SCP03 DEK Key usage in store data command

0
votes

I am trying to understand the usage of SCP DEK in store data command.

As per GP Card spec 2.2.1- "The data encryption key (DEK) for decrypting sensitive data, e.g. secret or private keys. This key is a double length DES key and is used as a static key."

I requirement to encrypt the Store data APDU data. Now I have 3 questions

  1. Is indeed SCP DEK used to encrypt EMV AUKs (Application Unique Keys) present in one of these store data commands?
  2. If statement #1 is correct the which key is used to encrypt data field in the APDU?
  3. Is the an indicator in commands prior to store data which says that data field in store data command would be Encrypted or NOT?

I would be able to set store data CLA, INS, P1 and P2 as per GP card 2.2.1 and Amendment D spec.

Asking this question here since crypto.stackexchange does not have global platform and cryptography tags

Any help is appreciated

1
cryptographyapduglobalplatform

1 Answers

1
votes

Nevermind, I found answer

  1. Yes
  2. S-ENC Secure Channel Protocol '03' – Public Release v1.1.1 section 6.2.6 APDU Command C-MAC and C-DECRYPTION Generation and Verification
  3. External Authenticate command P1 as per 7.1.2.1 Reference Control Parameter P1 – Security Level - (Encrypted value =03 - C-DECRYPTION and C-MAC/ Clear value = 01 - C-MAC)