JavacardOS will not accept order any more, please contact our partner Feitian online Store:
https://ftsafe.en.alibaba.com/index.html

Delete APDU command with SSD AID in its data field, returns 6985

JavaCard Applet Development Related Questions and Answers.
Post Reply Previous topicNext topic
sudocdhome2
Posts: 1
Joined: Tue Nov 17, 2020 4:57 pm
Points :26
Contact:
Contact sudocdhome2

Delete APDU command with SSD AID in its data field, returns 6985

Post by sudocdhome2 » Tue Nov 17, 2020 5:06 pm

I have a Javacard which contains a SSD (Supplementary Security Domain) and I want to delete it. Normally when I want to delete an applet or a package from my card, I send the following DELETE APDU command after a successful Mutual Authentication process (No MAC or data field encryption is required and Security Level == 0 is enough for DELETE APDU command):

Code: Select all

--> 80 E4 00 00 LC 4F <AID Len> <AID>
<-- 90 00
The command above works fine for normal applets. But when I put the AID of my SSD in it, then the card responds with 69 85 status words, which means "Conditions of use not satisfied.".

Since Delegated Management feature is enabled in my card and a Public Token key and a Receipt key are loaded in the ISD, I thought maybe the mentioned error is due to not using the Delete Token in the DELETE APDU command. So I calculated the Delete Token as below:

Global Platform Card Specification 2.2.0.7 : Figure C-8: Delete Token Calculation

Image

Code: Select all

DeleteToken = RSA_Sign("00 00 LC 4F <SSD AID Len> <SSD AID>", TokenPrivateKey)
And then I tried to delete the SSD using the follwing command:

Code: Select all

--> 80 E4 00 00 <LC+Len(DeleteToken)> 4F <SSD AID Len> <SSD AID> 9E <Len(DeleteToken> <DeleteToken>
<-- 69 85
But I got the 6985 status words again. Does anyone have any idea where the problem is and how I can solve it?

Update:

I even tried the DELETE APDU command with P2 = 0x80 to delete the SSD with all the related objects. But it failed too:

Code: Select all

-->  80 E4 00 80 09 4F <SSD AID Len> <SSD AID>
<--  6A 86 (= Incorrect P1 or P2 parameter)
Update2:

I even tried to send the DELETE APDU command in a secure channel (SecLevel = 03). But again, I received 6985 status words. Which hash algorithm am I need to use to generate the Delete Token? As far as I know, The GP Specification doesn't specify the hash algorithm.

Update3:

The mentioned SSD is instanciated from the card's ISD package with 0E privilege, which means:

Security Domain + Delegated Management + DAP verification
Top
Post Reply Previous topicNext topic

Return to “Questions & Answers”

Who is online

Users browsing this forum: No registered users and 21 guests

JavaCard OS : Disclaimer