Key Identifier

Hi!

I've set a 3DES keyset for the GP secure channel to the cardmanager.

The key idendifiers are 1,2 and 3. It's no problem to modifiy these keys giiving them an other key version number. But I want to use a second 3DES keyset with a different key identifier eg. 4, key version number 1 (P1= 0 in PUT KEY). My smartcard always answers with 6A86.

Are there any restrictions in the GP specification which deny this second keyset or may this be a problem with my specific smartcard.

Thanks, globalplayer.

[534 byte] By [globalplayera] at [2007-11-27 10:28:28]

«« Regarding Version
»» api

# 1

I think you might be confusing the keyset identifier for the key identifier. You can have several keysets (0-255), while each keyset may only consist of three keys with it's own identifier (1, 2, 3).

Hope this helps.

Lillesanda at 2007-7-28 17:51:53 >

top of Java-index,Java Mobility Forums,Consumer and Commerce...

# 2

I think the key identifier of a keyset is identical to the key identifier of the first key of this keyset. For example: keyset idendifier 4 means three keys with the key identifiers 4,5 and 6. That is what the Key information template (GET DATA 00E0) shows.

Am I wrong?

globalplayera at 2007-7-28 17:51:53 >

# 3

I'm pretty sure you're wrong. Every specification I've seen and all my practical experience show that each individual keyset has keys ranging from ID 1-3 (inclusive), while the keysets range from 0-255 (also inclusive).

Lillesanda at 2007-7-28 17:51:53 >

# 4

Hmmm. The GlobalPlatform Put Key command has a Key Version Number coded in P1, a Key Identifier coded in P2 with the first bit set to one for multiple keys and a New Key Version Number coded in the data part of the command.

I can't see an extra byte for a special key set number. The Key Identifier for the 3 keys of the set are sequentially incremented starting with the givven Key Identifier in P1.

Do you have an example which shows the setting of two different 3DES keysets with the Put Key command?

Thanks, globalplayer.

globalplayera at 2007-7-28 17:51:53 >

# 5

- What smart card OS do you use?

- What is the GP version supported?

In case you use JCOP:

There are several restrictions regarding the CM key managent.

1. Two different key types:

- 3 SD channel keys (DES)

- 1 DAP key (RSA)

2. The channel keys can be stored in key version numbers 0x00 - 0x6F

3. Each key version MUST have 3 DES keys which MUST have the key identifiers 1, 2 and 3

4. There is a maximum of 4 different key versions

5. The DAP key is stored at the key version 0x73 only

lexdabeara at 2007-7-28 17:51:53 >

# 6

HI lexdabear. I know you have no experience with the Cosmo 64 RSA smartcard but it supports JavaCard 2.2.1 and GP 2.1.1.

Ahhh that's it! I thought of some kind of "key set identifier" but the key version number is the the essential information. Thanks for "MUST have the key identifiers 1, 2 and 3", now I've got it.

Maybe the GP secification should distinguish between a "key set version" and a "key version" depending on a PUT KEY command with multiple keys or a single key.

THank you very much!

globalplayera at 2007-7-28 17:51:53 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Key Identifier

Java Mobility Forums Hot Topic

Java Mobility Forums

All Classified