APDU

APDU

An APDUAPDUProtocolCommunication unit between card and reader.Click to view → (Application Protocol Data Unit) is the fundamental communication frame exchanged between a smart card and a card reader (or host application). Every interaction with a smart card — selecting an application, reading a file, verifying a PIN, signing data — is expressed as a pair of command and response APDUs defined by ISO 7816 Part 4.

Command APDU Structure

A command APDU consists of a mandatory 4-byte header followed by optional data:

ISO 7816ISO 7816StandardPrimary standard for contact smart cards.Click to view →-4 defines four APDU cases based on the presence of Lc and Le: Case 1 (no data, no response), Case 2 (response only), Case 3 (data only), and Case 4 (data and response).

Response APDU and Status Words

Every response APDU ends with a two-byte status word (SW1-SW2). The card uses these bytes to signal success, warnings, or errors. The most common status words include:

• 90 00 — Command executed successfully
• 6A 82 — File or application not found
• 69 82 — Security status not satisfied
• 63 Cx — PIN verification failed, x retries remaining

See APDU Response Codes for a comprehensive status word reference.

Transport Protocols

APDUs are carried over two transport protocols. T=0 is a byte-oriented protocol that interleaves the command header and data with procedure bytes from the card. T=1 wraps entire APDUs in blocks with error-detection codes, making it better suited for high-throughput and contactless applications. The protocol is negotiated during the ATR / PPS exchange.

Secure Messaging

When confidentiality or integrity of the APDU payload is required, Secure Messaging wraps the data field with cryptographic MACs and optional encryption. SCP03 builds on this mechanism to establish a full session-level secure channel using AES.