After succeeding with Java Card development on emulators now I'm dealing with a real Java Card (Gemalto IDCore 3010). I have been experiencing with the Global Platform, but I have problems even with the most basic sample code, that would list the applets on the card.
This is the original code:
mode_201
enable_trace
establish_context
card_connect
select -AID a0000000030000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
get_status -element e0
card_disconnect
release_context
Which I have modified and it is like this now:
//I changed this, because the Card Management & API is compliant with GP2.1.1.
mode_211
enable_trace
establish_context
//Switches are not necessary as I am using only one single-slot card reader
card_connect
//The auto-detected ISD AID of the card is: A000000018434D00
select -AID A000000018434D00
//This is the line where the command fails
open_sc -security 0 -keyind 0 -keyver 0 -keyDerivation none -key 47454d5850524553534f53414d504c45 // Open secure channel
//This would list applets and packages and security domains
get_status -element e0
card_disconnect
release_context
On the Global Platform page one can find that these are the switches for an open_sc command:
open_sc -keyind x -keyver x -key xyz -mac_key xyz -enc_key xyz -kek_key xyz -security x -scp x -scpimpl x -keyDerivation x
Open secure channel
But sadly I couldn't find enough information on these switches.
- keyind: The only information I found is that it is a key index, which I would have guessed also all by myself.
- keyver: Key set version. Same as above.
- key: I read that If I have a card which uses key derivation I must enable the derivation mode with the -keyDerivation option and I must specify with -key the master (mother) key. So here I provided my mother key (4F454D5850524553534F53414D504C45).
- mac_key: It should not be relevant, because it is calculated from the master key.
- enc_key: It should not be relevant, because it is calculated from the master key.
- kek_key: It should not be relevant, because it is calculated from the master key.
- security: The information I found is this: 0: clear, 1: MAC, 3: MAC+ENC. Since in the datasheet of my card I couldn't find something like this I chose "0".
- scp: Secure Channel Protocol (1 SCP01, 2 SCP02, default not set). Should not be necessary to be stated explicitly. My card supports both SCP01 and SCP02.
- scpimpl: Secure Channel Implementation (default not set). Should not be necessary to be stated explicitly.
- keyDerivation: Possible values are "none", "visa2" or "emvcps11". Also since I couldn't find information on this in the datasheet I stack to "none".
This is the error message that I get with the modified code:
C:\JavaCard\GPShell-1.4.4>GPShell.exe list.txt
mode_211
enable_trace
establish_context
card_connect
select -AID A000000018434D00
Command --> 00A4040008A000000018434D00
Wrapped command --> 00A4040008A000000018434D00
Response <-- 6F198408A000000018434D00A50D9F6E061291518101009F6501FF9000
open_sc -security 0 -keyind 0 -keyver 0 -keyDerivation none -key 47454d585052455
3534f53414d504c45 // Open secure channel
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 6A88
GP211_get_secure_channel_protocol_details() returns 0x80206A88 (6A88: Referenced
data not found.)
Could somebody tell me what is wrong and how I should parameterize and execute the open_sc command? Thank you very much!
Solution: This was the working version:
mode_201
enable_trace
establish_context
card_connect
select -AID A000000018434D00
open_sc -scp 1 -scpimpl 0x15 -security 3 -keyind 0 -keyver 0 -key 47454d5850524553534f53414d504c45 -keyDerivation visa2
get_status -element e0
card_disconnect
release_context
