root / docs / iso / iso7816-15.text  login   РУ || EN 

ISO/IEC 7816-15

Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 15: Cryptographic information application

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

3.1 absolute path

3.2 application

3.3 application identifier

3.4 application provider

3.5 authentication information object

3.6 authentication object directory file

3.7 binary coded decimal

3.8 cardholder

3.9 card issuer

3.10 certificate directory file

3.11 certificate information object

3.12 command

3.13 cryptographic information application

3.14 cryptographic information object

3.15 data container information object

3.16 data container object directory file

3.17 dedicated file

3.18 directory (DIR) file

3.19 elementary file

3.20 file identifier

3.21 function

3.22 master file

3.23 message

3.24 object directory file

3.25 password

3.26 path

3.27 private key directory file

3.28 private key information object

3.29 provider

3.30 public key directory file

3.31 public key information object

3.32 record

3.33 relative path

3.34 secret key directory file

3.35 secret key information object

3.36 template

4 Symbols and abbreviated terms

4.1 Symbols

4.2 Abbreviated terms

5 Conventions

6 Cryptographic information objects

6.1 Introduction

6.2 CIO classes

Figure 1 - CIO class hierarchy

6.3 Attributes

Figure 2 - Attribute inheritance concept

6.4 Access restrictions

7 CIO files

7.1 Overview

7.2 IC card requirements

7.3 Card file structure

Figure 3 - Example contents of DF.CIA

7.4 EF.DIR

7.5 Contents of DF.CIA

7.5.1 Overview

Table 1 - Elementary files in DF.CIA

7.5.2 EF.OD

Figure 4 - Indirect retrieval of CIOs using EF.OD

7.5.3 CIO Directory files

Figure 5 - Indirect retrieval of CDEs using CIOs

7.5.4 The CardInfo EF

7.5.5 DF.CIA selection

Figure 6 - AID format

8 Information syntax in ASN.1

8.1 Guidelines and encoding conventions

8.2 Basic ASN.1 defined types

8.2.1 Identifier

8.2.2 Reference

8.2.3 Label

8.2.4 CredentialIdentifier

8.2.5 ReferencedValue and Path

8.2.6 ObjectValue

8.2.7 PathOrObjects

8.2.8 CommonObjectAttributes

8.2.9 CommonKeyAttributes

Table 2 - Mapping between CIO key usage flags and ISO/IEC 9594-8:1998 key usage flags

8.2.10 CommonPrivateKeyAttributes

8.2.11 CommonPublicKeyAttributes

8.2.12 CommonSecretKeyAttributes

8.2.13 GenericKeyAttributes

8.2.14 KeyInfo

8.2.15 CommonCertificateAttributes

8.2.16 GenericCertificateAttributes

8.2.17 CommonDataContainerObjectAttributes

8.2.18 CommonAuthenticationObjectAttributes

8.2.19 The CIO type

8.3 The CIOChoice type

8.4 Private key information objects

8.4.1 PrivateKeyChoice

8.4.2 Private RSA key attributes

8.4.3 Private Elliptic Curve key attributes

8.4.4 Private Diffie-Hellman key attributes

8.4.5 Private DSA key attributes

8.4.6 Private KEA key attributes

8.4.7 Generic Private key information objects

8.5 Public key information objects

8.5.1 PublicKeyChoice

8.5.2 Public RSA key attributes

8.5.3 Public Elliptic Curve key attributes

8.5.4 Public Diffie-Hellman key attributes

8.5.5 Public DSA key attributes

8.5.6 Public KEA key attributes

8.5.7 Generic public key information objects

8.6 Secret key information objects

8.6.1 SecretKeyChoice

8.6.2 Algorithm independent key attributes

8.6.3 The GenericSecretKey type

8.7 Certificate information objects

8.7.1 CertificateChoice

8.7.2 X.509 certificate attributes

8.7.3 X.509 attribute certificate attributes

8.7.4 SPKI certificate attributes

8.7.5 PGP (Pretty Good Privacy) certificate attributes

8.7.6 WTLS certificate attributes

8.7.7 ANSI X9.68 domain certificate attributes

8.7.8 Card Verifiable Certificate attributes

8.7.9 Generic certificate attributes

8.8 Data container information objects

8.8.1 DataContainerObjectChoice

8.8.2 Opaque data container object attributes

8.8.3 ISO/IEC 7816 data object attributes

8.8.4 Data container information objects identified by OBJECT IDENTIFIERS

8.9 Authentication information objects

8.9.1 AuthenticationObjectChoice

8.9.2 Password attributes

8.9.2.1 Encoding a supplied password

8.9.3 Biometric reference data attributes

8.9.4 Authentication objects for external authentication

8.10 The cryptographic information file, EF.CardInfo

Annex A - (normative) ASN.1 module

A.1 Upper and lower bounds

A.2 Basic types

A.2.1

A.2.2

A.2.3

A.2.4

A.2.5

A.2.6

A.2.7

A.2.8

A.2.9

A.2.10

A.2.11

A.2.12

A.2.13

A.2.14

A.2.15

A.2.16

A.2.17

A.2.18

A.2.19

A.3 CIOs

A.4 Private key information objects

A.4.1

A.4.2

A.4.3

A.4.4

A.4.5

A.4.6

A.5 Public key information objects

A.5.1

A.5.2

A.5.3

A.5.4

A.5.5

A.5.6

A.6 Secret key information objects

A.6.1

A.6.2

A.7 Certificate information objects

A.7.1

A.7.2

A.7.3

A.7.4

A.7.5

A.7.6

A.7.7

A.7.8

A.8 Data container information objects

A.8.1

A.8.2

A.8.3

A.8.4

A.9 Authentication information objects

A.9.1

A.9.2

A.9.3

A.9.4

A.10 Cryptographic and card information

A.11 CIO DDO

Annex B - (informative) CIA example for cards with digital signature and authentication functionality

B.1 Introduction

B.2 CIOs

Figure B.1 - File relationships in DF.CIA. Dashed arrows indicate cross-references.

B.3 Access control

Table B.1 - Recommended file access conditions

Annex C - (informative) Example topologies

Figure C.1 - Example with three applications. Cryptographic data elements are stored outside the CIA

Figure C.2 - Example with three applications. Only EF.OD and EF.CardInfo in DF.CIA

Annex D - (informative) Examples of CIO values and their encodings

D.1 Introduction

D.2 EF.OD

D.2.1 ASN.1 value notation

D.2.2 ASN.1 description, tags, lengths and values

D.2.3 Hexadecimal DER-encoding

D.3 EF.CardInfo

D.3.1 ASN.1 value notation

D.3.2 ASN.1 description, tags, lengths and values

D.3.3 Hexadecimal DER-encoding

D.4 EF.PrKD

D.4.1 ASN.1 value notation

D.4.2 ASN.1 description, tags, lengths and values

D.4.3 Hexadecimal DER-encoding

D.5 EF.CD

D.5.1 ASN.1 value notation

D.5.2 ASN.1 description, tags, lengths and values

D.5.3 Hexadecimal DER-encoding

D.6 EF.AOD

D.6.1 ASN.1 value notation

D.6.2 ASN.1 description, tags, lengths and values

D.6.3 Hexadecimal DER-encoding

D.7 EF.DCOD

D.7.1 ASN.1 value notation

D.7.2 ASN.1 description, tags, lengths and values

D.7.3 Hexadecimal DER-encoding of DCOD

D.8 Application Template (within the EF.DIR)

D.8.1 ASN.1 value notation

D.8.2 ASN.1 description, tags, lengths and values in ApplicationTemplate

D.8.3 Hexadecimal DER-encoding of ApplicationTemplate

Bibliography

search : Contacts .    © Cheef 2008