EMV Certificate Inspector
CA Public Key
[ 0 B ]
Issuer Certificate (Tag 90)
[ 0 B ]
ICC Certificate (Tag 9F46) — optional for SDA
[ 0 B ]
Static Data for Auth (AFL offline-auth records)
Required for the ICC cert internal hash check (EMV Book 2 §6.4 Step 9)
and for SDA verification. Concatenate all records the AFL marks for
offline authentication, without the outer Tag 70 wrapper.
If the AFL offline-auth count is 0 for every SFI, leave blank.
[ 0 B ]
SDA (Static Data Authentication): verify the Signed Static Application Data (Tag 93)
using the recovered issuer public key. Recover keys in the Certificate Chain & Keys tab first.
[ 0 B ]
[ 0 B ]
DDA / fDDA (Dynamic Data Authentication): verify the SDAD returned by INTERNAL AUTHENTICATE (Tag 9F4B)
using the recovered ICC public key. Recover keys in the Certificate Chain & Keys tab first.
[ 0 B ]
[ 0 B ]
CDA (Combined DDA/AC): verify the SDAD returned by GENERATE AC (Tag 9F4B).
The SDAD embeds the Application Cryptogram, binding auth to the transaction.
Recover keys in the Certificate Chain & Keys tab first.
[ 0 B ]
[ 0 B ]
Paste a raw TLV blob (e.g. full GENERATE AC response or card data) and click
Extract & Populate to auto-fill the fields in other tabs.
Tags extracted: 90, 92, 9F32, 9F46, 9F47, 9F48, 93, 9F45, 9F4B, 9F26, 9F37, 9F4A, 8C.
[ 0 B ]