ANNEX I CU.K.Requirements for construction, testing, installation, and inspection

Appendix 2

TACHOGRAPH CARDS SPECIFICATION U.K.

3.HARDWARE AND COMMUNICATIONU.K.

3.5. Command descriptions U.K.

3.5.15 PSO: VERIFY DIGITAL SIGNATURE U.K.

This command is used to verify the digital signature, provided as an input, whose hash is known to the card. The signature algorithm is implicitly known by the card.

This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.

Only the control card is required to support this command in the DF Tachograph and DF Tachograph_G2.

Other types of tachograph cards may or may not implement this command. The command may or may not be accessible in the MF.

TCS_132The VERIFY DIGITAL SIGNATURE command always uses the public key selected by the previous Manage Security Environment MSE: Set DST command and the previous hash code entered by a PSO: HASH command.U.K.

TCS_133 Command Message U.K.

[F1Byte	Length	Value	Description
CLA	1	‘ 00h ’	CLA
INS	1	‘ 2Ah ’	Perform Security Operation
P1	1	‘ 00h ’
P2	1	‘ A8h ’	Tag: data field contains DOs relevant for verification
Lc	1	‘ XXh ’	Length Lc of the subsequent data field
#6	1	‘ 9Eh ’	Tag for Digital Signature
#7 or #7-#8	L	‘ NNh ’ or ‘ 81 NNh ’	Length of digital signature (L is 2 bytes if the digital signature is longer than 127 bytes): 128 bytes coded in accordance with Appendix 11 Part A for Tachograph Generation 1 application. Depending on the selected curve for Tachograph Generation 2 application (see Appendix 11 Part B).
#(7+L)-#(6+L+NN)	NN	‘ XX..XXh ’	Digital signature content]

TCS_134 Response Message U.K.

Byte	Length	Value	Description
SW	2	‘XXXXh’	Status Words (SW1,SW2)

If the command is successful, the card returns ‘9000’.

If the verification of the signature fails, the processing state returned is ‘6688’. The verification process is described in Appendix 11.

If no public key is selected, the processing state returned is ‘6A88’.

If some expected data objects (as specified above) are missing, the processing state ‘6987’ is returned. This can happen if one of the required tag is missing.

If no hash code is available to process the command (as a result of a previous PSO: Hash command), the processing state returned is ‘6985’.

If some data objects are incorrect, the processing state returned is ‘6988’. This can happen if one of the required data objects length is incorrect.

If the selected public key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.

[F2If the selected public key (used to verify the digital signature) has a CHA.LSB (CertificateHolderAuthorisation.equipmentType) that is not suitable for the digital signature verification according to Appendix 11, the processing state returned is ‘ 6985 ’.]

Textual Amendments

F2 Inserted by Commission Implementing Regulation (EU) 2018/502 of 28 February 2018 amending Implementing Regulation (EU) 2016/799 laying down the requirements for the construction, testing, installation, operation and repair of tachographs and their components (Text with EEA relevance).