From ed27e314eb6e6eb79d47c4bcff6fc8600a5bee0a Mon Sep 17 00:00:00 2001 From: Alex Wilson Date: Mon, 1 Mar 2021 10:37:31 +1000 Subject: [PATCH] Only send NIST RID in APT '79' '4F' tag See discussion on #43 --- src/net/cooperi/pivapplet/PivApplet.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/net/cooperi/pivapplet/PivApplet.java b/src/net/cooperi/pivapplet/PivApplet.java index e543394..cdc4a09 100644 --- a/src/net/cooperi/pivapplet/PivApplet.java +++ b/src/net/cooperi/pivapplet/PivApplet.java @@ -874,9 +874,14 @@ else if (key == (byte)0x81) wtlv.writeTagRealLen((byte)0x4F, (short)PIV_AID.length); wtlv.write(PIV_AID, (short)0, (short)PIV_AID.length); + /* + * The NIST demo cards only return the first 5 bytes of the AID + * here (the NIST RID). The spec is not especially explicit + * about it, but we'll go with that. + */ wtlv.push((byte)0x79); - wtlv.writeTagRealLen((byte)0x4F, (short)PIV_AID.length); - wtlv.write(PIV_AID, (short)0, (short)PIV_AID.length); + wtlv.writeTagRealLen((byte)0x4F, (short)5); + wtlv.write(PIV_AID, (short)0, (short)5); wtlv.pop(); wtlv.writeTagRealLen((byte)0x50, (short)APP_NAME.length);