Can the card manager of jcop41 v2.2 support multiselect ?

Similar Messages

• Cryptographic operations with the Card Manager

  Hello,
  I'm new to smart card programming and could need a little help.
  Here is what I'm trying to do:
  First off, I don't want to develop a java applet, I want to use the functionality of the Card Manager (Issuer Security Domain) only. With the ISD, I'm trying to put a cryptographic key (e.g. RSA key pair) on the card and read it back afterwards. Is this generally possible?
  Also, can you do cryptographic operations (e.g. RSA signing) using only the ISD?
  It would help me a lot if somebody could give me some hints and, if it's possible, the sequence of APDU commands I have to send to the card.
  Thank you.

  misfire wrote:
  Hello,Hello.
  I'm new to smart card programming and could need a little help.
  Here is what I'm trying to do:
  First off, I don't want to develop a java applet, I want to use the functionality of the Card Manager (Issuer Security Domain) only. With the ISD, I'm trying to put a cryptographic key (e.g. RSA key pair) on the card and read it back afterwards. Is this generally possible?ISD has cryptographic capabilities. It is limited to secure channel protocol handling. DES for SCP02 and RSA for SCP10 plus RSA for DAP (data authentication pattern). You do not have the possibility to use it for something else. What you can do though is access the DES/RSA part of the ISD via an applet (GP API) to e.g. decrypt and encrypt data.
  Also, can you do cryptographic operations (e.g. RSA signing) using only the ISD?Yes, but only via an applet.
  It would help me a lot if somebody could give me some hints and, if it's possible, the sequence of APDU commands I have to send to the card.Check out the GP specifications: SCP02/GP API in GP2.1.1 and SCP10/GP API in GP2.2 .

• I have photo 12--I understand i get 90 days on line support-  I am away for weeks at a time. Can the 90 days begin after my first support chat ?

  I have photo 12--I understand i get 90 days on line support-  I am away for weeks at a time. Can the 90 days begin after my first support chat ?

  It's 90 days from product activation.

• Can the Policy Management System be enabled by using CLI/Script?

  Hi,
  I know you can enable the Policy Management System in OER Console by selecting True for Enable Asset Policies in the Functional Settings. But I need to automate an OER configuration, so I am wondering if this can be done using CLI.
  Thanks in advance,
  Iris

  Hi,
  I know you can enable the Policy Management System in OER Console by selecting True for Enable Asset Policies in the Functional Settings. But I need to automate an OER configuration, so I am wondering if this can be done using CLI.
  Thanks in advance,
  Iris

• Can the license manager load the computer-based license first, instead of the user-based license?

  We have several machines in the lab with computer-based licenses on them and a number of techs with user-based licenses. When a tech needs to occassionally sign in as themselves, instead of the generic service account, the license manager attaches the machine to their user account. Not a problem until they try logging in to LabVIEW from their own PC again and they get the 14 day trial period notice.
  Is there a way to have the license manager look for the computer license first instead of the user license?
  Thanks for any help.
  Joe
  Solved!
  Go to Solution.

  Hi Joe,
  In the license file hosted on the license server, you may be able to manually change the "sort" tag in the file to modify the order in which VLM checks out licenses. Licenses are checked out in descending order (2, then 3, then 4, etc.). Typically, your license file is set up in a default order, but in special cases such as this, it may be beneficial to alter the order. To do this, follow these steps:
  1. Open the license file with a text editor (such as Notepad)
  2. Search for the "sort" tag. For instance, the "VLM_Core" entry will have a sort tag value will appear as "sort=first". Do not alter this value. VLM_Core should always be first.
  3. Change the sort tag value for the named-computer license to a value that is lower than the sort tag value for the named-user license. (e.g. "sort=2" for named-computer and "sort=3" for named-user). 
  4. Save the file and reinstall the license. 
  Let me know if you have any questions!
  Rick C.

• Can the AP1310 running on IOS 12.3 supporting on LDAP

  hi,
  My WLAN topology is like this: one WLSE for centralized management, LDAP server for authentication purpose, plus aironet AP1310.
  I would like to ask either the AP1310 able to support the user authentication on LDAP server.
  If yes, can please suggest what need to configure over the AP and the WLSE.
  thanks in advance
  noel

  No. You can configure local authentication on the 1300's, which will allow an AP to act as its own RADIUS server, but it will only authenticate against local user accounts on the AP, not an external LDAP server.
  If you were running lightweight mode, the controllers can do "Local EAP" and authenticate to an LDAP, but that's not an option for IOS/autonomous APs.
  If you must authenticate against the LDAP with your current deployment, your best option will be to set up a RADIUS server- ACS, IAS, FreeRadius, etc.
  Note that there are issues that may come into play when attempting to authenticate using PEAP/MSCHAPv2 against an LDAP directory, so be careful if you're using 802.1X that your inner authentication method is compatible with the directory you're using.

• Can the remote assistance provided by Lenovo premium support be abused by a bad support technician​?

  Hi,
  I am considering purchasing a Lenovo software warranty. I did some homework and I know Lenovo use a 123rescue tool to do remote assistance, which my friend finds very helpful.
  Before purchasing it, I want to know how secure is this tool? Can this tool be used by any bad or corrupted technician from Lenovo to secretly install some Trojans or spywares on the computer during the remote access? Because as I understand, the remote access will give a technician ability to operate the computer, although the connect needs user's approval, but what a technician can do after the user approve the connect? I do not know it in details and a little bit curious.
  Although Lenovo is a very reputable company, it's still good to make sure that if a user give remote access to a technician, Lenovo do have a way to monitor the whole process and protect the user from any potentially bad support technicians, although I am very sure that it is very very impossible that such bad technician exists inside Lenovo's support team.
  Thank you!

  Hi guys,
  Seriously, I know I am paranoid, but could anyone give a response for my stupid concern?

• Can't connect to the store to buy the card from the "Cards" app

  Can't connect to the app store to buy the card after I created it

  Tryh this support article Sherri  >  Can't connect to the iTunes Store

• Unable to select Card Manager or invalid FCI

  Hi,
  I have JCOP41V231 but I can not upload the CAP file.
  When I try to select the Card Manager I get an error 6A82.(see trace bellow)
  I asked the card supplier and he answer:
  "our all samples have not initialized. so you can cannot select the card manager.
  if the card have not initialized, and you can select wrong card manager, the card will be damage.
  please initialize the card."
  How can I initialize the card ?
  Is there a special tool to do that?
  /term "winscard:4|SCM Microsystems Inc. SCR33x USB Smart Card Reader 0"
  --Opening terminal
  /card -a a000000003000000 -c com.ibm.jc.CardManager
  resetCard with timeout: 0 (ms)
  --Waiting for card...
  ATR=3B FA 13 00 00 81 31 FE 45 4A 43 4F 50 34 31 56 ;.....1.EJCOP41V
  32 33 31 97 231.
  IOCTL().
  ATR:
  T = 1
  => 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
  (9682 usec)
  <= 6A 82 j.
  Status: File not found
  jcshell: Unable to select Card Manager or invalid FCI: Unknown Global Platform Java Card.
  Subsequent commands might fail! Inspection might not be possible!
  ??> set-key 1/1/DES-ECB/404142434445464748494a4b4c4d4e4f 1/2/DES-ECB/404142434445464748494a4b4c4d4e4f 1/3/DES-ECB/404142434445464748494a4b4c4d4e4f
  ??> init-update 1
  => 80 50 01 00 08 0A D3 1F 2B 09 F1 CD E2 00 .P......+.....
  (8444 usec)
  <= 6A 81 j.
  Status: Function not supported
  jcshell: Error code: 6a81 (Function not supported)
  jcshell: Wrong response APDU: 6A81
  Unexpected error; aborting execution

  Hi,
  I think that you didnt prepersonalisation. Once pre-personalisation you can enter card manager.

• Lock card manager in GemXpresso jmanager

  How can I lock the card manager while authenticating?
  for example, I want to lock Card Manager after 3 times failed authentication.

  How can I lock the card manager while authenticating?
  for example, I want to lock Card Manager after 3 times failed authentication.

• GemXpresso 211 Card Manager problems ...

  Hello all,
  I would like to install an java card applet in a GemXpresso 211 but I don�t know how to do it.
  I have several GemXpresso 211 cards, a GemPC410 reader and EZMini reader. I have�t Gemplus Development Kit RAD III because is too expensive for me.
  My question is:
  Is it possible to install an applet in a GemXpresso 211 card without GemXpresso RAD III? I�ve seen that it�s necessary to invoke to the Card Manager (the installer) of GemXpresso cards to install other applets. Is it true?
  I know Gemplus provide a "jar" to GemXpresso 211 cards, but this "jar" only is available with GemXpresso RAD III.
  Can I get this "jar" elsewhere ?
  I would be very grateful for your aswers.
  Thaks in advance.
  Grettings.

  Thank you Sebastien for your suggestion. This GlobalPlatform works a bit better
  I tried a simple list of applets
  Test with Java 1.7
  java -jar gp.jar -list -v -d  --virgin --visa2 --sdaid A000000018434D
  java -jar gp.jar -list -v -d  --virgin --sdaid A000000018434D
  but I have always this error: "Card cryptogram invalid"
  # Detected readers
  [*] Eutron Smart Pocket 00 00
  SCardConnect("Eutron Smart Pocket 00 00", T=*) -> T=0
  SCardBeginTransaction("Eutron Smart Pocket 00 00")
  Reader: Eutron Smart Pocket 00 00
  ATR: 3F6D000080318065B00501025E83009000
  More information about your card:
      http://smartcard-atr.appspot.com/parse?ATR=3F6D000080318065B00501025E83009000
  A>> T=0 (4+0007) 00A40400 07 A000000018434D 00
  A<< (0026+2) (196ms) 6F188407A000000018434DA50D9F6E063231030033309F6501FF 9000
  Auto-detected ISD AID: A000000018434D
  A>> T=0 (4+0000) 80CA9F7F 00
  A<< (0045+2) (281ms) 9F7F2A0004001532310300333003070001330800BD129211201293112000000000000000000000000000000000 9000
  A>> T=0 (4+0008) 80500000 08 0E46DD4BF57FD99E
  A<< (0028+2) (976ms) 434D03070001330800BD0D01F8B4612181997CC6FA790B39A6BD872E 9000
  Using SCP01 with static version 13 keys:
  ENC: 404142434445464748494A4B4C4D4E4F
  MAC: 404142434445464748494A4B4C4D4E4F
  KEK: 404142434445464748494A4B4C4D4E4F
  Session keys:
  ENC: 9194FA3EBF876D800D69C3387C1F3371
  MAC: 9194FA3EBF876D800D69C3387C1F3371
  KEK: 404142434445464748494A4B4C4D4E4F
  openkms.gp.GPException: Card cryptogram invalid.
  Exp: FA790B39A6BD872E
  Act: E4A8C501AE2E52F1
          at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:428)
          at openkms.gp.GPTool.main(GPTool.java:280)

• VERIFY fails if Card Manager selected first

  Hi,
  If I send VERIFY with the appropriate key the card replies with 0x9000 (OK). The VERIFY command looks like this: A0 20 00 00 08 XX XX XX XX XX XX XX XX
  If I first select the card manager (00 A4 04 00 07 A0 00 00 00 03 00 00) and then send VERIFY, the card replies with 0x6E00 (class byte expected by Transport Manager is not correct) or with 0x6D00 (Invalid instruction byte).
  I would like to ask this:
  Why does it matter if the Card manager is selected or not?
  Does not the card manager get selected at reset automatically?
  And who else would receive the command (and dispatch it) if not the card manager?
  Why would I get an "Invalid instruction byte" error when the same command does not fail when sent first? Does that mean that different entities are involved in processing the command?
  It is probably something silly, but buried somewhere where I cannot find it.
  Thanks
  Edited by: 815684 on Dec 20, 2010 7:02 AM

  815684 wrote:
  It is a multiapplication card and it is for GSM (I was actually wondering what class A0 was). But is not the Card Manager supposed to be selected immediately after reset (all this happens immediately after reset)?If you have a default selectable applet loaded onto your card, this will receive any APDU's sent to the card if no other applet has been selected first. If you want to perform card management operations, you need to select the card manager before you can proceed. You do not need to select anything after reset, but there will need to be something receiving your APDU's for your card to respond.
  We have a script that deletes our company's old applet (and its files) from the card and downloads a newer version. The first step of this process is to authenticate the user to the card. And though your reply clarified my question, it poses another one: Since I need to delete/download applets, why do I authenticate myself to someone else (the GSM applet) rather than the Card Manager (which is supposed to be in charge of deleting and downloading applets)? Is not the Card Manager supposed to be in charge of this?If you are doing card content management, you need to authenticate to the card manager. Your applet may have a mechanism that requires authentication to the applet before it will allow itself to be deleted. There is no official GP way of supporting this, so if this is the case someone that worked on the applet will be aware of this.
  PS I am reading the GP, unfortunately it does take time to understand this stuffBe patient :) Reading this document will raise more questions. You just need to look through the document for these answers as there is a good chance you will find it in there somewhere. If and when that fails, you can always get help here. Just don't be surprised if the answer is: it is in the GP card spec. Hopefully we can point you to where as well.
  Cheers,
  Shane

• Where is Card Manager ID "A000000003000000" being defined?

  Hi all,
  I'm newbie to Java Card technology, I'm wondering where is the Card Manager applet ID - A000000003000000 is defined? I read throught GlobalPlatform Card Spec _v2.2 and Sun's Java Card document, I didn't get answer..
  Thanks
  Michael

  Hi,
  That is the AID that was used by Visa for their OpenPlatform cards. It is by no means guaranteed to be the AID of the card manager for a given card. It is a kind of defacto standard that some card manufacturers still use but there are some that use a different AID (Gemalto and Mastercard for example).
  This is simply an AID that is made up of the Visa RID (A000000003) and an arbitrary PIX chosen by Visa (000000).
  Cheers,
  Shane

• Card manager id

  Hi
  I am trying to get a card manager id from my sim card. I am sending it a select app command without AID but it is not returing anything.
  ??>  /send 00A4040000
  => 00 A4 04 00 00                                     .....
  (3314 usec)
  <= 6E 00                                              n.
  Status: CLA value not supported
  ??>  /send A0A4040000
  => A0 A4 04 00 00                                     .....
  (3675 usec)
  <= 67 02                                              g.
  Status: 0x6702regards
  Umer

  You could use GET STATUS command to get Card Manager AID.
  Let see section 9.4 in GP 2.1.1 specification for detail.GET STATUS requires you authenticate to the card manager first. If the card manager is not the default selectable applet you cannot use this. For a GP card, a SELECT with no AID provided should select the card manager and the AID should be in the response.
  Cheers,
  Shane

• When I open the download manager it says not supported by this architecture, what do I need to insta

  When I open the download manager it says cannot be supported by this architecture. Do I need to install something?

  Do I need to install something?
  No. You need to get a new Mac.
  Mylenium