Page 1 of 1
Establish new secure channel
Posted: Mon May 09, 2016 10:04 am
by aahmadzadeh
Hi my friends
Can anybody help me to establish a secure channel with java card?
I set some APDUs to executing openSecureChannel and verifyExternalAuthenticate functions inside java card, but what about outside of java card (terminal app)? What should i send in response of openSecureChannel function to verifyExternalAuthenticate???
I need help
Re: Establish new secure channel
Posted: Mon May 09, 2016 10:06 pm
by UNKNwYSHSA
Here are some tools that already exist, you can have a try.
pyResManpyGlobalPlatform (You need to write script for your function.)
GPShellGlobalPlatformProWait your message for next step.
Re: Establish new secure channel
Posted: Tue May 10, 2016 1:23 am
by aahmadzadeh
Thanks for your reply.
I know that some tools exists. But i have to implement secure channel establish steps in our client app (for example in a .NET application).
Please note that we don't have the keys in plain format. We are using a HSM (hardware security module) for storing keys and encrypt or decrypt data.
I need for example a tutorial that explain exact steps of secure channel establish in host side.
please help
Re: Establish new secure channel
Posted: Tue May 10, 2016 2:40 am
by UNKNwYSHSA
The tools GPShell and GlobalPlatformPro are all opensource.
So you can reference their code.
1 GlobalPlatformPro: GlobalPlatform.java - openSecureChannel() method;
2 GPShell: globalplatform.c - mutual_authentication() function;
And the GP specification tell you the theory to establish secure channel:
1 How to generate session key;
2 How to calculate card and host authentication cryptogram;
3 How to generate and verify C-MAC and R-MAC;
4 How to encrypt and decrypt command data field;
And all details.
Waiting for your further messages.
Re: Establish new secure channel
Posted: Tue May 10, 2016 9:51 am
by aahmadzadeh
OK, now i can establish a new secure channel using libraries.
Thanks for your help.
But some other questions:
1. What is SCP and its values features (SCP_01, SCP_02, ...)?
2. What is SCP Implementation and its values features (IMPL_I_04, IMPL_I_0B, ...)?
3. What is difference between GlobalPlatform and OpenPlatform?
Can you recommend me some resource?
Re: Establish new secure channel
Posted: Tue May 10, 2016 10:12 pm
by UNKNwYSHSA
Which library are you using?
And for your questions:
1,2:
GlobalPlatformPro: SCP01+i05, SCP02+i15, SCP03+i(i from response of command INITIALIZE UPDATE);
GPShell: SCP03+i00/i10/i30/i70, SCP02+i04/i05/i15/i44/i54, SCP01+i05/i15; You can pass SCPVersion and i as parameter of function mutual_authentication();
3: From names of GP specification, GP201 is named Open Platform, GP211 and GP221 are both named GlobalPlatform.