2013/9/19 landyman70 <[email protected]>: > I am in the process of writing a system that reads from a JCOP smartcard with > GP 2.2 and a custom applet on. > All was going well, until I tried to do authentication, and I seem to have > run into an issue. > When ever I send an INITIALIZE UPDATE APDU to a card it always returns the > same value back in the Card Challenge part of the response. > It doesn't matter if I physically remove the card, when ever I call it I get > the same values back. > This behaviour is in correct as the Card Challenge part of the response > should be (according to the spec) "an internally generated random number." > When I run the APDUs through the native Windows PCSC layer I get randomness, > but when I run it through pcsc-lite 1.8.8 in Open Suse there is no > randomness. > This is a problem as the applet on the card is secured, so in order to do > anything, you need to be in an authenticated session and without the random > Card Challenge all authentication fails. > I have been using the same card and reader each time. > Can anyone shed any light on this issue please?
Maybe your card has been backdoored by the NSA? Can you send a simple GET CHALLENGE [1] APDU and get some randomness? You should compare the APDUs send on Windows with the APDUs send on GNU/Linux. I am sure something is different. Bye [1] http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816-4_6_basic_interindustry_commands.aspx#chap6_15 -- Dr. Ludovic Rousseau _______________________________________________ Muscle mailing list [email protected] http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
