Show / Hide Table of Contents

Get metadata

Command APDU Info

CLA INS P1 P2 Lc Data Le
00 F7 00 slot number (absent) (absent) (absent)

Response APDU Info

Total Length: variable + 2
Data Length: variable

Data SW1 SW2
metadata as set of TLV 90 00

The data consists of a set of TLVs. The possible valid tags (T of TLV) are listed in the table below. The length (L of TLV) is one, two, or three bytes, using the DER encoding rules. The values (V of TLV) are dependent on the tags, described in the table below.

Table 1: List of Metadata Elements

Tag Name Meaning Data Slots
01 Algorithm Algorithm/Type of the key ff (PIN or PUK), 03 (Triple DES), 08 (AES-128),
0A (AES-192), 0C (AES-256),
06 (RSA-1024), 07 (RSA-2048),
05 (RSA 3072), 16 (RSA 4096)
11 (ECC-P256), or 14 (ECC-P384)
all slots
02 Policy PIN and touch policy PIN: 0 (Default), 1 (Never),
2 (Once), 3 (Always)
Touch: 0 (Default), 1 (Never),
2 (Always), 3 (Cached)
9a, 9b, 9c, 9d, 9e, f9, 82 - 95
03 Origin Imported or generated 1 (generated), 2 (imported) 9a, 9c, 9d, 9e, f9, 82 - 95
04 Public Pub key partner to the pri key DER encoding of public key 9a, 9c, 9d, 9e, f9, 82 - 95
05 Default Whether PIN/PUK/Mgmt Key has default value 01 (default) 00 (not default) 80, 81, 9b
06 Retries Number of Retries left Two bytes, the retry count and remaining count 80, 81

Another way to look at what is returned is the following table that lists which data elements are returned for each slot.

Table 2: List of PIV Slots and the Metadata Elements Returned

Slot Number (hex) Key Data Returned (tags)
80 PIN 01, 05, 06
81 PUK 01, 05, 06
9B Management 01, 02, 05
82, 83, ..., 95 (20 slots) Retired Keys 01, 02, 03, 04
9A Authentication 01, 02, 03, 04
9C Signing 01, 02, 03, 04
9D Key Management 01, 02, 03, 04
9E Card Authentication 01, 02, 03, 04
F9 Attestation 01, 02, 03, 04

The length of a TLV follows the DER encoding rules (values in hex).

 00       to 7F        lengths of    0 to    127
 81 80    to 81 FF     lengths of  128 to    255
 82 01 00 to 82 ff ff  lengths of  256 to 65,535

Note that the DER encoding rules allow lengths of 83 xx xx xx and more, but any info returned by this command will not be longer than 65,535 bytes.

Examples

Get Metadata on a public/private key pair, in this case, the PIV Authentication key in
slot 9A. It's ECC.

$ opensc-tool -c default -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
  -s 00:f7:00:9a
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 F7 00 9A
Received (SW1=0x90, SW2=0x00):
01 01 11 02 02 02 01 03 01 01 04 43 86 41 04 C4
17 7F 2B 96 8F 9C 00 0C 4F 3D 2B 88 B0 AB 5B 0C
3B 19 42 63 20 8C A1 2F EE 1C B4 D8 81 96 9F D8
C8 D0 8D D1 BB 66 58 00 26 7D 05 34 A8 A3 30 D1
59 DE 66 01 0E 3F 21 13 29 C5 98 56 07 B5 26

Look at the data as a sequence of
TL
 V

01 01
   11
02 02
   02 01
03 01
   01
04 43
   86 41 04 C4 17 7F 2B 96 8F 9C 00 0C 4F 3D 2B 88
   B0 AB 5B 0C 3B 19 42 63 20 8C A1 2F EE 1C B4 D8
   81 96 9F D8 C8 D0 8D D1 BB 66 58 00 26 7D 05 34
   A8 A3 30 D1 59 DE 66 01 0E 3F 21 13 29 C5 98 56
   07 B5 26
Get Metadata on a public/private key pair, in this case, the Digital Signature key in
slot 9C. It's RSA.

$ opensc-tool -c default -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
  -s 00:f7:00:9c
  -s 00:c0:00:00
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 F7 00 9C
Received (SW1=0x90, SW2=0x00):
01 01 07 02 02 03 01 03 01 01 04 82 01 09 81 82
01 00 F1 50 BE FB B0 9C AD FE F8 0A 3D 10 8C 36
92 DC 34 B7 09 86 42 C9 CD 00 55 D1 A4 A0 40 61
5A 2A 8A B4 7D AC A1 34 A2 2F 0A 36 D2 34 B7 D8
72 58 20 D6 04 66 80 7A 7A 0A D1 03 32 A2 D0 C9
92 7E 59 B8 63 F8 FD A3 0F D0 F1 A1 48 50 DF 82
DC 4F 9F 7C 18 02 29 35 72 DD 10 54 80 12 68 89
8F 05 CA A0 EB D4 F0 82 85 B8 67 AD F3 F7 86 2E
D3 6E C8 E0 46 C4 6C 67 57 53 47 C7 38 84 AC F4
F4 44 81 AB DB 64 EE 53 B5 35 AE 92 FF 8E FE 00
A7 A8 B2 86 3B 66 DB 8E A7 07 FF 13 28 49 E5 9B
D1 C8 D2 2C F9 84 D5 8A FF 00 3E 88 FB C1 E1 F8
37 8E 9D DB 5D 45 61 1B 29 29 A5 B7 C3 E7 38 E9
1A 15 F3 58 DD CA E2 E1 3D 86 BA BC 63 E2 CD A4
75 3A F9 9C D8 23 0F D8 18 59 F8 12 29 62 AB DC
BE A5 01 C5 28 C3 E8 A1 65 CF 39 30 66 18 6A E5
Sending: 00 C0 00 00
Received (SW1=0x90, SW2=0x00):
AD FA EC 48 CC E7 BA 8B F7 56 6B DD 7B 56 2A 3B
E7 E9 82 03 01 00 01

01 01
   07
02 02
   03 01
03 01
   01
04 82 01 09
   81 82 01 00 F1 50 BE FB B0 9C AD FE F8 0A 3D 10
   8C 36 92 DC 34 B7 09 86 42 C9 CD 00 55 D1 A4 A0
   40 61 5A 2A 8A B4 7D AC A1 34 A2 2F 0A 36 D2 34
   B7 D8 72 58 20 D6 04 66 80 7A 7A 0A D1 03 32 A2
   D0 C9 92 7E 59 B8 63 F8 FD A3 0F D0 F1 A1 48 50
   DF 82 DC 4F 9F 7C 18 02 29 35 72 DD 10 54 80 12
   68 89 8F 05 CA A0 EB D4 F0 82 85 B8 67 AD F3 F7
   86 2E D3 6E C8 E0 46 C4 6C 67 57 53 47 C7 38 84
   AC F4 F4 44 81 AB DB 64 EE 53 B5 35 AE 92 FF 8E
   FE 00 A7 A8 B2 86 3B 66 DB 8E A7 07 FF 13 28 49
   E5 9B D1 C8 D2 2C F9 84 D5 8A FF 00 3E 88 FB C1
   E1 F8 37 8E 9D DB 5D 45 61 1B 29 29 A5 B7 C3 E7
   38 E9 1A 15 F3 58 DD CA E2 E1 3D 86 BA BC 63 E2
   CD A4 75 3A F9 9C D8 23 0F D8 18 59 F8 12 29 62
   AB DC BE A5 01 C5 28 C3 E8 A1 65 CF 39 30 66 18
   6A E5 AD FA EC 48 CC E7 BA 8B F7 56 6B DD 7B 56
   2A 3B E7 E9 82 03 01 00 01
Get Metadata on the Management Key.

$ opensc-tool -c default -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
  -s 00:f7:00:9b
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 F7 00 9B
Received (SW1=0x90, SW2=0x00):
01 01 03 02 02 00 01 05 01 00

01 01
   03
02 02
   00 01
05 01
   00
Get Metadata on the PIN.

$ opensc-tool -c default -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
  -s 00:f7:00:80
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 F7 00 80
Received (SW1=0x90, SW2=0x00):
01 01 FF 05 01 01 06 02 05 05

01 01
   FF
05 01
   01
06 02
   05 05
Get Metadata on the PUK.

$ opensc-tool -c default -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
  -s 00:f7:00:81
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 F7 00 81
Received (SW1=0x90, SW2=0x00):
01 01 FF 05 01 01 06 02 05 05

01 01
   FF
05 01
   01
06 02
   05 05
Get Metadata on the Attestation Key.

$ opensc-tool -c default -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
  -s 00:f7:00:f9
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 F7 00 F9
Received (SW1=0x90, SW2=0x00):
01 01 07 02 02 02 01 03 01 02 04 82 01 09 81 82
01 00 AC 45 96 66 97 9F 96 FF D9 04 4F 24 5D 5D
4F 99 3C D3 21 A5 FD 2A 63 FC 2B ED 8F 58 EF A7
C2 E3 79 68 94 0D 53 30 23 EC 6C A6 65 B7 E3 CB
C6 27 BE 72 92 B0 38 D4 7D E1 54 86 BF 75 07 16
F8 07 E4 7E A3 6B AB DF D6 9D E1 C7 7B A9 E9 D1
3E 97 8C 3E A0 57 C9 07 30 58 E4 9B AC 78 69 A1
6B 71 7C F0 78 9B C3 7F 4A C1 CB 40 BD 94 7F F4
19 36 BB 41 CC 35 CD 2E DB B1 97 A8 B0 05 9C E7
00 2D BF 35 C2 2A E4 92 91 F3 FC 86 C4 D1 B4 58
3C 46 51 5F BF 94 D4 F0 7E E7 4A 1B 85 F1 A3 3A
EC B5 1C 0E 86 90 5F 22 09 F1 A5 C8 6B BB 36 5A
63 80 F5 DE 46 E7 51 D8 F0 21 85 73 80 08 01 14
A7 3B B9 5F 80 15 15 A1 E7 7E 53 4D F3 9E 5B BA
7B B6 3C 1F B6 85 18 A8 99 0A 29 47 06 95 C8 94
78 04 06 B8 D0 65 76 15 5D 5E 8D 03 10 98 CE 54
Sending: 00 C0 00 00
Received (SW1=0x90, SW2=0x00):
D8 2F E6 EE DA 47 8E BB E1 59 2E D3 B8 DD 16 1B
9A 71 82 03 01 00 01

01 01
   07
02 02
   02 01
03 01
   02
04 82 01 09
   81 82 01 00 AC 45 96 66 97 9F 96 FF D9 04 4F 24
   5D 5D 4F 99 3C D3 21 A5 FD 2A 63 FC 2B ED 8F 58
   EF A7 C2 E3 79 68 94 0D 53 30 23 EC 6C A6 65 B7
   E3 CB C6 27 BE 72 92 B0 38 D4 7D E1 54 86 BF 75
   07 16 F8 07 E4 7E A3 6B AB DF D6 9D E1 C7 7B A9
   E9 D1 3E 97 8C 3E A0 57 C9 07 30 58 E4 9B AC 78
   69 A1 6B 71 7C F0 78 9B C3 7F 4A C1 CB 40 BD 94
   7F F4 19 36 BB 41 CC 35 CD 2E DB B1 97 A8 B0 05
   9C E7 00 2D BF 35 C2 2A E4 92 91 F3 FC 86 C4 D1
   B4 58 3C 46 51 5F BF 94 D4 F0 7E E7 4A 1B 85 F1
   A3 3A EC B5 1C 0E 86 90 5F 22 09 F1 A5 C8 6B BB
   36 5A 63 80 F5 DE 46 E7 51 D8 F0 21 85 73 80 08
   01 14 A7 3B B9 5F 80 15 15 A1 E7 7E 53 4D F3 9E
   5B BA 7B B6 3C 1F B6 85 18 A8 99 0A 29 47 06 95
   C8 94 78 04 06 B8 D0 65 76 15 5D 5E 8D 03 10 98
   CE 54 D8 2F E6 EE DA 47 8E BB E1 59 2E D3 B8 DD
   16 1B 9A 71 82 03 01 00 01
  • Improve this Doc
In this article
Back to top Generated by DocFX