问题
I'm working with a mobile payment terminal and a testing tool for testing EMV transactions. Part of the setup of the terminal involves loading a number of CAP keys into the terminal for use with different types of cards.
I'm curious, how does the terminal go about selecting an appropriate CAP key? Is there any information I could obtain from the APDU logs that would indicate to me which CAP key will be used?
The specific problem I'm running into is I have a demo project that is processing AMEX cards with success, but I'm not able to process them in my own project. I'm getting errors such as, "No key was found to do the verification (65)". I thought it would be enough to match the Application Identifier, but I'm not seeing any AMEX identifiers in the demo project, even though it's working (A0 00 00 00 25).
回答1:
Q: How does the terminal go about selecting an appropriate CAP key?
A: The terminal CAP Key records usually added during the EMV/NFC kernel initialization. For the key determination the records usually have next values:
- RID - Registered Application ID. 'A000000025' in your case.
- Key Index. '65' (0x65) in your case.
- Key Exponent. '03' for this key.
- Key Modulus - exactly the key value. "E53E...400D" for this test Amex key.
Depending of your EMV Kernel requirements can require also:
- Key Activation and Expiry Date.
- Key Checksum Algorithm
- Key Checksum
Q: Is there any information I could obtain from the APDU logs that would indicate to me which CAP key will be used?
A: Yes you can determine required Key Index, Key Exponent and RID from the Card APDU traces. Search for next tags:
- Tag 0x9F32: Issuer Public Key Exponent.
- Tag 0x8F: Certification Authority Public Key Index.
- RID is the first 5 Bytes of Application ID (AID). Tag 0x4F: Application Identifier (AID).
回答2:
I believe you know how to do READ using the AFL(Application file locator) information. Read all the files and you will come across an element Certification authority public key index. This is linked to application RID. Just browse this link and you will understand. It has most CA PKs.
In your case you need to add the selected PK for A000000025 with Index 65
来源:https://stackoverflow.com/questions/41899196/emv-capk-selection