Logical Channels and Opening An Application
Hello,
Upon sending an APDU to a Java Card (a GEM card) to open a channel, it works fine. But when I try to select an application on that new logical channel which is in the secured state, it always gives back an error, but I can select that same application from the basic channel. Do I need to do something else besides simply opening the new logical channel to let it be able to select applications in the secured state?
Thanks,
Mizax
[462 byte] By [
Mizax1a] at [2007-11-26 18:27:32]
# 1
Could you post the log?
Are you sure the GEM card supports multiple logical channels? Is the GEM card a GlobalPlaform or a ISO7816-4 card? Does your Applet implement the MultiSelectable Interface?
Possible reasons:
- GEM card is not a GlobalPlaform card (logical channel selection in the CLA byte)
- GEM card supports only the basic logical channel
- Applet does not have the MultiSelectable Interface implemented (if you first selected the Applet on the basic logical channel, and then on a supplementary logical channel)
# 2
Hello,
Thanks for your response.
Yes I'm sure the card supports multiple logical channels, I've checked the historical bytes, and am able to open the number of logical channels the historical bytes say I should.
I can select other applications on the new logical channel and send commands to them, that works fine. When selecting a secured application, it fails with error code. In particular, I'm trying to select the card manage application, and that fails. Although this shouldn't be necessary, I make sure the basic channel doesn't have the card manager selected also:
Log:
Warm Reset Card
Open Logical Channel 1
Command: 00 70 00 01
Response: 90 00
Select some other App on the Basic Channel:
Command: 00 A4 04 00 0F A0 00 00 00 18 50 21 00 00 00 00 00 57 49 42
Response: 90 00
Select card manager on Channel 1:
Command: 01 A4 04 00 07 A0 00 00 00 18 43 4D
Response: 6E 00
To sum up: Open a new logical channel, select some other app on the basic channel, try to select the card manager on the new logical channel, it fails. If I then reselect the card manager on the basic channel, it works fine. I can select other non-secured apps on the new logical channel, and that works fine too. In any of the cases I mention, I ensure that only one channel is trying to select an app, so that I'm not worrying about the issue of whether an app is multi-selectable.
I've been wrestling and googling this for hours with no luck. Any help would be greatly appreciated.
Thanks,
Mizax
# 3
Addendum:On any new logical channel (e.g. not the basic channel), I can select any app in the SELECTABLE state, but no apps in either the PERSONALIZED or SECURED state.
# 4
You are using here two different Supplementary Logical Channel processes:
- Implicit Selection (MANAGE CHANNEL)
- Explicit Selection (SELECT [by name], CLA byte: bit 0 and 1)
I assume the following:
The smart card OS does not support explicit selection.
So first you open a channel via implicit selection. Then you select on the logical channel 1!? the application (I don't agree it is the basic logical channel). Next you try to select the CM on channel 1, but with a wrong CLA byte.
Reference:
GP2.1.1, 6.3.2.1, Application Selection on Supplementary Logical Channel
# 5
> Addendum:
>
> On any new logical channel (e.g. not the basic
> channel), I can select any app in the SELECTABLE
> state, but no apps in either the PERSONALIZED or
> SECURED state.
There is a mix of states. An Application can have the states INSTALLED, SELECTABLE and LOCKED. A SSD can have the states INSTALLED, SELECTABLE, PERSONALIZED and LOCKED. An ISD, or card, can have the states ..., SECURED.
What kind of application is it?
# 6
Thanks again for your response, I truly appreciate your time.
It's an ISD.
I'm not sure why you don't agree the second command was an explicit selection command on the basic channel. For example if I explictly select an app in the SELECTABLE state on the basic channel using a class byte of 0x00, and then select that same on on channel 1, it will fail saying the app was not multi-selectable. Clearly it was trying to be selected on two different channels. There's nothing wrong with doing an implicit selection on a channel followed by an explicit selection on the same channel, is there?
# 7
Yes, you're right. The selection of the second command is on basic logical channel.
In order to analyze the problem I suggest the following:
- Check in the Applet if the MANAGE CHANNEL command and SELECT [by name] is visible, or if the ISD does not forward it. This would give us the first indication where to look.
- You're saying that an ISD in the SECURED state, an SSD in the PERSONALIZED state is not selectable on a supplementary logical channel. Does the GEM card data sheet mention something about this? Is the ISD multiple selectable?
- What is the default selected application? This application is implicitly selected on power-up and when you open a new logical channel.
