> > Now the only thing we need to do is send these APDUs to the card. You > > can?t tell me that this is impossible. > JCOP cards require authentication to load and instantiate applets. In > addition, data blocks that are loaded must be "signed" (checksummed) with a > separate authentication key. scriptgen does not do this. (and it isn't even > possible to do it offline. Global Platform uses something called Key > diversification which transforms static keys into session keys, and you use > the session keys to authenticate commands and load blocks). Right. Sometimes there are also manufacturers (e.g. Gemplus) that use on some cards (e.g. GemXPresso Pro, GemXpresso 211PK, ... in my thoughts) a mother key that used the information in the ATR to obtain the 3 static keys used to genererate the 3 sessions keys. I may have code to do this somewhere.
Regards, -- Damien Sauveron ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
