APDU Access

APDU Application Protocol Data Unit. In the context of smart cards and other tokens, an APDU is the communication unit between a reader and a token. The structure of the APDU is defined by ISO/IEC 7816-4 (Organization, security and commands for interchange). Access is a simple shell for direct, low-level interaction with devices, allowing manual execution of ISO 7816-4 APDU commands.

Important:

This is an advanced feature that may cause unexpected results, so caution is advised. It is recommended to consult the official applet documentation first. Additionally, direct interaction with the token through APDUs may change the token's state, potentially invalidating the current Crescendo Manager cache. If this occurs, use the Clear Cache functionality.

To start using the APDU Access to your devices:

Click the Tools drop-down in the left navigation pane and select APDU Access.
If you wish to select another device to interact with, use the Token Selector in the title bar.
Once the APDU Access view has been opened, all communication between the currently selected device and Crescendo Manager will be logged in this screen.

Selecting an Applet

The APDU Access screen displays all logged commands by default, but you can select a specific applet A small, subordinate application on the token designed to perform specific tasks. to interact with and log events for.

A set of basic commands will become accessible as buttons under the Select Applet section.

Select ACA: Select the Access Control Applet to manage token authentication through PINs, PUKs, and management keys.

Select PIV: Select the Personal Identity Verification applet to manage PKI Public Key Infrastructure. A framework that enables secure, electronic identities through the use of public key cryptography, including the creation, distribution, and management of digital certificates. objects and perform PKI cryptographic operations.

Select OATH inst: Select an OATH Initiative for Open Authentication. applet instance for commands relating to configuring and generating one-time passwords.

Note: For Crescendo 2300 family, each instance is related to a single OTP slot, while in case of Crescendo 4000 family, an instance may define up to 16 slots.

Pause/Resume Recording

You can pause the recording of sent APDUs by clicking the pause button in the top-tight corner of the APDU window.

APDU commands will be disabled.

To resume recording, click the play button again.

Clear APDU History

To clear the screen, click the trash bin iconin the top-right corner of the APDU screen.

Basic Commands

Any string not preceded by a forward slash (/) is interpreted as an APDU command.

APDU commands are recognized regardless of the separators used (spaces, commas, or dashes).

Display Help: Enter the /help command into the command line interface to access help for APDU commands.
Clear the Screen: Enter the /clr command into the command line interface to clear the screen contents.

APDU Commands Sending Enhancements

Recursive length notation #{xyz} automatically calculates and prepends the length for the content xyz, facilitating a quick dispatch of various commands without manual calculations.
Lengths over 127 bytes are encoded according to ASN.1 Abstract Syntax Notation One. A standard interface description language for defining data structures that can be serialized and deserialized in a cross-platform way. extended length encoding system.

Example
- Lengths of 0–127 bytes:
  - #{01 02 03} translates to 03010203
  - Nested uses like #{#{01}} become 020101.
- Lengths of >127 bytes:
  - #{01 02 03 ... 88 89 8a} gets encoded as 818a010203...88898a

Additionally, response APDU handling is optimized for clarity and understanding:
- If a response APDU conforms to ASN.1 standards, it is automatically formatted with newlines to improve readability.
- Known APDUs, such as SELECT responses, not only get formatted but also interpreted.