[OCF] Error 69 85 at unwrap() (OpenPlatform API)

[Karsten Ohme]

Hello,

I have the following problem.

I get error 6985 when I run the unwrap() method.

I'm using a Cyberflex e-gate 32k. This card is compliant with JavaCard
2.1.1 and OpenPlatform 2.0.1'.
I retrieve the ProviderSecurityDomain in the select() method of the applet

       securityObject = OPSystem.getSecurityDomain();

The IntitializeUpdate and ExternalAuthenticate methods are successful.

In InitializeUpdate I get the secureChannel by:

*       * secureChannel = securityObject.openSecureChannel(apdu);

The ExternalAuthenticate method verifyExternalAuthenticate succeeds:

       securityObject.verifyExternalAuthenticate(secureChannel, apdu);

The calculated MAC I'm using as the next initialization vector (icv) for
the MAC of the next command for integrity in CBC mode. And I also used
0x84 als the class byte and I added 8 to Lc because of the MAC.
The error 69 85 means  SW_CONDITIONS_NOT_SATISFIED. So I believe the
problem is not an incorrect authentication.
I use this code fragment:

       apdu.setIncomingAndReceive();
       securityObject.unwrap(secureChannel, apdu);
I used the OpenCard Framework to communicate with the card and called
beginMutex() of the class SmartCard to get a channel and didn't call
allocateCardChannel() in a derived class of CardService.
Could the problem, that my card (the CardManager) is only in state
INITIALIZED?
How can I set the state of the card to SECURED? Only the methods
terminateCardManager() and lockCardManager() are available.
I tried the SET STATUS instruction by the apdu:

       CLA INS P1     P2   Lc      AID of CardManager
         Lc
       0x80 0xf0 0x80 0x0f 0x07 0xa0 0x00 0x00 0x00 0x03 0x00 0x01 0x00
P1 should mean I want to modify the CardManager, P2 should mean the
state SECURED.
But  I get the error 6A 80 (SW_WRONG_DATA) or 69 85
(SW_CONDITIONS_NOT_SATISFIED) (when I tried different P1 and P2).
Thanks, Karsten



---
Visit the OpenCard web site at http://www.opencard.org/ for more
information on OpenCard---binaries, source code, documents.
This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
!                           [EMAIL PROTECTED]
! containing the word
!                           unsubscribe 
! in the body.