Hi, GP keys are used to manage the card contents, ie add/remove applets and packages.
The worst an attacker can do is remove the applet instance along with its data and reinstanciate it. But data allocated in the applet is never readable from the outside, otherwise banks would not use chip credit cards :-) You current keys are probably 404142434445464748494A4B4C4D4E4F, like all development cyberflex cards :) So they're not really secret until you change them using the PUT KEY command. but don't forget to write them down somwewhere in a secure place :-) In general if the card is for you only, you don't need to change the security domain keys. Regards, Sebastien
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
