Hi, nvdatalimit is not the applet size. It's a mean to say to the card, "my applet won't exceed nvcodelimit bytes, so reject the load operation if I'm lying"
The same applies for nvdatalimit: "hello card, me, nice applet, I promise that I will not use more than nvdatalimit bytes of eeprom for my persistent objects, please check I'm not lying". My experience is that for all normal "experimentation" situations the -nv*limit option are 100% useless. In your own testing card, who cares if your applet uses 1.2 k of ram instead of 1.1 k? or 18574 bytes of eeprom instead of 18543? This is only putting additional complexity to a somewhat complex situation. It's sufficiently complicated to deal with SCP version, option, keys, auth level, card manager AID (a sort of "myth", the card manager is very often default selected so you don't need to select it if you don't know what "privilege 04" means and your card is not a SIM+javacard that could have a default selected SIM applet), ... I guess these options were invented when company A owns a card, accept to load the applet of company B provided it does not consume all the space A could use in the future (and pays for the space it intends to use). Just don't use these 'limit' args, they are not needed for a successful loading. But don't forget the Trusted Labs captransf.jar if you want to load anything on a cyberflex like card. Regards, Sebastien. On Thu, Dec 3, 2009 at 7:03 PM, emanuele gringeri <[email protected]>wrote: > Ralf Schlatterbeck ha scritto: > > Answering my own mail: > > > > On Thu, Dec 03, 2009 at 02:06:15PM +0100, Ralf Schlatterbeck wrote: > > > >> Just got my Gemalto TOP IM FIPS CY2 (Cyberflex Access 64k v2) > >> > >> But downloading the MCardApplet -- both my homegrown one and one > >> downloaded from > >> > http://www.opensc-project.org/opensc/attachment/wiki/Cyberflex/CardEdgeII.ijc > >> leads the following error after issuing the install_for_install command: > >> > > [...] > > > > I've done a little investigation into the magic numbers used by > > gpshell. Looks like I can find out the argument to the first select > command: > > > > select -AID a000000003000000 > > > > by doing: > > enable_trace > > establish_context > > card_connect > > open_sc -security 1 -keyind 0 -keyver 0 -mac_key > 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f > > get_status -element 80 > > > > this gives me the following output (in addition to some debug output): > > List of applets (AID state privileges) > > a000000003000000 7 0 > > > > The other two AIDs seem to be dependent on the applet used (the applet > codes > > the applet ID internally). I came to this conclusion by changing the IDs > > in the hello world downloader and seeing it fail. > > > > Then I looked into the download script for the hello world applet. > > When unpacking the HelloWorld.cap.transf or HelloWorld.cap file with > unzip > > I'm getting several .cap files. The Applet.cap contains the following > > (in hex): > > > > 000000 03 00 0e 01 0a a0 00 00 00 62 03 01 0c 01 01 00 > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > 000010 14 > > 000011 > > > > Now compare this with the Applet IDs used for downloading, citing > > from helloInstallCyberflexAccess64k.txt from the gpshell distribution: > > > > install_for_install -instParam 00 -priv 02 -AID a00000006203010c0101 > -pkgAID a00000006203010c01 -instAID a00000006203010c0101 -nvDataLimit 500 > > ^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^^^^^^ > > > > with that info I was able to find out the correct downloading script for > > my homegrown applet, note the commented-out commands which use the wrong > > applet ID (see below). My applet seems to use the AID a00000000101 > > > > Now my question: > > - Is there some documentation on these magic numbers? > > - Seems in all docs the MCardApplet uses the other ID I tried first > > so something in my build-process probably doesn't correctly set > > the applet ID. How should I change that? > > > > # gpshell script for loading applet into card: > > enable_trace > > establish_context > > card_connect > > select -AID a000000003000000 > > open_sc -security 1 -keyind 0 -keyver 0 -mac_key > 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f > > delete -AID a00000000101 > > delete -AID a000000001 > > delete -AID a0000003230101 > > delete -AID a00000032301 > > #install_for_load -pkgAID a00000032301 -nvCodeLimit 16000 -sdAID > a000000003000000 > > install_for_load -pkgAID a000000001 -nvCodeLimit 16000 -sdAID > a000000003000000 > > load -file CardEdgeCflex.ijc > > #install_for_install -instParam 00 -priv 02 -AID a0000003230101 -pkgAID > a00000032301 -instAID a0000003230101 -nvDataLimit 16000 > > install_for_install -instParam 00 -priv 02 -AID a00000000101 -pkgAID > a000000001 -instAID a00000000101 -nvDataLimit 32000 > > get_status -element 20 > > card_disconnect > > release_context > > > > > > Thanks, Ralf > > > I have been able to load the my homemade applet with the following script: > > mode_201 > enable_trace > establish_context > card_connect > select -AID a0000000030000 > open_sc -security 0 -keyind 0 -keyver 0 -mac_key > 404142434445464748494a4b4c4d4e4f -enc_key > 404142434445464748494a4b4c4d4e4f // Open secure channel > install_for_load -pkgAID a000000001 -nvCodeLimit 19300 > load -file CardEdgeCflex.ijc > install_for_install -instParam 00 -priv 02 -AID a00000000101 -pkgAID > a000000001 -instAID a00000000101 -nvDataLimit 13400 > card_disconnect > release_context > > You have to use the AID that you use in common.xml when you did compile > the applet with ant. > > 1. nvCodeLimit is the applet size. > 2. nvDataLimit is the size of memory that u want to use for ur private > objctes... I guess .. > > cheers. > > PS for gpshell is better use the gpshell ML. > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle >
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
