLine("Wrong PIN. Error response: 0x6302");
                }
                else
                {
                    Console.WriteLine($"PIN verification failed. Unexpected response: {response}");
                    Console.WriteLine("SW1 SW2 = {0:X2} {1:X2}", response.SW1, response.SW2);
                }
            }
        }
    }

}\

`

2

There are 2 answers

1
Saurav Suman On

Here are a few things you might want to check or consider:

Card Support: Ensure that the smart card you are working with supports the command you are trying to send. Check the card's documentation or specifications to verify that it supports PIN verification using the class 88.

Correct APDU Command: Double-check the APDU command you are sending for PIN verification. The structure of the command must adhere to the specifications of the smart card you are working with. Verify that the instruction class byte (CLA) is set to 88.

Card State: Ensure that the card is in the correct state to accept the PIN verification command. Some commands may only be valid in certain card states.

PIN Format: Verify that the PIN is formatted correctly according to the smart card's requirements.

0
guidot On

While you are stating, that the card conforms to ISO 7816-4, your given details seriously mismatch. For an ISO 7816-4 compliant Verify, class byte has to be zero and ins=0x20. Odd values for instruction byte are very seldom encountered except for some special cases as Read Binary and Generate Asymmetric Key Pair. The low-nibble bit 8 would typically indicate secure messaging, but your code does not perform the necessary processing for it. Specifying an LE byte is wrong for commands, which never return a result such as Verify.