- Y Diweddaraf sydd Ar Gael (Diwygiedig)
- Gwreiddiol (Fel y’i mabwysiadwyd gan yr UE)
Commission Implementing Regulation (EU) 2016/799Dangos y teitl llawn
Commission Implementing Regulation (EU) 2016/799 of 18 March 2016 implementing Regulation (EU) No 165/2014 of the European Parliament and of the Council laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance)
You are here:
Pa Fersiwn
Nodweddion Uwch
- Dangos Graddfa Ddaearyddol(e.e. Lloegr, Cymru, Yr Alban aca Gogledd Iwerddon)
- Dangos Llinell Amser Newidiadau
Rhagor o Adnoddau
PDF o Fersiynau Diwygiedig
- ddiwygiedig 26/02/202011.25 MB
- ddiwygiedig 17/04/201810.62 MB
- ddiwygiedig 26/05/20169.89 MB
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
Mae hon yn eitem o ddeddfwriaeth sy’n deillio o’r UE
Mae unrhyw newidiadau sydd wedi cael eu gwneud yn barod gan y tîm yn ymddangos yn y cynnwys a chyfeirir atynt gydag anodiadau.Ar ôl y diwrnod ymadael bydd tair fersiwn o’r ddeddfwriaeth yma i’w gwirio at ddibenion gwahanol. Y fersiwn legislation.gov.uk yw’r fersiwn sy’n weithredol yn y Deyrnas Unedig. Y Fersiwn UE sydd ar EUR-lex ar hyn o bryd yw’r fersiwn sy’n weithredol yn yr UE h.y. efallai y bydd arnoch angen y fersiwn hon os byddwch yn gweithredu busnes yn yr UE. EUR-Lex Y fersiwn yn yr archif ar y we yw’r fersiwn swyddogol o’r ddeddfwriaeth fel yr oedd ar y diwrnod ymadael cyn cael ei chyhoeddi ar legislation.gov.uk ac unrhyw newidiadau ac effeithiau a weithredwyd yn y Deyrnas Unedig wedyn. Mae’r archif ar y we hefyd yn cynnwys cyfraith achos a ffurfiau mewn ieithoedd eraill o EUR-Lex. The EU Exit Web Archive legislation_originated_from_EU_p3
Changes over time for: Division 3.
Changes to legislation:
There are outstanding changes not yet made to Commission Implementing Regulation (EU) 2016/799. Any changes that have already been made to the legislation appear in the content and are referenced with annotations.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
Newidiadau ac effeithiau heb eu gweithredu eto ar yr eitem ddeddfwriaeth gyfan a’r darpariaethau cysylltiedig.
- Signature words omitted by S.I. 2019/453 reg. 110
- Annex 1C modified by S.I. 2023/739 reg. 3 Sch.
3.KEYS AND CERTIFICATESU.K.
3.1. Keys generation and distribution U.K.
3.1.1 RSA Keys generation and distribution U.K.
CSM_006RSA keys shall be generated through three functional hierarchical levels:U.K.
European level,
Member State level,
Equipment level.
CSM_007At European level, a single European key pair (EUR.SK and EUR.PK) shall be generated. The European private key shall be used to certify the Member States public keys. Records of all certified keys shall be kept. These tasks shall be handled by a European Certification Authority, under the authority and responsibility of the European Commission.U.K.
CSM_008At Member State level, a Member State key pair (MS.SK and MS.PK) shall be generated. Member States public keys shall be certified by the European Certification Authority. The Member State private key shall be used to certify public keys to be inserted in equipment (vehicle unit or tachograph card). Records of all certified public keys shall be kept with the identification of the equipment to which it is intended. These tasks shall be handled by a Member State Certification Authority. A Member State may regularly change its key pair.U.K.
CSM_009At equipment level, one single key pair (EQT.SK and EQT.PK) shall be generated and inserted in each equipment. Equipment public keys shall be certified by a Member State Certification Authority. These tasks may be handled by equipment manufacturers, equipment personalisers or Member State authorities. This key pair is used for authentication, digital signature and encipherement servicesU.K.
CSM_010Private keys confidentiality shall be maintained during generation, transport (if any) and storage.U.K.
The following picture summarises the data flow of this process:
3.1.2 RSA Test keys U.K.
CSM_011For the purpose of equipment testing (including interoperability tests) the European Certification Authority shall generate a different single European test key pair and at least two Member State test key pairs, the public keys of which shall be certified with the European private test key. Manufacturers shall insert, in equipment undergoing type approval tests, test keys certified by one of these Member State test keys.U.K.
3.1.3 Motion sensor keys U.K.
The confidentiality of the three Triple DES keys described below shall be appropriately maintained during generation, transport (if any) and storage.
In order to support tachograph components compliant with ISO 16844, the European Certification Authority and the Member State Certification Authorities shall, in addition, ensure the following:
CSM_036The European Certification authority shall generate KmVU and KmWC, two independent and unique Triple DES keys, and generate Km as: Km = KmVU XOR KmWC. The European Certification Authority shall forward these keys, under appropriately secured procedures, to Member States Certification Authorities at their request.U.K.
CSM_037Member States Certification Authorities shall:U.K.
use Km to encrypt motion sensor data requested by motion sensor manufacturers (data to be encrypted with Km is defined in ISO 16844-3),
forward KmVU to vehicle unit manufacturers, under appropriately secured procedures, for insertion in vehicle units,
ensure that KmWC will be inserted in all workshop cards (
in
elementary file) during card personalisation.
3.1.4 T-DES session keys generation and distribution U.K.
CSM_012Vehicle units and tachograph cards shall, as a part of the mutual authentication process, generate and exchange necessary data to elaborate a common Triple DES session key. This exchange of data shall be protected for confidentiality through an RSA crypt-mechanism.U.K.
CSM_013This key shall be used for all subsequent cryptographic operations using secure messaging. Its validity shall expire at the end of the session (withdrawal of the card or reset of the card) and/or after 240 use (one use of the key = one command using secure messaging sent to the card and associated response).U.K.
3.2. Keys U.K.
CSM_014RSA keys shall have (whatever the level) the following lengths: modulus n1 024 bits, public exponent e 64 bits maximum, private exponent d1 024 bits.U.K.
CSM_015Triple DES keys shall have the form (Ka, Kb, Ka) where Ka and Kb are independent 64 bits long keys. No parity error detecting bits shall be set.U.K.
3.3. Certificates U.K.
CSM_016RSA Public key certificates shall be ‘non self-descriptive’‘Card Verifiable’ certificates (Ref.: ISO/IEC 7816-8)U.K.
3.3.1 Certificates content U.K.
CSM_017RSA Public key certificates are built with the following data in the following order:U.K.
| Data | Format | Bytes | Obs |
|---|---|---|---|
| CPI | INTEGER | 1 | Certificate Profile Identifier (‘01’ for this version) |
| CAR | OCTET STRING | 8 | Certification Authority Reference |
| CHA | OCTET STRING | 7 | Certificate Holder Authorisation |
| EOV | TimeReal | 4 | Certificate end of validity. Optional, ‘FF’ padded if not used. |
| CHR | OCTET STRING | 8 | Certificate Holder Reference |
| n | OCTET STRING | 128 | Public key (modulus) |
| e | OCTET STRING | 8 | Public Key (public exponent) |
| 164 | |||
Notes: U.K.
1.The ‘Certificate Profile Identifier’ (CPI) delineates the exact structure of an authentication certificate. It can be used as an equipment internal identifier of a relevant headerlist which describes the concatenation of Data Elements within the certificate.U.K.
The headerlist associated with this certificate content is as follows:
| ‘4D’ | ‘16’ | ‘5F 29’ | ‘01’ | ‘42’ | ‘08’ | ‘5F 4B’ | ‘07’ | ‘5F 24’ | ‘04’ | ‘5F 20’ | ‘08’ | ‘7F 49’ | ‘05’ | ‘81’ | ‘81 80’ | ‘82’ | ‘08’ |
| Extended Headerlist Tag | Length of header list | CPI Tag | CPI Length | CAR Tag | CAR Length | CHA Tag | CHA Length | EOV Tag | EOV Length | CHR Tag | CHR Length | Public Key Tag (Constructed) | Length of subsequent DOs | modulus Tag | modulus length | public exponent Tag | public exponent length |
2.The ‘Certification Authority Reference’ (CAR) has the purpose of identifying the certificate issuing CA, in such a way that the Data Element can be used at the same time as an Authority Key Identifier to reference the Public Key of the Certification Authority (for coding, see Key Identifier below).U.K.
3.The ‘Certificate Holder Authorisation’ (CHA) is used to identify the rights of the certificate holder. It consists of the Tachograph Application ID and of the type of equipment to which the certificate is intended (according to 
data element, ‘00’ for a Member State).U.K.
4.The ‘Certificate Holder Reference’ (CHR) has the purpose of identifying uniquely the certificate holder, in such a way that the Data Element can be used at the same time as a Subject Key Identifier to reference the Public Key of the certificate holder.U.K.
5.Key Identifiers uniquely identify certificate holder or certification authorities. They are coded as follows:U.K.
5.1
Equipment (VU or Card):
| Data | Equipment serial number | Date | Type | Manufacturer |
|---|---|---|---|---|
| Length | 4 Bytes | 2 Bytes | 1 Byte | 1 Byte |
| Value | Integer | mm yy BCD coding | Manufacturer specific | Manufacturer code |
In the case of a VU, the manufacturer, when requesting certificates, may or may not know the identification of the equipment in which the keys will be inserted.
In the first case, the manufacturer will send the equipment identification with the public key to its Member State authority for certification. The certificate will then contain the equipment identification, and the manufacturer must ensure that keys and certificate are inserted in the intended equipment. The Key identifier has the form shown above.
In the later case, the manufacturer must uniquely identify each certificate request and send this identification with the public key to its Member State authority for certification. The certificate will contain the request identification. The manufacturer must feed back its Member State authority with the assignment of key to equipment (i.e. certificate request identification, equipment identification) after key installation in the equipment. The key identifier has the following form:
| Data | Certificate request serial number | Date | Type | Manufacturer |
|---|---|---|---|---|
| Length | 4 Bytes | 2 Bytes | 1 Byte | 1 Byte |
| Value | Integer | mm yy BCD coding | ‘FF’ | Manufacturer code |
5.2
Certification Authority:
| Data | Authority Identification | Key serial number | Additional info | Identifier |
|---|---|---|---|---|
| Length | 4 Bytes | 1 Byte | 2 Bytes | 1 Byte |
| Value | 1 Byte nation numerical code 3 Bytes nation alphanumerical code | Integer | additional coding (CA specific) ‘FF FF’ if not used | ‘01’ |
The key serial number is used to distinguish the different keys of a Member State, in the case the key is changed.
6.Certificate verifiers shall implicitly know that the public key certified is an RSA key relevant to authentication, digital signature verification and encipherement for confidentiality services (the certificate contains no Object Identifier to specify it).U.K.
3.3.2 Certificates issued U.K.
CSM_018The certificate issued is a digital signature with partial recovery of the certificate content in accordance with ISO/IEC 9796-2 (except for its annex A4), with the ‘Certification Authority Reference’ appended.U.K.
X.C = X.CA.SK[‘6A’ || Cr || Hash(Cc) || ‘BC’] || Cn || X.CAR
| With certificate content = Cc = | Cr | || | Cn |
| 106 bytes | 58 bytes |
Notes: U.K.
1.This certificate is 194 bytes long.U.K.
2.CAR, being hidden by the signature, is also appended to the signature, such that the Public Key of the Certification Authority may be selected for the verification of the certificate.U.K.
3.The certificate verifier shall implicitly know the algorithm used by the Certification Authority to sign the certificate.U.K.
4.The headerlist associated with this issued certificate is as follows:U.K.
| ‘7F 21’ | ‘09’ | ‘5F 37’ | ‘81 80’ | ‘5F 38’ | ‘3A’ | ‘42’ | ‘08’ |
| CV Certificate Tag (Constructed) | Length of subsequent DOs | Signature Tag | Signature Length | Remainder Tag | Remainder Length | CAR Tag | CAR Length |
3.3.3 Certificate verification and unwrapping U.K.
Certificate verification and unwrapping consists in verifying the signature in accordance with ISO/IEC 9796-2, retrieving the certificate content and the public key contained: X.PK = X.CA.PK o X.C, and verifying the validity of the certificate.
CSM_019It involves the following steps:U.K.
Verify signature and retrieve content:
from CAR' select appropriate Certification Authority Public Key (if not done before through other means)
open Sign with CA Public Key: Sr'= X.CA.PK [Sign],
check Sr' starts with ‘6A’ and ends with ‘BC’
Recover certificate content C' = Cr' || Cn',
check Hash(C') = H'
If the checks are OK the certificate is a genuine one, its content is C'.
Verify validity. From C':
if applicable, check End of validity date,
Retrieve and store public key, Key Identifier, Certificate Holder Authorisation and Certificate End of Validity from C':
X.PK = n || e
X.KID = CHR
X.CHA = CHA
X.EOV = EOV
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Annex
PrintThe Whole Division
PrintThe Whole Part
PrintThis Division only
You have chosen to open the Whole Regulation
The Whole Regulation you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open Schedules only
Y Rhestrau you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Mae deddfwriaeth ar gael mewn fersiynau gwahanol:
Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.
Gwreiddiol (Fel y’i mabwysiadwyd gan yr UE): Mae'r wreiddiol version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys
Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Dewisiadau Agor
Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd
Rhagor o Adnoddau
Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:
- y PDF print gwreiddiol y fel adopted version that was used for the EU Official Journal
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- pob fformat o’r holl ddogfennau cysylltiedig
- slipiau cywiro
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Llinell Amser Newidiadau
Mae’r llinell amser yma yn dangos y fersiynau gwahanol a gymerwyd o EUR-Lex yn ogystal ag unrhyw fersiynau dilynol a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig.
Cymerir dyddiadau fersiynau’r UE o ddyddiadau’r dogfennau ar EUR-Lex ac efallai na fyddant yn cyfateb â’r adeg pan ddaeth y newidiadau i rym ar gyfer y ddogfen.
Ar gyfer unrhyw fersiynau a grëwyd ar ôl y diwrnod ymadael o ganlyniad i newidiadau a wnaed gan ddeddfwriaeth y Deyrnas Unedig, bydd y dyddiad yn cyd-fynd â’r dyddiad cynharaf y daeth y newid (e.e. ychwanegiad, diddymiad neu gyfnewidiad) a weithredwyd i rym. Am ragor o wybodaeth gweler ein canllaw i ddeddfwriaeth ddiwygiedig ar Ddeall Deddfwriaeth.
Rhagor o Adnoddau
Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:
- y PDF print gwreiddiol y fel adopted fersiwn a ddefnyddiwyd am y copi print
- slipiau cywiro
liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys
- rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
- manylion rhoi grym a newid cyffredinol
- pob fformat o’r holl ddogfennau cysylltiedig
- dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Mae’r holl gynnwys ar gael dan Drwydded Llywodraeth Agored v3.0 ac eithrio ble nodir yn wahanol. Yn ychwanegol mae’r safle hwn â chynnwys sy’n deillio o EUR-Lex, a ailddefnyddiwyd dan delerau Penderfyniad y Comisiwn 2011/833/EU ar ailddefnyddio dogfennau o sefydliadau’r UE. Am ragor o wybodaeth gweler ddatganiad cyhoeddus Swyddfa Gyhoeddiadau’r UE ar ailddefnyddio.