Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Java Mobility Forums >> Consumer and Commerce

GemXpresso JCard Manager session authentication problem

Hello!

First of all I am new in Java Card Technology and I am trying to explore the

JCard Manager environment. I am using GemSafe Xpresso Cards.

My problem is that I cant create a session between reader and card in one of my

cards. The trace in this card's authenticate prosses is:

Default key file URL: file:/C:/Documents%20and%20Settings/user/GemXpressoJCardManager/keyfiles/jc2.2.1%20-%20gp2.1.1/default.keys

Select the Security Domain

-> 00 A4 04 00 08 A0 00 00 00 18 43 4D 00

<- 61 1B[Normal ending of the command with <27> bytes of extra information.]

key set 0 (Card Defined)

Initialize Update

-> 80 50 00 01 08 00 01 02 03 04 05 06 07 (00)

<- 4D 00 40 82 B8 18 1E 2B 25 6D 0D 01 B5 44 51 2B 59 78 8B 8C BE EB 18 CF C9 AD D2 62, 90 00[Normal ending of the command.]

Card info KeySet=13

(SCP 01,implementation i05)

Command Exception on command: Authenticate. authentication failed: The card cryptogram is not verified.

the other cards pass this procedure successfuly showing the message:

Default key file URL: file:/C:/Documents%20and%20Settings/user/GemXpressoJCardManager/keyfiles/jc2.2.1%20-%20gp2.1.1/default.keys

Select the Security Domain

-> 00 A4 04 00 08 A0 00 00 00 18 43 4D 00

<- 61 1B[Normal ending of the command with <27> bytes of extra information.]

key set 0 (Card Defined)

Initialize Update

-> 80 50 00 01 08 00 01 02 03 04 05 06 07 (00)

<- 4D 00 40 82 D0 01 23 25 25 56 FF 01 C1 64 C0 1A 12 C1 E8 12 07 03 BC 8C 28 4A 9C 84, 90 00[Normal ending of the command.]

Card info KeySet=-1

(SCP 01,implementation i05)

External Authenticate

-> 84 82 00 00 10 66 2B 64 5B A8 F6 35 CC DA 46 DD B9 1C CA 78 2E

<- 90 00[Normal ending of the command.]

A Card was removed from the terminal: Gemplus USB Smart Card Reader 0 from the slot: 0

I think that the card came this state because my partner to this project was

issue a command by accident, and now he can't remember what he done.....

I suppose I have to change the card's KeySet from 13 (D0) to -1 (FF) but I don't know how.

Does anybody knows what i suposed to do and fix the problem?

Thank you in advance for your help, Bill....

[2359 byte] By [vcalmalioa] at [2007-11-27 6:21:39]
«« Login as root in Linux from Netbeans
»» unable to see textfileds using gridbaglayout
# 1

By the look of it it is a GlobalPlatform card. The key-set range is defined in the range of 0x01-0x7F. I don't think you can go back to key-set 0xFF. Normally 0xFF is used as the initial key-set by the card manufacturer and handed over to the personalizer / application provider. This way they can change the CM keys and the key-set 0xFF is disabled.

What can you do now? Try to find out the key-set 0x0D. Maybe he populated another key-set he remembers. Use the GET DATA command to retrieve the key information data structure listing all the key identifiers. You should not need to authenticate with this command.

lexdabeara at 2007-7-12 17:38:17 > top of Java-index,Java Mobility Forums,Consumer and Commerce...
# 2

Lets see... First of all thank you for the reply. Also I forgot to say that I use Global Platform 2.1.1 cards.

I understand that the initial keyset has been changed and I can't turn

back to keyset -1. Also my partner said that he don't remember to issued a specific command, but the only thing he remembers is that he send

an (unknown for him) APDU to the card, from the SEND APDU panel, not very wise move.

So he did not create a new key set, as I understand. I use the GET DATA command with Predefined Taq set to Key Information Data to retrieve the

informations you told me but the answer was

-

Get Data

-

-> 80 CA 00 E0 (00)

[ERROR ] <- 6A 86

[ERROR ] <- (ISO 7816-4) Wrong parameter(s) P1 P2 (Incorrect parameters P1 P2).

So? what I can do now?

Thank you again in advance.... Bill

vcalmalioa at 2007-7-12 17:38:17 > top of Java-index,Java Mobility Forums,Consumer and Commerce...
# 3
Since you cannot authenticate anymore, you need to set the CLA byte for the GET DATA command to 0x00 --> ISO7816-4 command.
lexdabeara at 2007-7-12 17:38:17 > top of Java-index,Java Mobility Forums,Consumer and Commerce...
# 4

I suppose you say to modify only the CLA byte in the GET DATA command.

In other words to make this:

-

Get Key Data

-

-> 00 CA 00 E0 (00)

[ERROR ] <- 6E 00

P.S. I don't know if it could help, but The card does not

contain any application, data, etc. stored from us. It is completely empty.

Message was edited by:

vcalmalio

vcalmalioa at 2007-7-12 17:38:17 > top of Java-index,Java Mobility Forums,Consumer and Commerce...
# 5
The returned SW='Invalid Class' is strange. In GlobalPlatform the GET DATA command must work with CLA=0x00.
lexdabeara at 2007-7-12 17:38:17 > top of Java-index,Java Mobility Forums,Consumer and Commerce...
# 6

I compare this card with another (without this problem and keyset=-1) and

I've found that I got the same responses in the follow two commands

-

Get Data

-

-> 80 CA 00 E0 (00)

[ERROR ] <- 6A 88

[ERROR ] <- (ISO 7816-4) Wrong parameter(s) P1 P2 (Reference data not found).

-

Get Key Data (APDU defined by me)

-

-> 00 CA 00 E0 (00)

[ERROR ] <- 6E 00

vcalmalioa at 2007-7-12 17:38:17 > top of Java-index,Java Mobility Forums,Consumer and Commerce...
Java Mobility Forums
Consumer and Commerce

Java Mobility Forums Hot Topic

Java Mobility Forums

All Classified