Re: [SPAMASSASSIN] Re: [OCF] Delete Applet

[Joseph Smith]

Not according to the document I've received and m/w I had to customize to get their cards to work. This is their DD step. ( Straight from the datasheet.doc )

Diversified key	Diversification data
KDCauth/enc	FFh FFh - <8 first card serial nb bytes> - 01h 00h 00h 00h 00h 00h
KDCmac	00h 00h - <8 first card serial nb bytes> - 02h 00h 00h 00h 00h 00h
KDCkek	F0h F0h - <8 first card serial nb bytes> - 03h 00h 00h 00h 00h 00h

This is the SCP1 DD Step ( Straight from GP 2.0.1')

CardChallenge 4bytes right | Host Challenge 4 bytes Left | Card Challeng 4bytes left | Host Challenge 4 bytes right

I see a major difference !

-------------

Also they don't use the default CM AID as outlined in the GP spec of A0 00 00 00 03 00 00, they use A0 00 00 00 18 43 4D. I recall this the most because of the headache that caused with m/w and deployment.

Can derived keys be static keys ? I thought they were called derived keys ?  

Don't get me wrong, there's nothing wrong with this if you know 100% that you are going to stay with Gem+ products. But in my case where I have to maintain vendor neutrality, it won't work.
----------------------

Joseph Smith

www.javacard.info

----------------------

>From: Eddy Cheung <[EMAIL PROTECTED]>

>To: [EMAIL PROTECTED]

>CC: [EMAIL PROTECTED]

>Subject: Re: [SPAMASSASSIN] Re: [OCF] Delete Applet

>Date: Thu, 20 Feb 2003 11:24:58 +1000

>

>Hi Alejandro,

>

>Just to clarify, the derivation data step for Secure Channel (SCP1)

>is same as the spec, but you have to derive the card's static keys

>first before trying to do the handshake. To derive the card's

>static keys, you have to get that document on Gemplus's web site.

>

>The Gemplus web site has undergone a major reconstruction, but at

>least last time I look, it was still there. Sorry, but I don't have

>the link with me right now. The document is named something like

>Gemplus GemXpresso datasheet from memory.

>

>Cheers,

>Eddy

>

>Joseph Smith wrote:

>>------------------------------------------------------------------------

>>

>>

>>Read the Global Platform specifications for xAuth. I recommend

>>getting the GP 2.1 specification because it's easier to read. The

>>section you want to focus on is the Secure Channel 01 protocol.

>>Delete, xAuth, initUpdate, etc. are all there.

>>

>>Also contact Gem+. They perform the derivation data step of the

>>Secure Channel 01, differently than the specifications. Since I've

>>vowed not to use Gem+ cards, because of that proprietary step, I

>>have would have to dig to find the document and I can't remember

>>off top of my head.

>>

>>----------------------

>>

>>Joseph Smith

>>

>>www.javacard.info

>>

>>----------------------

>>

>> >From: Alejandro Wille

>> >To:

>> >Subject: [OCF] Delete Applet

>> >Date: Wed, 19 Feb 2003 23:48:16 +0530 (IST)

>> >

>> >Hello,

>> >

>> >Is there Any way to delete an applet off of a card using OCF? I

>>know the

>> >APDU to delete the application, what I need is the External

>>Authenticate.

>> >I have noticed that the first APDU sent for that is the same,

>>however,

>> >next comes a response from the card, based upon which I need to

>>generate

>> >the next APDU. I can't find this information anywhere. Is there

>>a way to

>> >do it without manually entering the APDU? Also, what about

>>loading the

>> >app? I have noticed a strong correlation between what's in the

>>jar file

>> >and what APDU is sent, but they don't match exactly. It seems

>>parts of

>> >the file are skipped.

>> >

>> >I am using a Gemplus 2pk, 32k, on Win2k, OCF.

>> >

>> >Thanks for your help.

>> >

>> >--

>> >Alejandro Wille

>> >

>> >

>> >---

>> > > Visit the OpenCard web site at http://www.opencard.org/ for

>>more

>> > > information on OpenCard---binaries, source code, documents.

>> > > This list is being archived at

>>http://www.opencard.org/archive/opencard/

>> >

>> >! To unsubscribe from the [EMAIL PROTECTED] mailing list

>>send an email

>> >! to

>> >! [EMAIL PROTECTED]

>> >! containing the word

>> >! unsubscribe

>> >! in the body.

>>

>>------------------------------------------------------------------------

>>Protect your PC - Click here for

>>McAfee.com VirusScan Online --- > Visit the OpenCard web site at

>>http://www.opencard.org/ for more > information on

>>OpenCard---binaries, source code, documents. > This list is being

>>archived at http://www.opencard.org/archive/opencard/ ! To

>>unsubscribe from the [EMAIL PROTECTED] mailing list send an

>>email ! to ! [EMAIL PROTECTED] ! containing the word !

>>unsubscribe ! in the body.

>

>

>

>

>---

>>Visit the OpenCard web site at http://www.opencard.org/ for more

>>information on OpenCard---binaries, source code, documents.

>>This list is being archived at

>>http://www.opencard.org/archive/opencard/

>

>! To unsubscribe from the [EMAIL PROTECTED] mailing list send an

>email

>! to

>! [EMAIL PROTECTED]

>! containing the word

>! unsubscribe ! in the body.

---

Add photos to your e-mail with MSN 8. Get 2 months FREE*. --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.