In general, the read access to a secret code file should be NEVER. Initially, you you
create a secret code file with 'relaxed' access condition and later when you are done
with coding and testing, you can 'freeze' the access conditions for a particular
operation(Update, Read).
You can do the following
byte[] ac_0201 = { (byte)0x00, (byte)0x00, //Update = FREE
(byte)0x00, (byte)0x00, //Write = FREE
(byte)0x00, (byte)0x00}; //Read = FREE
byte[] code1 = {(byte)0x99, (byte)0x99, (byte)0x99, (byte)0x99};
byte[] code2 = {(byte)0x88, (byte)0x88, (byte)0x88, (byte)0x88};
//Create the secret code file(0x0201)
System.out.println("\nCreate secret code file " + ef_0201);
//fus.createSecretCodeFile(ef_0201, 2, ac_0201);
fus.createSecretCodeFile(ef_0201, 2, null);
// Our unblocking code is the code number 1
GPKSecretCodeRef unlockRef = new GPKSecretCodeRef(GPKSecretCodeRef.LOCAL_CODE,
(byte)0x01);
// Load secret code 0
System.out.println("\nLoad secret code 0 in " + ef_0201);
fus.importSecretCode(ef_0201, code1, 0, fus.PLAIN_PRESENTATION, 7, unlockRef);
// Load secret code 1 (Note: This will be your unblocking secret code)
System.out.println("\nLoad secret code 1 in " + ef_0201);
fus.importSecretCode(ef_0201, code2, 1, fus.PLAIN_PRESENTATION, 7, unlockRef);
byte[] controlBytes_0201 = {(byte)0x00, (byte)0x00, (byte)0x40};
// Freeze access conditions for EF0201(Lock the read operation)
fus.localizeAC(ef_0201, controlBytes_0201);
NOTE on control byte for Lock:
There are 3 control bytes(for 3 operations - update, write, read).
For lock, each control byte has to be coded as 01xxxxxx.
Control Byte 0x00 => Leave the access conditions as they are
Please note that you cannot protect the 'Read' operation of a secret code file by a
secret key. Even if you protect a secret code by a secret key file, it will be just
provide an integrity protection in the read opertation(Meaning, it will give you a 3
byte checksum along with the data). The data(secret codes + other info) can be read
'FREELY'. Hence you have to protect it by a secret code(say, from the MF level) to
really protect it from reading, or to be on a safer side, just lock the access for
read after you are done. On the other hand, you can still protect the 'update'
operation by a secret key(+ secret codes(2) if you want).
----------
What is history but a fable agreed upon?
- Anonymous
>-----Original Message-----
>From: Antonio Ruiz Mart�nez [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, August 23, 2000 2:37 PM
>To: [EMAIL PROTECTED]
>Subject: [OCF] Protect a Secret Code File
>
>
>Hi, could you help me?
>
>How I can to protect a Secret Code File with a Secret Key File?
>
>Thanks.
>
>
>
>---
>> Visit the OpenCard web site at http://www.opencard.org/ for more
>> information on OpenCard---binaries, source code, documents.
>> This list is being archived at
>http://www.opencard.org/archive/opencard/
>
>! To unsubscribe from the [EMAIL PROTECTED] mailing list
>send an email
>! to
>! [EMAIL PROTECTED]
>! containing the word
>! unsubscribe
>! in the body.
>
>
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
