Olivier LAHAYE wrote:
> I'm trying to help Nesrine as she works on same site as me.
>
> I have few smartcard knowledge but I'm understanding more and more though :-)
>
> Right now, here is our situation:
> We used muscletool to register the ATR of our Gem Xpresso 211PK-IS smartcard.
> (BTW, is it normal that even if the ATR is already in the Info.plist file, it
> is inserted one more time (leading to multiple identical lines containing the
> ATR).
>
> Then we are trying to connect to the card using a secure channel. Thus I
> created a gpshell script to try to open a secure channel and test the
> authentication.
> After digging on the net, I found that the keys are:
> Static keys: PK-IS
> Kenc = CA CA CA CA CA CA CA CA 2D 2D 2D 2D 2D 2D 2D 2D
> Kmac = 2D 2D 2D 2D 2D 2D 2D 2D CA CA CA CA CA CA CA CA
> Kkek = CA 2D CA 2D CA 2D CA 2D CA 2D CA 2D CA 2D CA 2D
The default key for GemXpresso cards is:
static const BYTE OPGP_GEMXPRESSO_DEFAULT_KEY[] = {0x47, 0x45, 0x4d,
0x58, 0x50, 0x52, 0x45, 0x53, 0x53, 0x4f, 0x53, 0x41, 0x4d, 0x50, 0x4c,
0x45};
Try this (without the surrounding stuff).
>
> Thus I tried the following gpshell script with no success:(note that I reset
> the unsuccessfull failed attempt counter to open the secure channel by using
> the windows Gem Xpresso Pro software on windows 2000 and authenticate the
> card)
> Note: the open_sc line is on 1 single line
> -----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----
> gemXpressoPro
> enable_trace
>
> establish_context
> card_connect
> select -AID a000000018434d # example of AID to test AID selection works
> open_sc -security 0 -enc_key cacacacacacacaca2d2d2d2d2d2d2d2d -mac_key
> 2d2d2d2d2d2d2d2dcacacacacacacaca -kek_key ca2dca2dca2dca2dca2dca2dca2dca2d //
> Open secure channel
> get_status -element e0
> close_sc // Close secure channel
> card_disconnect
> release_context
> -----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----8<-----
> The gpshell version is 1.3.1
> What means -keyind 0 -keyver 0 ?
key index is teh key position in a key version. E.g the MAC, KEK and ENC
key are in one key version, there is a order, I believe ENC, MAC, KEK in
a keyset. key index specifies the offset in the key version to start
looking for these keys. So 0 is OK. (Should, else it is a strange card.)
key version 0 means: take the first availbale key version. This should
be OK for your card, if 13 is really the first available key version.
Maybe also see the README of gpshell.
Can you please submit a log from the enable_trace?
Have you taken the latest versions of GlobalPlatform and GPShell from SVN?
Karsten
>
> In the end, the aim is to load the CardEdge Applet applet on en empty card.
> As
> we are unable to use muscle framework with the applet we installed using Gem
> Xpresso Pro software on windows.
>
> Many thanks in advance for all your help and patience :-)
> --
> Olivier LAHAYE
> Motorola Labs IT Manager
> Computer & Information Systems
> European Communications Research
> _______________________________________________
> Muscle mailing list
> [email protected]
> http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
