Java Card: Send long response with T=0
up vote
2
down vote
favorite
I want to send a long response (1000+ bytes) from the card to the host. The reader only has T=0. I have a few questions wondering if anyone knows:
- My understanding is ExtendedLength only works on T=1, is this true?
- If so, is there best practice on sending long response on T=0?
- One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard
All the best!
Johnny
smartcard javacard apdu
add a comment |
up vote
2
down vote
favorite
I want to send a long response (1000+ bytes) from the card to the host. The reader only has T=0. I have a few questions wondering if anyone knows:
- My understanding is ExtendedLength only works on T=1, is this true?
- If so, is there best practice on sending long response on T=0?
- One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard
All the best!
Johnny
smartcard javacard apdu
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I want to send a long response (1000+ bytes) from the card to the host. The reader only has T=0. I have a few questions wondering if anyone knows:
- My understanding is ExtendedLength only works on T=1, is this true?
- If so, is there best practice on sending long response on T=0?
- One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard
All the best!
Johnny
smartcard javacard apdu
I want to send a long response (1000+ bytes) from the card to the host. The reader only has T=0. I have a few questions wondering if anyone knows:
- My understanding is ExtendedLength only works on T=1, is this true?
- If so, is there best practice on sending long response on T=0?
- One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard
All the best!
Johnny
smartcard javacard apdu
smartcard javacard apdu
asked Nov 8 at 4:53
Johnny
1,09851630
1,09851630
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
4
down vote
My understanding is ExtendedLength only works on T=1, is this true?
That is not true. No such limitation is specified in ISO/IEC 7816-4 anyway. However, the card should indicate support for extended length in the ATR / the EF.ATR. Readers may not just assume that extended length is present (but you could ignore this if you're the only one handling the application anyway).
If so, is there best practice on sending long response on T=0?
There are many issues with extended length, not all readers support it, Global Platform doesn't support it (the latest version might, I haven't checked) and Java Card only supports up to 32Ki - 1 bytes. Android only has enabled extended length support by default in the latest versions, but you'd better expect NFC enabled phones not to handle it correctly. ISO/IEC 7816-4 made a mess out of the extended length specification, especially in the later versions (2015 onwards).
Unfortunately you are often constrained to using command chaining or simply by executing multiple READ BINARY commands. The latter is definitely the least error prone - but it is slow and end-of-file handling can be tricky.
One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard.
This is the command chaining solution, correct.
Yes, it is rather idiotic that you cannot indicate warnings without throwing an exception. Well found. But you can just send data and generate the status word by throwing the exception. Probably best to save the status word and generate the exception at the end of your process
method.
Reader support of extended length is quite good according to our experience (we have a non-Javacard in our product portfolio, but use T=1 or T=CL). Getting a digital signature with 4096 bit can't be easily partitioned using Read Binary, so this would become a major obstacle. All ICAO-compliant cards would also encounter severe performance problems for reading of photos and fingerprints otherwise due to the command processing overhead.
– guidot
Nov 9 at 13:10
2
NFC reader support sucks. And I specified the extended length for ICAO - or at least I proposed it to be used instead of command chaining. ICAO is a relatively closed eco-system though. I had a Dell laptop with build in NFC reader, it didn't do extended length either.
– Maarten Bodewes
Nov 9 at 13:12
add a comment |
up vote
3
down vote
1 - extended length works in T=0 as explained by @Maarten in his answer.
2 - I am not aware of any best practice. But you can try to implement as described in my next answer.
3 - I partially agree with this, you can use response chaining to get all the response data. Good news is, depending on circumstances, you don't need to implement different protocol handling on applet level. My suggestion is just to do the same processing as you did in T=1, which I imagine is that you just call APDU.sendBytesLong
. Then let the platform do the rest like magic.
In javacard platforms that I have worked before, doing so will lead to the following behavior:
Suppose you want to send a get Data command to retrieve 1000 bytes of data:
- Send Get Data which will return 256 bytes of data followed by 61xx
- Send Get Response APDU (
00 C0 00 00
plus desired Le) as much as needed until the returned status word is 9000 which means that all data are returned.
Take note that the 61xx and processing of Get Response command are handled on platform level and you don't need to do anything in the applet.
You can give it a try and let me know if it works.
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
My understanding is ExtendedLength only works on T=1, is this true?
That is not true. No such limitation is specified in ISO/IEC 7816-4 anyway. However, the card should indicate support for extended length in the ATR / the EF.ATR. Readers may not just assume that extended length is present (but you could ignore this if you're the only one handling the application anyway).
If so, is there best practice on sending long response on T=0?
There are many issues with extended length, not all readers support it, Global Platform doesn't support it (the latest version might, I haven't checked) and Java Card only supports up to 32Ki - 1 bytes. Android only has enabled extended length support by default in the latest versions, but you'd better expect NFC enabled phones not to handle it correctly. ISO/IEC 7816-4 made a mess out of the extended length specification, especially in the later versions (2015 onwards).
Unfortunately you are often constrained to using command chaining or simply by executing multiple READ BINARY commands. The latter is definitely the least error prone - but it is slow and end-of-file handling can be tricky.
One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard.
This is the command chaining solution, correct.
Yes, it is rather idiotic that you cannot indicate warnings without throwing an exception. Well found. But you can just send data and generate the status word by throwing the exception. Probably best to save the status word and generate the exception at the end of your process
method.
Reader support of extended length is quite good according to our experience (we have a non-Javacard in our product portfolio, but use T=1 or T=CL). Getting a digital signature with 4096 bit can't be easily partitioned using Read Binary, so this would become a major obstacle. All ICAO-compliant cards would also encounter severe performance problems for reading of photos and fingerprints otherwise due to the command processing overhead.
– guidot
Nov 9 at 13:10
2
NFC reader support sucks. And I specified the extended length for ICAO - or at least I proposed it to be used instead of command chaining. ICAO is a relatively closed eco-system though. I had a Dell laptop with build in NFC reader, it didn't do extended length either.
– Maarten Bodewes
Nov 9 at 13:12
add a comment |
up vote
4
down vote
My understanding is ExtendedLength only works on T=1, is this true?
That is not true. No such limitation is specified in ISO/IEC 7816-4 anyway. However, the card should indicate support for extended length in the ATR / the EF.ATR. Readers may not just assume that extended length is present (but you could ignore this if you're the only one handling the application anyway).
If so, is there best practice on sending long response on T=0?
There are many issues with extended length, not all readers support it, Global Platform doesn't support it (the latest version might, I haven't checked) and Java Card only supports up to 32Ki - 1 bytes. Android only has enabled extended length support by default in the latest versions, but you'd better expect NFC enabled phones not to handle it correctly. ISO/IEC 7816-4 made a mess out of the extended length specification, especially in the later versions (2015 onwards).
Unfortunately you are often constrained to using command chaining or simply by executing multiple READ BINARY commands. The latter is definitely the least error prone - but it is slow and end-of-file handling can be tricky.
One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard.
This is the command chaining solution, correct.
Yes, it is rather idiotic that you cannot indicate warnings without throwing an exception. Well found. But you can just send data and generate the status word by throwing the exception. Probably best to save the status word and generate the exception at the end of your process
method.
Reader support of extended length is quite good according to our experience (we have a non-Javacard in our product portfolio, but use T=1 or T=CL). Getting a digital signature with 4096 bit can't be easily partitioned using Read Binary, so this would become a major obstacle. All ICAO-compliant cards would also encounter severe performance problems for reading of photos and fingerprints otherwise due to the command processing overhead.
– guidot
Nov 9 at 13:10
2
NFC reader support sucks. And I specified the extended length for ICAO - or at least I proposed it to be used instead of command chaining. ICAO is a relatively closed eco-system though. I had a Dell laptop with build in NFC reader, it didn't do extended length either.
– Maarten Bodewes
Nov 9 at 13:12
add a comment |
up vote
4
down vote
up vote
4
down vote
My understanding is ExtendedLength only works on T=1, is this true?
That is not true. No such limitation is specified in ISO/IEC 7816-4 anyway. However, the card should indicate support for extended length in the ATR / the EF.ATR. Readers may not just assume that extended length is present (but you could ignore this if you're the only one handling the application anyway).
If so, is there best practice on sending long response on T=0?
There are many issues with extended length, not all readers support it, Global Platform doesn't support it (the latest version might, I haven't checked) and Java Card only supports up to 32Ki - 1 bytes. Android only has enabled extended length support by default in the latest versions, but you'd better expect NFC enabled phones not to handle it correctly. ISO/IEC 7816-4 made a mess out of the extended length specification, especially in the later versions (2015 onwards).
Unfortunately you are often constrained to using command chaining or simply by executing multiple READ BINARY commands. The latter is definitely the least error prone - but it is slow and end-of-file handling can be tricky.
One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard.
This is the command chaining solution, correct.
Yes, it is rather idiotic that you cannot indicate warnings without throwing an exception. Well found. But you can just send data and generate the status word by throwing the exception. Probably best to save the status word and generate the exception at the end of your process
method.
My understanding is ExtendedLength only works on T=1, is this true?
That is not true. No such limitation is specified in ISO/IEC 7816-4 anyway. However, the card should indicate support for extended length in the ATR / the EF.ATR. Readers may not just assume that extended length is present (but you could ignore this if you're the only one handling the application anyway).
If so, is there best practice on sending long response on T=0?
There are many issues with extended length, not all readers support it, Global Platform doesn't support it (the latest version might, I haven't checked) and Java Card only supports up to 32Ki - 1 bytes. Android only has enabled extended length support by default in the latest versions, but you'd better expect NFC enabled phones not to handle it correctly. ISO/IEC 7816-4 made a mess out of the extended length specification, especially in the later versions (2015 onwards).
Unfortunately you are often constrained to using command chaining or simply by executing multiple READ BINARY commands. The latter is definitely the least error prone - but it is slow and end-of-file handling can be tricky.
One potential solution is to send out data by chunks, with status code 61xx. Basically, I would call APDU.sendBytesLong, then throw an exception with 61xx to indicate there's more data. But it seems weird to throw an exception to indicate there's more data, even this seem to conform to the standard.
This is the command chaining solution, correct.
Yes, it is rather idiotic that you cannot indicate warnings without throwing an exception. Well found. But you can just send data and generate the status word by throwing the exception. Probably best to save the status word and generate the exception at the end of your process
method.
answered Nov 9 at 12:10
Maarten Bodewes
60.7k974169
60.7k974169
Reader support of extended length is quite good according to our experience (we have a non-Javacard in our product portfolio, but use T=1 or T=CL). Getting a digital signature with 4096 bit can't be easily partitioned using Read Binary, so this would become a major obstacle. All ICAO-compliant cards would also encounter severe performance problems for reading of photos and fingerprints otherwise due to the command processing overhead.
– guidot
Nov 9 at 13:10
2
NFC reader support sucks. And I specified the extended length for ICAO - or at least I proposed it to be used instead of command chaining. ICAO is a relatively closed eco-system though. I had a Dell laptop with build in NFC reader, it didn't do extended length either.
– Maarten Bodewes
Nov 9 at 13:12
add a comment |
Reader support of extended length is quite good according to our experience (we have a non-Javacard in our product portfolio, but use T=1 or T=CL). Getting a digital signature with 4096 bit can't be easily partitioned using Read Binary, so this would become a major obstacle. All ICAO-compliant cards would also encounter severe performance problems for reading of photos and fingerprints otherwise due to the command processing overhead.
– guidot
Nov 9 at 13:10
2
NFC reader support sucks. And I specified the extended length for ICAO - or at least I proposed it to be used instead of command chaining. ICAO is a relatively closed eco-system though. I had a Dell laptop with build in NFC reader, it didn't do extended length either.
– Maarten Bodewes
Nov 9 at 13:12
Reader support of extended length is quite good according to our experience (we have a non-Javacard in our product portfolio, but use T=1 or T=CL). Getting a digital signature with 4096 bit can't be easily partitioned using Read Binary, so this would become a major obstacle. All ICAO-compliant cards would also encounter severe performance problems for reading of photos and fingerprints otherwise due to the command processing overhead.
– guidot
Nov 9 at 13:10
Reader support of extended length is quite good according to our experience (we have a non-Javacard in our product portfolio, but use T=1 or T=CL). Getting a digital signature with 4096 bit can't be easily partitioned using Read Binary, so this would become a major obstacle. All ICAO-compliant cards would also encounter severe performance problems for reading of photos and fingerprints otherwise due to the command processing overhead.
– guidot
Nov 9 at 13:10
2
2
NFC reader support sucks. And I specified the extended length for ICAO - or at least I proposed it to be used instead of command chaining. ICAO is a relatively closed eco-system though. I had a Dell laptop with build in NFC reader, it didn't do extended length either.
– Maarten Bodewes
Nov 9 at 13:12
NFC reader support sucks. And I specified the extended length for ICAO - or at least I proposed it to be used instead of command chaining. ICAO is a relatively closed eco-system though. I had a Dell laptop with build in NFC reader, it didn't do extended length either.
– Maarten Bodewes
Nov 9 at 13:12
add a comment |
up vote
3
down vote
1 - extended length works in T=0 as explained by @Maarten in his answer.
2 - I am not aware of any best practice. But you can try to implement as described in my next answer.
3 - I partially agree with this, you can use response chaining to get all the response data. Good news is, depending on circumstances, you don't need to implement different protocol handling on applet level. My suggestion is just to do the same processing as you did in T=1, which I imagine is that you just call APDU.sendBytesLong
. Then let the platform do the rest like magic.
In javacard platforms that I have worked before, doing so will lead to the following behavior:
Suppose you want to send a get Data command to retrieve 1000 bytes of data:
- Send Get Data which will return 256 bytes of data followed by 61xx
- Send Get Response APDU (
00 C0 00 00
plus desired Le) as much as needed until the returned status word is 9000 which means that all data are returned.
Take note that the 61xx and processing of Get Response command are handled on platform level and you don't need to do anything in the applet.
You can give it a try and let me know if it works.
add a comment |
up vote
3
down vote
1 - extended length works in T=0 as explained by @Maarten in his answer.
2 - I am not aware of any best practice. But you can try to implement as described in my next answer.
3 - I partially agree with this, you can use response chaining to get all the response data. Good news is, depending on circumstances, you don't need to implement different protocol handling on applet level. My suggestion is just to do the same processing as you did in T=1, which I imagine is that you just call APDU.sendBytesLong
. Then let the platform do the rest like magic.
In javacard platforms that I have worked before, doing so will lead to the following behavior:
Suppose you want to send a get Data command to retrieve 1000 bytes of data:
- Send Get Data which will return 256 bytes of data followed by 61xx
- Send Get Response APDU (
00 C0 00 00
plus desired Le) as much as needed until the returned status word is 9000 which means that all data are returned.
Take note that the 61xx and processing of Get Response command are handled on platform level and you don't need to do anything in the applet.
You can give it a try and let me know if it works.
add a comment |
up vote
3
down vote
up vote
3
down vote
1 - extended length works in T=0 as explained by @Maarten in his answer.
2 - I am not aware of any best practice. But you can try to implement as described in my next answer.
3 - I partially agree with this, you can use response chaining to get all the response data. Good news is, depending on circumstances, you don't need to implement different protocol handling on applet level. My suggestion is just to do the same processing as you did in T=1, which I imagine is that you just call APDU.sendBytesLong
. Then let the platform do the rest like magic.
In javacard platforms that I have worked before, doing so will lead to the following behavior:
Suppose you want to send a get Data command to retrieve 1000 bytes of data:
- Send Get Data which will return 256 bytes of data followed by 61xx
- Send Get Response APDU (
00 C0 00 00
plus desired Le) as much as needed until the returned status word is 9000 which means that all data are returned.
Take note that the 61xx and processing of Get Response command are handled on platform level and you don't need to do anything in the applet.
You can give it a try and let me know if it works.
1 - extended length works in T=0 as explained by @Maarten in his answer.
2 - I am not aware of any best practice. But you can try to implement as described in my next answer.
3 - I partially agree with this, you can use response chaining to get all the response data. Good news is, depending on circumstances, you don't need to implement different protocol handling on applet level. My suggestion is just to do the same processing as you did in T=1, which I imagine is that you just call APDU.sendBytesLong
. Then let the platform do the rest like magic.
In javacard platforms that I have worked before, doing so will lead to the following behavior:
Suppose you want to send a get Data command to retrieve 1000 bytes of data:
- Send Get Data which will return 256 bytes of data followed by 61xx
- Send Get Response APDU (
00 C0 00 00
plus desired Le) as much as needed until the returned status word is 9000 which means that all data are returned.
Take note that the 61xx and processing of Get Response command are handled on platform level and you don't need to do anything in the applet.
You can give it a try and let me know if it works.
answered Nov 12 at 6:48
Chooch
493311
493311
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53201747%2fjava-card-send-long-response-with-t-0%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown