ANNEX I CRequirements for construction, testing, installation, and inspection
TACHOGRAPH CARDS SPECIFICATION
3.HARDWARE AND COMMUNICATION
3.5.Command descriptions
3.5.11MANAGE SECURITY ENVIRONMENT
3.5.11.2Generation 2 Command — Response pairs
3.5.11.2.3MSE:SET DST
The following MSE:SET DST command is used to set a public key either
for the verification of a signature that is provided in a subsequent PSO: Verify Digital Signature command or
for the signature verification of a certificate that is provided in a subsequent PSO: Verify Certificate command
TCS_112
The command can be performed in the MF, DF Tachograph and DF Tachograph_G2, see also TCS_33.
TCS_113MSE:SET DST Command Message
Byte | Length | Value | Description |
---|---|---|---|
CLA | 1 | ‘00h’ | |
INS | 1 | ‘22h’ | |
P1 | 1 | ‘81h’ | Set for verification |
P2 | 1 | ‘B6h’ | Digital Signature |
Lc | 1 | ‘NNh’ | Lc: length of subsequent data field |
#6-#(5+L) | L | ‘83h’ + ‘08h’ + ‘XX...XXh’ | DER-TLV encoded reference of a public key, i.e. the Certificate Holder Reference in the certificate of the public key (see Appendix 11) |
For all command versions the response message structure and status words are given by:
TCS_114Response Message
Byte | Length | Value | Description |
---|---|---|---|
SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’. The protocol has been selected and initialised.
‘6A80’ indicates incorrect parameters in the command data field.
‘6A88’ indicates that referenced data (i.e. a referenced key) is not available.
F1If the currentAuthenticatedTime of the card is later than the Expiration Date of the selected public key, the processing state returned is ‘6A88’.
Note:
In the case of a MSE: SET AT for VU Authentication command, the referenced key is a VU_MA public key. The card shall set the VU_MA public key for use, if available in its memory, which matches the Certificate Holder Reference (CHR) given in the command data field (the card can identify VU_MA public keys by means of the certificate's CHA field). A card shall return ‘6A 88’ to this command in case only the VU_Sign public key or no public key of the Vehicle Unit is available. See the definition of the CHA field in Appendix 11 and of data type equipmentType in Appendix 1.
Similarly, in case an MSE: SET DST command referencing an EQT (i.e. a VU or a card) is sent to a control card, according to CSM_234 the referenced key is always an EQT_Sign key that has to be used for the verification of a digital signature. According to Figure 13 in Appendix 11, the control card will always have stored the relevant EQT_Sign public key. In some cases, the control card may have stored the corresponding EQT_MA public key. The control card shall always set the EQT_Sign public key for use when it receives an MSE: SET DST command.