GA command iso 7816-4

admin
cyber-posts

The misunderstanding from before makes sense now—sorry for jumping to Google Analytics cookies; the “GA” prefix there was a red herring. What you’re referring to with GA1 and GA2 is almost certainly the General Authenticate command (APDU instruction code usually 0x86 or sometimes 0x87 depending on the profile) in smart card systems based on ISO/IEC 7816-4 and extensions like ISO 7816-8.

Your system being similar to ISO 7816-4 means it uses the standard command-response structure: the terminal sends a Command APDU (C-APDU) with CLA, INS, P1, P2, optional data field, and Le; the card processes it and returns a Response APDU (R-APDU) with optional response data and a two-byte status word (SW1-SW2, like 9000 for success).

The General Authenticate command is one of the most flexible and powerful security commands in the standard. Instead of fixed older commands like Internal Authenticate (0x88) or External Authenticate (0x82), which handle simple challenge-response in one shot, General Authenticate is designed for dynamic, multi-step cryptographic protocols. It carries a “dynamic authentication template” (tag 0x7C) that contains nested BER-TLV objects specifying exactly what operation to perform—sending a nonce, performing key agreement, computing a signature, verifying a challenge, etc. This makes it ideal for modern protocols that need several back-and-forth exchanges to establish strong security.

In identity and credential systems (especially European eID cards, ePassports with PACE, or similar custom secure element designs), the most common reason you’ll see multiple General Authenticate commands—often labeled GA1, GA2, GA3, GA4 in specifications and test suites—is the PACE protocol (Password Authenticated Connection Establishment). PACE securely establishes a high-entropy session key from a low-entropy shared secret (like a PIN, CAN, or MRZ data) while resisting offline attacks.

Why both (or more than one)? A single APDU exchange can’t provide the necessary security guarantees for password-based key exchange. You need interactive steps to:

  • Decrypt and map a nonce to a new generator (prevents precomputation attacks on the password).
  • Exchange ephemeral public keys for Diffie-Hellman or ECDH key agreement.
  • Prove possession of the derived key mutually.

Each step builds on the previous one, and the card enforces the correct sequence. If any step fails or is out of order, the protocol aborts. This chaining is why you’ll see GA1 and GA2 (and usually more): GA1 typically handles the encrypted/mapped nonce, GA2 starts the ephemeral key exchange, and so on. The BSI TR-03110 and TR-03105 test specifications explicitly refer to “GA step 1”, “GA step 2”, etc., and many implementations shorthand them as GA1/GA2/GA3/GA4.

In your credential system, you’re likely implementing something very close to this—perhaps a custom variant of PACE or another multi-step mutual authentication—to protect certificate access or signing operations.

Practical Example: Constructing a Simple General Authenticate APDU

Here’s a concrete example from public PACE implementations (simplified for the “Map Nonce” step, often GA2). The terminal sends its mapping public key to the card and receives the card’s mapping public key in return.

Command APDU (hex):

10 86 00 00 2B 7C 29 83 26 04 41 ... [41 bytes compressed point] 00
  • 10: CLA (command chaining—more data may follow if needed)
  • 86: INS (General Authenticate)
  • 00 00: P1 P2 (usually 00 00 for PACE steps)
  • 2B: Lc (length of data field)
  • 7C 29: Dynamic authentication template (tag 7C, length 41 bytes)
  • 83 26: Ephemeral public key from terminal (tag 83, length 38 bytes; for EC point)
  • 04 41 ...: The actual compressed public key bytes
  • 00: Le (expect full response, card decides length)

Expected Response APDU (simplified):

7C 28 83 26 04 79 ... [card's public key] 90 00
  • 7C 28: Response template with card’s mapping public key (tag 83 again)
  • 90 00: Success

You can test this kind of flow with open-source libraries like JMRTD (Java) or OpenPACE (C). A very short Python snippet using pyscard to send a raw General Authenticate (you’d need a connected reader and card that supports it):

from smartcard.System import readers
from smartcard.util import toHexString, toBytes

# Assume reader[0] is your card reader
r = readers()[0]
connection = r.createConnection()
connection.connect()

# Example GA command bytes (replace with real data for your step)
cmd = [0x10, 0x86, 0x00, 0x00, 0x2B, 0x7C, 0x29, 0x83, 0x26] + [your_38_byte_pubkey_list] + [0x00]

data, sw1, sw2 = connection.transmit(cmd)
print("Response:", toHexString(data), f"SW: {sw1:02X} {sw2:02X}")

Run this sequence multiple times with the evolving data objects for each GA step, and you’ll see exactly why multiple commands are required—the card holds state between them and derives stronger keys progressively. If your system deviates from standard PACE, the principle remains the same: use General Authenticate’s templating to build secure multi-step authentication flows. Let me know the exact P1/P2 or tags you’re seeing, and we can dig into your specific variant next!

Leave a Reply

Your email address will not be published. Required fields are marked *