Iain MacDonnell wrote: > > > Andreas Jellinghaus wrote on 11/30/06 11:24 PM: > >> Karsten Ohme wrote: >> >>> You can always delete and install applets on a GlobalPlatform card, if >>> you have the GlobalPlatform keys, this has nothing to do with the >>> MuscleCard applet. >> >> >> what are these globalplatform keys? where do I use them, how >> do I change them and all that? > > > That's JavaCard stuff - a level below the MuscleCard applet. You can > use Karsten's GlobalPlatform stuff to work at that level. > > http://sourceforge.net/projects/globalplatform/ > > >> or is that the one changed with >> https://www.opensc-project.org/opensc/wiki/Cyberflex >> opensc-tool -s > > > No. > >> B0:2A:00:00:38:08:4D:75:73:63:6C:65:30:30:04:01:08:30:30:30:30:30:30:30:30:08:30:30:30:30:30:30:30:30:05:02:08:30:30:30:30:30:30:30:30:08:30:30:30:30:30:30:30:30:00:00:17:70:00:02:01
But a few lines above you have used them to authenticate to the card: open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel The MAC key and the ENC key has the default 40...4F value. If you do not change this keys every user can delete the applet (and any other content) and install a new applet. This can introduce security problems (Maybe a bogus applet ...). I wrote an overview for OpenPlatform (but which is also valid for GlobalPlatform cards): http://sourceforge.net/docman/?group_id=143343 What's Open Platform Karsten > > > > Here's how I break down the MuscleCard perso APDU (numbers may be > slightly different than yours)... > > # B0 <- CLA > # 2A <- INS_WRITE_FRAMEWORK > # > # 0000 <- Nothing important > # > # 38 <- Length of the data (everything after this) > # > # 08 <- transport key length > # 4D7573636C653030 <- existing transport key ('Muscle00') > # > # 04 <- Admin PIN attempts > # 01 <- Admin unblock attempts > # 08 <- Admin PIN length > # 3030303030303030 <- Admin PIN (replaces transport key???) ASCII > for '00000000' > # 08 <- Admin unblock code length > # 3030303030303030 <- Admin unblock code > # > # 05 <- User PIN attempts > # 02 <- User unblock attempts > # 08 <- User PIN length > # 3030303030303030 <- User PIN > # 08 <- User unblock code length > # 3030303030303030 <- User unblock code > # > # 00007FFF <- Object store size = 32767 bytes > # > # 00 <- ACLs - Anyone can create objects > # 02 <- Keys only after user pin verified > # 01 <- Pins only after admin pin verified > > ~Iain > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
