6F 19 -- FCI
84 -AID tag
08 A0 00 00 00 03 00 00 00 - 8 bytes of applet instance oid?
A5 0D - #0x0d of proprietary bytes
9F 6E - GP config
06 40 51 21 97 22 11 - presumably an oid (06) for the organization-grade issuing authority for JCOPs?
9F 65 - GP config
01 FF
The three 128bit hex-encoded values are probably S-ENC, S-MAC and DEK, for the issuer security domain. Each is a "double-length DES key"
we can guess the 1/1, 1/2, 1/3 means scp 01, keys 1, 2 and 3. Or the initial 1 could refer to the version number of the keyid, assuming a security domain mib will enable users to select from multiple keysets, during association setup.
These keys are used to derive the association's 16-bit session keys, using triple-DES, in ECB mode.
Viewing the muscle applet as an application (in the GP sense), one CAN direct the authentication and secure messaging PDUs at the application's own command dispatcher, for either local key derivation and usage (where the app is not managed by a security domain), or for passing on to a security domain acting to support the applet in these two functions. You would also need to update the existing external 1-round authentication method, and add the Initial Update interface method for posting the client nonce. If you limit the support to only one of the cases that a GP client might request, its easy. You will need to round out the unimplemented support for TDES in the applet, however. But again this easy, the hooks are clearly present. (they may even be relics of where earlier support got stripped out....)
----- Original Message ----- From: "Mladen Gavrilovic" <[EMAIL PROTECTED]>
To: "MUSCLE" <[EMAIL PROTECTED]>
Sent: Thursday, November 25, 2004 11:22 AM
Subject: Re: [Muscle] Setting up connection to JCOP 21 card
----- Original Message ----- From: "Mladen Gavrilovic" <[EMAIL PROTECTED]>
Subject: Re: [Muscle] Setting up connection to JCOP 21 card
printed with 32-bit keys, something like:
Apologies for that ridiculous statement, I meant 32-BYTE keys, or 256 bits.
set-key ${CURRKEYS} print-key 1/1/DES-ECB/0123456789ABCDEF0123456789ABCDEF 1/2/DES-ECB/0123456789ABCDEF0123456789ABCDEF 1/3/DES-ECB/0123456789ABCDEF0123456789ABCDEF
Is this possibly being printed in hex, but without spaces between the numbers? In this case that would be a 16-byte (128-bit) key.
the DES encryption with 32-bit keys?
Again, 32-BYTE or 256 bits.
----- Original Message ----- From: "Peter Williams" <[EMAIL PROTECTED]>result.
To: "MUSCLE" <[EMAIL PROTECTED]>
Sent: Wednesday, November 24, 2004 5:56 PM
Subject: Re: [Muscle] Setting up connection to JCOP 21 card
> The JCOP 21 is expecting you to poll for the 1B bytes of availablethe> i.e. issue: 0x00 0xC0 0x00 0x00 0x1B > > Eclipse did this for you, presumably, whereas your library is not > performing APDU emulation: its giving you the actual TPDU returned by> card, for your handling, according to your buffering requirements.
>
> It could be necessary to perform between 1 and 1B rounds of polling,
> depending on the card's buffer resources, and the state of the garbage
> collector.
>
> Following the subsequent GP domain selection and device > authentication,
and
> status checking for the association, it is necessary to (re)select > the
> file/applet over the secure channel, which THEN returns a 90 00
indication.
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
