Thanks to Nikolay Elenkov I now know why I was unsuccessfull in attempting to
open_sc on my Gem Xpresso 211PKIS smartcard. It's because these development
cards deliberately use a weakened secure channel session key.
Here is below the mail he sent to me.
Upon his request, I forwar this here.
As I understand, a command like mode_211pkis has to be implemented into
gpshell to make the Gem Xpresso 211PKIS usable with gpshell.
---------- Message transmis ----------
Subject: [Muscle] gpshell and gem Xpresso: how to open secure channel?
Date: Thursday 25 May 2006 04:53
From: [EMAIL PROTECTED]
To: "Olivier Lahaye" <[EMAIL PROTECTED]>
Hi,
Here's the 211PKIS session key derivation info. I don't have the original
mail here, so I can't reply to the list (without breaking threading). Could
you please forward this to the list?
Nikolay Elenkov wrote:
> IS cards use a deliberately weakened secure channel session key. The key
> derivation scheme is the same as with regular cards but in the end all
> even/odd bytes are replaced with a fixed value (2C or DC or some such,
> I can give you the exact info tomorrow). gpshell probably doesn't
> support this and that is why you get an error. Do you have any 'regular'
> GemXpresso cards to test with?
Even bytes are replaced with 0xCA and odd ones with 0x2D. Something like
this:
for(int i = 0; i < key.Length; i++) {
if((key[i] % 2) == 0) {
key[i] = 0xca;
}
else {
key[i] = 0x2d;
}
}
If add this to the relevant places in gpshell, you should be able to
establish a secure channel connection with the card. (Unfortunately, I don't
have the time to look into gpshell right now.)
-------------------------------------------------------
--
POPI: MGBU
--
Olivier LAHAYE
Motorola Labs IT Manager
Computer & Information Systems
European Communications Research
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
