JavaCard Applet Development Related Questions and Answers.
-
aahmadzadeh
- Posts: 27
- Joined: Mon Sep 28, 2015 2:31 am
- Points :400
-
Contact:
Post
by aahmadzadeh » Mon May 09, 2016 10:04 am
Hi my friends
Can anybody help me to establish a secure channel with java card?
I set some APDUs to executing openSecureChannel and verifyExternalAuthenticate functions inside java card, but what about outside of java card (terminal app)? What should i send in response of openSecureChannel function to verifyExternalAuthenticate???
I need help
-
aahmadzadeh
- Posts: 27
- Joined: Mon Sep 28, 2015 2:31 am
- Points :400
-
Contact:
Post
by aahmadzadeh » Tue May 10, 2016 1:23 am
Thanks for your reply.
I know that some tools exists. But i have to implement secure channel establish steps in our client app (for example in a .NET application).
Please note that we don't have the keys in plain format. We are using a HSM (hardware security module) for storing keys and encrypt or decrypt data.
I need for example a tutorial that explain exact steps of secure channel establish in host side.
please help
-
UNKNwYSHSA
- Posts: 630
- Joined: Thu May 21, 2015 4:05 am
- Points :3055
-
Contact:
Post
by UNKNwYSHSA » Tue May 10, 2016 2:40 am
The tools GPShell and GlobalPlatformPro are all opensource.
So you can reference their code.
1 GlobalPlatformPro: GlobalPlatform.java - openSecureChannel() method;
2 GPShell: globalplatform.c - mutual_authentication() function;
And the GP specification tell you the theory to establish secure channel:
1 How to generate session key;
2 How to calculate card and host authentication cryptogram;
3 How to generate and verify C-MAC and R-MAC;
4 How to encrypt and decrypt command data field;
And all details.
Waiting for your further messages.
sense and simplicity
-
aahmadzadeh
- Posts: 27
- Joined: Mon Sep 28, 2015 2:31 am
- Points :400
-
Contact:
Post
by aahmadzadeh » Tue May 10, 2016 9:51 am
OK, now i can establish a new secure channel using libraries.
Thanks for your help.
But some other questions:
1. What is SCP and its values features (SCP_01, SCP_02, ...)?
2. What is SCP Implementation and its values features (IMPL_I_04, IMPL_I_0B, ...)?
3. What is difference between GlobalPlatform and OpenPlatform?
Can you recommend me some resource?
-
UNKNwYSHSA
- Posts: 630
- Joined: Thu May 21, 2015 4:05 am
- Points :3055
-
Contact:
Post
by UNKNwYSHSA » Tue May 10, 2016 10:12 pm
Which library are you using?
And for your questions:
1,2:
GlobalPlatformPro: SCP01+i05, SCP02+i15, SCP03+i(i from response of command INITIALIZE UPDATE);
GPShell: SCP03+i00/i10/i30/i70, SCP02+i04/i05/i15/i44/i54, SCP01+i05/i15; You can pass SCPVersion and i as parameter of function mutual_authentication();
3: From names of GP specification, GP201 is named Open Platform, GP211 and GP221 are both named GlobalPlatform.
sense and simplicity
Users browsing this forum: No registered users and 58 guests
JavaCard OS : Disclaimer
Board Disclaimer
The views and comments posted in these fora are personal and do not necessarily represent the those of the Management of JavaCard OS.
The Management of JavaCard OS does not, under any circumstances whatsoever, accept any responsibility for any advice, or recommentations, made by, or implied by, any member or guest vistor of JavaCard OS that results in any loss whatsoever in any manner to a member of JavaCard OS, or to any other person.
Furthermore, the Management of JavaCard OS is not, and cannot be, responsible for the content of any other Internet site(s) that have been linked to from JavaCard OS.
