JCOP Key Version & Key Change
GPSpec 2.2
Key Change Sometimes (Occasionally) works
[ Security Domain Secure Channel Keys S-ENC S-MAC DEK]
- I did a keyChange with oldVersion 1 newVersion2,
then a keyChange with oldVersion2 new Version 3
( it is not stated that versions must be consecutive)
Notes:
Initiallize Update (initialize a Secure Channel Session) is currently done with hardcoded
p1 = 0 .... “ Key Version within the Security Domain to be used to initiate the Secure Channel Session. If this value is zero, the first available key chosen by the Security Domain will be used. “
p2 = 0 ....Key Identifier ..with the Key Version..”unique reference to the set of keys to be used to initiate the Secure Channel Session.”
So a regularisation of usage here seems required.
............................................
ChangeKey [PUT KEY]
has p1 = current key Set = version “ identifies keys already on card”
and Data[0] = new KeySet
........................................
Getting the KeySet version:
the response to Initialize Update has Key Version Number as byte [11]
I understand the relation between initialize Update p1 and response ??
........................................
Get Data
There is a variant of getData (note E0 tagindicating Key data
APDU = FF CA 00 E0 00 but note CLA FF is NOT defined
- I forget where I learned to use FF as CLA byte....
this Class also used in:
final String sread_uid = "FFCA 00-00 00";
I forget where I got these FF??
example
Select App 01090000010303000401 selected keyData 2DB3BB28
- what means Version B3 ???
try select Card Manager:
after select CardManager: CM selected keyData 2D B3 BB 28
So I try changeKey oldVersion B3 new Version B4 WORKED!!
then b4 -> B5 it did not work !! 0x6A80 SW_WRONG_DATA
So Occasionally PUT KEY works ... I wish I knew the rules.
No comments:
Post a Comment