Smart card application protocol data unit
In the context of smart cards, an application protocol data unit (APDU) is the communication unit between a smart card reader and a smart card. The structure of the APDU is defined by ISO/IEC 7816-4 Organization, security and commands for interchange.
APDU message command-response pair
There are two categories of APDUs: command APDUs and response APDUs. A command APDU is sent by the reader to the card – it contains a mandatory 4-byte header (CLA, INS, P1, P2) and from 0 to 65 535 bytes of data. A response APDU is sent by the card to the reader – it contains from 0 to 65 536 bytes of data, and 2 mandatory status bytes (SW1, SW2).
|Field name||Length (bytes)||Description|
|CLA||1||Instruction class - indicates the type of command, e.g., interindustry or proprietary|
|INS||1||Instruction code - indicates the specific command, e.g., "select", "write data"|
|P1-P2||2||Instruction parameters for the command, e.g., offset into file at which to write the data|
|Lc||0, 1 or 3||Encodes the number (Nc) of bytes of command data to follow
0 bytes denotes Nc=0
|Command data||Nc||Nc bytes of data|
|Le||0, 1, 2 or 3||Encodes the maximum number (Ne) of response bytes expected
0 bytes denotes Ne=0
|Response data||Nr (at most Ne)||Response data|
|2||Command processing status, e.g., 90 00 (hexadecimal) indicates success|
References, this is the
- ^ ISO/IEC JTC 1/SC 17 (2005). "ISO/IEC 7816-4". International Organization for Standardization.
- ^ a b Celer, Victor (2021-12-25). "Using the SIMcard as a Security Module (HSM)". CelerSMS. 1 (2): 13–17. ISSN 2745-2336. OCLC 1295467772.