SPK Card Specification. A-Trust

Transcription

1 SPK Card Specification A-Trust Document: CardSpec SPK.doc Version: 1.13 Author: F. Brandl Date: A-Trust SPK Card Specification Page 1 of 58

2 Table of Content TABLE OF CONTENT 2 DOCUMENT HISTORY 4 1. ABOUT THIS DOCUMENT Terms and Abbreviations Notation Reference Documents 8 2. INTRODUCTION Application TrustSign Operating System Chip Hardware UNDERLYING CONCEPTS Symmetric Algorithms Asymmetric Algorithms Hash Algorithms RSA Key Generation inside the Smart Card Formats for RSA Operations PIN / PUK Signature PIN Decryption PIN Decryption PUK Countermeasures against Attacks on Private Keys Differential Fault Analysis (DFA) Timing Attacks Power Consumption Attacks CARD COMMANDS Command Sequences Signature Client/Server Authentication FILE STRUCTURE AND DATA ATR Historical Characters Complete ATR Short FIDs Access Conditions Keys Notation Data Storage Storage of RSA Keys Master File (MF) ISF_MF IPF_MF EF_C.ICC.AUTH EF_GDO EF_DIR Dedicated File DF_SIGNATURE ISF_SIGNATURE 24 A-Trust SPK Card Specification Page 2 of 58

3 IPF_SIGNATURE EF_TIMESTAMP EF_PROT EF_VALID_DATE EF_INFOBOX EF_C.CH.DS EF_C.CH.EKEY EF_C.CA.DS EF_C.RCA.DS EF_C.CH.ATTRIB Dedicated File DF_FREEKEYS IPF_FREEKEYS Dedicated File DF_PKCS# EF_ODF EF_TokenInfo EF_PrKDF EF_CDF_C EF_CDF_TC EF_DODF EF_AODF CONCEPT OF COMPLETION, INITIALISATION AND PERSONALISATION Data Keys COMP Byte Personalisation PIN Completion Verification of ATR External Authentication Completion Terminating the Completion Initialisation Verification of ATR Generation of SK.ICC.AUTH Issuing of the Certificate for PK.ICC.AUTH Storage of PIN.PERS Completion of File Structure Generation of the Signature Key Pair Personalisation Verification of ATR Verification of COMP-Byte Internal Authentication and Session Key Negotiation Encrypted Personalisation Symmetric Keys, PIN, PUK Asymmetric Key Presentation of PIN.PERS Clear Text Personalisation Asymmetric Key Transmission of Public Keys Locking the PIN.PERS 57 APPENDIX A: FILE STRUCTURE 58 A-Trust SPK Card Specification Page 3 of 58

4 Document History Version Author Date Changes Version 1.0 BRA Derived from TRUSTSIGN document, version 3.5 For a list of changes please refer to chapter 2. Introduction. Version 1.1 BRA Error in PKCS#15 profile fixed: key usage flags Sign and Decrypt added to SK.CH.EKEY (chapter EF_PrKDF ) Version 1.2 BRA Error in PKCS#15 profile fixed: AID (chapters EF_DIR and 5.8. Dedicated File DF_PKCS#15 ) Version 1.3 BRA Modifications due to comments by G&D signature calculation command sequence (chapter Signature ) PUK retry counter handling (chapter Decryption PUK ) - Decryption PIN changed to numeric - PKCS#15 profile adapted to current status of ELU card Version 1.4 BRA initialization and personalization description added (chapter 6. Concept of Completion, Initialisation and Personalisation ) Version 1.5 BRA certificate files enlarged to 1500 bytes each (chapter 5.6. Dedicated File DF_SIGNATURE ) Version 1.6 BRA errors fixed: application label for DF_PKCS#15 (chapter EF_DIR ) KD_KEYLOCK removed in chapter Encrypted Personalisation Length value fixed in chapter Symmetric Keys, PIN, PUK length of key components fixed in KFL (chapter Asymmetric Key ) Version 1.7 BRA editorial changes for clarification (chapter 2. Introduction ) Version 1.8 BRA reference documents updated Version 1.9 BRA EF_INFOBOX added Modifications in EF_DODF (file size set to fixed value, object PERSONENBINDUNG added Version 1.10 BRA EF_DODF: file size increased, objects RFU1 and RFU2 added Version 1.11 BRA Binary data added to PKCS#15 information EF_Tokeninfo: label and issuerid, TRUSTSIGN version number increased to 3.3 A-Trust SPK Card Specification Page 4 of 58

5 Version 1.12 BRA PIN.SIG and PIN.DEC Retry Counters set to 10 (chapter ISF_SIGNATURE ) Version 1.13 BRA Error fixed in EF_INFOBOX access conditions (was PIN.PERS, should be PIN.DEC) A-Trust SPK Card Specification Page 5 of 58

6 1. About this document 1.1. Terms and Abbreviations AC Access condition AID Application identifier AR Algorithm reference ATR Answer to reset CH_ID Certificate holder ID (identifier eines öffentlichen RSA-Keys) CHV Card holder verification information (PIN) CRDO Control reference data object CT Confidentiality template DF Dedicated file DO Data object DST Digital signature template EF Elementary file FID File-ID KID Key identifier (Eindeutige Nummer eines Keys) LSB Least significant byte MF Master file MSB Most significant byte MSE Manage security environment (Kartenkommando) OID Object identifier PIN Personal identification number PUK Personal unblocking key PSO Perform security operation (Kartenkommando) RC Retry counter (Fehlbedienungszähler) SE Security environment SW Status word UC Usage counter (Verwendungszähler) A-Trust SPK Card Specification Page 6 of 58

7 1.2. Notation xxx Decimal xxx Hexadecimal xxx ASCII xxx Binary DES(k, m) DES -1 (k, m) 3DES(k, m) 3DES -1 (k, m) 3DESMAC(k, m) SHA(m) DES encryption of message m using key k DES decryption of message m using key k Triple DES encryption of message m using key k Triple decryption of message m using key k Triple DES MAC calculation over message m using key k Hash calculation using SHA-1 over message m A-Trust SPK Card Specification Page 7 of 58

8 1.3. Reference Documents [COHEN] Cohen, D.: "On Holy Wars and a Plea for Peace", IETF IEN137 bzw. Computer, IEEE, October 1981 [DIN ] DIN: DIN V Chipkarten mit Digitaler Signatur-Anwendung / Funktion nach SigG und SigV - Teil 4: Basic Security Services [ISO7816-3] ISO/IEC: Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols [ISO7816-4] ISO/IEC: Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 4: Interindustry commands for interchange [ISO7816-6] ISO/IEC: Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 6: Interindustry data elements [ISO7816-8] ISO/IEC: Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 8: Security related interindustry commands; Final Committee Draft [ISO9796-2] ISO/IEC: Information technology - Security techniques - Digital signature schemes giving message recovery - Part 2: Mechanisms using a hash function [PKCS1] RSA Laboratories: PKCS #1: RSA Encryption Standard; Version 1.5 [PKCS15] RSA Laboratories: PKCS #15: Cryptographic Token Information Syntax Standard; Version 1.1 [STARCOSS2.1] Giesecke & Devrient: Referenz-Handbuch STARCOS S 2.1 Ed. 12/99 [STARCOSSPK] Giesecke & Devrient: Referenz-Handbuch STARCOS SPK 2.3, Ausgabe Aug [STARCOSLC] Giesecke & Devrient: Specification Card Life Cycle of STARCOS SPK with Signature Application [IFCP] A-Trust Digital Signature: Interface Description for Card Production A-Trust SPK Card Specification Page 8 of 58

9 2. Introduction This specification describes the signature card used for the TrustSign signature product. The card itself is made up of the following components: Component Description Application TrustSign The A-Trust specific application TrustSign includes the card file structure and the file contents. Operating System The card uses the smartcard operating system STARCOS SPK 2.3 supplied by Giesecke & Devrient. Chip Hardware The card uses the Smart Card Controller P8WE5032V0G supplied by Philips Semiconductors Application TrustSign The A-Trust specific application TrustSign includes the card file structure and the file contents as described in chapter 5. File Structure and Data : application ID (AID) values file ID (FID) values file types and sizes file access conditions data structure within files parameters of cryptographic keys, PINs and PUKs (key sizes, key identifier values, key usages) 2.2. Operating System The card operating system supplies the commands as described in documents [STARCOSS2.1] and [STARCOSSPK] resp. in chapter 4. Card Commands. the algorithms and mechanisms described in chapter 3. Underlying Concepts (and in greater detail in documents [STARCOSS2.1] and [STARCOSSPK]). A-Trust SPK Card Specification Page 9 of 58

10 2.3. Chip Hardware The chip hardware also supplies (together with the Operating System) the algorithms and mechanisms described in chapter 3. Underlying Concepts, like cryptographic functions, implemented in a cryptographic co-processor, on-board RSA key generation physical protection of sensitive data (keys, PINs, PUKs) A-Trust SPK Card Specification Page 10 of 58

11 3. Underlying Concepts 3.1. Symmetric Algorithms For symmetric encryption, the card uses Triple DES (encrypt-decrypt-encrypt) in CBC mode. The keys have double DES length (112 bit) Asymmetric Algorithms The asymmetric algorithm used is RSA. The cardholder key lenghts for signature and encryption are 1024 bit. For chip authentication and session key negotiation during personalisation, 512 bit keys are used. The card uses 4 private keys: Signature Key; is generated by the card itself during initialisation. Encryption Key #1; is generated by the CA and stored in the card during personalisation. Encryption Key #2; may be generated by the card at any time (no certificate will be issued). Authentication Key; is generated by the card itself during initialisation. The public exponent of Encryption Key pair #1 can have any (useful) value; all other key pairs use the 4. Fermat Number (2^16+1 = ), since STARCOS can only generate key pairs using this number Hash Algorithms The card implements the hash algorithm SHA-1. However, the hashing may be implemented outside of the card, and the hash can be presented to the card for signing. This allows the use of any appropriate hashing algorithm. A-Trust SPK Card Specification Page 11 of 58

12 3.4. RSA Key Generation inside the Smart Card To ensure a secure key generation inside the card, the chip has to contain a True Random Number Generator (TRNG), and the random seed value has to be generated by the chip itself, for example using a noise generator Formats for RSA Operations The card supplies the following formats for operations with RSA keys (generation and verification of signatures, encryption and decryption): ISO/IEC mit Zufallszahl following [DIN ] for generation and verification of signatures: RND (8 Byte) HASH (20 Byte) BC (variable number of 0 ) Block type 01 following [PKCS1] for generation and verification of signatures: FF...FF 00 DigestInfo (variable number of FF ) Block type 02 following [PKCS1] for encryption and decryption: RND (all bytes <> 00 ) 00 KEY (variable RND length) A-Trust SPK Card Specification Page 12 of 58

13 3.6. PIN / PUK Signature PIN The signature PIN is numeric and between 6 and 8 digits long. It may be changed by the cardholder at any time. The card is delivered to the cardholder with a 4 digit numeric Initial PIN which has to be changed before the card allows for the generation of signatures. The PIN is presented to the card in clear. The PIN presented always has to be 8 bytes long, in case of a shorter PIN, the terminal has to apply padding using 00 to the right Decryption PIN The decryption PIN is numeric and 4 digits long. It may not be changed by the cardholder. It is presented to the card like the signature pin, in clear and padded to the right using 00. The decryption PIN not only enables the decryption functionality but also allows for storage of data in the certificate files. This is used to protect the certificate files against unwanted overwriting Decryption PUK The decryption PIN has an assigned PUK. The retry counter of the decryption PIN may be reset by presenting a 16 digit numeric PUK to the card. The PUK itself has its own retry counter. The retry counter is decremented with each invalid PUK entry and reset to ist original value with each valid PUK entry. Contrary to the ELU implementation, the PUK retry counter is not reset after a valid PIN entry. PUK validation may be performed by the card only if the value of the retry counter is above zero. The PUK is presented to the card in clear in BCD coding. For details of the PIN and PUK handling, please refer to document [STARCOSSPK]. A-Trust SPK Card Specification Page 13 of 58

14 3.7. Countermeasures against Attacks on Private Keys This chapter lists a couple of attacks which can be performed on some smart cards available on the market today with reasonable effort. The card has to be secured against known attacks as well as against combinations of known attacks Differential Fault Analysis (DFA) Depending on the format selected, the following actions have to be executed for Private Key RSA operations: 1. for signature computations following ISO mit Zufallszahl from [DIN ], protection is supplied by the use of the random padding specified by this standard. Therefore, no additional measures have to be taken. 2. for signature computations following [PKCS1], Block type 01, the card has to perform an internal comparison. The public key is applied to the result of the private key operation. Only if the result of this operation matches the input data for the private key operation, the result of the private key operation ( signature ) is returned in the response. Otherwise, an error message is returned. 3. for decryptions following [PKCS1], Block type 02, the card has to verify the validity of the decryption result against the Block type 02 format. In case of a positive verification, the result is returned in the response, otherwise an error message is returned Timing Attacks The time consumption of private key operations may not allow to retrieve any information which might be used to determine the value of the private key Power Consumption Attacks The power consumption of the chip during private key operations may not allow to retrieve any information which might be used to determine the value of the private key. Especially SPA attacks as published by Cryptography Research have to be prevented. DPA attacks must be prevented as well by an appropriate application design (state machine,...). A-Trust SPK Card Specification Page 14 of 58

15 4. Card Commands The card obviously uses standard SPK card commands as described in [STACOSSPK] Command Sequences Signature IFD ICC SELECT_FILE_REQ P1=00, P2=0C Lc=02 FID=DF_SIGNATURE VERIFY_PIN_REQ (P1=00, P2=KID, Lc=08, DATA=PIN) > < SELECT_FILE_RSP (CC_ICC=OK) > < VERIFY_PIN_RSP (CC_ICC=OK) MANAGE_SECURITY_ ENVIRONMENT_REQ (P1=81, P2=B6, Lc=06, DATA= 8401 KID > < MANAGE_SECURITY_ ENVIRONMENT_RSP (CC_ICC=OK) PUT_HASH_REQ (P1=90, P2=81, Lc=14, DATA=Hash) PUT_DATA_REQ (P1=00, P2=92, Lc=05, DATA=timestamp) > < PUT_HASH_RSP (CC_ICC=OK) > < PUT_DATA_RSP (CC_ICC=OK) COMPUTE_ SIGNATURE_REQ (P1=9E, P2=9A, Lc=00) > < COMPUTE_ SIGNATURE_RSP (DATA=Signature, CC_ICC=OK) A-Trust SPK Card Specification Page 15 of 58

16 Client/Server Authentication Client/Server Authentication (e.g. for SSL) is done using the encryption key pair. IFD ICC SELECT_FILE_REQ P1=00, P2=0C Lc=02 FID=DF_SIGNATURE VERIFY_PIN_REQ (P1=00, P2=KID, Lc=08, DATA=PIN) > < SELECT_FILE_RSP (CC_ICC=OK) > < VERIFY_PIN_RSP (CC_ICC=OK) MANAGE_SECURITY_ ENVIRONMENT_REQ (P1=41, P2=A4, Lc=06, DATA= 8401 KID 80010y INTERNAL_ AUTHENTICATE_REQ (P1=10, P2=00, Lc=digest_length, DATA=digest_info) > < > < MANAGE_SECURITY_ ENVIRONMENT_RSP (CC_ICC=OK) INTERNAL_ AUTHENTICATE_RSP (DATA=Signature, CC_ICC=OK) A-Trust SPK Card Specification Page 16 of 58

17 5. File Structure and Data 5.1. ATR Historical Characters 45 4C E 32 in ASCII: ELU Austria Complete ATR 3B BF FE C E Short FIDs No Short FIDs are explicitly defined. Therefore each EF within a DF may be selected using the implicit Short FID (the lowest 5 bit of the FID) Access Conditions The following abbreviations are used: ALW AUT NEV PIN SMA SMC always external authentication using the specified key required never presentation of the specified PIN required only using Secure Messaging in Authentic or Combined Mode only using Secure Messaging in Combined Mode AC s not listed are NEV by default. A-Trust SPK Card Specification Page 17 of 58

18 5.4. Keys Notation keys named KD.xxx are double length DES keys which are used in Triple DES mode (EDE). keys named SK.xxx are secret RSA keys (private keys). keys named PK.xxx are public RSA keys (public keys). All length specifications are in bit. Please note the following: for 3DES keys, the length is specified as 112 bit. For storage in the card, 128 bit are needed because of the parity bits. for secret RSA keys, the length specification applies to the modulus only. The storage is done exclusively in CRT format as described below. for public RSA keys, both the modulus length / exponent length are specified. For secret keys, the Write Access Condition (AC-Write) is specified as well as the field WR-Info. For relevant public or secret keys, the AKD (Additional Key Description) is also specified (see also [STARCOSSPK]). The following abbreviations are used: CHANGE GEN ONCE CSIG VSIG ENC DEC CSA PIN change allowed no update write once COMPUTE SIGNATURE allowed VERIFY SIGNATURE allowed ENCIPHER allowed (public keys only) DECIPHER allowed (secret keys only) Client Server Authentication allowed (SSL) Data Storage Keys are stored in 2 different types of files: Internal Secret Files (ISF) contain 3DES- and secret RSA keys as well as PINs and PUKs. ISFs cannot be read and may only be written using the commands WRITE KEY and GENERATE PUBLIC KEY PAIR. Internal Public Files (IPF) contain public RSA keys. IPFs are structured like transparent files and therefore may be read and written using the commands READ BINARY and UPDATE BINARY. Furthermore the command READ PUBLIC KEY can be used, and the command GENERATE PUBLIC KEY PAIR may also be used to store a public key in the IPF. The storage of keys (structure,...) is described in the documents [STARCOSS2.1] and [STARCOSSPK]. A-Trust SPK Card Specification Page 18 of 58

19 Storage of RSA Keys Secret RSA keys are exclusively stored in CRT format using the following components: Component Length in bit for Modulus Length of Component 512 bit 1024 bit p q /e mod (p-1) /e mod (q-1) /p mod q In STARCOS SPK, the storage of private or public key integer values in ISF or IPF files could be done in Big-Endian as well as in Little-Endian format (see [COHEN]). Big-Endian means MSB to LSB, Little-Endian LSB to MSB). This is determined by bit 4 of the ALGO Byte: 0 means Big- Endian, 1 means Little-Endian. Note: if a key is stored in the card using the Big Endian format, the card itself reverses the format to Little Endian and sets bit 4 of the ALGO byte as soon as the key is used for the first time. The theoretical possibility of using the Big Endian format is not used for TRUSTSIGN cards. Therefore, all RSA key headers have to be stored in the card with ALGO byte bit 4 set to 1. The keys itself have to be written in Little Endian format. The GENERATE PUBLIC KEY PAIR command also stores keys in Little Endian format when ALGO byte bit 4 is set. A-Trust SPK Card Specification Page 19 of 58

20 5.5. Master File (MF) FID: 3F 00 Register: AUT(KD.ISSUER) Create: AUT(KD.ISSUER) ISF_MF FID: - Content: secret keys (3DES, RSA) Structure: ISF Size: - Key L KID AC-Write WR-Info Description PIN.PERS ALW ONCE write protection for personalisation (global) RC = 3 SK.ICC.AUTH ALW GEN, ONCE asymm. Auth., READ PUBLIC KEY (global) KD.ISSUER SMC ONCE external Auth. for REGISTER, CREATE IPF_MF FID: Content: public RSA key for personalisation Structure: IPF Size: - Read ALW Write PIN(PIN.PERS) PK.ICC.AUTH is written using GENERATE PUBLIC KEY PAIR, PK.HSM.AUTH is written during personalisation using UPDATE BINARY. Key m e KID CH_ID Description PK.ICC.AUTH Asymm. Auth. during personalisation PK.HSM.AUTH Asymm. Auth. during personalisation Remark: unlike for secret keys, STARCOS SPK does not require a dummy record for public keys to be able to reference a MF key whenever a DF is selected. Therefore, these keys need not be entered in the IPFs of other DFs. A-Trust SPK Card Specification Page 20 of 58

21 EF_C.ICC.AUTH FID: C1 00 Content: CV certificate for PK.ICC.AUTH Structure: transparent Size: 250 Read: ALW Write: NEV This file is written during the initialisation phase (before the CREATE END command is issued). Structure of CV certificate (see also [ISO7816-6], [ISO7816-8]): Field Length Content Description T_C.ICC.AUTH 2 7F 21 Tag of CV certificate L_C.ICC.AUTH 2 81 D9 Length of CV certificate T_ID_CA 1 42 Tag of field ID_CA L_ID_CA 1 10 Length of field ID_CA V_ID_CA 16 see below Value of field ID_CA (see below) T_MOD_PK.ICC.AUTH 2 5F 49 Tag of Key Modulus L_MOD_PK.ICC.AUTH 1 40 Length of Key Modulus V_MOD_PK.ICC.AUTH 64 variable Modulus of PK.ICC.AUTH (the exponent always equals and is therefore not included in the certificate) T_SIG_C.ICC.AUTH 2 5F 37 Tag of signature over CV certificate L_SIG_C.ICC.AUTH Length of signatur over CV certificate V_SIG_C.ICC.AUTH 128 variable Signature over CV certificate (see below) Remarks: ID_CA = AUSTRIACARDxxxxx. This field is determined by the Initialisation HSM as follows: xxxxx is an increasing counter value, starting with 00001, and is incremented with each SK.AC.CERT key generation. the signature is calculated by the Initialisation HSM as follows: 1. Hashing of fields T_ID_CA to V_MOD_PK.ICC.AUTH using SHA-1 2. Padding of the hash code to 128 byte using ISO mit Zufallszahl regarding [DIN ] 3. Signing of the padded result using SK.AC.CERT A-Trust SPK Card Specification Page 21 of 58

22 EF_GDO FID: 2F 02 Content: Card Number and Name of Cardholder regarding [DIN ] Structure: transparent Size: 100 Read: ALW Write: PIN(PIN.PERS) The EF_GDO is used to hold the DO ICC Serial Number (ICCSN) (tag 5A ) as well as the DO Cardholder Name (tag 5F20, content as on card surface). Since for TRUSTSIGN cards the coding scheme following ISO /6, Category D with Country Code is used, the ICCSN is structured as follows: Issuer Identification No. Dc cc nn nn nn (5 Bytes, c=bcd, n= BCD) Serial No. xx.. xx (8 Bytes, Card Number, x=bcd) The Issuer Identification Number is D , and the 16 digit field CARD NUMBER as defined in [IFCP] is used as serial number. The DO CHN contains the Cardholder Name in the format as printed on the cover of an ID-1- chipcard. As coding scheme, ASCII is used. The global data objects can be read using SELECT FILE and READ BINARY. The complete file content therefore is as follows: TICCSN L IIN CARD NUMBER TCHN L NAME resp. 5A 0D D xx xx xx xx xx xx xx xx 5F 20 yy zz zz zz... zz xxx... CARD NUMBER (8 Byte) yy... Length of field NAME zzz... NAME (57 byte max.) A-Trust SPK Card Specification Page 22 of 58

23 EF_DIR FID: 2F 00 Content: Application Template directory Structure: transparent Size: Read: ALW Write: PIN(PIN.PERS) This file contains application templates as defined in ISO/IEC Value notation: ; { F 0C ; aid'a b43532d3135'h, A B D A ; label "DF_PKCS#15", F 50 4B ; path '3F005015'H 3F ; { 61 1E 4F 08 ; aid 'D 'H, D C ; label "DF_SIGNATURE", F E ; path '3F00DF01'H 3F 00 DF 01 ; { 61 1D 4F 08 ; aid 'D 'H, D B ; label "DF_FREEKEYS", F B ; path '3F00DF02'H 3F 00 DF 02 A-Trust SPK Card Specification Page 23 of 58

24 5.6. Dedicated File DF_SIGNATURE AID: D FID: DF ISF_SIGNATURE FID: - Content: secret keys (PIN, PUK, 3DES, RSA) Structure: ISF Size: - Key L KID AC- WR-Info AKD Description Write PIN.PERS 01 dummy record for global PIN SK.ICC.AUTH 02 dummy record for global key PIN.SIG SMC CHANGE, ONCE PIN for Signature generation (4-8 digits ASCII leftbound, padded to the right with 00 ) RC = 10 DEFAULT-PIN SK.CH.SIGN ALW GEN, ONCE CSIG secret signature key SK.CH.EKEY SMC ONCE CSA DEC secret decryption key 1 SK.CH.EKEY ALW GEN CSA DEC secret decryption key 2 PIN.DEC SMC ONCE PIN for decryption (4 digits ASCII leftbound, padded to the right with 00 ) RC = 10 PUK.DEC SMC ONCE PUK for PIN.DEC (16 digits BCD coded) RC = 10 The key SK.CH.SIGN may only be used after successful verification of PIN.SIG. The keys SK.CH.EKEY and SK.CH.EKEY2 may only be used after successful verification of PIN.DEC. A-Trust SPK Card Specification Page 24 of 58

25 IPF_SIGNATURE FID: Content: public RSA keys Structure: IPF Size: - Read: ALW Write: PIN(PIN.PERS) PK.CH.SIGN and PK.CH.EKEY2 are written using GENERATE PUBLIC KEY PAIR. PK.CH.EKEY is written during the personalisation using UPDATE BINARY. The CH_ID of PK.CH.SIGN contains the 16 digit BCD coded field CARD NUMBER and is written during the personalisation as well. Key m e KID CH_ID AKD Description PK.CH.SIGN s.o. VSIG public signature key of cardholder PK.CH.EKEY VSIG ENC public encryption key 1 PK.CH.EKEY VSIG ENC public encryption key EF_TIMESTAMP FID: Content: time stamp for signature log file. initial value: Structure: object Size: 10 Read: ALW Write: ALW This file is retained for compatibility reasons, but not updated by the card and therefore not used. A-Trust SPK Card Specification Page 25 of 58

26 EF_PROT FID: A0 00 Content: signature protocol (log) file Structure: compute # Records: 20 Read: ALW Record-Aufbau: Field Length Content Description SCOUNT 4 binary signature counter CHKSUM 2 checksum following [STARCOSS2.1] / binary checksum TL0 2 C3 1D Tag+Length of following data TL Tag+Length of time stamp TIMEST 5 date, time (TTMMJJSSMM), BCD coded time stamp TL Tag+Length for hash code HASH 20 binary (MD-5: padded with to the left) hashcode as signed This file is not updated by the STARCOS card and only retained for compatibility reasons EF_VALID_DATE FID: Content: expiry date of card, BCD-coded as YYYYMM Structure: transparent Size: 3 Read: ALW Write: PIN(PIN.PERS) A-Trust SPK Card Specification Page 26 of 58

27 EF_INFOBOX FID: Content: RFU Structure: transparent Size: 5000 Read: ALW Write: PIN(PIN.DEC) A-Trust SPK Card Specification Page 27 of 58

28 EF_C.CH.DS FID: C0 00 Content: X.509 certificate for key PK.CH.SIGN Structure: transparent Size: 1500 Read: ALW Write: PIN (PIN.DEC) EF_C.CH.EKEY FID: C2 00 Content: X.509 certificate for key PK.CH.EKEY Structure: transparent Size: 1500 Read: ALW Write: PIN (PIN.DEC) EF_C.CA.DS FID: C0 08 Content: X.509 certificate for public key of the A-Trust CA which can be used to verify the signature over the certificate for C.CH.DS Structure: transparent Size: 1500 Read: ALW Write: PIN (PIN.DEC) This file is not updated during personalisation. A-Trust SPK Card Specification Page 28 of 58

29 EF_C.RCA.DS FID: B0 00 Content: X.509 certificate for public key of the Root CA which can be used to verify the signature over the certificate for C.CA.DS Structure: transparent Size: 1500 Read: ALW Write: PIN (PIN.DEC) This file is not updated during personalisation EF_C.CH.ATTRIB FID: C0 01 Content: attribute certificate(s) for cardholder Structure: transparent Size: 2048 Read: ALW Write: ALW Aufbau: tbd. This file is not updated during personalisation. A-Trust SPK Card Specification Page 29 of 58

30 5.7. Dedicated File DF_FREEKEYS AID: D FID: DF 02 Since STARCOS SPK does not foresee separated access conditions for different public keys within an IPF (anly one AC is supported), the freely updateable public key PK.FREE is located in its own IPF. The IPF is initialized using the following structure: IPF_FREEKEYS FID: Content: public RSA keys Structure: IPF Size: - Read: ALW Write: ALW The file may contain up to 5 public keys PK.FREE1 - PK.FREE5. They have the following format: AKD: VERIFY SIGNATURE, ENCIPHER and AUTHENTICATE allowed KID: L=1 CH_ID:L=8 Exponent: L=128 Modulus: L=128 A-Trust SPK Card Specification Page 30 of 58

31 5.8. Dedicated File DF_PKCS#15 AID: A B D FID: EF_ODF FID: Content: Object Directory File Structure: transparent Size: Read: ALW Write: PIN(PIN.PERS) This file contains pointers to other EFs (PrKDF, CDF_C, CDF_TC, DODF and AODF), each one containing a directory over PKCS #15 objects of a particular class. Value notation: ; { A0 0A ; privatekeys : ; path : { ; path '3F 'H 3F A4 0A ; certificates : ; path : { ; path '3F 'H 3F A5 0A ; trustedcertificates : ; path : { ; path '3F 'H 3F A7 0A ; dataobjects: ; path : { ; path '3F 'H 3F A8 0A ; authobjects : ; path : { ; path '3F 'H 3F A-Trust SPK Card Specification Page 31 of 58

32 EF_TokenInfo FID: Content: Generic Card Information Structure: transparent Size: Read: ALW Write: PIN(PIN.PERS) This file contains generic information about the card as such and it s capabilities, as seen by the PKCS15 application. This information includes the card serial number, supported file types, algorithms implemented on the card, etc.. Value notation: ; { FF ; version v1, 04 0F ; serialnumber 'xx..xx'h, ; -- ICCSN, mandatory FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 80 0D ; label "TRUSTSIGN 3.3", E E ; tokenflags {prngeneration}, A2 81 C6 ; supportedalgorithms { 30 1A ; {reference 1, ; algorithm H, ; -- CKM_VENDOR + 0x ; -- RSA with SHA-1 according to ; -- ISO/IEC mit Zufallsz ; parameters NULL : NULL, ; supportedoperations { ; compute-signature, ; verfiy-signature B ; algid { }, ; -- OID Authority: TTT ; algref '11'H 30 1A ; {reference 2, ; algorithm 06 H, ; -- CKM_SHA1_RSA_PKCS ; -- RSA with SHA-1 according to ; PKCS#1 Block Type ; parameters NULL : NULL, ; supportedoperations { ; compute-signature, ; verfiy-signature A F7 0D ; algid { }, ; -- OID Authority: RSADSI ; algref '12'H A-Trust SPK Card Specification Page 32 of 58

33 30 1A ; {reference 3, ; algorithm H, ; CKM_VENDOR + 0x ; -- RSA with RIPEMD-160 ; according to ISO/IEC mit ; Zufallszahl ; parameters NULL : NULL, ; supportedoperations { ; compute-signature, ; verfiy-signature B ; algid { }, ; -- OID Authority: TTT ; algref '21'H ; {reference 4, ; algorithm 08 H, ; -- CKM_RIPEMD160_RSA_PKCS ; -- RSA with RIPEMD-160 ; acc. to PKCS#1 Block Type ; parameters NULL : NULL, ; supportedoperations { ; compute-signature, ; verfiy-signature B ; algid { }, ; -- OID Authority: TTT ; algref '22'H 30 1A ; {reference 5, ; algorithm 05 H, ; -- CKM_MD5_RSA_PKCS ; -- RSA with MD-5 according to ; PKCS#1 Block Type ; parameters NULL : NULL, ; supportedoperations { ; compute-signature, ; verfiy-signature A F7 0D ; algid { }, ; -- OID Authority: RSADSI ; algref '32'H 30 1A ; {reference 6, ; algorithm 01 H, ; -- CKM_RSA_PKCS ; -- RSA encryption according to ; PKCS# ; parameters NULL : NULL, ; supportedoperations {decipher}, A F7 0D ; algid { }, ; -- OID Authority: RSADSI ; algref '02'H A-Trust SPK Card Specification Page 33 of 58

34 30 1F ; {reference 7, ; algorithm 0133 H, ; -- CKM_DES3_CBC ; -- symmetric algorithm: Triple- ; DES in CBC-Mode ; parameters'00 00'H, ; -- IV='00' C ; supportedoperations { ; encipher, ; decipher A F7 0D ; algid { } ; -- OID Authority: RSADSI 83 0D ; issuerid "TRUSTSIGN 3.3" E E 33 A-Trust SPK Card Specification Page 34 of 58

35 EF_PrKDF FID: Content: Private Key Directory Structure: transparent Size: Read: ALW Write: PIN(PIN.PERS) This file can be regarded as directory of private keys known to the PKCS #15 application. It contains general key attributes such as labels, intended usage, identifiers, etc.. A-Trust SPK Card Specification Page 35 of 58

36 Value notation: ; { ; privatersakey : { ; CommonObjectAttributes { 0C 0A ; label "SK.CH.SIGN", 53 4B 2E E E ; flags {private}, ; authid '90'H, ; userconsent C ; CommonKeyAttributes { ; id '92'H, ; usage {nonrepudiation}, ; keyreference '92'H A1 0E ; PrivateRSAKeyAttributes { 30 0C ; value indirect : path { ; path '3F00DF01'H 3F 00 DF ; moduluslength ; privatersakey : { ; CommonObjectAttributes { 0C 0A ; label "SK.CH.EKEY", 53 4B 2E E 45 4B ; flags {private}, ; authid '97'H 30 0B ; CommonKeyAttributes { ; id '93'H, ; usage {signrecover, ; unwrap, ; decrypt}, ; keyreference '93'H A1 0E ; PrivateRSAKeyAttributes { 30 0C ; value indirect : path { ; path '3F00DF01'H 3F 00 DF ; moduluslength 1024 A-Trust SPK Card Specification Page 36 of 58

37 EF_CDF_C FID: Content: Certificate Directory Structure: transparent Size: Read: ALW Write: PIN(PIN.PERS) This file can be regarded as directory of certificates known to the PKCS#15 application. It contains general certificate attributes such as labels, identifiers, etc. Furthermore, it contains pointers to the certificates themselves. Value notation: ; { ; x509certificate : { ; CommonObjectAttributes { 0C 07 ; label "C.CH.DS", 43 2E E ; flags {modifiable} ; auth '97'H ; CommonCertificateAttributes { ; id '92'H -- identical to ; SK.CH.SIGN A1 0C ; X509CertificateAttributes { 30 0A ; value indirect : path : { ; path '3F00DF01C000'H 3F 00 DF 01 C ; x509certificate : { ; CommonObjectAttributes { 0C 09 ; label "C.CH.EKEY", 43 2E E 45 4B ; flags {modifiable} ; auth '97'H ; CommonCertificateAttributes { ; id '93'H -- identical to ; SK.CH.EKEY A1 0C ; X509CertificateAttributes { 30 0A ; value indirect : path : { ; path '3F00DF01C200'H 3F 00 DF 01 C2 00 A-Trust SPK Card Specification Page 37 of 58

38 A0 26 ; x509attributecertificate : { ; CommonObjectAttributes { 0C 0B ; label "C.CH.ATTRIB", 43 2E E ; flags {modifiable} ; CommonCertificateAttributes { ; id '92'H -- identical KID ; to C.CH.DS A1 0C ; X509AttributeCertificateAttributes { 30 0A ; value indirect : path : { ; path '3F00DF01C001'H 3F 00 DF 01 C0 01 A-Trust SPK Card Specification Page 38 of 58

39 EF_CDF_TC FID: Content: Trusted Certificate Directory Structure: transparent Size: Read: ALW Write: PIN(PIN.PERS) This file can be regarded as directory of trusted certificates (root and CA certificates) known to the PKCS#15 application. It contains general certificate attributes such as labels, identifiers, etc. Furthermore, it contains pointers to the certificates themselves. A-Trust SPK Card Specification Page 39 of 58

40 Value notation: ; { ; x509certificate : { ; CommonObjectAttributes { 0C 07 ; label "C.CA.DS", 43 2E E ; flags {modifiable}, ; auth '97'H ; CommonCertificateAttributes { ; id '92'H, -- identical to ; SK.CH.SIGN FF ; authority TRUE A1 0C ; X509CertificateAttributes { 30 0A ; value indirect : path : { ; path '3F00DF01C008'H 3F 00 DF 01 C ; x509certificate : { ; CommonObjectAttributes { 0C 08 ; label "C.RCA.DS", 43 2E E ; flags {modifiable}, ; auth '97'H ; CommonCertificateAttributes { ; id '80'H -- KID of C.RCA.DS A1 0C ; X509CertificateAttributes { 30 0A ; value indirect : path : { ; path '3F00DF01B000'H 3F 00 DF 01 B0 00 A-Trust SPK Card Specification Page 40 of 58

41 EF_DODF FID: Content: Data Object Directory Structure: transparent Size: 500 Read: ALW Write: PIN(PIN.PERS) This file can be regarded as directory of data objects (other than keys or certificates) known to the PKCS#15 application. It contains general data object attributes such as identifiers of the application to which the data object belongs, whether it is a private or public object, etc. Furthermore, it contains pointers to the data objects themselves. Value notation: ; { ; opaquedo : { ; CommonObjectAttributes { 0C 06 ; label "EF_GDO" F F 30 0D ; CommonDataObjectAttributes { 0C 0B ; ApplicationName "A-Trust Sig" 41 2D A ; Opaque indirect : path : { ; path '3F002F02'H 3F 00 2F F ; opaquedo : { ; CommonObjectAttributes { 0C 0C ; label "EF_TIMESTAMP", F D D ; flags {modifiable} 30 0D ; CommonDataObjectAttributes { 0C 0B ; ApplicationName "A-Trust Sig" 41 2D A1 0A ; Opaque indirect : path : { ; path '3F00DF010011'H 3F 00 DF ; opaquedo : { ; CommonObjectAttributes { 0C 07 ; label "EF_PROT" F F D ; CommonDataObjectAttributes { A-Trust SPK Card Specification Page 41 of 58

42 0C 0B ; ApplicationName "A-Trust Sig" 41 2D A1 0A ; Opaque indirect : path : { ; path '3F00DF01A000'H 3F 00 DF 01 A C ; opaquedo : { 30 0F ; CommonObjectAttributes { 0C 0D ; label "EF_VALID_DATE" F C F D ; CommonDataObjectAttributes { 0C 0B ; ApplicationName "A-Trust Sig" 41 2D A1 0A ; Opaque indirect : path : { ; path '3F00DF010014'H 3F 00 DF A ; opaquedo : { ; CommonObjectAttributes { 0C 0F ; label "PERSONENBINDUNG" F 4E 45 4E E E ; flags {modifiable}, 30 0D ; CommonDataObjectAttributes { 0C 0B ; ApplicationName "A-Trust Sig" 41 2D A ; Opaque indirect : path : { ; path '3F00DF010015'H 3F 00 DF ; index F4 ; length F ; opaquedo : { 30 0A ; CommonObjectAttributes { 0C 04 ; label "RFU1" ; flags {modifiable}, 30 0D ; CommonDataObjectAttributes { 0C 0B ; ApplicationName "A-Trust Sig" 41 2D A ; Opaque indirect : path : { ; path '3F00DF010015'H 3F 00 DF F4 ; index 500 A-Trust SPK Card Specification Page 42 of 58

43 F4 ; length F ; opaquedo : { 30 0A ; CommonObjectAttributes { 0C 04 ; label "RFU2" ; flags {modifiable}, 30 0D ; CommonDataObjectAttributes { 0C 0B ; ApplicationName "A-Trust Sig" 41 2D A ; Opaque indirect : path : { ; path '3F00DF010015'H 3F 00 DF E8 ; index E8 ; length 1000 Note: the file is padded to its fixed length using FF H. A-Trust SPK Card Specification Page 43 of 58

44 EF_AODF FID: Content: Authentication Object Directory Structure: transparent Size: Read: ALW Write: PIN(PIN.PERS) This file can be regarded as directory of authentication objects (PINs, passwords) known to the PKCS#15 application. It contains generic authentication object attributes such as (in the case of PINs) allowed characters, PIN length, PIN padding character, etc. Furthermore, it contains pointers to the authentication objects themselves (e.g. in the case of PINs, pointers to the DF in which the PIN file resides). Authentication objects are used to control access to other objects such as keys. Information about which authentication object that protects a particular key is stored in the key s directory file, e.g. PrKDF. Value notation: ; { ; pinauthenticationobject : { 30 0D ; CommonObjectAttributes { 0C 07 ; label "PIN.SIG", E 2E C0 ; flags {private, modifiable} ; CommonAuthenticationObjectAttributes { ; authid '90'H A1 21 ; PinAttributes { 30 1F C ; pinflags {local, ; initialized, ; needs-padding}, 0A ; pintype {ascii-numeric}, ; minlength 6, length in char ; storedlength 8, length in byte ; maxlength 8, length in char ; pinreference '90'H, ; -- P2 parameter, ; padchar '00'H, ; path '3F00DF01' 3F 00 DF A ; pinauthenticationobject : { ; CommonObjectAttributes { 0C 07 ; label "PIN.DEC", E 2E ; flags {private}, ; auth '98'H -- link to ; unblocking PIN A-Trust SPK Card Specification Page 44 of 58

45 30 03 ; CommonAuthenticationObjectAttributes { ; authid '97'H A1 21 ; PinAttributes { 30 1F C ; pinflags {local, ; change-disabled, ; initialized, ; needs-padding}, 0A ; pintype {ascii-numeric}, ; minlength 4, ; storedlength 8, ; maxlength 4, ; pinreference '97'H, ; -- P2 parameter ; padchar '00'H, ; path '3F00DF01' 3F 00 DF D ; pinauthenticationobject : { 30 0D ; CommonObjectAttributes { 0C 07 ; label "PUK.DEC", B 2E ; flags {private}, ; CommonAuthenticationObjectAttributes { ; authid '98'H A1 17 ; PinAttributes { ; pinflags {local, ; unblockingpin}, 0A ; pintype {bcd}, ; minlength 8, ; storedlength 8, ; path '3F00DF01' 3F 00 DF 01 A-Trust SPK Card Specification Page 45 of 58