Differences
This shows you the differences between two versions of the page.
|
ac:laboratoare:10 [2024/12/12 02:33] dimitrie.valu |
ac:laboratoare:10 [2024/12/15 07:01] (current) dimitrie.valu |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| Do the following on Linux (this is for Ubuntu/Debian -- you might need root access): | Do the following on Linux (this is for Ubuntu/Debian -- you might need root access): | ||
| - | * Install ''%%pcsclite-dev%%'': | + | |
| + | * Install these packages: | ||
| <code> | <code> | ||
| - | sudo apt-get install libpcsclite-dev | + | sudo apt install libpcsclite-dev swig libpcsc-perl pcsc-tools python3-dev libudev-dev python3-pyscard python3-pyserial |
| </code> | </code> | ||
| - | * Then also install these packages: | + | |
| + | If this doesn't work, then get ''%%Pyserial%%'' from [[https://pypi.python.org/pypi/pyserial#downloads|here]] | ||
| + | |||
| + | * Install ''%%pcsc%%'' related libs: | ||
| <code> | <code> | ||
| - | sudo apt-get install swig python3-dev libudev-dev python3-pip | + | sudo apt install libusb-dev libccid pcscd libpcsclite1 |
| </code> | </code> | ||
| - | * Get and install ''%%Pyscard%%'' using ''%%pip%%'' (install ''%%pip%%'' if needed) | + | |
| + | * You might also want to install these additional card tools from here: | ||
| <code> | <code> | ||
| - | pip3 install pyscard | + | sudo apt install libpcsc-perl pcsc-tools |
| </code> | </code> | ||
| - | * Install ''%%Pyserial%%'' | + | |
| + | On Arch Linux, get the following packages (reference [[https://wiki.archlinux.org/title/Smartcards |the Arch wiki]] if you need to): | ||
| <code> | <code> | ||
| - | pip3 install pyserial | + | yay -S swig flex libusb ccid pcsclite pcsc-perl pcsc-tools python-pyscard python-pyserial |
| </code> | </code> | ||
| - | If this doesn't work, then get ''%%Pyserial%%'' from [[https://pypi.python.org/pypi/pyserial#downloads|here]] | + | |
| - | * Install ''%%pcsc%%'' related libs: | + | You may need to start the ''%%pcscd%%'' daemon: |
| - | <code> | + | |
| - | sudo apt-get install libusb-dev libccid pcscd libpcsclite1 | + | |
| - | </code> | + | |
| - | * You might also want to install these additional card tools from here: | + | |
| <code> | <code> | ||
| - | sudo apt-get install libpcsc-perl pcsc-tools | + | systemctl start pcscd.service |
| </code> | </code> | ||
| - | See details [[http://support.gemalto.com/fileadmin/user_upload/IAM/FAQ/How_to_install_the_PC-Link_reader_on_Linux.pdf|here]]. | + | See details [[http://www.audentia-gestion.fr/GEMALTO/PDF/How_to_install_the_PC-Link_reader_on_Linux.pdf |here]]. |
| For Windows drivers you can check [[https://supportportal.gemalto.com/csm/?id=kb_article_view&sys_kb_id=0adc96844f350700873b69d18110c76a&sysparm_article=KB0016522|here]]. However, we recommend using Linux, as the instructions below apply for the Linux installation. | For Windows drivers you can check [[https://supportportal.gemalto.com/csm/?id=kb_article_view&sys_kb_id=0adc96844f350700873b69d18110c76a&sysparm_article=KB0016522|here]]. However, we recommend using Linux, as the instructions below apply for the Linux installation. | ||
| Line 131: | Line 138: | ||
| ==== Read public key material ==== | ==== Read public key material ==== | ||
| - | Using the READ RECORD commands mentioned earlier and the [[https://emvlab.org/tlvutils/|TLV decoder]], find the public keys in | + | Using the ''%%READ RECORD%%'' commands mentioned earlier and the [[https://emvlab.org/tlvutils/|TLV decoder]], find the public keys in your card, in particular: |
| - | your card, in particular: | + | |
| * Issuer public key certificate | * Issuer public key certificate | ||
| Line 142: | Line 148: | ||
| <note> | <note> | ||
| - | Depending on the application selected, you might have (or NOT) public keys available. If you don't find ones, then just select a different app at the beginning. | + | Depending on the application selected, you might (or might NOT) have public keys available. If you don't find them, then just select a different app at the beginning. |
| </note> | </note> | ||
| ==== Get Dynamic signature from card ==== | ==== Get Dynamic signature from card ==== | ||
| - | After you get all the public key data, use an INTERNAL AUTHENTICATE command similar to this: 00880000043085C163. | + | After you get all the public key data, use an ''%%INTERNAL AUTHENTICATE%%'' command similar to this: ''%%00880000043085C163%%''. |
| - | See the file trace_emv.txt for an example of trace as model for the set of commands you might have to issue (i.e. to add to your terminal.txt file). | + | See the file ''%%trace_emv.txt%%'' for an example of trace as a model for the set of commands you might have to issue (i.e. to add to your ''%%terminal.txt%%'' file). |
| + | As discussed during the lecture (see als [[https://www.emvco.com/specifications/book-2-security-and-key-management-2/|EMV Book 2]], section 6), modern EMV cards generally support dynamic signature generation (DDA). This works as follows: | ||
| - | As discussed in class (see also the EMV book 2, section 6), modern EMV cards generally support dynamic signature generation (DDA). | + | * The terminal issues the ''%%INTERNAL AUTHENTICATE%%'' command with some random data (typically 4 bytes) |
| - | This works as follows: | + | |
| - | * The terminal issues the INTERNAL AUTHENTICATE command with some random data (typically 4 bytes) | + | |
| * The ICC makes a signature over some internal ICC data and the random bytes from the terminal | * The ICC makes a signature over some internal ICC data and the random bytes from the terminal | ||
| - | * The ICC sends the signature (signed dynamic data) to the terminal in response to the INTERNAL AUTHENTICATE command | + | * The ICC sends the signature (signed dynamic data) to the terminal in response to the ''%%INTERNAL AUTHENTICATE%%'' command |
| * The terminal verifies the signature using a chain of certificates | * The terminal verifies the signature using a chain of certificates | ||
| - | An example of an INTERNAL AUTHENTICATE command similar is the following: 00880000043085C163. | + | An example of an ''%%INTERNAL AUTHENTICATE%%'' command is the following: ''%%00880000043085C163%%''. You can look at the file ''%%trace_emv.txt%%'' for an example of trace. |
| - | You can look at the file trace_emv.txt for an example of trace. | + | |
| <note> | <note> | ||
| + | If your card doesn't work with the standard Payment Application ID (the one in ''%%terminal.txt%%''), try using one from [[https://www.eftlab.com/knowledge-base/complete-list-of-application-identifiers-aid |here]] | ||
| - | If your card doesn't work with the standard Payment application ID (the one in terminal.txt), try using one from | + | <hidden> |
| - | [[https://www.eftlab.com/knowledge-base/211-emv-aid-rid-pix/|here]]. | + | Original link: [[https://www.eftlab.com/knowledge-base/211-emv-aid-rid-pix/|here]], seems dead. |
| + | </hidden> | ||
| A short list might be this one: | A short list might be this one: | ||
| Line 175: | Line 181: | ||
| </code> | </code> | ||
| - | Check that you obtained a correct DDA signature and a successful "9000" response. | + | Check that you obtained a correct DDA signature and a successful ''%%9000%%'' response. |
| To verify the DDA signature obtained earlier, the terminal must have access to the root CA public keys. | To verify the DDA signature obtained earlier, the terminal must have access to the root CA public keys. | ||
| Line 183: | Line 189: | ||
| [[https://www.mastercard.us/content/dam/public/mastercardcom/na/us/en/documents/mchip-payment-system-public-keys-12042018.pdf|here]], | [[https://www.mastercard.us/content/dam/public/mastercardcom/na/us/en/documents/mchip-payment-system-public-keys-12042018.pdf|here]], | ||
| or | or | ||
| - | [[https://www.eftlab.com/knowledge-base/243-ca-public-keys/|here]]. | + | [[https://www.eftlab.com/knowledge-base/list-of-ca-public-keys |here]]. |
| - | You will need to know the card type (AMEX, VISA, Mastercard, etc.) and CA public key index, which is given by the ICC (see tag 8F). | + | You will need to know the card type (AMEX, VISA, Mastercard, etc.) and CA public key index, which is given by the ICC (see tag ''%%8F%%''). |
| </note> | </note> | ||
| - | |||
| The process to verify a DDA signature is as follows: | The process to verify a DDA signature is as follows: | ||
| * The terminal verifies (RSA decrypts) the signed Issuer public key data (read from the ICC) using the CA public key, obtaining the Issuer public key | * The terminal verifies (RSA decrypts) the signed Issuer public key data (read from the ICC) using the CA public key, obtaining the Issuer public key | ||
| * The terminal verifies (RSA decrypts) the signed ICC public key data (read from the ICC) using the Issuer public key, obtaining the ICC public key | * The terminal verifies (RSA decrypts) the signed ICC public key data (read from the ICC) using the Issuer public key, obtaining the ICC public key | ||
| - | * The terminal verifies (RSA decrypts) the signed DDA data using the ICC public key (read from the ICC via the INTERNAL AUTHENTICATE command) | + | * The terminal verifies (RSA decrypts) the signed DDA data using the ICC public key (read from the ICC via the ''%%INTERNAL AUTHENTICATE%%'' command) |
| At each step, the verification step includes decryption of the data and checking that the hash over the fields mentioned in Book 2 of EMV matches the hash in the decrypted data. | At each step, the verification step includes decryption of the data and checking that the hash over the fields mentioned in Book 2 of EMV matches the hash in the decrypted data. | ||
| Line 208: | Line 213: | ||
| * First, generate a template ASN1 file as follows: | * First, generate a template ASN1 file as follows: | ||
| + | |||
| <file asn1 'template.asn1'> | <file asn1 'template.asn1'> | ||
| # Start with a SEQUENCE | # Start with a SEQUENCE | ||
| Line 230: | Line 236: | ||
| </file> | </file> | ||
| - | * Then use this template for all the keys you need to generate. For example, for the CA root key, use the template and replace the %%MODULUS%% and %%EXPONENT%% part by the modulus and exponent bytes given in the list of public CA root public keys for your card. Say the resulting file is named ca_pk.asn1. | + | * Then use this template for all the keys you need to generate. For example, for the CA root key, use the template and replace the ''%%MODULUS%%'' and ''%%EXPONENT%%'' part by the modulus and exponent bytes given in the list of public CA root public keys for your card. Say the resulting file is named ''%%ca_pk.asn1%%''. |
| - | * Then use openssl asn1 parser to obtain a public key in DER format as follows: | + | * Then use ''%%openssl asn1%%'' parser to obtain a public key in DER format as follows: |
| <code> | <code> | ||
| openssl asn1parse -genconf ca_pk.asn1 -out ca_pk.der -noout | openssl asn1parse -genconf ca_pk.asn1 -out ca_pk.der -noout | ||
| </code> | </code> | ||
| - | * Now copy the Issuer Certificate Public Key bytes obtained from the card into a file, say issuer_pk.bytes and then convert this to a binary file like this: | + | |
| + | * Now copy the Issuer Certificate Public Key bytes obtained from the card into a file, say ''%%issuer_pk.bytes%%'' and then convert this to a binary file as follows: | ||
| <code> | <code> | ||
| cat issuer_pk.bytes | xxd -r -p > issuer_pk.bin | cat issuer_pk.bytes | xxd -r -p > issuer_pk.bin | ||
| </code> | </code> | ||
| - | * At this point you can verify/decrypt the issuer certificate using openssl as follows: | + | |
| + | * At this point you can verify/decrypt the issuer certificate using ''%%openssl%%'' as follows: | ||
| <code> | <code> | ||
| openssl rsautl -verify -in issuer_pk_cert.bin -inkey ca_pk.der -pubin -keyform DER -raw | openssl rsautl -verify -in issuer_pk_cert.bin -inkey ca_pk.der -pubin -keyform DER -raw | ||
| </code> | </code> | ||
| - | Although it might be more convenient to see the output in hexa, using something like this: | + | |
| + | * Although it might be more convenient to see the output in hexa, using something like this: | ||
| <code> | <code> | ||
| openssl rsautl -verify -in issuer_pk_cert.bin -inkey ca_pk.der -pubin -keyform DER -raw | xxd -p | openssl rsautl -verify -in issuer_pk_cert.bin -inkey ca_pk.der -pubin -keyform DER -raw | xxd -p | ||
| </code> | </code> | ||
| | | ||
| - | To understand the meaning of the decrypted bytes, please refer to the respective EMV documentation (in particular sections 6.2-6.5 | + | To understand the meaning of the decrypted bytes, please refer to the respective EMV documentation (in particular sections 6.2-6.5 in book 2). For example, for the Issuer public key certificate, to obtain the actual issuer public key you need to ignore the first 15 bytes (metadata) as well as the last 21 bytes (hash result and trailer value ''%%BC%%''). The reminder bytes are the first part of the Issuer Public key. For the second part of the Issuer Public key (which you need to concatenate to the first part to get the full public key), please see the card response with tag ''%%92%%'' (Issuer Public Key reminder). |
| - | in book 2). For example, for the Issuer public key certificate, to obtain the actual issuer public key you need to ignore the first | + | |
| - | 15 bytes (metadata) as well as the last 21 bytes (hash result and trailer value "BC"). The reminder bytes are the first part of the | + | |
| - | Issuer Public key. For the second part of the Issuer Public key (which you need to concatenate to the first part to get the full | + | |
| - | public key), please see the card response with tag 92 (Issuer Public Key reminder). | + | |
| Apply the same/similar process to get the ICC public key and finally to decrypt/verify the DDA signature. | Apply the same/similar process to get the ICC public key and finally to decrypt/verify the DDA signature. | ||
| Line 262: | Line 271: | ||
| * signature (N - 21 bytes) | * signature (N - 21 bytes) | ||
| * a SHA-1 hash over 20 bytes (20*8 = 160 bits) | * a SHA-1 hash over 20 bytes (20*8 = 160 bits) | ||
| - | * a trailer byte with value "BC" | + | * a trailer byte with value ''%%BC%%'' |
| The hash contained in the DDA reponse is computed over the signature bytes (N - 21 bytes) concatenated with the data sent for the DDA signature (typically the 4 random/unpredictable bytes). Hence, if you recompute the hash over the N-21 signature bytes concatenated with the 4 random bytes and this matches the 20 bytes of the hash in the DDA response this should confirm that the 4 random bytes were correctly input into the signature generation. | The hash contained in the DDA reponse is computed over the signature bytes (N - 21 bytes) concatenated with the data sent for the DDA signature (typically the 4 random/unpredictable bytes). Hence, if you recompute the hash over the N-21 signature bytes concatenated with the 4 random bytes and this matches the 20 bytes of the hash in the DDA response this should confirm that the 4 random bytes were correctly input into the signature generation. | ||
| Line 274: | Line 283: | ||
| If you don't manage to get a signature from your card, use these responses from a card (decode them with TLV decode): | If you don't manage to get a signature from your card, use these responses from a card (decode them with TLV decode): | ||
| - | |||
| Start from the following responses of a card (decode them with [[http://www.emvlab.org/tlvutils/|TLV decode]]) | Start from the following responses of a card (decode them with [[http://www.emvlab.org/tlvutils/|TLV decode]]) | ||
| Line 307: | Line 315: | ||
| For this card the public key modulus is this (1152 bit): | For this card the public key modulus is this (1152 bit): | ||
| + | |||
| <code> | <code> | ||
| A6DA428387A502D7DDFB7A74D3F412BE762627197B25435B7A81716A700157DDD06F7CC99D6CA28C2470527E2C03616B9C59217357C2674F583B3BA5C7DCF2838692D023E3562420B4615C439CA97C44DC9A249CFCE7B3BFB22F68228C3AF13329AA4A613CF8DD853502373D62E49AB256D2BC17120E54AEDCED6D96A4287ACC5C04677D4A5A320DB8BEE2F775E5FEC5 | A6DA428387A502D7DDFB7A74D3F412BE762627197B25435B7A81716A700157DDD06F7CC99D6CA28C2470527E2C03616B9C59217357C2674F583B3BA5C7DCF2838692D023E3562420B4615C439CA97C44DC9A249CFCE7B3BFB22F68228C3AF13329AA4A613CF8DD853502373D62E49AB256D2BC17120E54AEDCED6D96A4287ACC5C04677D4A5A320DB8BEE2F775E5FEC5 | ||
| </code> | </code> | ||
| - | And the exponent is 0x03. | + | And the exponent is ''%%0x03%%''. |
| + | |||
| + | In case of big big trouble, here is the ASN1 file that you should obtain for the Issuer Public Key: | ||
| - | In case of big big trouble, is the ASN1 file that you should obtain for the Issuer Public Key: | ||
| <code asn1 issuer_pk.asn1> | <code asn1 issuer_pk.asn1> | ||
| # Start with a SEQUENCE | # Start with a SEQUENCE | ||
