This command is used to verify the digital signature, provided as an input, whose hash is known to the card. The signature algorithm is implicitly known by the card.
This command is compliant with ISO/IEC 7816-8. The use of this command is restricted regarding the related standard.
Only the control card is required to support this command in the DF Tachograph and DF Tachograph_G2.
Other types of tachograph cards may or may not implement this command. The command may or may not be accessible in the MF.
[F1Byte | Length | Value | Description |
---|---|---|---|
CLA | 1 | ‘ 00h ’ | CLA |
INS | 1 | ‘ 2Ah ’ | Perform Security Operation |
P1 | 1 | ‘ 00h ’ | |
P2 | 1 | ‘ A8h ’ | Tag: data field contains DOs relevant for verification |
Lc | 1 | ‘ XXh ’ | Length Lc of the subsequent data field |
#6 | 1 | ‘ 9Eh ’ | Tag for Digital Signature |
#7 or #7-#8 | L | ‘ NNh ’ or ‘ 81 NNh ’ | Length of digital signature (L is 2 bytes if the digital signature is longer than 127 bytes):
|
#(7+L)-#(6+L+NN) | NN | ‘ XX..XXh ’ | Digital signature content] |
Byte | Length | Value | Description |
---|---|---|---|
SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the verification of the signature fails, the processing state returned is ‘6688’. The verification process is described in Appendix 11.
If no public key is selected, the processing state returned is ‘6A88’.
If some expected data objects (as specified above) are missing, the processing state ‘6987’ is returned. This can happen if one of the required tag is missing.
If no hash code is available to process the command (as a result of a previous PSO: Hash command), the processing state returned is ‘6985’.
If some data objects are incorrect, the processing state returned is ‘6988’. This can happen if one of the required data objects length is incorrect.
If the selected public key is considered corrupted, the processing state returned is ‘6400’ or ‘6581’.
[F2If the selected public key (used to verify the digital signature) has a CHA.LSB (CertificateHolderAuthorisation.equipmentType) that is not suitable for the digital signature verification according to Appendix 11, the processing state returned is ‘ 6985 ’.]
Textual Amendments