1、关于SM2
SM2算法是一种非对称算法,与国际算法里中的RSA相对应。
SM2推荐的曲线参数如下:
在验证PBOC卡片中的发卡行公钥证书、IC卡公钥证书、签名的静态应用数据、签名的动态数据之前,先来了解一下PBOC规范中对数字签名的验证过程,如下图:
(该图参考PBOC第17部分)
此处的a,b,xG,yG即SM2推荐曲线参数中的a,b,Gx,Gy ;而xA,yA分别为公钥的左半部分和右半部分。可以看出,ENTLA、IDA,a,b,xG,yG都是固定值,而xA,yA则因为公钥的不同而变化。
2、借贷记交易流程,准备阶段
先按借贷记交易流程,发GPO指令,获取AFL,然后读取相关的记录
PDOL=9F66049F02069F03069F1A0295055F2A029A039C019F3704DF6001DF6901
[GPO]
SendAPDU=80A800002583235600000000000001000000000000000001560000000000015615121160010203040001
ReValue=80167C000801020010080A01100707001801010018040600
AFL=0801020010080A01100707001801010018040600
0101=70155713623061571010011182D221122070956101322F
0102=704C9F6128202000000000000000000000000000000000000000000000000000000000000000000000000000009F6201005F201A0000000000000000000000000000000000000000000000000000
0208=7081875F24032211015F25031507245A096230615710100111829F0702FF008E0E000000000000000042031E031F009F0D05D8609CA8009F0E0500100000009F0F05D8689CF8005F280201569F080200308C1B9F02069F03069F1A0295055F2A029A039C019F37049F21039F4E148D1A8A029F02069F03069F1A0295055F2A029A039C019F37049F2103
0209=704993431362307154E77EB80F6F446B2D2B232DA33879940012B4AE59B6B01B7974549443F2A1631BE870B1D17E36DB4B0102BAECA504863E2EDCF96251BFA2EB8370F710A41D9F4A0182
020A=70819C9F46819414623061571010011182FF12300001FC04001140E841B537350C40A54F0DA3A108D1168FCFB9C3AE354D29F6323D50F067F1CCCD5316F8F8E0D777B8AEAFAE8D4098DBF59B640362F659B83DA82D3D7EE0ED815CF4C2638164896895A5B8A662939A920FEAEFEB0A96D2337A3507F5311293C7E683A83DC15D89ED99C0250D7927A8DBD54265A24FB4DDC4A4B28CE5B8C59DE6EF9F470103
0207=70045F340101
0301=70105F300202209F420201569F49039F3704
0304=70089F1401009F230100
0305=70819190818E12623061FF1230000451040011409B7EE1D2AE302EEEED9B97544A73BEF87A4D0A7B24749A4F065F7FBC5E3A16EF8CA7676DFC7C45D8FFAAC38D13340C70B0FEECEDA7AC8E896DE1A7D1A479B345114EC47C751CC851B36647E9940D9EF725FA0DDC875B3FC466918E5E498162FF981654AC77431C488CD96F129B3412452656A945B78A1C9D5A880EB9278DFE3D
0306=701A8F01189F3201039F631030343233333331300000000000000000
Tag8F=18
PK_CA=37710FEB7CC3617767874E85509C268E8F931D68773E93A89F39A4247DFE2D280FC5BC838353885B6DAD447C8F90116BD9D314047591989F67F319544D42A48B
说明:
PK_CA=CA公钥
PK_Issuer=发卡行公钥
PK_IC=IC卡公钥
3、验证发卡行公钥证书Tag90
发卡行公钥证书的格式如下:
(该图参考PBOC第17部分)
根据“表4”的格式,可以从发卡行公钥证书中得到发卡行公钥、数字签名r||s。
Tag90=12623061FF1230000451040011409B7EE1D2AE302EEEED9B97544A73BEF87A4D0A7B24749A4F065F7FBC5E3A16EF8CA7676DFC7C45D8FFAAC38D13340C70B0FEECEDA7AC8E896DE1A7D1A479B345114EC47C751CC851B36647E9940D9EF725FA0DDC875B3FC466918E5E498162FF981654AC77431C488CD96F129B3412452656A945B78A1C9D5A880EB9278DFE3D
PK_Issuer=9B7EE1D2AE302EEEED9B97544A73BEF87A4D0A7B24749A4F065F7FBC5E3A16EF8CA7676DFC7C45D8FFAAC38D13340C70B0FEECEDA7AC8E896DE1A7D1A479B345
r||s=114EC47C751CC851B36647E9940D9EF725FA0DDC875B3FC466918E5E498162FF981654AC77431C488CD96F129B3412452656A945B78A1C9D5A880EB9278DFE3D