Olivier LAHAYE wrote:
> I'm still stuck and unable to open_sc to my Gem Xpresso 211PK_IS card.
>
> Here are more informations about my systems in the hope that some one may
> have
> the magic information that would allow me to progress.
Again, what says enable_trace?
Does the first step connecting to the correct Security Domain work?
>
> See my comments below (and atttached file):
>
> Le Tuesday 23 May 2006 19:31, Karsten Ohme a écrit :
>
>>Olivier LAHAYE wrote:
>>
>>>Le Tuesday 23 May 2006 16:46, Karsten Ohme a écrit :
>>>
>>>>>created a gpshell script to try to open a secure channel and test the
>>>>>authentication.
>>>>>After digging on the net, I found that the keys are:
>>>>>Static keys: PK-IS
>>>>>Kenc = CA CA CA CA CA CA CA CA 2D 2D 2D 2D 2D 2D 2D 2D
>>>>>Kmac = 2D 2D 2D 2D 2D 2D 2D 2D CA CA CA CA CA CA CA CA
>>>>>Kkek = CA 2D CA 2D CA 2D CA 2D CA 2D CA 2D CA 2D CA 2D
>>>>
>>>>The default key for GemXpresso cards is:
>>>>
>>>>static const BYTE OPGP_GEMXPRESSO_DEFAULT_KEY[] = {0x47, 0x45, 0x4d,
>>>>0x58, 0x50, 0x52, 0x45, 0x53, 0x53, 0x4f, 0x53, 0x41, 0x4d, 0x50, 0x4c,
>>>>0x45};
>>>
>>>Strange as I've also confirmed that the 3 keys Kenc, Kmac and Kkek above
>>>are used by the Gem Xpresso Pro windows software.
>>
>>Can be, but in my docs this key is mentioned. Maybe you have a different
>>card.
>
> Must be the case as I'm pretty sure now that my keys are the correct ones as
> they are in the windows software properties file (attached).
>
> the manual:
> http://www.informatik.uni-augsburg.de/lehrstuehle/swt/se/teaching/ws0506/javacard/Dokumentation/UserGuide.pdf
> States the following:
>
> The Card Manager daughter keys (KDCAUTH/ENC, KDCMAC, and KDCKEK)are
> diversified from the mother key (KMC). The diversification method uses
> 3DES_ECB
> with a 16-byte key (KMC) and 16 bytes of diversification data, D.
> The data diversification method is as follows:
> D = Dleft || Dright
> KD = KDleft || KDright
> KDleft = 3DES(Dleft, KMC)
> KDright = 3DES(Dright, KMC)
I will see, if this is the same for other cards of the GemXpresso series.
Karsten
>
> Page 124 also speak about diversification. Any special commands in gpshell to
> support this? (the attached propery file seems to indicate that I'm not using
> diversification...)
>
> Page 43 seems to explain that the security domain AID is A0 00 00 00 18 43 4D
> and attached file seems to confirm that.
>
> Page 44/45 explains the properties file format that I have attached and that
> I'm using on the windows software.
>
> As you can see in the property file, it seems that the 3 keys (the keyset)
> are
> used for DES-ECB. Maybe gpshell/pcsc does not support this type of auth?
>
>
>>>>Try this (without the surrounding stuff).
>>>
>>>You mean tha I should try this:?
>>>open_sc -keyind 0 -keyver 0 -key 47454d5850524553534f53414d504c45
>>>-security 0
>>
>>yes, but with -enc -mac -kek ... with the same value.
>
>
> Failed. :'-(
>
>
>
>>>>Have you taken the latest versions of GlobalPlatform and GPShell from
>>>>SVN?
>>>
>>>Unfortunately not as I'm behind a firewall. I'm using GPshell 1.3.1 from
>>>March 24th, 2006. If you could sent to me a bzip2 tarball of the latest
>>>SVN I'd apreciate a lot Karsten.
>>
>>OK.
>
> Thanks for your archives, compilation went fine and I tested the new version:
> same results. BTW, the GlobalPlatform you sent me (SVN) is numbered 2.1.1
> while Changelog states 3.0.2. This is strange. I tested a diff -u on it with
> the archive on the web and except autofiles that I've regenerated, there a
> almos no differences in source code (only a small difference (a if case
> remove in the version you sent to me)).
>
> So now, I'm stuck :-(
> As a sumup:
> If I can talk to the card, then this should mean that my pcsc install is ok
> right?
> If I obtain the same results with 2 different car readers: O2Micro and GemPC
> usb, it should confirm that my pcsc install is correct.
> So what can I check?
> Is there a way to check from A to Z my install?
> Is there a way to simulate the authentication using send_apdu?
>
> Any help would be realy realy apreciated...
>
> Thanks a lot for all your patience and help.
>
> Olivier.
> --
> Olivier LAHAYE
> Motorola Labs IT Manager
> Computer & Information Systems
> European Communications Research
>
>
> ------------------------------------------------------------------------
>
> #====================================================================
> #
> # CARD INFORMATIONS
> #
> #====================================================================
> #
> # WARNING: For custom product, you may have to update the mother key.
> #
> #====================================================================
> #
> # card:
> #
> # issuer: GEMPLUS
> # date: Mon May 15 16:30:23 CEST 2006
> #
> #====================================================================
> this_file_format=1
>
> #====== Application Identifier (hex or ascii format) ===============
> aid.security_domain=hex/A0 00 00 00 18 43 4D
>
> #====== Default key set version (in decimal format) ================
> set_version=13
>
> #========= mother keys for diversification and mode =================
> #diversification= name / diversification mode / [/parameter for
> diversification/...]
> # name = logical name mode for the
> diversification mode (user defined)
> # diversification mode = diversification mode (VISA, ...)
> # parameter for diversification = hexa key value or <NONE>
> #
> diversification=GXP211_PK_IS_fixedKey/NONE
>
> #====== number of key sets (in decimal format) =====================
> set_number=1
>
> #==== Key Set <i> =====================================================
> # number of keys in the set
> #set<i>.key_number=n
> #
> #set<i>.set_index= set version
> #set<i>.key1=algo/data
> #set<i>.key2=algo/data
> #.....................
> #set<i>.keyn=algo/data
> #
> # where :
> #
> # - algo is one of the following algorythm
> # des-ecb
> # des-cbc
> # rsa-crt
> # rsa-priv
> # rsa-pub
> # dsa-priv
> # dsa-pub
> #
> # - data is the value of the key
> # for des-ecb or des-cbc, if K3 is not present K3=K1
>
> #==== Key Set 1 =====================================================
> set1.version=13
> set1.key_number=3
> set1.key1=des-ecb/CA CA CA CA CA CA CA CA 2D 2D 2D 2D 2D 2D 2D 2D
> set1.key2=des-ecb/2D 2D 2D 2D 2D 2D 2D 2D CA CA CA CA CA CA CA CA
> set1.key3=des-ecb/CA 2D CA 2D CA 2D CA 2D 2D CA 2D CA 2D CA 2D CA
> #====================================================================
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Muscle mailing list
> [email protected]
> http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
