Key use and Management on a GlobalPlatform card
Posted: Tue Jan 19, 2016 2:41 am
Hi folks,
I have an applet that makes use of a number of AES/TDEA keys and as it is developed, I'm trying to understand how to manage operational keys and configuration data effectively and securely under GlobalPlatform.
In the current beta version of my applet, all keys, configuration data (including the KEK) and applet configuration data are loaded via applet APDU's and stored in application memory (using DESKey/AESKey object arrays for the key data). I want to make use of the GP Security Domain (SD) to securely manage keys in my applet.
With that in mind, is it possible to do the following under GlobalPlatform?
1) The card supplier pre-personalises our cards with the standard GP issuer SD keys
2) They then create an additional SD for our applet
3) In the application SD, the supplier loads our operational KEK and essential configuration data (i.e. a unique serial number and other immutable info).
4) Either the card supplier or ourselves can then authenticate to the application SD to load our applet.
5) We can then load the operational keys, which the applet can then decrypt/validate with the SD KEK and store internally as it does now.
6) The initial KEK and configuration data should NOT be modifiable by our personalisation devices. We should be able to delete and re-load the applet without these values being destroyed or modified.
Are my assumptions about the correct way to use GP correct? If not, I would really appreciate any explanation about how it should be handled. Should I be storing ALL my operational keys in the security domain and if so, does this impact crypto performance?
Thanks,
ko
I have an applet that makes use of a number of AES/TDEA keys and as it is developed, I'm trying to understand how to manage operational keys and configuration data effectively and securely under GlobalPlatform.
In the current beta version of my applet, all keys, configuration data (including the KEK) and applet configuration data are loaded via applet APDU's and stored in application memory (using DESKey/AESKey object arrays for the key data). I want to make use of the GP Security Domain (SD) to securely manage keys in my applet.
With that in mind, is it possible to do the following under GlobalPlatform?
1) The card supplier pre-personalises our cards with the standard GP issuer SD keys
2) They then create an additional SD for our applet
3) In the application SD, the supplier loads our operational KEK and essential configuration data (i.e. a unique serial number and other immutable info).
4) Either the card supplier or ourselves can then authenticate to the application SD to load our applet.
5) We can then load the operational keys, which the applet can then decrypt/validate with the SD KEK and store internally as it does now.
6) The initial KEK and configuration data should NOT be modifiable by our personalisation devices. We should be able to delete and re-load the applet without these values being destroyed or modified.
Are my assumptions about the correct way to use GP correct? If not, I would really appreciate any explanation about how it should be handled. Should I be storing ALL my operational keys in the security domain and if so, does this impact crypto performance?
Thanks,
ko