Encrypted Key Value in PUT KEY with SCP02
Posted: Sat Nov 02, 2019 4:01 pm
I try to develop an application in C# with PCSC and Pkcs11Interop libraries, which will allow me to change the default master key to a new one. In GP documentation is stated that "When using this command (PUT KEY) to load or replace secret or private keys, the key values shall be encrypted". To send a PUT KEY command with SCP02 protocol, a value of a new key shall be encrypted with DEK. As a new value, I would like to use the value of a key (CKO_SECRET_KEY object) that is stored on another smartcard.
Is there any option to encrypt the value of this key with DEK without revealing its value in plaintext using PKCS#11 or APDU?
Is there any option to encrypt the value of this key with DEK without revealing its value in plaintext using PKCS#11 or APDU?