Page 1 of 1

change GP-Key

Posted: Tue Dec 08, 2015 8:20 am
by crash
Hi @all :D

finaly i´m done with developing
and now i want to block my card
for more developing.
Can someone tell me how i change
the GP-Key on my card with GPShell?
I found that command but don´t work
what am i missing?

Code: Select all

open_sc -security 3 -keyind 0 -keyver 0 -key "currentKey" -keyDerivation visa2 // Open secure channel
put_sc_key -keyver 0 -newkeyver 0 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"

With this error:

Code: Select all

put_secure_channel_keys() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)

I also tried:

Code: Select all

put_sc_key -keyver 1 -newkeyver 1 -key "newKEy" -keyDerivation visa2

but got this error:

Code: Select all

put_secure_channel_keys() returns 0x80206A88 (6A88: Referenced data not found.)

Re: change GP-Key

Posted: Tue Dec 08, 2015 10:01 pm
by UNKNwYSHSA
First one: The new key version number can not be 0x00, shall be in 0x01 ~ 0x7F;
GlobalPlatform Card Specification 2.1.1 said:
The current key set version identifies a key set version that is already
present on the card. A value of '00' in the current key set value indicates that
a new key set version is being added. (The new key set version is indicated in
the data field of the command message).
The Key Version Number is coded from '01' to '7F'.


Second one:
You did not have the key who's version number is 1. So the GP can't find the key and can't replace the key value.

Re: change GP-Key

Posted: Tue Dec 08, 2015 10:03 pm
by UNKNwYSHSA
You can change first put_sc_key command as following and retry:

Code: Select all

put_sc_key -keyver 0 -newkeyver 1 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"

If first command process succeeded, try the second command, no change to the second command:

Code: Select all

put_sc_key -keyver 1 -newkeyver 1 -key "newKEy" -keyDerivation visa2

Wait your result.

Re: change GP-Key

Posted: Wed Dec 09, 2015 5:28 am
by crash
Thanks for reply,

i tried

Code: Select all

put_sc_key -keyver 0 -newkeyver 1 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"

but got this error:

Code: Select all

put_secure_channel_keys() returns 0x80209485 (9485: Invalid key check value.)


EDIT:
i changed mode_201 to mode_211
and it worked both.
But now i can´t open a secure channel with:

Code: Select all

open_sc -security 3 -keyind 0 -keyver 0 -key "newKey" -keyDerivation visa2

Re: change GP-Key

Posted: Wed Dec 09, 2015 5:45 am
by UNKNwYSHSA
Oh, you must use your card with mode GP211, not GP201, because your card implements GP211.
You can delete the parameter "-keyDerivation visa2", use the default key derivation method, and have a try.
Waiting for your messsage.

Notice: Make sure your new key well preserved, otherwise it may cause the card can not be managed.

Re: change GP-Key

Posted: Wed Dec 09, 2015 6:06 am
by crash
Thanks,
without -keyDerivation visa2 it works
:D

Re: change GP-Key

Posted: Wed Dec 09, 2015 6:16 am
by UNKNwYSHSA
OK, my pleasure. :D

Re: change GP-Key

Posted: Sat Sep 28, 2019 3:05 am
by mjalali1365
Thank you for your perfect responses,

what is the reason I get:

Code: Select all

put_secure_channel_keys() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)
when running:

Code: Select all

put_sc_key -keyver 0 -newkeyver 1 -mac_key "newKey"-enc_key "newKey"-kek_key "newKey" -current_kek "currentKey"