Only send NIST RID in APT '79' '4F' tag

See discussion on #43
arekinath · Mar 1, 2021 · ed27e31 · ed27e31
1 parent cbb6e55
commit ed27e31
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/src/net/cooperi/pivapplet/PivApplet.java b/src/net/cooperi/pivapplet/PivApplet.java
@@ -874,9 +874,14 @@ else if (key == (byte)0x81)
 		wtlv.writeTagRealLen((byte)0x4F, (short)PIV_AID.length);
 		wtlv.write(PIV_AID, (short)0, (short)PIV_AID.length);
 
+		/*
+		 * The NIST demo cards only return the first 5 bytes of the AID
+		 * here (the NIST RID). The spec is not especially explicit
+		 * about it, but we'll go with that.
+		 */
 		wtlv.push((byte)0x79);
-		wtlv.writeTagRealLen((byte)0x4F, (short)PIV_AID.length);
-		wtlv.write(PIV_AID, (short)0, (short)PIV_AID.length);
+		wtlv.writeTagRealLen((byte)0x4F, (short)5);
+		wtlv.write(PIV_AID, (short)0, (short)5);
 		wtlv.pop();
 
 		wtlv.writeTagRealLen((byte)0x50, (short)APP_NAME.length);