Secure Messaging

What Is Secure Messaging?

APDU command/response pairs." data-category="Protocol">Secure Messaging (SM) is an ISO 7816-4 mechanism that wraps individual APDU commands and responses with cryptographic integrity and confidentiality protection. When secure messaging is active, the data field of each APDU is encrypted, and a message authentication code (MAC) is appended, ensuring that neither the command nor the response can be eavesdropped or tampered with during transmission between the card and the host.

Secure messaging is the foundation of higher-level secure channel protocols like SCP03 in GlobalPlatform and the PACE/BAC protocols in ePassport applications.

How Secure Messaging Works

ISO 7816-4 defines two levels of protection applied to APDU data:

• Integrity (MAC only) -- a cryptographic checksum computed over the command header and data field. The card verifies the MAC before processing the command, rejecting tampered messages.
• Confidentiality + Integrity -- the command data is encrypted (typically with AES or 3DES) and then a MAC is computed over the encrypted payload. This prevents both eavesdropping and modification.

The CLA byte of the APDU indicates whether secure messaging is applied:

TLV Encoding

Secure messaging uses BER-TLV (Tag-Length-Value) encoding within the APDU data field. Protected data objects use specific tags:

• Tag 87 -- padding indicator + encrypted data (confidentiality)
• Tag 97 -- expected response length (Le) under SM
• Tag 8E -- cryptographic checksum (MAC, typically 8 bytes)
• Tag 99 -- processing status (SW1-SW2) under SM in responses

Practical Applications

Secure messaging is mandatory in several smart card ecosystems:

• GlobalPlatform AES-based secure channel protocol." data-category="Software">SCP03 -- all card management operations (applet install, key rotation) are protected by AES-based secure messaging.
• ePassport BAC/PACE -- biometric data retrieval requires establishing a secure messaging session first.
• eID cards -- personal data access is protected by secure messaging with session keys derived from PACE authentication.

Without secure messaging, APDU exchanges travel in plaintext over the contact pad or RF interface, making them vulnerable to interception in shared-reader environments.