PUT KEY command with returned SW 6982

There would be some other threads dealing with PUT KEY command however, my put key command failed with SW6982.
Firstly, I have done it successfully in Java and now I migrate this solution to C#.Net, I have an PCSC class which helps me communicate with the SCreader. I refered to this thread
[PUT KEY APDU|https://forums.oracle.com/forums/thread.jspa?threadID=1551395]
I implement exactly the same as I have done in Java (based on source code provided in the thread mentioned above) but failed. Here's a log file for the communication
Card Manager Selection --> Success!
INITIALIZE UPDATE Command sent --> Success
Data from Card: 00 00 00 93 02 90 97 95 20 93 01 02 00 0A FB 59 58 D6 62 71 BE 71 F2 E6 1C 37 D8 7D
Diversification data: 00 00 00 93 02 90 97 95 20 93
Static key set Calculation --> Success
S-ENC: 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F
S-MAC: 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F
S-DEK: 40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F
Session key set Calculation --> Success
Session ENC: 33 9F 1D 7F 5D 58 41 EB 03 4F 5C E2 34 55 78 94
Session C-MAC: C6 71 3F 31 B8 DC 1F 89 05 DF EC B4 06 5C B8 1E
Session R-MAC: 3C AE E5 A2 73 1A D0 52 69 0B C8 B5 A1 0F 34 01
Session DEK: 33 9F 1D 7F 5D 58 41 EB 03 4F 5C E2 34 55 78 94
Card cryptogram: BE 71 F2 E6 1C 37 D8 7D
Host cryptogram: 4B 48 C8 62 AB E4 E5 8C
EXTERNAL AUTHENTICATE C-MAC: CB 83 EE 48 91 BE 1D 0C
EXTERNAL AUTHENTICATE command: 84 82 00 00 10 4B 48 C8 62 AB E4 E5 8C CB 83 EE 48 91 BE 1D 0C
Data to calculate MAC: 84 D8 01 81 4B 01 80 10 5C 8F 22 35 FF 24 F6 4E 20 92 4D BC 24 44 34 F7 03 8B AF 47 80 10 5C 8F 22 35 FF 24 F6 4E 20 92 4D BC 24 44 34 F7 03 8B AF 47 80 10 5C 8F 22 35 FF 24 F6 4E 20 92 4D BC 24 44 34 F7 03 8B AF 47
PUT KEY apdu C-MAC: C7 16 78 CE F3 48 EE A7
PUT KEY sent: 84 D8 01 81 4B 01 80 10 5C 8F 22 35 FF 24 F6 4E 20 92 4D BC 24 44 34 F7 03 8B AF 47 80 10 5C 8F 22 35 FF 24 F6 4E 20 92 4D BC 24 44 34 F7 03 8B AF 47 80 10 5C 8F 22 35 FF 24 F6 4E 20 92 4D BC 24 44 34 F7 03 8B AF 47 C7 16 78 CE F3 48 EE A7What I try to do is that: I try to replace the old key set (40...4F) by itself (no derivation rule is applied)
I have replaced the values of this scripts to the java code and it produces the same values as in C# code. I really don't know why? The External Authenticate command executed successfully and I use its C-MAC to calculate to C-MAC of PUT KEY command (as detailed in EMV CPS v1.1, page 79/103).
One more thing: in the source in the thread mentioned above, I saw that in the PUT KEY apdu command, he added the value "00" after the C-MAC of PUT KEY. I don't know why?
Is there anybody experienced the same problem as mine and has resolved it? It would be very kind of you to spend a little time on my problem and advice me what to do, I'm really stuck now.
Best regards,
JDL

bug found, question answer

Similar Messages

  • Put Key Command Problem

    Hi everyone ,
    I'm trying to change my card's default key to some other key .
    My card supports GP 2.1.1 and JCRE 2.2.1
    My default keys are :
    I've tried put key command (after opening secure channel ) with defferent P1 and P2 and key versions but I recieve errors , bellow is my APDU logs :
    I'll appreciate it if anyone could help me to find the correct byte setting for p1 and p2 parameters and key version .
    Best Regards,
    Vivian

    Hi,
    What is the status word being returned by your command? Also, can you post the host challenge and response to INITIALIZE UPDATE for the APDU session so I can recreate the session keys to compare key data field values? The only thing I can see with that APDU that may cause you any issues is the Le is not present. The PUT KEY command will return the KCV's on success. Other than that, the only problem could be the encryption. Are you using the session DEK key to encrypt the key values?
    Cheers,
    Shane

  • Put-Key Command Fails with 6982

    Hi,
    I am using a JCOP 2.4.1 R3 card. And i am trying to send PUT-KEY command through APDU. But i get 6982 as a response from the card.
    Initial Key: 404142434445464748494A4B4C4D4E4F
    New Key: 101112131415161718191A1B1C1D1E1F
    IV: 0000000000000000
    ENCSessionKey - 3DES_CBC("0182" + "0000" + "000000000000000000000000") with inital Key
    macSessionKey - 3DES_CBC("0101" + "0000" + "000000000000000000000000") with inital Key
    IV: 0000000000000000
    encrypted Key  - 3DES_CBC(new key) with ENCSessionKey
    KeyCheckValue - 3DES_CBC("0000000000000000") with new key
    PutKey APDU = "80D8008143 + 01 + 8010 + 730CD82CAC6724E7CF9CA4E822934B7F + 03 + 3E1CFE + 8010 + 730CD82CAC6724E7CF9CA4E822934B7F + 03 + 3E1CFE + 8010 + 730CD82CAC6724E7CF9CA4E822934B7F + 03 + 3E1CFE"
    Response from card : 6982
    Can someone tell me where i am going wrong? And what i am missing to do?

    Hi,
    I found the issue. I was using 3DES_CBC instead of using 3DES_ECB_NoPadding.

  • Problem with Put Key Command

    Hi everyone
    I'm woking on Gem Xpresso card which support scp 02.
    I can Authenticate successfully and Install and load my applet on it. but I have problem in put key command.
    my first key set is:
    47454d5850524553534f53414d504c45
    and this is the key that I want to set as my new key:
    404142434445464748494a4b4c4d4e4f
    with the algorithm that I use the encrypt value of this key will be :
    33173C8ECDA55BDF7E50625531BE4FC5
    and its check value will be :
    8BAF47
    so this is the APDU that I send for Put Key command:
    80D800814301811033173C8ECDA55BDF7E50625531BE4FC5038BAF47811033173C8ECDA55BDF7E50625531BE4FC5038BAF47811033173C8ECDA55BDF7E50625531BE4FC5038BAF47
    but I recieve error 94 85 (invalid check value)
    do I calculate my check value wrong?
    does different versions of jcdk or different versions of globalplatform hav different ways for calculating check value and keys encrypted values?
    I'll appreciate any help
    Best Regards,
    Shilan

    Try visit Gemplus forum or mailing-list.

  • Put Key Command

    I'd like to put three initial key with 404142434445464748494A4B4C4D4E4F to the JCOP card. I know there is a script command, set-key, but I'd like to use APDU Command.
    I tried,
    /send 80D88000138010404142434445464748494A4B4C4D4E4F0000
    and there is 6985(conditions of use not satisfied) error.
    Please let me know the correct command.
    Thank you,
    Julie.

    Its a bit more complicated than just sending a clear text key within a PUT KEY command. According to the GlobalPlatform specifications, the PUT KEY command can only be issued within a Secure Channel Session. Further the key data within the PUT KEY command must be encrypted with the Key Encryption Key and each key must have its own key check value.
    Once you have found all the relevant portions of the specifications, the following may help. It is a put key script for a proprietary tool and it details the steps that are required to produce a viable PUT KEY command. Of course you will have to convert these steps to work in your own environment.
    G
    # ------- definitions ---------------------------------------
    dd cardManagerAID as           a0 00 00 00 03 00 00;
    DD hostChallenge as           20 21 22 23 24 25 26 27;
    DD initialKey as           40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F;
    DD encryptionKey as           70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F;
    DD macKey as                60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F;
    DD keyEncryptionKey as           80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F;
    #----- Definitions for Card Manager APDUs
    define apdu selectCardManager as base apdu
    with header of 00 a4 04 00 and with data of cardManagerAid;
    define apdu initializeUpdate as base apdu
    with header of 80 50 00 00 and with data of hostChallenge
    and returning keyDerivationData(0:10) cardChallenge(12:8) cardCryptogram(20:8);
    define apdu externalAuthenticate as base apdu with header of 84 82 00 00;
    define apdu PutKey as base apdu with header of 80 d8 00 81;
    #------ End Definitions---------------------------------
    issue selectCardManager command;
    # Using the default key set version. In this case the Initialization key.
    #####---- Mutual Authentication-------------------
    issue initializeUpdate command;
    perform vop20_generatesessionkey function
    with key of initialKey
    and with data of cardChallenge hostChallenge
    and returning authSessionKey;
    perform vop20_generatesessionkey function
    with key of initialKey
    and with data of cardChallenge hostChallenge
    and returning macSessionKey;
    perform vop20_generate_host_cryptogram function
    with key of authSessionKey
    and with data of cardChallenge hostChallenge
    and returning hostCryptogram;
    perform vop20_compute_mac function
    with key of macSessionKey
    and with data of 80 82 00 00 08 hostCryptogram
    and with icv of 00 00 00 00 00 00 00 00
    and returning mac;
    issue externalAuthenticate command
    with data of hostCryptogram mac;
    #####---- End Mutual Authentication-------------------
    #####---- Put Keys -----------------------------------
    # Add a new key set version (1) and populate the 3 keys.
    perform encrypt function
    with key of InitialKey
    and with data of EncryptionKey
    and returning EncryptedEncryptionKey;
    Perform encrypt function
    with key of EncryptionKey
    and with data of 00 00 00 00 00 00 00 00
    and returning EncryptionKeyCheckValue;
    perform encrypt function
    with key of InitialKey
    and with data of MacKey
    and returning EncryptedMacKey;
    Perform encrypt function
    with key of MacKey
    and with data of 00 00 00 00 00 00 00 00
    and returning MacKeyCheckValue;
    perform encrypt function
    with key of InitialKey
    and with data of KeyEncryptionKey
    and returning EncryptedKeyEncryptionKey;
    Perform encrypt function
    with key of KeyEncryptionKey
    and with data of 00 00 00 00 00 00 00 00
    and returning KEKCheckValue;
    issue PutKey command
    with data of 01
    81 10 EncryptedEncryptionKey 03 EncryptionKeyCheckValue(0:3)
         81 10 EncryptedMacKey 03 MacKeyCheckValue(0:3)
         81 10 EncryptedKeyEncryptionKey 03 KEKCheckValue(0:3);

  • Put Key Command Fail.(CLA=0x84)

    Hello.
    I have a problem to transmit Put Key Command.
    I followed 'GP2.1.1 E4.4' to create a C-Mac using S-Mac Key but the result is failed.
    I think there is something wrong in my calculating...
    So, could you explain me how to create C-Mac of Put key Command ?
    ---------my log.------------
    *Base Key
    DES-ECB/
    404142434445464748494a4b4c4d4e4f
    1/2/DES-ECB/
    404142434445464748494a4b4c4d4e4f
    1/3/DES-ECB/
    404142434445464748494a4b4c4d4e4f
    *New Key
    DES-ECB/
    404142434445464748494a4b4c4d4e4f
    2/2/DES-ECB/
    404142434445464748494a4b4c4d4e4f
    2/3/DES-ECB/
    404142434445464748494a4b4c4d4e4f
    => 80 50 00 00 08 FD3FC82EB5403371
    <= 611C
    => 00 C0 00 00 1C
    <= 00001104000012A9089A0102002B6C04D3C7DDE8F5569C833019DDCE9000
    => 84 82 01 00 10 DDE15E5AE73CA146CC15FC59AC11787A
    <= 9000
    => 84 D8 01 81 4B 0180101F2DE4D6C8509DFF2F8AC23D8370A6A6038BAF4780101F2DE4D6C8509DFF2F8AC23D8370A6A6038BAF4780101F2DE4D6C8509DFF2F8AC23D8370A6A6038BAF479F353241203729B0
    <= 6982
    ---sample log(success)----
    cm> set-key 1/1/
    DES-ECB/
    404142434445464748494a4b4c4d4e4f
    1/2/DES-ECB/
    404142434445464748494a4b4c4d4e4f
    1/3/DES-ECB/
    404142434445464748494a4b4c4d4e4f
    cm> init-update 1
    => 80 50 01 00 08 D3 B3 00 7C 8B D1 5E 41
    <= 00 00 70 15 00 05 94 91 11 07 01 02 00 01 6C 7F FC 11 3F B9 A9 76 C3 F9 AA 34 9D 46
    cm> ext-auth mac
    => 84 82 01 00 10 951724B48FD378858B1ED7
    D1 C5 2D 7E 45
    <= 90 00 ..
    Status: No Error
    cm> set-key 2/1/
    DES-ECB/
    ffeeddccbbaa99887766554433221100
    2/2/DES-ECB/
    ffeeddccbbaa99887766554433221100
    2/3/DES-ECB/
    ffeeddccbbaa99887766554433221100
    cm> put-keyset
    => 84 D8 00 81 4B 02 80 10 AE 25 9D AE 8A 7F 23 37 7F CF AD 42 5C B8 C3 EC 03 F3 9C 09 80 10 AE 25 9D AE 8A 7F 23 37 7F CF AD 42 5C B8 C3 EC 03 F3 9C 09 80 10 AE 25 9D AE 8A 7F 23 37 7F CF AD 42 5C B8 C3 EC 03 F3 9C 09 69 54 47 5D 25 8A AA 36
    <= 02 F3 9C 09 F3 9C 09 F3 9C 09 90 00
    Status: No Error
    Edited by: 970753 on 2012. 11. 12 오전 3:13

    Here is my log.
    Session IV: 0000000000000000
    Session IV: e2d6f67e500c6b68I put all session IV equal "0000000000000000", but yours are every different. Where are they coming from?
    KeySet
    ENC : 404142434445464748494A4B4C4D4E4F
    MAC : 404142434445464748494A4B4C4D4E4F
    DEK : 404142434445464748494A4B4C4D4E4F
    Session Keys
    S-ENC : A2268F71917EFE0F33CC6166E1154E27
    S-MAC : 7A227D376A9DBE23AB50B7DCB45B2093
    S-DEK : F39FCFB2383B09578723B8C2E03B2729
    New KeySet
    ENC : 404142434445464748494A4B4C4D4E4F
    MAC : 404142434445464748494A4B4C4D4E4F
    DEK : 404142434445464748494A4B4C4D4E4F
    Encrypted Keys = ECB_TDES(S-DEK, NewKEY)
    ENC : 6CCC3D43CFC2CDE6CEABC760468B7EFF
    MAC : 6CCC3D43CFC2CDE6CEABC760468B7EFF
    DEK : 6CCC3D43CFC2CDE6CEABC760468B7EFF
    => 80 50 00 00 08 3A2A0051F957624F
    <= 611C
    => 00 C0 00 00 1C
    <= 00001104000012A9089A0102000710AF44C6064E6B91632B302205699000
    Session IV: 0000000000000000
    => 84 82 01 00 10 9C4DA4D81C5AB9E2A19A614FB880BFE0
    <= 9000
    Session IV: 0000000000000000
    => 84 D8 01 81 4B 0180106CCC3D43CFC2CDE6CEABC760468B7EFF038BAF4780106CCC3D43CFC2CDE6CEABC760468B7EFF038BAF4780106CCC3D43CFC2CDE6CEABC760468B7EFF038BAF47AB4BFB2D4F634E9C
    <= 6982
    Session IV: 0000000000000000
    => 84 CA 00 CF 08 2BD04A1545B7CC72
    <= 6985

  • Put Key Command APDU log

    Hi everyone
    I'll appreciate it if anyone could send me an APDU Log of a correct PUT KEY Command. Specially if its a log from gpshell commands.
    Best Regards
    Shilan

    Here is my log.
    Session IV: 0000000000000000
    Session IV: e2d6f67e500c6b68I put all session IV equal "0000000000000000", but yours are every different. Where are they coming from?
    KeySet
    ENC : 404142434445464748494A4B4C4D4E4F
    MAC : 404142434445464748494A4B4C4D4E4F
    DEK : 404142434445464748494A4B4C4D4E4F
    Session Keys
    S-ENC : A2268F71917EFE0F33CC6166E1154E27
    S-MAC : 7A227D376A9DBE23AB50B7DCB45B2093
    S-DEK : F39FCFB2383B09578723B8C2E03B2729
    New KeySet
    ENC : 404142434445464748494A4B4C4D4E4F
    MAC : 404142434445464748494A4B4C4D4E4F
    DEK : 404142434445464748494A4B4C4D4E4F
    Encrypted Keys = ECB_TDES(S-DEK, NewKEY)
    ENC : 6CCC3D43CFC2CDE6CEABC760468B7EFF
    MAC : 6CCC3D43CFC2CDE6CEABC760468B7EFF
    DEK : 6CCC3D43CFC2CDE6CEABC760468B7EFF
    => 80 50 00 00 08 3A2A0051F957624F
    <= 611C
    => 00 C0 00 00 1C
    <= 00001104000012A9089A0102000710AF44C6064E6B91632B302205699000
    Session IV: 0000000000000000
    => 84 82 01 00 10 9C4DA4D81C5AB9E2A19A614FB880BFE0
    <= 9000
    Session IV: 0000000000000000
    => 84 D8 01 81 4B 0180106CCC3D43CFC2CDE6CEABC760468B7EFF038BAF4780106CCC3D43CFC2CDE6CEABC760468B7EFF038BAF4780106CCC3D43CFC2CDE6CEABC760468B7EFF038BAF47AB4BFB2D4F634E9C
    <= 6982
    Session IV: 0000000000000000
    => 84 CA 00 CF 08 2BD04A1545B7CC72
    <= 6985

  • Boot key commands with non-Apple keyboard

    I seem to be unable to perform any "Startup key" sequences (resetting PRAM, boot into recovery mode, boot from CD etcetera).
    I'm using a Logitech USB (model Y-BF37) keyboard directly connected to the computer but no startup key commands works. (The keyboard is designed for use with apple and has apples command-key symbols on the key nearest the spacebar).
    I have tried searching but the general opinion seem to be that any USB keyboard should work.
    I have this otherwise well working keyboard and I didn't want to spend money on an Apple keyboard.
    Do I have to buy an Apple keyboard to use boot key commands??? I don't think I can borrow an apple keyboard from anywhere and I need to be able to boot into recovery mode...

    It is indeed strange that it doesn't work, unless...
    Firmware password protection in Mac OS X ...
    http://support.apple.com/kb/HT1352
    It would block usage of all the startup keys, like C, N, T, D, CMD+s, CMD+Option+p+r, CMD +v, Option boot will show a lock, and Shift, as well as booting from anything but the Hard Drive.

  • Q ? key commands with the new small keyboard ?

    Does the new small wireless work properly compared with the extended keyboard with logics default key commands ? Is it just like working with a laptop ? If anyone can help I would appreciate it thanks .

    They key commands are the same for the smaller keyboard as they are for the laptop; nothing is different.
    If you go to your system's library /Library/Application Support/Logic/Key Commands/ ...
    you will see a bunch of different Key Command files with the extension '.logikcs'
    You could get yourself a keypad too, I've seen them online and at the Apple store; or, if you have an iPhone or iPod Touch, you could make that be your keypad; then you can implement using the the 'U.S.logikcs'

  • Put key Error 6A88

    Hi,
    Iam issuing put key command with security level 00 and iam getting error 6A88- reference data not found.
    Commnad:-
    8482 0000 00(Host challenge) - 9000
    put key
    80D801011D 8210404142434445464748494a4b4c4d4e4f0000
    Iam using sec level 00 and iam doing encryption of the key field.
    It would be greatful if u could answr my question
    rgds,

    therefore my check value calculation is
    correct.
    i use command:
    80 d8 00 81 17
    018010707172737475767778797A7B7C7D7E7F03E93347
    my new key is
    707172737475767778797A7B7C7D7E7F
    and check value is: E93347
    response : 6982
    i use kona java card. probably
    it's check value calulation is different or
    my command problem is not check value.

  • JCOP put-key

    cm>  put-key
    1/1/DES-ECB/404142434445464748494a4b4c4d4e4f
    1/2/DES-ECB/404142434445464748494a4b4c4d4e4f
    1/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    => 80 D8 00 81 43 01 80 10 44 97 77 DD F2 8A 51 A6    ....C...D.w...Q.
        2C 53 A4 82 A5 33 CC BD 03 8B AF 47 80 10 44 97    ,S...3.....G..D.
        77 DD F2 8A 51 A6 2C 53 A4 82 A5 33 CC BD 03 8B    w...Q.,S...3....
        AF 47 80 10 44 97 77 DD F2 8A 51 A6 2C 53 A4 82    .G..D.w...Q.,S..
        A5 33 CC BD 03 8B AF 47 00                         .3.....G.
    (158090 usec)
    <= 6A 80                                              j.
    Status: Wrong data
    Add new key set didn't work, try modify ...
    => 80 D8 01 81 43 00 80 10 44 97 77 DD F2 8A 51 A6    ....C...D.w...Q.
        2C 53 A4 82 A5 33 CC BD 03 8B AF 47 80 10 44 97    ,S...3.....G..D.
        77 DD F2 8A 51 A6 2C 53 A4 82 A5 33 CC BD 03 8B    w...Q.,S...3....
        AF 47 80 10 44 97 77 DD F2 8A 51 A6 2C 53 A4 82    .G..D.w...Q.,S..
        A5 33 CC BD 03 8B AF 47 00                         .3.....G.
    (186728 usec)
    <= 01 8B AF 47 8B AF 47 8B AF 47 90 00                ...G..G..G..
    Status: No ErrorAfter I put-key, I put the key successfully. I have make a summary for the response data.
    80 D8 01 81 43 - put-key command with 43 bytes
    00 - Start
    80 10 44 97 77 DD F2 8A 51 A6 2C 53 A4 82 A5 33 CC BD - 10 bytes 1st key
    03 8B AF 47 - 3 bytes 1st key check values
    80 10 44 97 77 DD F2 8A 51 A6 2C 53 A4 82 A5 33 CC BD - 10 bytes 2nd key
    03 8B AF 47 - 3 bytes 2nd key check values
    80 10 44 97 77 DD F2 8A 51 A6 2C 53 A4 82 A5 33 CC BD - 10 bytes 3rd key
    03 8B AF 47 - 3 bytes 3rd key check values
    00 - EndThis is my summary, apology for any incorrect information. May I know why my key "404142434445464748494a4b4c4d4e4f" will be change "44 97 77 DD F2 8A 51 A6 2C 53 A4 82 A5 33 CC BD" in the put-key command? How can I get the clear text?

    CooLWong wrote:
    This is my summary, apology for any incorrect information. May I know why my key "404142434445464748494a4b4c4d4e4f" will be change "44 97 77 DD F2 8A 51 A6 2C 53 A4 82 A5 33 CC BD" in the put-key command? How can I get the clear text?GlobalPlatform defined that Security Domain keys are to be treated as sensitive data and hence encrypted using the 3rd SD key.

  • SCP02 Put key problem

    Hi,
    I have next troubles, command put key fail, with 6982 code.
    Secure channel mode - 3.
    I don't have any problem with creating secure channel, it creates correctly, I think problem is with encrypting command or maybe with data.
    In SCP01 I do not any operation with LastMac, but as I see in GlobalPlatform Library source, when we use SCP02, we must encrypt Last Mac with DEK Session key, it's correct ? Then I generate new mac for put key command, using "new" LastMac value as ICV. Next I encrypt command with AuthEnc Session key and append mac to result command.
    In Put key I set algo as 0x81, len - 0x10, and CheckValue len - 0x3. This procedure work fine with CyberFlex card.
    PS. JCOP Support don't send me any responce. Nice support ...
    PSS. Maybe somebody explain me how to work with this SCP02 or have SCP02 implementation example.
    -Regards.

    ZuZu wrote:
    Hi,
    I have next troubles, command put key fail, with 6982 code.The key encryption is not correct.
    Secure channel mode - 3.- 3?
    I don't have any problem with creating secure channel, it creates correctly, I think problem is with encrypting command or maybe with data.
    In SCP01 I do not any operation with LastMac, but as I see in GlobalPlatform Library source, when we use SCP02, we must encrypt Last Mac with DEK Session key, it's correct ? Then I generate new mac for put key command, using "new" LastMac value as ICV. Next I encrypt command with AuthEnc Session key and append mac to result command.Normally a card works only with one SCP. So make sure your card really supports SCP02. With SCP02 you encrypt the key values in the PUT KEY command via the DEK session key, and in SCP01 with a static DEK key. Furthermore the session key generation is different. TO get an idea you can check out the open source project GPShell.
    In Put key I set algo as 0x81, len - 0x10, and CheckValue len - 0x3. This procedure work fine with CyberFlex card.Gemalto cards have their own mechanism for SCP. If you search this forum you will find enough hints. JCOP does it strictly according to GP spec.
    PS. JCOP Support don't send me any responce. Nice support ...JCOP support is now restricted to "promising" customers, in other words customers which order large volumes of NXP chips.
    PSS. Maybe somebody explain me how to work with this SCP02 or have SCP02 implementation example.
    -Regards.

  • Cycle through key commands?

    Hello everyone,
    I'm trying to assign a key command but am having a hard time doing so. I'd like to assign the "turn alias into real copy" key command with some modification of the letter "K" as I use "K" for turning loops into real copies, but the key commands window will not show me all uses of K.
    For example "Shift-K" is assigned to "select by channel" in my arrange/event editors, but when I type "Shift-K" in my key commands window nothing comes up!
    Thus I'm wondering is there an easy way to "cycle" through all the key commands that use K? I'm probably missing something really simple here, but project deadlines have me freaking out so I apologize.
    Thanks for putting up with me

    Thanks as usual guys. Man, what a crappy bug, especially when you need to work quickly, the last think you need is frustration coupled with feelings of retardation.
    Since I have you guys here, I'd like to ask another question if I may. I'm using multi-recording (i.e. recording enabling multiple tracks) to quickly realize ideas (e.g. recording pizz bass & cello lines at the same time) and when I do it creates one "real copy" and an alias of all other recorded parts. Is it possible to either turn off alias parts so it records all "real" parts, or if thats not possible, to have the alias copies at least keep their track names? As it stands now my cello parts all have "bass" as their names, which gets confusing while using the event editor. Of course I can manually change their names, but I'm looking for time savers here! :=)
    Thanks again everyone!

  • Put Key order

    Hello eveyone,
    I've sucessfully changed the KMAC, KENC & KEK keys through GPshell, but there is something i do not understand when it constructs the APDU.
    *[1]* Using GPshell, and changing only the KMAC key it changes all three keys (I just wanted to change KMAC) I was unable to find in the GP specification, nor in GP Key Management System
    documents why this happens.
    The command used is:
    #put_sc_key -keyver 4 -newkeyver 5 -mac_key 414142434445464748494A4B4C4D4E4E
    The execution of this command is:
    CLA ins          P1(Kver)          P2(Kid)          LC
    80      D8          04               81     43
    N.V. number
    05
    Ktype     Kle          New Key                                                            L.CValue     K.V
    80          10          EF BE E6 C6 D9 9D 7B 70 BD E9 D7 E9 27 F0 20 AF      03               8B AF 47
    80          10          B3 CD A7 9E AF DA 24 14 CC 32 1B 9C 7A 91 16 CE      03               8B AF 47     
    80          10          EF BE E6 C6 D9 9D 7B 70 BD E9 D7 E9 27 F0 20 AF      03               8B AF 47
    As can be seen, it sets an unknown (DES+CBC) key on the first and third place, and in the second the actual KMAC.
    *[2]* When setting in GPshell only "-enc_key"
    It changes the two first keys and sets the third key to an unknown (DES+CBC) key.
    80 D8 06 81 43 07
    8010 B3CDA79EAFDA2414C81268ADFF4D471903AE7589
    8010 B3CDA79EAFDA2414C81268ADFF4D471903AE7589
    8010 EFBEE6C6D99D7B70BDE9D7E927F020AF038BAF47
    00
    *[3]* Finally, the same operation in GPshell with only "-kek_key" it changes all three keys to the same value.
    80 D8 07 81 43 08
    8010 F4A8CAA63DD4F371AA0A1E5903EE51FB03AE7589
    8010 F4A8CAA63DD4F371AA0A1E5903EE51FB03AE7589
    8010 F4A8CAA63DD4F37190D37089B5FB024903AE7589
    00
    Someone knows where this behavior is explained in detail? it doesn't make sense to me.
    Thanks,

    This is most likely an issue with the GPShell code. The GP card spec says you can specify a key version and key ID in the PUT KEY command. As a workaround you can try to set the other two keys to the current value.
    - Shane

  • PUT KEY works only without C-MAC and C-DEC secure channel

    HI!
    I would like to know why the PUT KEY command to set a new key set only works if a secure channel is opend without secure messaging. My smartcard is GP 2.1.1 compatible.
    This is a problem because I'm not allowed to open a secure channel without secure messaging when the smartcard state is SECURED. I even don't know why this is not allowed. Visa Platform 2.0.1 defines this behavior but I can't find it in the GP 2.1.1 spec.
    Best regards, globalplayer.

    Are you saying that the PUT-KEY command works only in the card life cycle state SECURED?
    I can show you that for JCOP it also works in OP_READY, security level '00' --> authentication only, no secure messaging expected:
    - /terminal "winscard:4|OMNIKEY CardMan 5x21 0"
    --Opening terminal
    /card -a a000000003000000 -c com.ibm.jc.CardManagerresetCard with timeout: 0 (ms)
    --Waiting for card...
    ATR=3B FA 13 00 00 81 31 FE 45 4A 43 4F 50 34 31 56 ;.....1.EJCOP41V
    32 33 31 97 231.
    ATR: T=1, FI=1/DI=3 (93clk/etu), N=0, IFSC=254, BWI=4/CWI=5, Hist="JCOP41V231"
    => 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
    (54923 usec)
    <= 6F 65 84 08 A0 00 00 00 03 00 00 00 A5 59 9F 65 oe...........Y.e
    01 FF 9F 6E 06 40 51 63 45 29 00 73 4A 06 07 2A ...n.@QcE).sJ..*
    86 48 86 FC 6B 01 60 0C 06 0A 2A 86 48 86 FC 6B .H..k.`...*.H..k
    02 02 01 01 63 09 06 07 2A 86 48 86 FC 6B 03 64 ....c...*.H..k.d
    0B 06 09 2A 86 48 86 FC 6B 04 02 15 65 0B 06 09 ...*.H..k...e...
    2B 85 10 86 48 64 02 01 03 66 0C 06 0A 2B 06 01 +...Hd...f...+..
    04 01 2A 02 6E 01 02 90 00 ..*.n....
    Status: No Error
    cm> set-key 255/1/DES-ECB/404142434445464748494a4b4c4d4e4f 255/2/DES-ECB/404142434445464748494a4b4c4d4e4f 255/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    cm> init-update 255
    => 80 50 00 00 08 AE 78 53 3B 25 42 AC 42 00 .P....xS;%B.B.
    (75418 usec)
    <= 00 00 70 15 00 05 94 91 11 07 FF 02 00 38 5C 1F ..p..........8\.
    9C 9B 00 3A 3D 5D F1 31 A0 12 7A 35 90 00 ...:=].1..z5..
    Status: No Error
    cm> ext-auth plain
    => 84 82 *00* 00 10 59 65 45 89 C1 15 42 BD DB 6D CF .....YeE...B..m.
    CA 0D 8E E3 C7 .....
    (179029 usec)
    <= 90 00 ..
    Status: No Error
    cm> card-info
    Card Manager AID : A000000003000000
    Card Manager state : OP_READY
    cm> set-key 1/1/DES-ECB/404142434445464748494a4b4c4d4e4f 1/2/DES-ECB/404142434445464748494a4b4c4d4e4f 1/3/DES-ECB/404142434445464748494a4b4c4d4e4f
    cm> put-keyset 1
    => 80 D8 00 81 43 01 80 10 F1 D3 F6 3B 73 F8 EF 6C ....C......;s..l
    0A CE B0 23 2A 26 D0 98 03 8B AF 47 80 10 F1 D3 ...#*&.....G....
    F6 3B 73 F8 EF 6C 0A CE B0 23 2A 26 D0 98 03 8B .;s..l...#*&....
    AF 47 80 10 F1 D3 F6 3B 73 F8 EF 6C 0A CE B0 23 .G.....;s..l...#
    2A 26 D0 98 03 8B AF 47 00 *&.....G.
    (214587 usec)
    <= 01 8B AF 47 8B AF 47 8B AF 47 90 00 ...G..G..G..
    Status: No Error

Maybe you are looking for

  • ITunes 10.6.3 corruption message on App downloads

    iTunes 10.6.3 corruption message on App downloads I have recently udated to iTunes 10.6.3 on my Macbook, which is using Mac OSX 10.7.4. When I try to update my Apps or Download a new song or App the following error message appears: 'Part of the file

  • OSB 11.1.1.7 - CANNOT EXTEND WLS DOMAIN TO OSB USING WLST

    Hi , Need the help in creating the OSB clustered domain. Followed the below documentation. But not getting the required results. http://docs.oracle.com/cd/E21764_01/web.1111/e14138/fmw_templates.htm#CJAIDFCA Domain that created after using the wlst b

  • Tell me the perameter to set maximum gui auto logout time for limited users

    hi gurus... i want to know the perameter to set the maximum gui auto logout time for limited users... at present i have auto logout time as 30 minutes..but i need to set the value as 10 minutes for some group of user... if any one know any perameter

  • Run Project non functional

    Hi, After creating  some simple button states and going to preview in File/Rune Project I get nothing but hang in Firefox 3.53.  Flash 10's installed etc but the page hangs with "waiting for fpdownload.adobe.com.  It worked - really slowly - the firs

  • Material Master create / change screen addition

    Hi I am trying to add purchasing order text screen to material master create / change Z T code. I added purchasing order text for screen sequence group through T code OMT3B. But when I check screen sequnce in TCode OMT3R - Change view of screen order