$ !!
./GPShell <listgp211.txt
mode_211
enable_trace
establish_context
card_connect
* reader name Gemplus GemPC Express 0
select -AID a000000003000000
--> 00A4040008A000000003000000
<-- 6F108408A000000003000000A5049F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
--> 00CA006600
<-- 734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B
06092A864886FC6B040215650B06092B8510864864020103660C060A2B060104012A026E01029000
--> 8050000008F72B300DCD49944000
<-- 00006306002264910677FF016783A0F116E618D317BA5C7B57DC75B99000
mutual_authentication() returns 0x80302000 (The verification of the card cryptog
ram failed.)
At 05:40 1/11/2008, Alexej Muehlberg wrote:
>Are you stating that the JCOP31 card shows via the INIT-UPDATE command SCP02,
>but is in reality doing SCP01? Can you please post the authentication APDU
>trace + identify command?
GPShell first does a GET DATA to retrieve the Card Recognition data. Part of
the returned blob is an OID (defined in Appendix H) which describes the
supposed SCP for the card - in this case, the data is "2A864886FC6B040215" - or
an OID of 1.2.840.114283.4.2.21. The last two number define the SCP (2) and
the options (21 dec - 15 hex).
The GlobalPlatform libraries - if told to use mode 211 - check this to figure
out which SCP. The lib doesn't appear to check the returned value from the
INITIALIZE UPDATE to make sure it really is SCP 02.
The card recognition data is obviously wrong - but the question is what's the
right behavior here? Throw an error on the mismatch, or pay attention to the
SCP value returned by INITUP and do the right thing?
The asn1 dump of the card recognition data is
$ ./dumpasn1 resp.bin
0 74: [APPLICATION 19] {
2 7: OBJECT IDENTIFIER gpRecognitionData (1 2 840 114283 1)
11 12: [APPLICATION 0] {
13 10: OBJECT IDENTIFIER gpMgtV211 (1 2 840 114283 2 2 1 1)
: }
25 9: [APPLICATION 3] {
27 7: OBJECT IDENTIFIER gpCardIDScheme (1 2 840 114283 3)
: }
36 11: [APPLICATION 4] {
38 9: OBJECT IDENTIFIER gpSecureChanProtv2s21 (1 2 840 114283 4 2 21)
: }
49 11: [APPLICATION 5] {
51 9: OBJECT IDENTIFIER '1 3 656 840 100 2 1 3'
: }
62 12: [APPLICATION 6] {
64 10: OBJECT IDENTIFIER '1 3 6 1 4 1 42 2 110 1 2'
: }
: }
>_______________________________________________
>Muscle mailing list
>[email protected]
>http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
