This command is compliant with ISO/IEC 7816-4, but has a restricted usage compared to the command defined in the norm.
The READ BINARY command is used to read data from a transparent file.
The response of the card consists of returning the data read, optionally encapsulated in a secure messaging structure.
This command enables the IFD to read data from the EF currently selected, without secure messaging.
Note: This command without secure messaging can only be used to read a file that supports the ALW security condition for the Read access mode.U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘B0h’ | Read Binary |
| P1 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Most Significant Byte |
| P2 | 1 | ‘XXh’ | Offset in bytes from the beginning of the file: Least Significant Byte |
| Le | 1 | ‘XXh’ | Length of data expected. Number of Bytes to be read. |
Note: bit 8 of P1 must be set to 0.U.K.
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#X | X | ‘XX..XXh’ | Data read |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no EF is selected, the processing state returned is ‘6986’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.
[F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.
Textual Amendments
This command enables the IFD to read data from the EF currently selected with secure messaging, in order to verify the integrity of the data received and to protect the confidentiality of the data if the security condition SM-R-ENC-MAC-G1 (generation 1) or SM-R-ENC-MAC-G2 (generation 2) is applied.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘0Ch’ | Secure Messaging asked |
| INS | 1 | ‘B0h’ | Read Binary |
| P1 | 1 | ‘XXh’ | P1 ( offset in bytes from the beginning of the file): Most Significant Byte |
| P2 | 1 | ‘XXh’ | P2 ( offset in bytes from the beginning of the file): Least Significant Byte |
| Lc | 1 | ‘XXh’ | Length of input data for secure messaging |
| #6 | 1 | ‘97h’ | TLE: Tag for expected length specification. |
| #7 | 1 | ‘01h’ | LLE: Length of expected length |
| #8 | 1 | ‘NNh’ | Expected length specification (original Le): Number of Bytes to be read |
| #9 | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #10 | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum
|
| #11-#(10+L) | L | ‘XX..XXh’ | Cryptographic checksum |
| Le | 1 | ‘00h’ | As specified in ISO/IEC 7816-4 |
| [F1Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘ 81h ’ | T PV : Tag for plain value data |
| #2 | L | ‘ NNh ’ or ‘ 81 NNh ’ | L PV : length of returned data (=original Le). L is 2 bytes if L PV >127 bytes. |
| #(2+L) - #(1+L+NN) | NN | ‘ XX..XXh ’ | Plain Data value |
| #(2+L+NN) | 1 | ‘ 99h ’ | Tag for Processing Status (SW1-SW2) – optional for generation 1 secure messaging |
| #(3+L+NN) | 1 | ‘ 02h ’ | Length of Processing Status – optional for generation 1 secure messaging |
| #(4+L+NN) - #(5+L+NN) | 2 | ‘ XX XXh ’ | Processing Status of the unprotected response APDU – optional for generation 1 secure messaging |
| #(6+L+NN) | 1 | ‘ 8Eh ’ | TCC: Tag for cryptographic checksum |
| #(7+L+NN) | 1 | ‘ XXh ’ | LCC: Length of following cryptographic checksum
|
| #(8+L+NN)-#(7+M+L+NN) | M | ‘ XX..XXh ’ | Cryptographic checksum |
| SW | 2 | ‘ XXXXh ’ | Status Words (SW1,SW2)] |
| [F1Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘ 87h ’ | T PI CG : Tag for encrypted data (cryptogram) |
| #2 | L | ‘ MMh ’ or ‘ 81 MMh ’ | L PI CG : length of returned encrypted data (different of original Le of the command due to padding). L is 2 bytes if LPI CG > 127 bytes. |
| #(2+L)-#(1+L+MM) | MM | ‘ 01XX..XXh ’ | Encrypted Data: Padding Indicator and cryptogram |
| #(2+L+MM) | 1 | ‘ 99h ’ | Tag for Processing Status (SW1-SW2) – optional for generation 1 secure messaging |
| #(3+L+MM) | 1 | ‘ 02h ’ | Length of Processing Status – optional for generation 1 secure messaging |
| #(4+L+MM) - #(5+L+MM) | 2 | ‘ XX XXh ’ | Processing Status of the unprotected response APDU – optional for generation 1 secure messaging |
| #(6+L+MM) | 1 | ‘ 8Eh ’ | TCC: Tag for cryptographic checksum |
| #(7+L+MM) | 1 | ‘ XXh ’ | LCC: Length of following cryptographic checksum
|
| #(8+L+MM)-#(7+N+L+MM) | N | ‘ XX..XXh ’ | Cryptographic checksum |
| SW | 2 | ‘ XXXXh ’ | Status Words (SW1,SW2)] |
The READ BINARY command may return regular processing states listed in TCS_43 under Tag ‘99h’ as described in TCS_59 using the secure messaging response structure.
Additionally, some errors specifically related to secure messaging can happen. In that case, the processing state is simply returned, with no secure messaging structure involved:
| Byte | Length | Value | Description |
|---|---|---|---|
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If no current session key is available, the processing state ‘6A88’ is returned. It happens either if the session key has not already been generated or if the session key validity has expired (in this case the IFD must re-run a mutual authentication process to set a new session key).
If some expected data objects (as specified above) are missing in the secure messaging format, the processing state ‘6987’ is returned: this error happens if an expected tag is missing or if the command body is not properly constructed.
If some data objects are incorrect, the processing state returned is ‘6988’: this error happens if all the required tags are present but some lengths are different from the ones expected.
If the verification of the cryptographic checksum fails, the processing state returned is ‘6688’.
This command variant enables the IFD to select an EF by means of a short EF identifier and read data from this EF.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘B0h’ | Read Binary |
| P1 | 1 | ‘XXh’ | Bit 8 is set to 1 Bit 7 and 6 are set to 00 Bit 5 — 1 encode the short EF identifier of the corresponding EF |
| P2 | 1 | ‘XXh’ | Encodes an offset from 0 to 255 bytes in the EF referenced by P1 |
| Le | 1 | ‘XXh’ | Length of data expected. Number of Bytes to be read. |
Note: The short EF identifiers used for the Generation 2 tachograph application are specified in chapter 4.U.K.
If P1 encodes a short EF identifier and the command is successful, the identified EF becomes the currently selected EF (current EF).
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#L | L | ‘XX..XXh’ | Data read |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If the file corresponding with the short EF identifier is not found, the processing state returned is ‘6A82’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.
[F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.
This command variant enables the IFD to read data from an EF with 32 768 bytes or more.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘00h’ | |
| INS | 1 | ‘B1h’ | Read Binary |
| P1 | 1 | ‘00h’ | Current EF |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘NNh’ | Lc Length of offset data object. |
| #6-#(5+NN) | NN | ‘XX..XXh’ | Offset data object: Tag ‘54h’ Length ‘01h’ or ‘02h’ Value offset |
| [F1Le | 1 | 'XXh' | As specified in ISO/IEC 7816-4] |
The IFD shall encode the offset data object's length with a minimum possible number of octets, i.e. using the length byte ‘01h’ the IFD shall encode an offset from 0 to 255 and using the length byte ‘02h’ an offset from ‘256’ up to ‘65 535’ bytes.
[F2In case of T = 0 the card assumes the value Le = ‘ 00h ’ if no secure messaging is applied.
Textual Amendments
In case of T = 1 the processing state returned is ‘ 6700 ’ if Le= ‘ 01h ’ .]
| Byte | Length | Value | Description |
|---|---|---|---|
| #1-#L | L | ‘XX..XXh’ | Data read encapsulated in a discretionary data object with tag ‘53h’. |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |
If the command is successful, the card returns ‘9000’.
If no EF is selected, the processing state returned is ‘6986’.
If the security conditions of the selected file are not satisfied, the command is interrupted with ‘6982’.
If the Offset is not compatible with the size of the EF (Offset > EF size), the processing state returned is ‘6B00’.
If the size of the data to be read is not compatible with the size of the EF (Offset + Le > EF size) the processing state returned is ‘6700’ or ‘6Cxx’ where ‘xx’ indicates the exact length.
[F1If an integrity error is detected within the file attributes, the card shall consider the file as corrupted and unrecoverable, the processing state returned is ‘ 6400 ’ or ‘ 6500 ’.]
If an integrity error is detected within the stored data, the card shall return the demanded data, and the processing state returned is ‘6281’.
The following example illustrates the usage of secure messaging if the security condition SM-MAC-G2 applies.
| Byte | Length | Value | Description |
|---|---|---|---|
| CLA | 1 | ‘0Ch’ | Secure Messaging asked |
| INS | 1 | ‘B1h’ | Read Binary |
| P1 | 1 | ‘00h’ | Current EF |
| P2 | 1 | ‘00h’ | |
| Lc | 1 | ‘XXh’ | Length of the secured data field |
| #6 | 1 | ‘B3h’ | Tag for plain value data encoded in BER-TLV |
| #7 | 1 | ‘NNh’ | LPV: length of transmitted data |
| #(8)-#(7+NN) | NN | ‘XX..XXh’ | Plain Data encoded in BER-TLV, i.e. the offset data object with tag ‘54’ |
| #(8+NN) | 1 | ‘97h’ | TLE: Tag for expected length specification. |
| #(9+NN) | 1 | ‘01h’ | LLE: Length of expected length |
| #(10+NN) | 1 | ‘XXh’ | Expected length specification (original Le): Number of bytes to be read |
| #(11+NN) | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #(12+NN) | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum ‘08h’, ‘0Ch’ or ‘10h’ depending on AES key length for Generation 2 secure messaging (see Appendix 11 Part B) |
| #(13+NN)-#(12+M+NN) | M | ‘XX..XXh’ | Cryptographic checksum |
| Le | 1 | ‘00h’ | As specified in ISO/IEC 7816-4 |
| Byte | Length | Value | Description |
|---|---|---|---|
| #1 | 1 | ‘B3h’ | Plain Data encoded in BER-TLV |
| #2 | L | ‘NNh’ or ‘81 NNh’ | LPV: length of returned data (=original Le). L is 2 bytes if LPV>127 bytes. |
| #(2+L)-#(1+L+NN) | NN | ‘XX..XXh’ | Plain Data value encoded in BER-TLV, i.e. data read encapsulated in a discretionary data object with tag ‘53h’. |
| #(2+L+NN) | 1 | ‘99h’ | Processing Status of the unprotected response APDU |
| #(3+L+NN) | 1 | ‘02h’ | Length of Processing Status |
| #(4+L+NN) — #(5+L+NN) | 2 | ‘XX XXh’ | Processing Status of the unprotected response APDU |
| #(6+L+NN) | 1 | ‘8Eh’ | TCC: Tag for cryptographic checksum |
| #(7+L+NN) | 1 | ‘XXh’ | LCC: Length of following cryptographic checksum ‘08h’, ‘0Ch’ or ‘10h’ depending on AES key length for Generation 2 secure messaging (see Appendix 11 Part B) |
| #(8+L+NN)-#(7+M+L+NN) | M | ‘XX..XXh’ | Cryptographic checksum |
| SW | 2 | ‘XXXXh’ | Status Words (SW1,SW2) |