Package org.jmrtd.protocol

Class BACProtocol

  • public class BACProtocol
extends Object
    The Basic Access Control protocol.
    Since:
    0.5.6
    Version:
    $Revision: 1800 $
    Author:
    The JMRTD team ([email protected])

    • Constructor Detail

      • BACProtocol

        public BACProtocol​(APDULevelBACCapable service,
                   int maxTranceiveLength,
                   boolean shouldCheckMAC)
        Constructs a BAC protocol instance.
        Parameters:
        service - the service to send APDUs
        maxTranceiveLength - the maximal tranceive length (on responses to READ BINARY) to use in the resulting secure messaging channel
        shouldCheckMAC - whether the resulting secure messaging channel should apply strict MAC checking on response APDUs

    • Method Detail

      • doBAC

        public BACResult doBAC​(AccessKeySpec bacKey)
                throws net.sf.scuba.smartcards.CardServiceException
        Performs the Basic Access Control protocol.
        Parameters:
        bacKey - the key based on the document number, the card holder's birth date, and the document's expiry date
        Returns:
        the BAC result
        Throws:
        net.sf.scuba.smartcards.CardServiceException - if authentication failed

      • doBAC

        public BACResult doBAC​(SecretKey kEnc,
                       SecretKey kMac)
                throws net.sf.scuba.smartcards.CardServiceException,
                       GeneralSecurityException
        Performs the Basic Access Control protocol. It does BAC using kEnc and kMac keys, usually calculated from the document number, the card holder's date of birth, and the card's date of expiry.
        Parameters:
        kEnc - the static 3DES key required for BAC
        kMac - the static 3DES key required for BAC
        Returns:
        the new secure messaging wrapper
        Throws:
        net.sf.scuba.smartcards.CardServiceException - if authentication failed
        GeneralSecurityException - on security primitives related problems

      • computeKeySeedForBAC

        public static byte[] computeKeySeedForBAC​(BACKeySpec bacKey)
                                   throws GeneralSecurityException
        Computes the key seed based on the given (MRZ based) BAC key.
        Parameters:
        bacKey - the BAC key
        Returns:
        the key seed
        Throws:
        GeneralSecurityException - on error applying the low level cryptographic primitives

      • computeSendSequenceCounter

        public static long computeSendSequenceCounter​(byte[] rndICC,
                                              byte[] rndIFD)
        Computes the initial send sequence counter to use, given the randoms generated by PICC and PCD.
        Parameters:
        rndICC - the PICC's random
        rndIFD - the PCD's random
        Returns:
        the initial send sequence counter to use