Smart card application protocol data unit
From Wikipedia, the free encyclopedia
"APDU" redirects here. For other uses, see Apdu.
In the context of smart cards, an application protocol data unit (APDU) is the communication unit between a smart card reader and a smart card. The structure of the APDU is defined by ISO/IEC 7816-4 Organization, security and commands for interchange.[1]
APDU message command-response pair
[edit]
There are two categories of APDUs: command APDUs and response APDUs. A command APDU is sent by the reader to the card – it contains a mandatory 4-byte header (CLA, INS, P1, P2)[2] and from 0 to 65 535 bytes of data. A response APDU is sent by the card to the reader – it contains from 0 to 65 536 bytes of data, and 2 mandatory status bytes (SW1, SW2).
| Command APDU | ||
|---|---|---|
| Field name | Length (bytes) | Description |
| CLA | 1 | Instruction class - indicates the type of command, e.g., interindustry or proprietary |
| INS | 1 | Instruction code - indicates the specific command, e.g., "select", "write data" |
| P1-P2 | 2 | Instruction parameters for the command, e.g., offset into file at which to write the data |
| Lc | 0, 1 or 3 | Encodes the number (Nc) of bytes of command data to follow
0 bytes denotes Nc=0 |
| Command data | Nc | Nc bytes of data |
| Le | 0, 1, 2 or 3 | Encodes the maximum number (Ne) of response bytes expected
0 bytes denotes Ne=0 |
| Response APDU | ||
| Response data | Nr (at most Ne) | Response data |
| SW1-SW2 (Response trailer) |
2 | Command processing status, e.g., 90 00 (hexadecimal) indicates success[2] |
- ^ ISO/IEC 7816-4:2020 — Identification cards — Integrated circuit cards.
- ^ a b Celer, Victor (2021-12-25). "Using the SIMcard as a Security Module (HSM)". CelerSMS. 1 (2): 13–17. ISSN 2745-2336. OCLC 1295467772.