Page 1 of 1
change GP-Key
Posted: Tue Dec 08, 2015 8:20 am
by crash
Hi @all
finaly i´m done with developing
and now i want to block my card
for more developing.
Can someone tell me how i change
the GP-Key on my card with GPShell?
I found that command but don´t work
what am i missing?
Code: Select all
open_sc -security 3 -keyind 0 -keyver 0 -key "currentKey" -keyDerivation visa2 // Open secure channel
put_sc_key -keyver 0 -newkeyver 0 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"
With this error:
Code: Select all
put_secure_channel_keys() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)
I also tried:
Code: Select all
put_sc_key -keyver 1 -newkeyver 1 -key "newKEy" -keyDerivation visa2
but got this error:
Code: Select all
put_secure_channel_keys() returns 0x80206A88 (6A88: Referenced data not found.)
Re: change GP-Key
Posted: Tue Dec 08, 2015 10:01 pm
by UNKNwYSHSA
First one: The new key version number can not be 0x00, shall be in 0x01 ~ 0x7F;
GlobalPlatform Card Specification 2.1.1 said:
The current key set version identifies a key set version that is already
present on the card. A value of '00' in the current key set value indicates that
a new key set version is being added. (The new key set version is indicated in
the data field of the command message).
The Key Version Number is coded from '01' to '7F'.
Second one:
You did not have the key who's version number is 1. So the GP can't find the key and can't replace the key value.
Re: change GP-Key
Posted: Tue Dec 08, 2015 10:03 pm
by UNKNwYSHSA
You can change first put_sc_key command as following and retry:
Code: Select all
put_sc_key -keyver 0 -newkeyver 1 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"
If first command process succeeded, try the second command, no change to the second command:
Code: Select all
put_sc_key -keyver 1 -newkeyver 1 -key "newKEy" -keyDerivation visa2
Wait your result.
Re: change GP-Key
Posted: Wed Dec 09, 2015 5:28 am
by crash
Thanks for reply,
i tried
Code: Select all
put_sc_key -keyver 0 -newkeyver 1 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"
but got this error:
Code: Select all
put_secure_channel_keys() returns 0x80209485 (9485: Invalid key check value.)
EDIT:
i changed mode_201 to mode_211
and it worked both.
But now i can´t open a secure channel with:
Code: Select all
open_sc -security 3 -keyind 0 -keyver 0 -key "newKey" -keyDerivation visa2
Re: change GP-Key
Posted: Wed Dec 09, 2015 5:45 am
by UNKNwYSHSA
Oh, you must use your card with mode GP211, not GP201, because your card implements GP211.
You can delete the parameter "-keyDerivation visa2", use the default key derivation method, and have a try.
Waiting for your messsage.
Notice: Make sure your new key well preserved, otherwise it may cause the card can not be managed.
Re: change GP-Key
Posted: Wed Dec 09, 2015 6:06 am
by crash
Thanks,
without -keyDerivation visa2 it works
Re: change GP-Key
Posted: Wed Dec 09, 2015 6:16 am
by UNKNwYSHSA
OK, my pleasure.
Re: change GP-Key
Posted: Sat Sep 28, 2019 3:05 am
by mjalali1365
Thank you for your perfect responses,
what is the reason I get:
Code: Select all
put_secure_channel_keys() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)
when running:
Code: Select all
put_sc_key -keyver 0 -newkeyver 1 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"