Menu
▾
▴
globalplatform-users — Mailinglist for GlobalPlatform Users
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
(18) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(15) |
Nov
|
Dec
(6) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(2) |
Feb
|
Mar
|
Apr
(1) |
May
(4) |
Jun
|
Jul
(10) |
Aug
(7) |
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
| 2008 |
Jan
(2) |
Feb
(7) |
Mar
(1) |
Apr
(7) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
(9) |
Oct
(6) |
Nov
|
Dec
(22) |
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
(3) |
Jul
(2) |
Aug
(2) |
Sep
(3) |
Oct
|
Nov
(6) |
Dec
(1) |
| 2010 |
Jan
(1) |
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(3) |
Oct
(11) |
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
(2) |
Feb
|
Mar
(4) |
Apr
(5) |
May
(6) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2015 |
Jan
|
Feb
(2) |
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2017 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Karsten O. <wid...@t-...> - 2007-01-04 15:40:29
|
Ali Utku Selen wrote: > Hi, > > Does GlobalPlatform Library have an Java equivalent? Not until now. But the former library (OpenPlatform) has one. So, if you only have a OpenPlatform card 2.0.1' you can give it a try. "Snit Mo" wanted to develop a wrapper, but it isn't done until now. If you want to contribute you can take the OpenPlatform wrapper as a base and contribute to this project. It is not so difficult but it is a lot of boring work to develop a wrapper. By the way do you know of an automatic wrapper generator? I believe it should be possible to build one automatically, but I have not found such a tool. This would be a cool project ... Do you want to use library functions directly or would be the functionality offered by GPShell enough? You can call the program form Java. Regards, Karsten > > Thanks, > -AUS |
|
From: Karsten O. <wid...@t-...> - 2006-12-29 05:33:56
|
The CAP format has changed in JavaCard 2.2x. The release of yesterday did not obey this. Please use the new version 4.1.3 at http://sourceforge.net/projects/globalplatform/ The GPShell zip for Windows did contain the buggy library. I have fixed this. I changed the files but it is still version 1.4.0. So update it. The source gz did not change, only the documentation is different, so there is no absolute need to update it. Regards, Karsten |
|
From: Karsten O. <wid...@t-...> - 2006-12-28 09:22:44
|
Hello, I have released new version of GlobalPlatform library in version 4.0.3 and GPShell 1.4.0 under http://sourceforge.net/projects/globalplatform/ CAP files are now supported. It is not more necessary to transform a CAP file manually into the IJC (.ijc or .bin) format. GemXpresso Pro card should work now (at least the R3.2 E64). There are prebuild packages for the library for Windows including the linking library and the header files. I have tested under Debian GNU Linux and Windows XP with the following cards: CosmopoliC 64K V5.2 Axalto CyberFlex e-gate 32k GemXpresso R3.2 E64 IBM JCOP v2.2 41 The library is compatible with previous versions. A new function cap_to_ijc is defined. New documentation in PDF, HTML and Windows help format (.chm) is also released. Regards, Karsten |
|
From: Karsten O. <wid...@t-...> - 2006-12-08 13:51:33
|
Carlitos wrote:
> I have found the cause of this error. It had nothing to do with the
> application or the GlobalPlatform library.
>
> The .bin file caused the problem, it seems that it was not created
> properly the first time. I have repeated the steps for .bin creation
> (jar + cat), and this new file was successfully loaded on the card.
In the next release I will include the feature that cap files can be
loaded, so that this should not happen. The solution now is not very
comfortable. The problem was to find a free library for unzipping files.
At the moment I'm busy. I think, it will be released in the beginning of
the next year together with the configure fixes for Unix environments
which are broken now in CVS.
>
> I still don't understand how could this error happen, I thought that if
> all conditions for loading are fulfilled, and the process of
> installation finishes successfully, the only thing that can go wrong is
> that applet does not work properly.
This is true. Usually if the file is completely loaded, the card
verifies the contents of the file and if invalid data is presented the
card refuses the load file.
>
> I hope that this will help someone.
Thanks a lot,
Karsten
>
> Regards,
> Carlitos
>
>
>
> On 12/6/06, *Karsten Ohme* <wid...@t-...
> <mailto:wid...@t-...>> wrote:
>
> Carlitos wrote:
> >
> > I am developing a program in c++ for loading Java Card applets on the
> > card, using GlobalPlatform library.
> >
> > I am working with Axalto's Palmera swift 16k cards, compliant with ISO
> > 7816, EMV 3.1.1, Java Card 2.1, Open Platform 2.0.1.
> >
> > I have an applet, that is already tested and in use with these cards.
> >
> > I made a .bin file, like in a GPShell example, and I tried to load
> it on
> > the card with application that I developed.
> >
> > I have the following problem:
> > In my application, the process of loading applet finishes without any
> > error, all the methods that I call return OPGP_ERROR_SUCCESS.
> > After that, next time I try to communicate with the card, after
> > SCardTransmit I get the following error code: 0x8010002F.
> > Call to the method stingify_error returns the following text:
> > "A communications error with the smart card has been detected.
> Retry the
> > operation."
> >
> > During execution, program makes calls to methods in following order:
> > establish_context
> > card_connect
> > select_application (card manager)
> > OP201_mutual_authentication
> > OP201_install_for_load
> > OP201_load
> > OP201_install_for_install_and_make_selectable
> > card_disconnect
> > release_context
> >
> > All of above steps are working. I have noticed that execution of
> > card_disconnect lasts longer than usual (I tried putting pop-up
> > MessageBox before and after the call to method), but it reports
> that the
> > execution ended successfully.
> >
> > After loading of the applet, no SCardTransmit method can be
> successfully
> > executed with a card. I tried the process with several cards
> already and
> > the result is always the same.
> >
> > I am working with cards whose keyset is modified for SECURE
> CHANNEL MAC,
> > and whose state is set to SECURED.
> >
> > I have made changes to methods in GlobalPlatform library, that are
> > called after mutual_authentication method according to Palmera's
> > documentation
> > ("CLA coding is set to '84' for all commands issued within a Secure
> > Channel with MAC or MAC+ENC level ; using a CLA set to '80' will be
> > rejected by the card.").
>
> This is also done by the GlobalPlatform library. Each command within a
> secure channel is sent with 0x84. (At least it should.) But should not
> solve the problem.
>
> >
> > Mutual authentication is executed successfully, so it is not the
> reason
> > why the cards cannot be accessed.
> >
> >
> > I tried loading this applet to these cards with *another software*,
> > developed in Java using IBM's JCOP tool's libraries.
> >
> > I have compared ADPU messages that are exchanged between the card and
> > the offline application, in my project and using this Java
> application.
> >
> > APDUs for install_for_load and install_for_install_and_make_selectable
> > are identical (except the bytes representing cryptogram for SECURE
> > CHANNEL MAC), and APDUs for load method differ in byte
> representation of
> > the file that's loaded as well as the cryptogram.
>
> The last step is interesting. Maybe the data of the CAP file is sent in
> a different order or with additional data. The CAP file you will have is
> a ZIP file, rename it and look at the contents.
>
> Have you saved the logs of the sent communication?
>
> >
> > Applet is successfully loaded with Java application, and after that
> > those cards have been personalized and used without any problem.
> >
> > However, there is one error that the Java application reports at
> the end
> > of loading:
> >
> > com.ibm.jc.JCException :
> > Error: -4
> > APDU: 00C7020003C80207739000
> > Msg: Invalid response length. Expecting delegated operation
> response
> > at com.ibm.jc.SecurityDomain.do(Unknown Source)
> > at com.ibm.jc.SecurityDomain.handleInstall(Unknown Source)
> > at
> > com.ibm.jc.SecurityDomain.installForInstallAndMakeSelectable(Unknown
> > Source)
> > at yu.co.blue.loader.LoaderThread.run (LoaderThread.java:116)
> >
> > This could mean that the cards have some bug.
>
> Mmmmh, usually the card returns a so called receipt, for the issuer
> security domain (card manager) this is only the byte 00. Maybe it is
> missing. Should not matter. If the card wants to have something special
> it may cause the bug in the card. It is a bug, because a loading of an
> application does not effect the functionality. But, I would be
> interested when it happens and what IBM does different.
>
> Publish this problem also somewhere else, the JavaCard forum at Sun or
> a.t.smartcards newsgroup.
>
> Regards,
> Karsten
>
>
> > We tested this Java application with some other card types and it did
> > not report any error.
> >
> > In spite of that, reported error does not, in any way, effect the
> card,
> > or the applet that is loaded.
> > Applets that are loaded this way, are in use without any problem (for
> > over two years).
> >
> >
> > To conclude:
> >
> > * Java application reports error, but the card and the loaded
> applet
> > are operational
> > * my c++ application does not report any error, but cards are
> blocked
> >
> >
> > Can anyone help me with this problem?
> > Is there anything that I could do to unblock the cards that are
> blocked
> > (the 0x8010002F error)?
> >
> > Regards,
> > Carlitos
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------
> >
> >
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to
> share your
> > opinions on IT & business topics through brief surveys - and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> <http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Globalplatform-users mailing list
> > Glo...@li...
> <mailto:Glo...@li...>
> > https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
|
|
From: Carlitos <pok...@gm...> - 2006-12-08 13:43:05
|
I have found the cause of this error. It had nothing to do with the
application or the GlobalPlatform library.
The .bin file caused the problem, it seems that it was not created properly
the first time. I have repeated the steps for .bin creation (jar + cat), and
this new file was successfully loaded on the card.
I still don't understand how could this error happen, I thought that if all
conditions for loading are fulfilled, and the process of installation
finishes successfully, the only thing that can go wrong is that applet does
not work properly.
I hope that this will help someone.
Regards,
Carlitos
On 12/6/06, Karsten Ohme <wid...@t-...> wrote:
>
> Carlitos wrote:
> >
> > I am developing a program in c++ for loading Java Card applets on the
> > card, using GlobalPlatform library.
> >
> > I am working with Axalto's Palmera swift 16k cards, compliant with ISO
> > 7816, EMV 3.1.1, Java Card 2.1, Open Platform 2.0.1.
> >
> > I have an applet, that is already tested and in use with these cards.
> >
> > I made a .bin file, like in a GPShell example, and I tried to load it on
> > the card with application that I developed.
> >
> > I have the following problem:
> > In my application, the process of loading applet finishes without any
> > error, all the methods that I call return OPGP_ERROR_SUCCESS.
> > After that, next time I try to communicate with the card, after
> > SCardTransmit I get the following error code: 0x8010002F.
> > Call to the method stingify_error returns the following text:
> > "A communications error with the smart card has been detected. Retry the
> > operation."
> >
> > During execution, program makes calls to methods in following order:
> > establish_context
> > card_connect
> > select_application (card manager)
> > OP201_mutual_authentication
> > OP201_install_for_load
> > OP201_load
> > OP201_install_for_install_and_make_selectable
> > card_disconnect
> > release_context
> >
> > All of above steps are working. I have noticed that execution of
> > card_disconnect lasts longer than usual (I tried putting pop-up
> > MessageBox before and after the call to method), but it reports that the
> > execution ended successfully.
> >
> > After loading of the applet, no SCardTransmit method can be successfully
> > executed with a card. I tried the process with several cards already and
> > the result is always the same.
> >
> > I am working with cards whose keyset is modified for SECURE CHANNEL MAC,
> > and whose state is set to SECURED.
> >
> > I have made changes to methods in GlobalPlatform library, that are
> > called after mutual_authentication method according to Palmera's
> > documentation
> > ("CLA coding is set to '84' for all commands issued within a Secure
> > Channel with MAC or MAC+ENC level ; using a CLA set to '80' will be
> > rejected by the card.").
>
> This is also done by the GlobalPlatform library. Each command within a
> secure channel is sent with 0x84. (At least it should.) But should not
> solve the problem.
>
> >
> > Mutual authentication is executed successfully, so it is not the reason
> > why the cards cannot be accessed.
> >
> >
> > I tried loading this applet to these cards with *another software*,
> > developed in Java using IBM's JCOP tool's libraries.
> >
> > I have compared ADPU messages that are exchanged between the card and
> > the offline application, in my project and using this Java application.
> >
> > APDUs for install_for_load and install_for_install_and_make_selectable
> > are identical (except the bytes representing cryptogram for SECURE
> > CHANNEL MAC), and APDUs for load method differ in byte representation of
> > the file that's loaded as well as the cryptogram.
>
> The last step is interesting. Maybe the data of the CAP file is sent in
> a different order or with additional data. The CAP file you will have is
> a ZIP file, rename it and look at the contents.
>
> Have you saved the logs of the sent communication?
>
> >
> > Applet is successfully loaded with Java application, and after that
> > those cards have been personalized and used without any problem.
> >
> > However, there is one error that the Java application reports at the end
> > of loading:
> >
> > com.ibm.jc.JCException:
> > Error: -4
> > APDU: 00C7020003C80207739000
> > Msg: Invalid response length. Expecting delegated operation response
> > at com.ibm.jc.SecurityDomain.do(Unknown Source)
> > at com.ibm.jc.SecurityDomain.handleInstall(Unknown Source)
> > at
> > com.ibm.jc.SecurityDomain.installForInstallAndMakeSelectable(Unknown
> > Source)
> > at yu.co.blue.loader.LoaderThread.run(LoaderThread.java:116)
> >
> > This could mean that the cards have some bug.
>
> Mmmmh, usually the card returns a so called receipt, for the issuer
> security domain (card manager) this is only the byte 00. Maybe it is
> missing. Should not matter. If the card wants to have something special
> it may cause the bug in the card. It is a bug, because a loading of an
> application does not effect the functionality. But, I would be
> interested when it happens and what IBM does different.
>
> Publish this problem also somewhere else, the JavaCard forum at Sun or
> a.t.smartcards newsgroup.
>
> Regards,
> Karsten
>
>
> > We tested this Java application with some other card types and it did
> > not report any error.
> >
> > In spite of that, reported error does not, in any way, effect the card,
> > or the applet that is loaded.
> > Applets that are loaded this way, are in use without any problem (for
> > over two years).
> >
> >
> > To conclude:
> >
> > * Java application reports error, but the card and the loaded applet
> > are operational
> > * my c++ application does not report any error, but cards are
> blocked
> >
> >
> > Can anyone help me with this problem?
> > Is there anything that I could do to unblock the cards that are blocked
> > (the 0x8010002F error)?
> >
> > Regards,
> > Carlitos
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys - and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Globalplatform-users mailing list
> > Glo...@li...
> > https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>
>
|
|
From: Karsten O. <wid...@t-...> - 2006-12-06 17:06:26
|
Carlitos wrote:
>
> I am developing a program in c++ for loading Java Card applets on the
> card, using GlobalPlatform library.
>
> I am working with Axalto's Palmera swift 16k cards, compliant with ISO
> 7816, EMV 3.1.1, Java Card 2.1, Open Platform 2.0.1.
>
> I have an applet, that is already tested and in use with these cards.
>
> I made a .bin file, like in a GPShell example, and I tried to load it on
> the card with application that I developed.
>
> I have the following problem:
> In my application, the process of loading applet finishes without any
> error, all the methods that I call return OPGP_ERROR_SUCCESS.
> After that, next time I try to communicate with the card, after
> SCardTransmit I get the following error code: 0x8010002F.
> Call to the method stingify_error returns the following text:
> "A communications error with the smart card has been detected. Retry the
> operation."
>
> During execution, program makes calls to methods in following order:
> establish_context
> card_connect
> select_application (card manager)
> OP201_mutual_authentication
> OP201_install_for_load
> OP201_load
> OP201_install_for_install_and_make_selectable
> card_disconnect
> release_context
>
> All of above steps are working. I have noticed that execution of
> card_disconnect lasts longer than usual (I tried putting pop-up
> MessageBox before and after the call to method), but it reports that the
> execution ended successfully.
>
> After loading of the applet, no SCardTransmit method can be successfully
> executed with a card. I tried the process with several cards already and
> the result is always the same.
>
> I am working with cards whose keyset is modified for SECURE CHANNEL MAC,
> and whose state is set to SECURED.
>
> I have made changes to methods in GlobalPlatform library, that are
> called after mutual_authentication method according to Palmera's
> documentation
> ("CLA coding is set to '84' for all commands issued within a Secure
> Channel with MAC or MAC+ENC level ; using a CLA set to '80' will be
> rejected by the card.").
This is also done by the GlobalPlatform library. Each command within a
secure channel is sent with 0x84. (At least it should.) But should not
solve the problem.
>
> Mutual authentication is executed successfully, so it is not the reason
> why the cards cannot be accessed.
>
>
> I tried loading this applet to these cards with *another software*,
> developed in Java using IBM's JCOP tool's libraries.
>
> I have compared ADPU messages that are exchanged between the card and
> the offline application, in my project and using this Java application.
>
> APDUs for install_for_load and install_for_install_and_make_selectable
> are identical (except the bytes representing cryptogram for SECURE
> CHANNEL MAC), and APDUs for load method differ in byte representation of
> the file that's loaded as well as the cryptogram.
The last step is interesting. Maybe the data of the CAP file is sent in
a different order or with additional data. The CAP file you will have is
a ZIP file, rename it and look at the contents.
Have you saved the logs of the sent communication?
>
> Applet is successfully loaded with Java application, and after that
> those cards have been personalized and used without any problem.
>
> However, there is one error that the Java application reports at the end
> of loading:
>
> com.ibm.jc.JCException:
> Error: -4
> APDU: 00C7020003C80207739000
> Msg: Invalid response length. Expecting delegated operation response
> at com.ibm.jc.SecurityDomain.do(Unknown Source)
> at com.ibm.jc.SecurityDomain.handleInstall(Unknown Source)
> at
> com.ibm.jc.SecurityDomain.installForInstallAndMakeSelectable(Unknown
> Source)
> at yu.co.blue.loader.LoaderThread.run(LoaderThread.java:116)
>
> This could mean that the cards have some bug.
Mmmmh, usually the card returns a so called receipt, for the issuer
security domain (card manager) this is only the byte 00. Maybe it is
missing. Should not matter. If the card wants to have something special
it may cause the bug in the card. It is a bug, because a loading of an
application does not effect the functionality. But, I would be
interested when it happens and what IBM does different.
Publish this problem also somewhere else, the JavaCard forum at Sun or
a.t.smartcards newsgroup.
Regards,
Karsten
> We tested this Java application with some other card types and it did
> not report any error.
>
> In spite of that, reported error does not, in any way, effect the card,
> or the applet that is loaded.
> Applets that are loaded this way, are in use without any problem (for
> over two years).
>
>
> To conclude:
>
> * Java application reports error, but the card and the loaded applet
> are operational
> * my c++ application does not report any error, but cards are blocked
>
>
> Can anyone help me with this problem?
> Is there anything that I could do to unblock the cards that are blocked
> (the 0x8010002F error)?
>
> Regards,
> Carlitos
>
>
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
|
|
From: Carlitos <pok...@gm...> - 2006-12-06 16:06:39
|
I am developing a program in c++ for loading Java Card applets on the card,
using GlobalPlatform library.
I am working with Axalto's Palmera swift 16k cards, compliant with ISO 7816,
EMV 3.1.1, Java Card 2.1, Open Platform 2.0.1.
I have an applet, that is already tested and in use with these cards.
I made a .bin file, like in a GPShell example, and I tried to load it on the
card with application that I developed.
I have the following problem:
In my application, the process of loading applet finishes without any error,
all the methods that I call return OPGP_ERROR_SUCCESS.
After that, next time I try to communicate with the card, after
SCardTransmit I get the following error code: 0x8010002F.
Call to the method stingify_error returns the following text:
"A communications error with the smart card has been detected. Retry the
operation."
During execution, program makes calls to methods in following order:
establish_context
card_connect
select_application (card manager)
OP201_mutual_authentication
OP201_install_for_load
OP201_load
OP201_install_for_install_and_make_selectable
card_disconnect
release_context
All of above steps are working. I have noticed that execution of
card_disconnect lasts longer than usual (I tried putting pop-up MessageBox
before and after the call to method), but it reports that the execution
ended successfully.
After loading of the applet, no SCardTransmit method can be successfully
executed with a card. I tried the process with several cards already and the
result is always the same.
I am working with cards whose keyset is modified for SECURE CHANNEL MAC, and
whose state is set to SECURED.
I have made changes to methods in GlobalPlatform library, that are called
after mutual_authentication method according to Palmera's documentation
("CLA coding is set to '84' for all commands issued within a Secure Channel
with MAC or MAC+ENC level ; using a CLA set to '80' will be rejected by the
card.").
Mutual authentication is executed successfully, so it is not the reason why
the cards cannot be accessed.
I tried loading this applet to these cards with *another software*,
developed in Java using IBM's JCOP tool's libraries.
I have compared ADPU messages that are exchanged between the card and the
offline application, in my project and using this Java application.
APDUs for install_for_load and install_for_install_and_make_selectable are
identical (except the bytes representing cryptogram for SECURE CHANNEL MAC),
and APDUs for load method differ in byte representation of the file that's
loaded as well as the cryptogram.
Applet is successfully loaded with Java application, and after that those
cards have been personalized and used without any problem.
However, there is one error that the Java application reports at the end of
loading:
com.ibm.jc.JCException:
Error: -4
APDU: 00C7020003C80207739000
Msg: Invalid response length. Expecting delegated operation response
at com.ibm.jc.SecurityDomain.do(Unknown Source)
at com.ibm.jc.SecurityDomain.handleInstall(Unknown Source)
at com.ibm.jc.SecurityDomain.installForInstallAndMakeSelectable
(Unknown
Source)
at yu.co.blue.loader.LoaderThread.run(LoaderThread.java:116)
This could mean that the cards have some bug.
We tested this Java application with some other card types and it did not
report any error.
In spite of that, reported error does not, in any way, effect the card, or
the applet that is loaded.
Applets that are loaded this way, are in use without any problem (for over
two years).
To conclude:
- Java application reports error, but the card and the loaded applet
are operational
- my c++ application does not report any error, but cards are blocked
Can anyone help me with this problem?
Is there anything that I could do to unblock the cards that are blocked (the
0x8010002F error)?
Regards,
Carlitos
|
|
From: Karsten O. <wid...@t-...> - 2006-10-20 10:26:51
|
Iain MacDonnell wrote: > > The next card on my list is a Cyberflex Access 64k V2c (Pegasus). I > had problems installing the MCardApplet, which I tracked down to the > ordering of the "Install Parameters Data Block". Following the > Cyberflex Access V2 Programmer's Guide, I get: > > EF04C8027FFFC900 > > but gpshell produces: > > C900EF04C8027FFF > > i.e. the C900 (application-specific install parameters) needs to be > after the instance size, not at the start. > > > So I get: > > install_for_install -priv 2 -AID A00000000101 -instAID A00000000101 > -pkgAID A000000001 -nvDataLimit 32767 > --> > 80E60C002005A00000000106A0000000010106A00000000101010208C900EF04C8027FFF0000 > > <-- 6A80 > install_for_install_and_make_selectable() returns 0x80206A80 (6A80: > Wrong data / Incorrect values in command data.) > > > Whereas the same APDU except with the ordering fixed: > > send_apdu -sc 1 -APDU > 80E60C002005A00000000106A0000000010106A00000000101010208EF04C8027FFFC9000000 > > Send APDU: 80 E6 0C 00 20 05 A0 00 00 00 01 06 A0 00 00 00 01 01 06 A0 > 00 00 00 01 01 01 02 08 EF 04 C8 02 7F FF C9 00 00 00 > --> > 80E60C002005A00000000106A0000000010106A00000000101010208EF04C8027FFFC9000000 > > <-- 009000 > Recv APDU: 00 90 00 > > > Not sure if this is a bug in GlobalPlatform, or in the card implementation? Open Platform specification: ---- Open Platform cards use the Application Specific Install parameter field (identified by the tag ‘C9’) to enable parameters specific to the installation of the application to be known to the application. If an application does not require application specific parameters the corresponding length contains '00'. This tag and those defined for system specific parameters requires that the install method parameter field contain at least the value ‘9F’ ‘00’. ---- The following tags may apply: ‘C9’ Variable Application specific parameters ‘EF’ Variable System specific parameters ‘C6’ 2 Non volatile code space limit ‘C7’ 2 Volatile data space limit ‘C8’ 2 Non volatile data space limit ---- So there seems no order to be defined. But the OpenPlatform specification is not clearly written in a lot of places. But also in GlobalPlatform 2.1.1 no order is defined. The following table identifies the possible tags for use in the install parameters field: 'C9' Variable Application Specific Parameters Mandatory 'EF' Variable System Specific Parameters Conditional 'C7' 2 Volatile data space limit Optional 'C8' 2 Non volatile data space limit Optional But, because of the order it may be assumed, that the order should be like this. But C7 and C8 are clearly subtags of EF. In the example of the CFlex card: ---- EF 04 C8 02 || length(instance data in EEPROM) || C9 || L1 || xx xx || C702 || RAM resources ---- C7 is not a subtag. This is wrong. And E4 must comprise all system specific parameters. the length 04 is so also not correct. So at least the card must accept the correct format. Well, at the moment I know no good solution how to fix this behavior of the card. Maybe at connect time some argument should be passed, so that the library can handle the different quirks of cards. It could sometimes be assumed, that some implementations out there are outside of the specification on purpose, so that own tools can be sold. For CFlex cards there is a card manual publicly available, but a lot of manufacturers make a secret out of their cards. Karsten > > ~Iain > > |
|
From: Iain M. <mu...@ds...> - 2006-10-20 08:41:57
|
The next card on my list is a Cyberflex Access 64k V2c (Pegasus). I
had problems installing the MCardApplet, which I tracked down to the
ordering of the "Install Parameters Data Block". Following the
Cyberflex Access V2 Programmer's Guide, I get:
EF04C8027FFFC900
but gpshell produces:
C900EF04C8027FFF
i.e. the C900 (application-specific install parameters) needs to be
after the instance size, not at the start.
So I get:
install_for_install -priv 2 -AID A00000000101 -instAID A00000000101
-pkgAID A000000001 -nvDataLimit 32767
-->
80E60C002005A00000000106A0000000010106A00000000101010208C900EF04C8027FFF0000
<-- 6A80
install_for_install_and_make_selectable() returns 0x80206A80 (6A80:
Wrong data / Incorrect values in command data.)
Whereas the same APDU except with the ordering fixed:
send_apdu -sc 1 -APDU
80E60C002005A00000000106A0000000010106A00000000101010208EF04C8027FFFC9000000
Send APDU: 80 E6 0C 00 20 05 A0 00 00 00 01 06 A0 00 00 00 01 01 06 A0
00 00 00 01 01 01 02 08 EF 04 C8 02 7F FF C9 00 00 00
-->
80E60C002005A00000000106A0000000010106A00000000101010208EF04C8027FFFC9000000
<-- 009000
Recv APDU: 00 90 00
Not sure if this is a bug in GlobalPlatform, or in the card implementation?
~Iain
|
|
From: Karsten O. <wid...@t-...> - 2006-10-19 22:07:12
|
Iain MacDonnell wrote:
> I used to be able to build GPShell with the simple sequence:
>
> ./configure --prefix=${PFX}
> gmake
> gmake install
>
>
Must have something to do with the changes to support the compilation
under Cygwin in Windows. I have to correct this under Linux, when my
system is up again and can handle my RAID controller.
Karsten
> Where my build environment is:
>
> PFX=/opt/ITsmartcard
>
> export CFLAGS="-I${PFX}/include -I${PFX}/include/PCSC -I/usr/sfw/include
> -I/opt/sfw/include"
> export LDFLAGS="-L${PFX}/lib -R${PFX}/lib -L/usr/sfw/lib -R/usr/sfw/lib
> -L/opt/sfw/lib"
>
> export PKG_CONFIG_PATH=${PFX}/lib/pkgconfig
>
>
> and it would find the GlobalPlatform headers and library.
>
>
> With the latest CVS source, it seems to be a bit botched. First, in
> Makefile.am, this line:
>
> gpshell_LDADD = $(AM_CPPFLAGS) -lGlobalPlatform
> -L"$(GLOBALPLATFORM_LIB_PATH)"
>
> causes the following failure during "./configure" if
> GLOBALPLATFORM_LIB_PATH is not set:
>
> configure:4746: cc -o conftest -I/opt/ITsmartcard/include
> -I/opt/ITsmartcard/include/PCSC -I/usr/sfw/include -I/opt/sfw/include
> -L/opt/ITsmartcard/lib -R/opt/ITsmartcard/lib -L/usr/sfw/lib
> -R/usr/sfw/lib -L/opt/sfw/lib -L conftest.c -lGlobalPlatform >&5
>
>
> (note the nothingness between "-L" and "conftest.c")
>
>
> Also, I now have to set CPPFLAGS to the same as CFLAGS - otherwise
> the following garbled cc line is produced at gmake time:
>
> cc -DPACKAGE_NAME=\"GPShell\" -DPACKAGE_TARNAME=\"gpshell\"
> -DPACKAGE_VERSION=\"1.3.1\" -DPACKAGE_STRING=\"GPShell\ 1.3.1\"
> -DPACKAGE_BUGREPORT=\"sn...@gm...\" -DSTDC_HEADERS=1
> -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1
> -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
> -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
> -DLSTAT_FOLLOWS_SLASHED_SYMLINK=1 -DHAVE_STDLIB_H=1 -DHAVE_MALLOC=1
> -DHAVE_ATOI=1 -DHAVE_FGETS=1 -DHAVE_LIBGLOBALPLATFORM=1 -I. -I.
> "-D_REENTRANT -I/opt/ITsmartcard/include/PCSC " "-I"
> -I/opt/ITsmartcard/include -I/opt/ITsmartcard/include/PCSC
> -I/usr/sfw/include -I/opt/sfw/include -c -o gpshell-GPShell.o `test -f
> 'GPShell.c' || echo './'`GPShell.c
>
>
> Finally, this section of configure.in :
>
> AC_ARG_VAR(GLOBALPLATFORM_H_PATH, [Specifies the location of
> GlobalPlatform/GlobalPlatform.h])
>
> OLD_CFLAGS="$CFLAGS"
> case "$host" in
> *-*-cygwin*)
> if ! test -f
> "$GLOBALPLATFORM_H_PATH"/GlobalPlatform/GlobalPlatform.h;
> then AC_MSG_ERROR([GlobalPlatform/GlobalPlatform.h not found,
> specify location of
> GlobalPlatform/GlobalPlatform.h with ./configure
> GLOBALPLATFORM_H_PATH=<directory>])
> fi
> ;;
> *)
> CFLAGS="$CFLAGS $GLOBALPLATFORM_H_PATH"
> AC_CHECK_HEADER(GlobalPlatform/GlobalPlatform.h, [],
> [AC_MSG_ERROR([GlobalPlatform/GlobalPlatform.h not found or usable,
> install GlobalPlatform 3.0.2
> or later, or use ./configure GLOBALPLATFORM_H_PATH=<include
> directory>])], )
> ;;
> esac
> AC_SUBST(GLOBALPLATFORM_CFLAGS,-I"$GLOBALPLATFORM_H_PATH")
> CFLAGS="$OLD_CFLAGS"
>
>
>
> Shouldn't that be: CFLAGS="$CFLAGS -I$GLOBALPLATFORM_H_PATH" ??
> ^^
>
> but then again, that'll probably break stuff if GLOBALPLATFORM_H_PATH
> is not set...
>
> ~Iain
>
>
>
>
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
|
|
From: Iain M. <mu...@ds...> - 2006-10-19 21:57:33
|
Iain MacDonnell wrote on 10/19/06 09:25 AM:
>
>
> Karsten Ohme wrote on 10/19/06 12:10 AM:
>> Iain MacDonnell wrote:
>>> Hah! Got it:
>>>
>>> send_apdu -sc 1 -APDU 80E40080074F05A00000000100
>>> Send APDU: 80 E4 00 80 07 4F 05 A0 00 00 00 01 00
>>
>> No, I was wrong, for GP211 cards I have implemented it with 80. So the
>> command should be the same. Which version of the GlobalPlatform library
>> are you using? Set GLOBALPLATFORM_DEBUG=1, run GPShell and if the log
>> file (C:\Temp or /tmp/ ) does not contain 80 as 4th byte for "delete",
>> the version is too old. Check out from CVS if necessary.
>
> I'm running the latest released versions of GlobalPlatform (3.0.2)
> and GPShell (1.3.1). I had some problems trying to build the latest
> stuff - should start a separate thread for that...
Yes, "delete" works (with 80) with the latest CVS code (now that I
figured out how to make it build:)
~Iain
>>> Recv APDU: 00 90 00
>>> get_status -element e0
>>> get_status -element e0
>>>
>>> List of applets (AID state privileges)
>>> a000000003000000 1 9e
>>> a0000000035350 1 0
>>>
>>>
>>> Based loosely on:
>>>
>>> http://lists.drizzle.com/pipermail/muscle/2006-May/005353.html
>>>
>>> Thanks :)
>>>
>>> ~Iain
>>>
>>>
>>>
>>> Iain MacDonnell wrote on 10/18/06 04:30 PM:
>>>
>>>>
>>>> Karsten Ohme wrote on 10/18/06 04:02 PM:
>>>>
>>>>> Iain MacDonnell wrote:
>>>>>
>>>>>> So I think the Cosmo52 cards I was trying to use before had had their
>>>>>> keys swapped without my knowledge. Trying again, with cards that I
>>>>>> know
>>>>>> are new, and I can establish a secure channel, and load and
>>>>>> instantiate
>>>>>> the MCardApplet .... but I can't seem to delete it!! Am I missing
>>>>>> something? I've tried various combinations of scp/scpimpl/security
>>>>>> and
>>>>>> sdAIDs of a000000003000000 and a0000000030000 - the result is always
>>>>>> 6985...
>>>>>>
>>>>>> mode_211
>>>>>> establish_context
>>>>>> card_connect
>>>>>> enable_trace
>>>>>> select -AID a000000003000000
>>>>>> --> 00A4040008A000000003000000
>>>>>> <--
>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000
>>>>>>
>>>>>>
>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key
>>>>>> 404142434445464748494a4b4c4d4e4f -mac_key
>>>>>> 404142434445464748494a4b4c4d4e4f
>>>>>> --> 8050000008D6C5DC4AD8A949EE00
>>>>>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000
>>>>>> --> 848201001007037657966B46ED92B673CE885CA553
>>>>>> <-- 9000
>>>>>> get_status -element e0
>>>>>> --> 80F2E000024F0000
>>>>>> <--
>>>>>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000
>>>>>>
>>>>>>
>>>>>>
>>>>>> List of applets (AID state privileges)
>>>>>> a000000003000000 1 9e
>>>>>> a0000000035350 1 0
>>>>>> a000000001 1 0
>>>>>> a00000000101 7 2
>>>>>> delete -AID a00000000101
>>>>>> --> 80E40000084F06A0000000010100
>>>>>> <-- 6985
>>>>>> delete_applet() returns 0x80206985 (6985: Command not allowed -
>>>>>> Conditions of use not satisfied.)
>>>>>
>>>>> Usually at first all applets which have reference to the applet
>>>>> must bed
>>>>> deleted. This should not be the case.
>>>>> Then the applet must be deleted before the package.
>>>>> Then the package can be deleted.
>>>>>
>>>>> But there are cards, which delete all dependent data if the package is
>>>>> deleted. So try to delete the package:
>>>>>
>>>>> delete -AID a000000001
>>>>>
>>>>> I remember that I implemented it that way that always for GP 211 cards
>>>>> all related data is also deleted. So, it should work.
>>>>
>>>> No; same error:
>>>>
>>>> delete -AID a000000001
>>>> delete_applet() returns 0x80206985 (6985: Command not allowed -
>>>> Conditions of use not satisfied.)
>>>>
>>>>
>>>>> At one card I know of the package AID and the applet AID together must
>>>>> be specified to delete it. This is not supported by GPShell. You must
>>>>> manually look into the documentation of your card, what is necessary.
>>>>> Use the script and instead of the delete command insert a send_apdu
>>>>> command which could look like:
>>>>>
>>>>> 80 E4 00 80 0e
>>>>
>>>> 0e should be 0f, I assume?
>>>>
>>>>
>>>>> 4f 06 a0 00 00 00 01 01
>>>>> 4f 05 a0 00 00 00 01
>>>>> 00
>>>>>
>>>>> (I have separated with newlines and spaces, must be written together.)
>>>>> Maybe the order of the 2nd and 3rd line must be changed.
>>>>
>>>> Either way around, that gets:
>>>>
>>>> send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100
>>>> Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00
>>>> 01 00
>>>> send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in
>>>> command data.)
>>>>
>>>>
>>>> I guess I need to go hunting for a Cosmo V5.2 manual...
>>>>
>>>> Thx,
>>>>
>>>> ~Iain
>>>>
>>>>
>>>>
>>>>
>>>>>> Snit Mo wrote on 03/27/06 06:07 PM:
>>>>>>
>>>>>>> I have to assume that your card doesn't have the usual test key
>>>>>>> (4041..4f). Where did you get the card from? Can you ask them what
>>>>>>> the key is?
>>>>>>>
>>>>>>> Also, you may want to try Oberthur AppLoader.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote:
>>>>>>>
>>>>>>>> Snit Mo wrote on 03/27/06 05:45 PM:
>>>>>>>>
>>>>>>>>> Hello, Iain,
>>>>>>>> Hi :)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo
>>>>>>>>> 5.2. The
>>>>>>>>> default key is 404142...4f. See the result at the end of this
>>>>>>>>> file.
>>>>>>>> Doesn't work for me - I wonder why...
>>>>>>>>
>>>>>>>> mode_211
>>>>>>>> enable_trace
>>>>>>>> establish_context
>>>>>>>> card_connect
>>>>>>>> select -AID a000000003000000
>>>>>>>> --> 00A4040008A000000003000000
>>>>>>>> <--
>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
>>>>>>>>
>>>>>>>>
>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>> --> 00CA006600
>>>>>>>> <--
>>>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
>>>>>>>>
>>>>>>>>
>>>>>>>> --> 8050000008C13CAC00B446633A00
>>>>>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
>>>>>>>> mutual_authentication() returns 0x80302000 (The verification of
>>>>>>>> the card
>>>>>>>> cryptogram failed.)
>>>>>>>>
>>>>>>>> ~Iain
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> For changing keys, use attached files. replacekey-cosmo-gp211
>>>>>>>>> changes
>>>>>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt
>>>>>>>>> puts it
>>>>>>>>> back to 4041...4f. Perhaps I should include these in later
>>>>>>>>> releases
>>>>>>>>> ...
>>>>>>>>>
>>>>>>>>> $ ./Release/GPShell.exe listgp211.txt
>>>>>>>>> mode_211
>>>>>>>>> enable_trace
>>>>>>>>> establish_context
>>>>>>>>> card_connect
>>>>>>>>> select -AID a000000003000000
>>>>>>>>> --> 00A4040008A000000003000000
>>>>>>>>> <--
>>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4
>>>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>> --> 00CA006600
>>>>>>>>> <--
>>>>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 640B06092A864886FC6B0401059000
>>>>>>>>> --> 8050000008B7070A7E2C84570000
>>>>>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
>>>>>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
>>>>>>>>> <-- 9000
>>>>>>>>> get_status -element 20
>>>>>>>>> --> 80F22000024F0000
>>>>>>>>> <--
>>>>>>>>> 07A0000000035350010009A00000006203010C01010006A0000000010101009000
>>>>>>>>>
>>>>>>>>> List of applets (AID state privileges)
>>>>>>>>> a0000000035350 1 0
>>>>>>>>> a00000006203010c01 1 0
>>>>>>>>> a00000000101 1 0
>>>>>>>>> card_disconnect
>>>>>>>>> release_context
>>>>>>>>>
>>>>>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>>>>>>>>>
>>>>>>>>>> Iain MacDonnell wrote:
>>>>>>>>>>
>>>>>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Iain MacDonnell wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem -
>>>>>>>>>>>>>>>>> have you
>>>>>>>>>>>>>>>>> ever
>>>>>>>>>>>>>>>>> tried this stuff on a big-endian machine?
>>>>>>>>>>>> I have run some big endian tests on a Solaris system running
>>>>>>>>>>>> on a Sparc.
>>>>>>>>>>>>
>>>>>>>>>>>> For some reason the following happens:
>>>>>>>>>>>>
>>>>>>>>>>>> char *test = "EE";
>>>>>>>>>>>> sscanf (test, "%02x", &temp);
>>>>>>>>>>>>
>>>>>>>>>>>> if temp is a char the conversion is always 00, if temp is an
>>>>>>>>>>>> int, it
>>>>>>>>>>>> works.
>>>>>>>>>>>>
>>>>>>>>>>>> Please try out the GPShell version in CVS. I have fixed
>>>>>>>>>>>> probably all
>>>>>>>>>>>> conversions, but I have no possibility to test it.
>>>>>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I
>>>>>>>>>>> haven't
>>>>>>>>>>> exercised all functions, but it's able to 'select' and
>>>>>>>>>>> 'open_sc' OK.
>>>>>>>>>>> I'll let you know, of course, if I run into any further
>>>>>>>>>>> problems.
>>>>>>>>>>>
>>>>>>>>>>> Side question: do you happen to have the developer keys for
>>>>>>>>>>> Oberthur
>>>>>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change
>>>>>>>>>>> in the example GPShell scripts to establish a secure channel?
>>>>>>>>>> For for for a Oberthur card it works with the default 0x40 ...
>>>>>>>>>> 0x4F key.
>>>>>>>>>>
>>>>>>>>>> I executed the list.txt file:
>>>>>>>>>>
>>>>>>>>>> mode_201
>>>>>>>>>> enable_trace
>>>>>>>>>> establish_context
>>>>>>>>>> card_connect
>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>>>> <--
>>>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4
>>>>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure
>>>>>>>>>> channel
>>>>>>>>>> --> 805000000803AF9CAB5BC9A73A00
>>>>>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>>>>>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>>>>>>>>>> <-- 9000
>>>>>>>>>> get_status -element e0
>>>>>>>>>> --> 80F2E000024F0000
>>>>>>>>>> <-- 6A86
>>>>>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect
>>>>>>>>>> parameters (P1, P2).)
>>>>>>>>>>
>>>>>>>>>> Obviously the card has problem to list the applications. Don't
>>>>>>>>>> know way.
>>>>>>>>>>
>>>>>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it
>>>>>>>>>> can not
>>>>>>>>>> treat the GET RESPONSE command. Is this a usual feature? I
>>>>>>>>>> cannot use
>>>>>>>>>> the card.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> I'm
>>>>>>>>>>> getting mutual_authentication() returns 0x80302000. I read
>>>>>>>>>>> about the
>>>>>>>>>>> need to specify a sdAID, but that seems to apply only to
>>>>>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt'
>>>>>>>>>>> example
>>>>>>>>>>> doesn't seem to exist...?
>>>>>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey
>>>>>>>>>> for the
>>>>>>>>>> CFlex card works with the mentioned change.
>>>>>>>>>>
>>>>>>>>>> Karsten
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Thanks!
>>>>>>>>>>>
>>>>>>>>>>> ~Iain
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>>>>>>> mode_201
>>>>>>>>>>>>>>>>> enable_trace
>>>>>>>>>>>>>>>>> establish_context
>>>>>>>>>>>>>>>>> card_connect
>>>>>>>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>>>>>>>> --> 00A404000700000000000000
>>>>>>>>>>>>>>>> Note that the AID is not showing in this APDU...
>>>>>>>>>>>>>>>> compared to
>>>>>>>>>>>>>>>> below....
>>>>>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the
>>>>>>>>>>>>>>> conversion
>>>>>>>>>>>>>>> routines, if something like this is used, I'm not sure.
>>>>>>>>>>>>> This could be the guilty routine (?):
>>>>>>>>>>>>>
>>>>>>>>>>>>> It scans two bytes interpreted as a hex byte:
>>>>>>>>>>>>>
>>>>>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i]))
>>>>>>>>>>>>>> 0) {
>>>>>>>>>>>>> i++;
>>>>>>>>>>>>> }
>>>>>>>>>>>>>
>>>>>>>>>>>>> I will see.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Karsten
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks, Karsten
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <-- 6A82
>>>>>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The
>>>>>>>>>>>>>>>>> application to be
>>>>>>>>>>>>>>>>> selected could not be found.)
>>>>>>>>>>>>>>>>> # uname -a
>>>>>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc
>>>>>>>>>>>>>>>>> SUNW,Sun-Blade-100
>>>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>>>>>>>>>>> successfully used
>>>>>>>>>>>>>>>>> this stuff on Solaris x86...
>>>>>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this
>>>>>>>>>>>>>> should not
>>>>>>>>>>>>>> effect endianess. I will look into GPShell.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Karsten
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>>>>>> mode_201
>>>>>>>>>>>>>>>> enable_trace
>>>>>>>>>>>>>>>> establish_context
>>>>>>>>>>>>>>>> card_connect
>>>>>>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>>>>>>>>>> <--
>>>>>>>>>>>>>>>> 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>>>>>>>>>>> <--
>>>>>>>>>>>>>>>> 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>>>>>>>>>> <-- 9000
>>>>>>>>>>>>>>>> get_status -element e0
>>>>>>>>>>>>>>>> --> 80F2E000024F0000
>>>>>>>>>>>>>>>> <--
>>>>>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> List of applets (AID state privileges)
>>>>>>>>>>>>>>>> a0000000030000 7 0
>>>>>>>>>>>>>>>> a0000000620001 1 0
>>>>>>>>>>>>>>>> a0000000620101 1 0
>>>>>>>>>>>>>>>> a0000000620102 1 0
>>>>>>>>>>>>>>>> a0000000620201 1 0
>>>>>>>>>>>>>>>> a0000000030000 1 0
>>>>>>>>>>>>>>>> a000000001 1 0
>>>>>>>>>>>>>>>> a00000000101 7 0
>>>>>>>>>>>>>>>> card_disconnect
>>>>>>>>>>>>>>>> release_context
>>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ~Iain
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>>>>>> scripting
>>>>>>>>>>>>>>>> language
>>>>>>>>>>>>>>>> that extends applications into web and mobile media.
>>>>>>>>>>>>>>>> Attend the live
>>>>>>>>>>>>>>>> webcast
>>>>>>>>>>>>>>>> and join the prime developer group breaking into this new
>>>>>>>>>>>>>>>> coding
>>>>>>>>>>>>>>>> territory!
>>>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>>>>> scripting
>>>>>>>>>>>>>>> language
>>>>>>>>>>>>>>> that extends applications into web and mobile media. Attend
>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>> live webcast
>>>>>>>>>>>>>>> and join the prime developer group breaking into this new
>>>>>>>>>>>>>>> coding
>>>>>>>>>>>>>>> territory!
>>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>>>> scripting
>>>>>>>>>>>>>> language
>>>>>>>>>>>>>> that extends applications into web and mobile media. Attend
>>>>>>>>>>>>>> the live
>>>>>>>>>>>>>> webcast
>>>>>>>>>>>>>> and join the prime developer group breaking into this new
>>>>>>>>>>>>>> coding
>>>>>>>>>>>>>> territory!
>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> Globalplatform-developers mailing list
>>>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>>> scripting
>>>>>>>>>>>>> language
>>>>>>>>>>>>> that extends applications into web and mobile media. Attend
>>>>>>>>>>>>> the live
>>>>>>>>>>>>> webcast
>>>>>>>>>>>>> and join the prime developer group breaking into this new
>>>>>>>>>>>>> coding
>>>>>>>>>>>>> territory!
>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Globalplatform-developers mailing list
>>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> mode_211
>>>>>>>>>> enable_trace
>>>>>>>>>> establish_context
>>>>>>>>>> card_connect
>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0
>>>>>>>>>> -mac_key 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key
>>>>>>>>>> 505152535455565758595a5b5c5d5e5f -enc_key
>>>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key
>>>>>>>>>> 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>>>>>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>>>>>> card_disconnect
>>>>>>>>>> release_context
>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> mode_211
>>>>>>>>>> enable_trace
>>>>>>>>>> establish_context
>>>>>>>>>> card_connect
>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0
>>>>>>>>>> -mac_key 505152535455565758595a5b5c5d5e5f -enc_key
>>>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key
>>>>>>>>>> 505152535455565758595a5b5c5d5e5f // Open secure channel
>>>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>>>>>> card_disconnect
>>>>>>>>>> release_context
>>>>>>
>>>>>> -------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>> Using Tomcat but need to do more? Need to support web services,
>>>>>> security?
>>>>>> Get stuff done quickly with pre-integrated technology to make your
>>>>>> job easier
>>>>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>>>>> Geronimo
>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Globalplatform-users mailing list
>>>>>> Glo...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>
>>> ------------------------------------------------------------------------
>>>
>>> -------------------------------------------------------------------------
>>>
>>> Using Tomcat but need to do more? Need to support web services,
>>> security?
>>> Get stuff done quickly with pre-integrated technology to make your
>>> job easier
>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>> Geronimo
>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Globalplatform-developers mailing list
>>> Glo...@li...
>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>
|
|
From: Iain M. <mu...@ds...> - 2006-10-19 21:50:43
|
I used to be able to build GPShell with the simple sequence:
./configure --prefix=${PFX}
gmake
gmake install
Where my build environment is:
PFX=/opt/ITsmartcard
export CFLAGS="-I${PFX}/include -I${PFX}/include/PCSC -I/usr/sfw/include
-I/opt/sfw/include"
export LDFLAGS="-L${PFX}/lib -R${PFX}/lib -L/usr/sfw/lib -R/usr/sfw/lib
-L/opt/sfw/lib"
export PKG_CONFIG_PATH=${PFX}/lib/pkgconfig
and it would find the GlobalPlatform headers and library.
With the latest CVS source, it seems to be a bit botched. First, in
Makefile.am, this line:
gpshell_LDADD = $(AM_CPPFLAGS) -lGlobalPlatform
-L"$(GLOBALPLATFORM_LIB_PATH)"
causes the following failure during "./configure" if
GLOBALPLATFORM_LIB_PATH is not set:
configure:4746: cc -o conftest -I/opt/ITsmartcard/include
-I/opt/ITsmartcard/include/PCSC -I/usr/sfw/include -I/opt/sfw/include
-L/opt/ITsmartcard/lib -R/opt/ITsmartcard/lib -L/usr/sfw/lib
-R/usr/sfw/lib -L/opt/sfw/lib -L conftest.c -lGlobalPlatform >&5
(note the nothingness between "-L" and "conftest.c")
Also, I now have to set CPPFLAGS to the same as CFLAGS - otherwise
the following garbled cc line is produced at gmake time:
cc -DPACKAGE_NAME=\"GPShell\" -DPACKAGE_TARNAME=\"gpshell\"
-DPACKAGE_VERSION=\"1.3.1\" -DPACKAGE_STRING=\"GPShell\ 1.3.1\"
-DPACKAGE_BUGREPORT=\"sn...@gm...\" -DSTDC_HEADERS=1
-DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1
-DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
-DLSTAT_FOLLOWS_SLASHED_SYMLINK=1 -DHAVE_STDLIB_H=1 -DHAVE_MALLOC=1
-DHAVE_ATOI=1 -DHAVE_FGETS=1 -DHAVE_LIBGLOBALPLATFORM=1 -I. -I.
"-D_REENTRANT -I/opt/ITsmartcard/include/PCSC " "-I"
-I/opt/ITsmartcard/include -I/opt/ITsmartcard/include/PCSC
-I/usr/sfw/include -I/opt/sfw/include -c -o gpshell-GPShell.o `test -f
'GPShell.c' || echo './'`GPShell.c
Finally, this section of configure.in :
AC_ARG_VAR(GLOBALPLATFORM_H_PATH, [Specifies the location of
GlobalPlatform/GlobalPlatform.h])
OLD_CFLAGS="$CFLAGS"
case "$host" in
*-*-cygwin*)
if ! test -f
"$GLOBALPLATFORM_H_PATH"/GlobalPlatform/GlobalPlatform.h;
then AC_MSG_ERROR([GlobalPlatform/GlobalPlatform.h not found,
specify location of
GlobalPlatform/GlobalPlatform.h with ./configure
GLOBALPLATFORM_H_PATH=<directory>])
fi
;;
*)
CFLAGS="$CFLAGS $GLOBALPLATFORM_H_PATH"
AC_CHECK_HEADER(GlobalPlatform/GlobalPlatform.h, [],
[AC_MSG_ERROR([GlobalPlatform/GlobalPlatform.h not found or usable,
install GlobalPlatform 3.0.2
or later, or use ./configure GLOBALPLATFORM_H_PATH=<include
directory>])], )
;;
esac
AC_SUBST(GLOBALPLATFORM_CFLAGS,-I"$GLOBALPLATFORM_H_PATH")
CFLAGS="$OLD_CFLAGS"
Shouldn't that be: CFLAGS="$CFLAGS -I$GLOBALPLATFORM_H_PATH" ??
^^
but then again, that'll probably break stuff if GLOBALPLATFORM_H_PATH
is not set...
~Iain
|
|
From: Iain M. <Ds...@Ds...> - 2006-10-19 16:25:45
|
Karsten Ohme wrote on 10/19/06 12:10 AM:
> Iain MacDonnell wrote:
>> Hah! Got it:
>>
>> send_apdu -sc 1 -APDU 80E40080074F05A00000000100
>> Send APDU: 80 E4 00 80 07 4F 05 A0 00 00 00 01 00
>
> No, I was wrong, for GP211 cards I have implemented it with 80. So the
> command should be the same. Which version of the GlobalPlatform library
> are you using? Set GLOBALPLATFORM_DEBUG=1, run GPShell and if the log
> file (C:\Temp or /tmp/ ) does not contain 80 as 4th byte for "delete",
> the version is too old. Check out from CVS if necessary.
I'm running the latest released versions of GlobalPlatform (3.0.2)
and GPShell (1.3.1). I had some problems trying to build the latest
stuff - should start a separate thread for that...
~Iain
>> Recv APDU: 00 90 00
>> get_status -element e0
>> get_status -element e0
>>
>> List of applets (AID state privileges)
>> a000000003000000 1 9e
>> a0000000035350 1 0
>>
>>
>> Based loosely on:
>>
>> http://lists.drizzle.com/pipermail/muscle/2006-May/005353.html
>>
>> Thanks :)
>>
>> ~Iain
>>
>>
>>
>> Iain MacDonnell wrote on 10/18/06 04:30 PM:
>>
>>>
>>> Karsten Ohme wrote on 10/18/06 04:02 PM:
>>>
>>>> Iain MacDonnell wrote:
>>>>
>>>>> So I think the Cosmo52 cards I was trying to use before had had their
>>>>> keys swapped without my knowledge. Trying again, with cards that I know
>>>>> are new, and I can establish a secure channel, and load and instantiate
>>>>> the MCardApplet .... but I can't seem to delete it!! Am I missing
>>>>> something? I've tried various combinations of scp/scpimpl/security and
>>>>> sdAIDs of a000000003000000 and a0000000030000 - the result is always
>>>>> 6985...
>>>>>
>>>>> mode_211
>>>>> establish_context
>>>>> card_connect
>>>>> enable_trace
>>>>> select -AID a000000003000000
>>>>> --> 00A4040008A000000003000000
>>>>> <--
>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000
>>>>>
>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key
>>>>> 404142434445464748494a4b4c4d4e4f -mac_key
>>>>> 404142434445464748494a4b4c4d4e4f
>>>>> --> 8050000008D6C5DC4AD8A949EE00
>>>>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000
>>>>> --> 848201001007037657966B46ED92B673CE885CA553
>>>>> <-- 9000
>>>>> get_status -element e0
>>>>> --> 80F2E000024F0000
>>>>> <--
>>>>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000
>>>>>
>>>>>
>>>>> List of applets (AID state privileges)
>>>>> a000000003000000 1 9e
>>>>> a0000000035350 1 0
>>>>> a000000001 1 0
>>>>> a00000000101 7 2
>>>>> delete -AID a00000000101
>>>>> --> 80E40000084F06A0000000010100
>>>>> <-- 6985
>>>>> delete_applet() returns 0x80206985 (6985: Command not allowed -
>>>>> Conditions of use not satisfied.)
>>>>
>>>> Usually at first all applets which have reference to the applet must bed
>>>> deleted. This should not be the case.
>>>> Then the applet must be deleted before the package.
>>>> Then the package can be deleted.
>>>>
>>>> But there are cards, which delete all dependent data if the package is
>>>> deleted. So try to delete the package:
>>>>
>>>> delete -AID a000000001
>>>>
>>>> I remember that I implemented it that way that always for GP 211 cards
>>>> all related data is also deleted. So, it should work.
>>>
>>> No; same error:
>>>
>>> delete -AID a000000001
>>> delete_applet() returns 0x80206985 (6985: Command not allowed -
>>> Conditions of use not satisfied.)
>>>
>>>
>>>> At one card I know of the package AID and the applet AID together must
>>>> be specified to delete it. This is not supported by GPShell. You must
>>>> manually look into the documentation of your card, what is necessary.
>>>> Use the script and instead of the delete command insert a send_apdu
>>>> command which could look like:
>>>>
>>>> 80 E4 00 80 0e
>>>
>>> 0e should be 0f, I assume?
>>>
>>>
>>>> 4f 06 a0 00 00 00 01 01
>>>> 4f 05 a0 00 00 00 01
>>>> 00
>>>>
>>>> (I have separated with newlines and spaces, must be written together.)
>>>> Maybe the order of the 2nd and 3rd line must be changed.
>>>
>>> Either way around, that gets:
>>>
>>> send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100
>>> Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00
>>> send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in
>>> command data.)
>>>
>>>
>>> I guess I need to go hunting for a Cosmo V5.2 manual...
>>>
>>> Thx,
>>>
>>> ~Iain
>>>
>>>
>>>
>>>
>>>>> Snit Mo wrote on 03/27/06 06:07 PM:
>>>>>
>>>>>> I have to assume that your card doesn't have the usual test key
>>>>>> (4041..4f). Where did you get the card from? Can you ask them what
>>>>>> the key is?
>>>>>>
>>>>>> Also, you may want to try Oberthur AppLoader.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote:
>>>>>>
>>>>>>> Snit Mo wrote on 03/27/06 05:45 PM:
>>>>>>>
>>>>>>>> Hello, Iain,
>>>>>>> Hi :)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo
>>>>>>>> 5.2. The
>>>>>>>> default key is 404142...4f. See the result at the end of this file.
>>>>>>> Doesn't work for me - I wonder why...
>>>>>>>
>>>>>>> mode_211
>>>>>>> enable_trace
>>>>>>> establish_context
>>>>>>> card_connect
>>>>>>> select -AID a000000003000000
>>>>>>> --> 00A4040008A000000003000000
>>>>>>> <--
>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
>>>>>>>
>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>> --> 00CA006600
>>>>>>> <--
>>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
>>>>>>>
>>>>>>> --> 8050000008C13CAC00B446633A00
>>>>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
>>>>>>> mutual_authentication() returns 0x80302000 (The verification of
>>>>>>> the card
>>>>>>> cryptogram failed.)
>>>>>>>
>>>>>>> ~Iain
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> For changing keys, use attached files. replacekey-cosmo-gp211
>>>>>>>> changes
>>>>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it
>>>>>>>> back to 4041...4f. Perhaps I should include these in later releases
>>>>>>>> ...
>>>>>>>>
>>>>>>>> $ ./Release/GPShell.exe listgp211.txt
>>>>>>>> mode_211
>>>>>>>> enable_trace
>>>>>>>> establish_context
>>>>>>>> card_connect
>>>>>>>> select -AID a000000003000000
>>>>>>>> --> 00A4040008A000000003000000
>>>>>>>> <--
>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>>>>>
>>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
>>>>>>>>
>>>>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000
>>>>>>>>
>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>> 404142434445464748494a4b4c4d4e4
>>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>> --> 00CA006600
>>>>>>>> <--
>>>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
>>>>>>>>
>>>>>>>> 640B06092A864886FC6B0401059000
>>>>>>>> --> 8050000008B7070A7E2C84570000
>>>>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
>>>>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
>>>>>>>> <-- 9000
>>>>>>>> get_status -element 20
>>>>>>>> --> 80F22000024F0000
>>>>>>>> <--
>>>>>>>> 07A0000000035350010009A00000006203010C01010006A0000000010101009000
>>>>>>>>
>>>>>>>> List of applets (AID state privileges)
>>>>>>>> a0000000035350 1 0
>>>>>>>> a00000006203010c01 1 0
>>>>>>>> a00000000101 1 0
>>>>>>>> card_disconnect
>>>>>>>> release_context
>>>>>>>>
>>>>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>>>>>>>>
>>>>>>>>> Iain MacDonnell wrote:
>>>>>>>>>
>>>>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Iain MacDonnell wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem -
>>>>>>>>>>>>>>>> have you
>>>>>>>>>>>>>>>> ever
>>>>>>>>>>>>>>>> tried this stuff on a big-endian machine?
>>>>>>>>>>> I have run some big endian tests on a Solaris system running
>>>>>>>>>>> on a Sparc.
>>>>>>>>>>>
>>>>>>>>>>> For some reason the following happens:
>>>>>>>>>>>
>>>>>>>>>>> char *test = "EE";
>>>>>>>>>>> sscanf (test, "%02x", &temp);
>>>>>>>>>>>
>>>>>>>>>>> if temp is a char the conversion is always 00, if temp is an
>>>>>>>>>>> int, it
>>>>>>>>>>> works.
>>>>>>>>>>>
>>>>>>>>>>> Please try out the GPShell version in CVS. I have fixed
>>>>>>>>>>> probably all
>>>>>>>>>>> conversions, but I have no possibility to test it.
>>>>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I
>>>>>>>>>> haven't
>>>>>>>>>> exercised all functions, but it's able to 'select' and
>>>>>>>>>> 'open_sc' OK.
>>>>>>>>>> I'll let you know, of course, if I run into any further problems.
>>>>>>>>>>
>>>>>>>>>> Side question: do you happen to have the developer keys for
>>>>>>>>>> Oberthur
>>>>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change
>>>>>>>>>> in the example GPShell scripts to establish a secure channel?
>>>>>>>>> For for for a Oberthur card it works with the default 0x40 ...
>>>>>>>>> 0x4F key.
>>>>>>>>>
>>>>>>>>> I executed the list.txt file:
>>>>>>>>>
>>>>>>>>> mode_201
>>>>>>>>> enable_trace
>>>>>>>>> establish_context
>>>>>>>>> card_connect
>>>>>>>>> select -AID a0000000030000
>>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>>> <--
>>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>>>>>>
>>>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>>>>>>>>>
>>>>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>>>>>>>>>
>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4
>>>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>> --> 805000000803AF9CAB5BC9A73A00
>>>>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>>>>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>>>>>>>>> <-- 9000
>>>>>>>>> get_status -element e0
>>>>>>>>> --> 80F2E000024F0000
>>>>>>>>> <-- 6A86
>>>>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect
>>>>>>>>> parameters (P1, P2).)
>>>>>>>>>
>>>>>>>>> Obviously the card has problem to list the applications. Don't
>>>>>>>>> know way.
>>>>>>>>>
>>>>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it
>>>>>>>>> can not
>>>>>>>>> treat the GET RESPONSE command. Is this a usual feature? I
>>>>>>>>> cannot use
>>>>>>>>> the card.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> I'm
>>>>>>>>>> getting mutual_authentication() returns 0x80302000. I read
>>>>>>>>>> about the
>>>>>>>>>> need to specify a sdAID, but that seems to apply only to
>>>>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
>>>>>>>>>> doesn't seem to exist...?
>>>>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
>>>>>>>>> CFlex card works with the mentioned change.
>>>>>>>>>
>>>>>>>>> Karsten
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> ~Iain
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>>>>>> mode_201
>>>>>>>>>>>>>>>> enable_trace
>>>>>>>>>>>>>>>> establish_context
>>>>>>>>>>>>>>>> card_connect
>>>>>>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>>>>>>> --> 00A404000700000000000000
>>>>>>>>>>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>>>>>>>>>>> below....
>>>>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the
>>>>>>>>>>>>>> conversion
>>>>>>>>>>>>>> routines, if something like this is used, I'm not sure.
>>>>>>>>>>>> This could be the guilty routine (?):
>>>>>>>>>>>>
>>>>>>>>>>>> It scans two bytes interpreted as a hex byte:
>>>>>>>>>>>>
>>>>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i]))
>>>>>>>>>>>>> 0) {
>>>>>>>>>>>> i++;
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> I will see.
>>>>>>>>>>>>
>>>>>>>>>>>> Karsten
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks, Karsten
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <-- 6A82
>>>>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The
>>>>>>>>>>>>>>>> application to be
>>>>>>>>>>>>>>>> selected could not be found.)
>>>>>>>>>>>>>>>> # uname -a
>>>>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc
>>>>>>>>>>>>>>>> SUNW,Sun-Blade-100
>>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>>>>>>>>>> successfully used
>>>>>>>>>>>>>>>> this stuff on Solaris x86...
>>>>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this
>>>>>>>>>>>>> should not
>>>>>>>>>>>>> effect endianess. I will look into GPShell.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Karsten
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>>>>> mode_201
>>>>>>>>>>>>>>> enable_trace
>>>>>>>>>>>>>>> establish_context
>>>>>>>>>>>>>>> card_connect
>>>>>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>>>>>>>>>> <--
>>>>>>>>>>>>>>> 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>>>>>>>>> <-- 9000
>>>>>>>>>>>>>>> get_status -element e0
>>>>>>>>>>>>>>> --> 80F2E000024F0000
>>>>>>>>>>>>>>> <--
>>>>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> List of applets (AID state privileges)
>>>>>>>>>>>>>>> a0000000030000 7 0
>>>>>>>>>>>>>>> a0000000620001 1 0
>>>>>>>>>>>>>>> a0000000620101 1 0
>>>>>>>>>>>>>>> a0000000620102 1 0
>>>>>>>>>>>>>>> a0000000620201 1 0
>>>>>>>>>>>>>>> a0000000030000 1 0
>>>>>>>>>>>>>>> a000000001 1 0
>>>>>>>>>>>>>>> a00000000101 7 0
>>>>>>>>>>>>>>> card_disconnect
>>>>>>>>>>>>>>> release_context
>>>>>>>>>>>>>>> #
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> ~Iain
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>>>>> scripting
>>>>>>>>>>>>>>> language
>>>>>>>>>>>>>>> that extends applications into web and mobile media.
>>>>>>>>>>>>>>> Attend the live
>>>>>>>>>>>>>>> webcast
>>>>>>>>>>>>>>> and join the prime developer group breaking into this new
>>>>>>>>>>>>>>> coding
>>>>>>>>>>>>>>> territory!
>>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>>>> scripting
>>>>>>>>>>>>>> language
>>>>>>>>>>>>>> that extends applications into web and mobile media. Attend
>>>>>>>>>>>>>> the
>>>>>>>>>>>>>> live webcast
>>>>>>>>>>>>>> and join the prime developer group breaking into this new
>>>>>>>>>>>>>> coding
>>>>>>>>>>>>>> territory!
>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>>> scripting
>>>>>>>>>>>>> language
>>>>>>>>>>>>> that extends applications into web and mobile media. Attend
>>>>>>>>>>>>> the live
>>>>>>>>>>>>> webcast
>>>>>>>>>>>>> and join the prime developer group breaking into this new
>>>>>>>>>>>>> coding
>>>>>>>>>>>>> territory!
>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Globalplatform-developers mailing list
>>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking
>>>>>>>>>>>> scripting
>>>>>>>>>>>> language
>>>>>>>>>>>> that extends applications into web and mobile media. Attend
>>>>>>>>>>>> the live
>>>>>>>>>>>> webcast
>>>>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>>>>> territory!
>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Globalplatform-developers mailing list
>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> mode_211
>>>>>>>>> enable_trace
>>>>>>>>> establish_context
>>>>>>>>> card_connect
>>>>>>>>> select -AID a0000000030000
>>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0
>>>>>>>>> -mac_key 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key
>>>>>>>>> 505152535455565758595a5b5c5d5e5f -enc_key
>>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key
>>>>>>>>> 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>>>>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>>>>> card_disconnect
>>>>>>>>> release_context
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> mode_211
>>>>>>>>> enable_trace
>>>>>>>>> establish_context
>>>>>>>>> card_connect
>>>>>>>>> select -AID a0000000030000
>>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0
>>>>>>>>> -mac_key 505152535455565758595a5b5c5d5e5f -enc_key
>>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key
>>>>>>>>> 505152535455565758595a5b5c5d5e5f // Open secure channel
>>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key
>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>>>>> card_disconnect
>>>>>>>>> release_context
>>>>>
>>>>> -------------------------------------------------------------------------
>>>>>
>>>>> Using Tomcat but need to do more? Need to support web services,
>>>>> security?
>>>>> Get stuff done quickly with pre-integrated technology to make your
>>>>> job easier
>>>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>>>> Geronimo
>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>>>>>
>>>>> _______________________________________________
>>>>> Globalplatform-users mailing list
>>>>> Glo...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>
>> ------------------------------------------------------------------------
>>
>> -------------------------------------------------------------------------
>> Using Tomcat but need to do more? Need to support web services, security?
>> Get stuff done quickly with pre-integrated technology to make your job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Globalplatform-developers mailing list
>> Glo...@li...
>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>
|
|
From: Karsten O. <wid...@t-...> - 2006-10-19 09:34:12
|
Iain MacDonnell wrote: > > Hah! Got it: > > send_apdu -sc 1 -APDU 80E40080074F05A00000000100 Strange. I would expect that this is the same command of the usual delete command. The sc -1 qualifier should have no effect. Ah! I guess, I haven't implemented it 80E40080 but with 80E40000, the usual delete command. Because the latter can cause problems. E.g. for OP201 cards, which do not know 80. > Send APDU: 80 E4 00 80 07 4F 05 A0 00 00 00 01 00 > Recv APDU: 00 90 00 > get_status -element e0 > get_status -element e0 > > List of applets (AID state privileges) > a000000003000000 1 9e > a0000000035350 1 0 > > > Based loosely on: > > http://lists.drizzle.com/pipermail/muscle/2006-May/005353.html > 80 E4 00 80 0e 0e should be 0f, I assume? No. The last 00 is the Le field. So 0e should be correct. This is way 6a80 was thrown. > 4f 06 a0 00 00 00 01 01 > 4f 05 a0 00 00 00 01 > 00 > > (I have separated with newlines and spaces, must be written together.) > Maybe the order of the 2nd and 3rd line must be changed. Either way around, that gets: send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.) > > Thanks :) > > ~Iain > > > > Iain MacDonnell wrote on 10/18/06 04:30 PM: > >> >> >> Karsten Ohme wrote on 10/18/06 04:02 PM: >> >>> Iain MacDonnell wrote: >>> >>>> So I think the Cosmo52 cards I was trying to use before had had their >>>> keys swapped without my knowledge. Trying again, with cards that I know >>>> are new, and I can establish a secure channel, and load and instantiate >>>> the MCardApplet .... but I can't seem to delete it!! Am I missing >>>> something? I've tried various combinations of scp/scpimpl/security and >>>> sdAIDs of a000000003000000 and a0000000030000 - the result is always >>>> 6985... >>>> >>>> mode_211 >>>> establish_context >>>> card_connect >>>> enable_trace >>>> select -AID a000000003000000 >>>> --> 00A4040008A000000003000000 >>>> <-- >>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>> >>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key >>>> 404142434445464748494a4b4c4d4e4f -mac_key >>>> 404142434445464748494a4b4c4d4e4f >>>> --> 8050000008D6C5DC4AD8A949EE00 >>>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000 >>>> --> 848201001007037657966B46ED92B673CE885CA553 >>>> <-- 9000 >>>> get_status -element e0 >>>> --> 80F2E000024F0000 >>>> <-- >>>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000 >>>> >>>> >>>> List of applets (AID state privileges) >>>> a000000003000000 1 9e >>>> a0000000035350 1 0 >>>> a000000001 1 0 >>>> a00000000101 7 2 >>>> delete -AID a00000000101 >>>> --> 80E40000084F06A0000000010100 >>>> <-- 6985 >>>> delete_applet() returns 0x80206985 (6985: Command not allowed - >>>> Conditions of use not satisfied.) >>> >>> >>> Usually at first all applets which have reference to the applet must bed >>> deleted. This should not be the case. >>> Then the applet must be deleted before the package. >>> Then the package can be deleted. >>> >>> But there are cards, which delete all dependent data if the package is >>> deleted. So try to delete the package: >>> >>> delete -AID a000000001 >>> >>> I remember that I implemented it that way that always for GP 211 cards >>> all related data is also deleted. So, it should work. >> >> >> No; same error: >> >> delete -AID a000000001 >> delete_applet() returns 0x80206985 (6985: Command not allowed - >> Conditions of use not satisfied.) >> >> >>> At one card I know of the package AID and the applet AID together must >>> be specified to delete it. This is not supported by GPShell. You must >>> manually look into the documentation of your card, what is necessary. >>> Use the script and instead of the delete command insert a send_apdu >>> command which could look like: >>> >>> 80 E4 00 80 0e >> >> >> 0e should be 0f, I assume? >> >> >>> 4f 06 a0 00 00 00 01 01 >>> 4f 05 a0 00 00 00 01 >>> 00 >>> >>> (I have separated with newlines and spaces, must be written together.) >>> Maybe the order of the 2nd and 3rd line must be changed. >> >> >> Either way around, that gets: >> >> send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 >> Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 >> send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in >> command data.) >> >> >> I guess I need to go hunting for a Cosmo V5.2 manual... >> >> Thx, >> >> ~Iain >> >> >> >> >>>> Snit Mo wrote on 03/27/06 06:07 PM: >>>> >>>>> I have to assume that your card doesn't have the usual test key >>>>> (4041..4f). Where did you get the card from? Can you ask them what >>>>> the key is? >>>>> >>>>> Also, you may want to try Oberthur AppLoader. >>>>> >>>>> Thanks, >>>>> >>>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote: >>>>> >>>>>> Snit Mo wrote on 03/27/06 05:45 PM: >>>>>> >>>>>>> Hello, Iain, >>>>>> >>>>>> Hi :) >>>>>> >>>>>> >>>>>> >>>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo >>>>>>> 5.2. The >>>>>>> default key is 404142...4f. See the result at the end of this file. >>>>>> >>>>>> Doesn't work for me - I wonder why... >>>>>> >>>>>> mode_211 >>>>>> enable_trace >>>>>> establish_context >>>>>> card_connect >>>>>> select -AID a000000003000000 >>>>>> --> 00A4040008A000000003000000 >>>>>> <-- >>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>>>> >>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>> --> 00CA006600 >>>>>> <-- >>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000 >>>>>> >>>>>> --> 8050000008C13CAC00B446633A00 >>>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000 >>>>>> mutual_authentication() returns 0x80302000 (The verification of >>>>>> the card >>>>>> cryptogram failed.) >>>>>> >>>>>> ~Iain >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> For changing keys, use attached files. replacekey-cosmo-gp211 >>>>>>> changes >>>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it >>>>>>> back to 4041...4f. Perhaps I should include these in later releases >>>>>>> ... >>>>>>> >>>>>>> $ ./Release/GPShell.exe listgp211.txt >>>>>>> mode_211 >>>>>>> enable_trace >>>>>>> establish_context >>>>>>> card_connect >>>>>>> select -AID a000000003000000 >>>>>>> --> 00A4040008A000000003000000 >>>>>>> <-- >>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>> >>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291 >>>>>>> >>>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000 >>>>>>> >>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>> --> 00CA006600 >>>>>>> <-- >>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03 >>>>>>> >>>>>>> 640B06092A864886FC6B0401059000 >>>>>>> --> 8050000008B7070A7E2C84570000 >>>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000 >>>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D >>>>>>> <-- 9000 >>>>>>> get_status -element 20 >>>>>>> --> 80F22000024F0000 >>>>>>> <-- >>>>>>> 07A0000000035350010009A00000006203010C01010006A0000000010101009000 >>>>>>> >>>>>>> List of applets (AID state privileges) >>>>>>> a0000000035350 1 0 >>>>>>> a00000006203010c01 1 0 >>>>>>> a00000000101 1 0 >>>>>>> card_disconnect >>>>>>> release_context >>>>>>> >>>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote: >>>>>>> >>>>>>>> Iain MacDonnell wrote: >>>>>>>> >>>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM: >>>>>>>>> >>>>>>>>> >>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Iain MacDonnell wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - >>>>>>>>>>>>>>> have you >>>>>>>>>>>>>>> ever >>>>>>>>>>>>>>> tried this stuff on a big-endian machine? >>>>>>>>>> >>>>>>>>>> I have run some big endian tests on a Solaris system running >>>>>>>>>> on a Sparc. >>>>>>>>>> >>>>>>>>>> For some reason the following happens: >>>>>>>>>> >>>>>>>>>> char *test = "EE"; >>>>>>>>>> sscanf (test, "%02x", &temp); >>>>>>>>>> >>>>>>>>>> if temp is a char the conversion is always 00, if temp is an >>>>>>>>>> int, it >>>>>>>>>> works. >>>>>>>>>> >>>>>>>>>> Please try out the GPShell version in CVS. I have fixed >>>>>>>>>> probably all >>>>>>>>>> conversions, but I have no possibility to test it. >>>>>>>>> >>>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I >>>>>>>>> haven't >>>>>>>>> exercised all functions, but it's able to 'select' and >>>>>>>>> 'open_sc' OK. >>>>>>>>> I'll let you know, of course, if I run into any further problems. >>>>>>>>> >>>>>>>>> Side question: do you happen to have the developer keys for >>>>>>>>> Oberthur >>>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change >>>>>>>>> in the example GPShell scripts to establish a secure channel? >>>>>>>> >>>>>>>> For for for a Oberthur card it works with the default 0x40 ... >>>>>>>> 0x4F key. >>>>>>>> >>>>>>>> I executed the list.txt file: >>>>>>>> >>>>>>>> mode_201 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a0000000030000 >>>>>>>> --> 00A4040007A0000000030000 >>>>>>>> <-- >>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>>> >>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237 >>>>>>>> >>>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000 >>>>>>>> >>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>> --> 805000000803AF9CAB5BC9A73A00 >>>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000 >>>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E >>>>>>>> <-- 9000 >>>>>>>> get_status -element e0 >>>>>>>> --> 80F2E000024F0000 >>>>>>>> <-- 6A86 >>>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect >>>>>>>> parameters (P1, P2).) >>>>>>>> >>>>>>>> Obviously the card has problem to list the applications. Don't >>>>>>>> know way. >>>>>>>> >>>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it >>>>>>>> can not >>>>>>>> treat the GET RESPONSE command. Is this a usual feature? I >>>>>>>> cannot use >>>>>>>> the card. >>>>>>>> >>>>>>>> >>>>>>>>> I'm >>>>>>>>> getting mutual_authentication() returns 0x80302000. I read >>>>>>>>> about the >>>>>>>>> need to specify a sdAID, but that seems to apply only to >>>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example >>>>>>>>> doesn't seem to exist...? >>>>>>>> >>>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the >>>>>>>> CFlex card works with the mentioned change. >>>>>>>> >>>>>>>> Karsten >>>>>>>> >>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> ~Iain >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>>> --> 00A404000700000000000000 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Note that the AID is not showing in this APDU... compared to >>>>>>>>>>>>>> below.... >>>>>>>>>>>>> >>>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the >>>>>>>>>>>>> conversion >>>>>>>>>>>>> routines, if something like this is used, I'm not sure. >>>>>>>>>>> >>>>>>>>>>> This could be the guilty routine (?): >>>>>>>>>>> >>>>>>>>>>> It scans two bytes interpreted as a hex byte: >>>>>>>>>>> >>>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) >>>>>>>>>>> > 0) { >>>>>>>>>>> i++; >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> I will see. >>>>>>>>>>> >>>>>>>>>>> Karsten >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>> Thanks, Karsten >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>>> <-- 6A82 >>>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The >>>>>>>>>>>>>>> application to be >>>>>>>>>>>>>>> selected could not be found.) >>>>>>>>>>>>>>> # uname -a >>>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc >>>>>>>>>>>>>>> SUNW,Sun-Blade-100 >>>>>>>>>>>>>>> # >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've >>>>>>>>>>>>>>> successfully used >>>>>>>>>>>>>>> this stuff on Solaris x86... >>>>>>>>>>>> >>>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this >>>>>>>>>>>> should not >>>>>>>>>>>> effect endianess. I will look into GPShell. >>>>>>>>>>>> >>>>>>>>>>>> Karsten >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>> --> 00A4040007A0000000030000 >>>>>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000 >>>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600 >>>>>>>>>>>>>> <-- >>>>>>>>>>>>>> 000012010000111401020101E86DFA173682E4673596888A215DE86C9000 >>>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2 >>>>>>>>>>>>>> <-- 9000 >>>>>>>>>>>>>> get_status -element e0 >>>>>>>>>>>>>> --> 80F2E000024F0000 >>>>>>>>>>>>>> <-- >>>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> List of applets (AID state privileges) >>>>>>>>>>>>>> a0000000030000 7 0 >>>>>>>>>>>>>> a0000000620001 1 0 >>>>>>>>>>>>>> a0000000620101 1 0 >>>>>>>>>>>>>> a0000000620102 1 0 >>>>>>>>>>>>>> a0000000620201 1 0 >>>>>>>>>>>>>> a0000000030000 1 0 >>>>>>>>>>>>>> a000000001 1 0 >>>>>>>>>>>>>> a00000000101 7 0 >>>>>>>>>>>>>> card_disconnect >>>>>>>>>>>>>> release_context >>>>>>>>>>>>>> # >>>>>>>>>>>>>> >>>>>>>>>>>>>> ~Iain >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>>> scripting >>>>>>>>>>>>>> language >>>>>>>>>>>>>> that extends applications into web and mobile media. >>>>>>>>>>>>>> Attend the live >>>>>>>>>>>>>> webcast >>>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>>> coding >>>>>>>>>>>>>> territory! >>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>> scripting >>>>>>>>>>>>> language >>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>> the >>>>>>>>>>>>> live webcast >>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>> coding >>>>>>>>>>>>> territory! >>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>> scripting >>>>>>>>>>>> language >>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>> the live >>>>>>>>>>>> webcast >>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>> coding >>>>>>>>>>>> territory! >>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>>> Glo...@li... >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>> scripting >>>>>>>>>>> language >>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>> the live >>>>>>>>>>> webcast >>>>>>>>>>> and join the prime developer group breaking into this new coding >>>>>>>>>>> territory! >>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>> Glo...@li... >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------ >>>>>>>> >>>>>>>> >>>>>>>> mode_211 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a0000000030000 >>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>> -mac_key 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>> 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>> 505152535455565758595a5b5c5d5e5f // Put secure channel keys >>>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>> card_disconnect >>>>>>>> release_context >>>>>>>> >>>>>>>> ------------------------------------------------------------------------ >>>>>>>> >>>>>>>> >>>>>>>> mode_211 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a0000000030000 >>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>> -mac_key 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>> 505152535455565758595a5b5c5d5e5f // Open secure channel >>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>> card_disconnect >>>>>>>> release_context >>>> >>>> >>>> ------------------------------------------------------------------------- >>>> >>>> Using Tomcat but need to do more? Need to support web services, >>>> security? >>>> Get stuff done quickly with pre-integrated technology to make your >>>> job easier >>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>>> Geronimo >>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >>>> >>>> _______________________________________________ >>>> Globalplatform-users mailing list >>>> Glo...@li... >>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>> >>> > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > > ------------------------------------------------------------------------ > > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
|
From: Karsten O. <wid...@t-...> - 2006-10-19 09:34:08
|
Iain MacDonnell wrote: > > Hah! Got it: > > send_apdu -sc 1 -APDU 80E40080074F05A00000000100 > Send APDU: 80 E4 00 80 07 4F 05 A0 00 00 00 01 00 No, I was wrong, for GP211 cards I have implemented it with 80. So the command should be the same. Which version of the GlobalPlatform library are you using? Set GLOBALPLATFORM_DEBUG=1, run GPShell and if the log file (C:\Temp or /tmp/ ) does not contain 80 as 4th byte for "delete", the version is too old. Check out from CVS if necessary. Karsten > Recv APDU: 00 90 00 > get_status -element e0 > get_status -element e0 > > List of applets (AID state privileges) > a000000003000000 1 9e > a0000000035350 1 0 > > > Based loosely on: > > http://lists.drizzle.com/pipermail/muscle/2006-May/005353.html > > Thanks :) > > ~Iain > > > > Iain MacDonnell wrote on 10/18/06 04:30 PM: > >> >> >> Karsten Ohme wrote on 10/18/06 04:02 PM: >> >>> Iain MacDonnell wrote: >>> >>>> So I think the Cosmo52 cards I was trying to use before had had their >>>> keys swapped without my knowledge. Trying again, with cards that I know >>>> are new, and I can establish a secure channel, and load and instantiate >>>> the MCardApplet .... but I can't seem to delete it!! Am I missing >>>> something? I've tried various combinations of scp/scpimpl/security and >>>> sdAIDs of a000000003000000 and a0000000030000 - the result is always >>>> 6985... >>>> >>>> mode_211 >>>> establish_context >>>> card_connect >>>> enable_trace >>>> select -AID a000000003000000 >>>> --> 00A4040008A000000003000000 >>>> <-- >>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>> >>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key >>>> 404142434445464748494a4b4c4d4e4f -mac_key >>>> 404142434445464748494a4b4c4d4e4f >>>> --> 8050000008D6C5DC4AD8A949EE00 >>>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000 >>>> --> 848201001007037657966B46ED92B673CE885CA553 >>>> <-- 9000 >>>> get_status -element e0 >>>> --> 80F2E000024F0000 >>>> <-- >>>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000 >>>> >>>> >>>> List of applets (AID state privileges) >>>> a000000003000000 1 9e >>>> a0000000035350 1 0 >>>> a000000001 1 0 >>>> a00000000101 7 2 >>>> delete -AID a00000000101 >>>> --> 80E40000084F06A0000000010100 >>>> <-- 6985 >>>> delete_applet() returns 0x80206985 (6985: Command not allowed - >>>> Conditions of use not satisfied.) >>> >>> >>> Usually at first all applets which have reference to the applet must bed >>> deleted. This should not be the case. >>> Then the applet must be deleted before the package. >>> Then the package can be deleted. >>> >>> But there are cards, which delete all dependent data if the package is >>> deleted. So try to delete the package: >>> >>> delete -AID a000000001 >>> >>> I remember that I implemented it that way that always for GP 211 cards >>> all related data is also deleted. So, it should work. >> >> >> No; same error: >> >> delete -AID a000000001 >> delete_applet() returns 0x80206985 (6985: Command not allowed - >> Conditions of use not satisfied.) >> >> >>> At one card I know of the package AID and the applet AID together must >>> be specified to delete it. This is not supported by GPShell. You must >>> manually look into the documentation of your card, what is necessary. >>> Use the script and instead of the delete command insert a send_apdu >>> command which could look like: >>> >>> 80 E4 00 80 0e >> >> >> 0e should be 0f, I assume? >> >> >>> 4f 06 a0 00 00 00 01 01 >>> 4f 05 a0 00 00 00 01 >>> 00 >>> >>> (I have separated with newlines and spaces, must be written together.) >>> Maybe the order of the 2nd and 3rd line must be changed. >> >> >> Either way around, that gets: >> >> send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 >> Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 >> send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in >> command data.) >> >> >> I guess I need to go hunting for a Cosmo V5.2 manual... >> >> Thx, >> >> ~Iain >> >> >> >> >>>> Snit Mo wrote on 03/27/06 06:07 PM: >>>> >>>>> I have to assume that your card doesn't have the usual test key >>>>> (4041..4f). Where did you get the card from? Can you ask them what >>>>> the key is? >>>>> >>>>> Also, you may want to try Oberthur AppLoader. >>>>> >>>>> Thanks, >>>>> >>>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote: >>>>> >>>>>> Snit Mo wrote on 03/27/06 05:45 PM: >>>>>> >>>>>>> Hello, Iain, >>>>>> >>>>>> Hi :) >>>>>> >>>>>> >>>>>> >>>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo >>>>>>> 5.2. The >>>>>>> default key is 404142...4f. See the result at the end of this file. >>>>>> >>>>>> Doesn't work for me - I wonder why... >>>>>> >>>>>> mode_211 >>>>>> enable_trace >>>>>> establish_context >>>>>> card_connect >>>>>> select -AID a000000003000000 >>>>>> --> 00A4040008A000000003000000 >>>>>> <-- >>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>>>> >>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>> --> 00CA006600 >>>>>> <-- >>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000 >>>>>> >>>>>> --> 8050000008C13CAC00B446633A00 >>>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000 >>>>>> mutual_authentication() returns 0x80302000 (The verification of >>>>>> the card >>>>>> cryptogram failed.) >>>>>> >>>>>> ~Iain >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> For changing keys, use attached files. replacekey-cosmo-gp211 >>>>>>> changes >>>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it >>>>>>> back to 4041...4f. Perhaps I should include these in later releases >>>>>>> ... >>>>>>> >>>>>>> $ ./Release/GPShell.exe listgp211.txt >>>>>>> mode_211 >>>>>>> enable_trace >>>>>>> establish_context >>>>>>> card_connect >>>>>>> select -AID a000000003000000 >>>>>>> --> 00A4040008A000000003000000 >>>>>>> <-- >>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>> >>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291 >>>>>>> >>>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000 >>>>>>> >>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>> --> 00CA006600 >>>>>>> <-- >>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03 >>>>>>> >>>>>>> 640B06092A864886FC6B0401059000 >>>>>>> --> 8050000008B7070A7E2C84570000 >>>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000 >>>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D >>>>>>> <-- 9000 >>>>>>> get_status -element 20 >>>>>>> --> 80F22000024F0000 >>>>>>> <-- >>>>>>> 07A0000000035350010009A00000006203010C01010006A0000000010101009000 >>>>>>> >>>>>>> List of applets (AID state privileges) >>>>>>> a0000000035350 1 0 >>>>>>> a00000006203010c01 1 0 >>>>>>> a00000000101 1 0 >>>>>>> card_disconnect >>>>>>> release_context >>>>>>> >>>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote: >>>>>>> >>>>>>>> Iain MacDonnell wrote: >>>>>>>> >>>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM: >>>>>>>>> >>>>>>>>> >>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Iain MacDonnell wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - >>>>>>>>>>>>>>> have you >>>>>>>>>>>>>>> ever >>>>>>>>>>>>>>> tried this stuff on a big-endian machine? >>>>>>>>>> >>>>>>>>>> I have run some big endian tests on a Solaris system running >>>>>>>>>> on a Sparc. >>>>>>>>>> >>>>>>>>>> For some reason the following happens: >>>>>>>>>> >>>>>>>>>> char *test = "EE"; >>>>>>>>>> sscanf (test, "%02x", &temp); >>>>>>>>>> >>>>>>>>>> if temp is a char the conversion is always 00, if temp is an >>>>>>>>>> int, it >>>>>>>>>> works. >>>>>>>>>> >>>>>>>>>> Please try out the GPShell version in CVS. I have fixed >>>>>>>>>> probably all >>>>>>>>>> conversions, but I have no possibility to test it. >>>>>>>>> >>>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I >>>>>>>>> haven't >>>>>>>>> exercised all functions, but it's able to 'select' and >>>>>>>>> 'open_sc' OK. >>>>>>>>> I'll let you know, of course, if I run into any further problems. >>>>>>>>> >>>>>>>>> Side question: do you happen to have the developer keys for >>>>>>>>> Oberthur >>>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change >>>>>>>>> in the example GPShell scripts to establish a secure channel? >>>>>>>> >>>>>>>> For for for a Oberthur card it works with the default 0x40 ... >>>>>>>> 0x4F key. >>>>>>>> >>>>>>>> I executed the list.txt file: >>>>>>>> >>>>>>>> mode_201 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a0000000030000 >>>>>>>> --> 00A4040007A0000000030000 >>>>>>>> <-- >>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>>> >>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237 >>>>>>>> >>>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000 >>>>>>>> >>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>> --> 805000000803AF9CAB5BC9A73A00 >>>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000 >>>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E >>>>>>>> <-- 9000 >>>>>>>> get_status -element e0 >>>>>>>> --> 80F2E000024F0000 >>>>>>>> <-- 6A86 >>>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect >>>>>>>> parameters (P1, P2).) >>>>>>>> >>>>>>>> Obviously the card has problem to list the applications. Don't >>>>>>>> know way. >>>>>>>> >>>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it >>>>>>>> can not >>>>>>>> treat the GET RESPONSE command. Is this a usual feature? I >>>>>>>> cannot use >>>>>>>> the card. >>>>>>>> >>>>>>>> >>>>>>>>> I'm >>>>>>>>> getting mutual_authentication() returns 0x80302000. I read >>>>>>>>> about the >>>>>>>>> need to specify a sdAID, but that seems to apply only to >>>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example >>>>>>>>> doesn't seem to exist...? >>>>>>>> >>>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the >>>>>>>> CFlex card works with the mentioned change. >>>>>>>> >>>>>>>> Karsten >>>>>>>> >>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> ~Iain >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>>> --> 00A404000700000000000000 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Note that the AID is not showing in this APDU... compared to >>>>>>>>>>>>>> below.... >>>>>>>>>>>>> >>>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the >>>>>>>>>>>>> conversion >>>>>>>>>>>>> routines, if something like this is used, I'm not sure. >>>>>>>>>>> >>>>>>>>>>> This could be the guilty routine (?): >>>>>>>>>>> >>>>>>>>>>> It scans two bytes interpreted as a hex byte: >>>>>>>>>>> >>>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) >>>>>>>>>>> > 0) { >>>>>>>>>>> i++; >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> I will see. >>>>>>>>>>> >>>>>>>>>>> Karsten >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>> Thanks, Karsten >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>>> <-- 6A82 >>>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The >>>>>>>>>>>>>>> application to be >>>>>>>>>>>>>>> selected could not be found.) >>>>>>>>>>>>>>> # uname -a >>>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc >>>>>>>>>>>>>>> SUNW,Sun-Blade-100 >>>>>>>>>>>>>>> # >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've >>>>>>>>>>>>>>> successfully used >>>>>>>>>>>>>>> this stuff on Solaris x86... >>>>>>>>>>>> >>>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this >>>>>>>>>>>> should not >>>>>>>>>>>> effect endianess. I will look into GPShell. >>>>>>>>>>>> >>>>>>>>>>>> Karsten >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>> --> 00A4040007A0000000030000 >>>>>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000 >>>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600 >>>>>>>>>>>>>> <-- >>>>>>>>>>>>>> 000012010000111401020101E86DFA173682E4673596888A215DE86C9000 >>>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2 >>>>>>>>>>>>>> <-- 9000 >>>>>>>>>>>>>> get_status -element e0 >>>>>>>>>>>>>> --> 80F2E000024F0000 >>>>>>>>>>>>>> <-- >>>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> List of applets (AID state privileges) >>>>>>>>>>>>>> a0000000030000 7 0 >>>>>>>>>>>>>> a0000000620001 1 0 >>>>>>>>>>>>>> a0000000620101 1 0 >>>>>>>>>>>>>> a0000000620102 1 0 >>>>>>>>>>>>>> a0000000620201 1 0 >>>>>>>>>>>>>> a0000000030000 1 0 >>>>>>>>>>>>>> a000000001 1 0 >>>>>>>>>>>>>> a00000000101 7 0 >>>>>>>>>>>>>> card_disconnect >>>>>>>>>>>>>> release_context >>>>>>>>>>>>>> # >>>>>>>>>>>>>> >>>>>>>>>>>>>> ~Iain >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>>> scripting >>>>>>>>>>>>>> language >>>>>>>>>>>>>> that extends applications into web and mobile media. >>>>>>>>>>>>>> Attend the live >>>>>>>>>>>>>> webcast >>>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>>> coding >>>>>>>>>>>>>> territory! >>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>> scripting >>>>>>>>>>>>> language >>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>> the >>>>>>>>>>>>> live webcast >>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>> coding >>>>>>>>>>>>> territory! >>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>> scripting >>>>>>>>>>>> language >>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>> the live >>>>>>>>>>>> webcast >>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>> coding >>>>>>>>>>>> territory! >>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>>> Glo...@li... >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>> scripting >>>>>>>>>>> language >>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>> the live >>>>>>>>>>> webcast >>>>>>>>>>> and join the prime developer group breaking into this new coding >>>>>>>>>>> territory! >>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>> Glo...@li... >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------ >>>>>>>> >>>>>>>> >>>>>>>> mode_211 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a0000000030000 >>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>> -mac_key 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>> 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>> 505152535455565758595a5b5c5d5e5f // Put secure channel keys >>>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>> card_disconnect >>>>>>>> release_context >>>>>>>> >>>>>>>> ------------------------------------------------------------------------ >>>>>>>> >>>>>>>> >>>>>>>> mode_211 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a0000000030000 >>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>> -mac_key 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>> 505152535455565758595a5b5c5d5e5f // Open secure channel >>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>> card_disconnect >>>>>>>> release_context >>>> >>>> >>>> ------------------------------------------------------------------------- >>>> >>>> Using Tomcat but need to do more? Need to support web services, >>>> security? >>>> Get stuff done quickly with pre-integrated technology to make your >>>> job easier >>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>>> Geronimo >>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >>>> >>>> _______________________________________________ >>>> Globalplatform-users mailing list >>>> Glo...@li... >>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>> >>> > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > > ------------------------------------------------------------------------ > > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
|
From: Karsten O. <wid...@t-...> - 2006-10-19 07:21:48
|
Iain MacDonnell wrote: > > > Karsten Ohme wrote on 10/18/06 11:52 PM: > >> Iain MacDonnell wrote: >> >>> Hah! Got it: >>> >>> send_apdu -sc 1 -APDU 80E40080074F05A00000000100 >> >> >> Strange. I would expect that this is the same command of the usual >> delete command. The sc -1 qualifier should have no effect. >> >> Ah! I guess, I haven't implemented it 80E40080 but with 80E40000, the >> usual delete command. Because the latter can cause problems. E.g. for >> OP201 cards, which do not know 80. > > > Maybe you could use 80 when in mode_211 ? > > The down-side of using send_apdu is that when it fails (i.e. if there's > nothing to delete), gpshell exits right away. Would be a point on the task list to improve gpshell so that it can be specified, what to do if a command fails. I think of a minus sign '-' like in Makefiles which ignore the error in that case. Maybe in some time. Karsten > > >>> Send APDU: 80 E4 00 80 07 4F 05 A0 00 00 00 01 00 >>> Recv APDU: 00 90 00 >>> get_status -element e0 >>> get_status -element e0 >>> >>> List of applets (AID state privileges) >>> a000000003000000 1 9e >>> a0000000035350 1 0 >>> >>> >>> Based loosely on: >>> >>> http://lists.drizzle.com/pipermail/muscle/2006-May/005353.html >> >> >>> 80 E4 00 80 0e >> >> >> >> 0e should be 0f, I assume? >> >> No. The last 00 is the Le field. So 0e should be correct. This is way >> 6a80 was thrown. > > > I wasn't counting the 00 at the end :) With 0e, it said: > > send_apdu -sc 1 -APDU 80E400800E4F06A000000001014F05A00000000100 > Send APDU: 80 E4 00 80 0E 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 > --> 80E400800E4F06A000000001014F05A00000000100 > send_APDU() returns 0x80301000 (A APDU command can't be recognized as a > valid T=0 protocol Case 1-4 ISO7816-4 APDU) > > ~Iain > > > >>> 4f 06 a0 00 00 00 01 01 >>> 4f 05 a0 00 00 00 01 >>> 00 >>> >>> (I have separated with newlines and spaces, must be written together.) >>> Maybe the order of the 2nd and 3rd line must be changed. >> >> >> >> Either way around, that gets: >> >> send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 >> Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 >> send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in >> command data.) >> >>> Thanks :) >>> >>> ~Iain >>> >>> >>> >>> Iain MacDonnell wrote on 10/18/06 04:30 PM: >>> >>>> >>>> Karsten Ohme wrote on 10/18/06 04:02 PM: >>>> >>>>> Iain MacDonnell wrote: >>>>> >>>>>> So I think the Cosmo52 cards I was trying to use before had had their >>>>>> keys swapped without my knowledge. Trying again, with cards that I >>>>>> know >>>>>> are new, and I can establish a secure channel, and load and >>>>>> instantiate >>>>>> the MCardApplet .... but I can't seem to delete it!! Am I missing >>>>>> something? I've tried various combinations of scp/scpimpl/security >>>>>> and >>>>>> sdAIDs of a000000003000000 and a0000000030000 - the result is always >>>>>> 6985... >>>>>> >>>>>> mode_211 >>>>>> establish_context >>>>>> card_connect >>>>>> enable_trace >>>>>> select -AID a000000003000000 >>>>>> --> 00A4040008A000000003000000 >>>>>> <-- >>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>>>> >>>>>> >>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key >>>>>> 404142434445464748494a4b4c4d4e4f -mac_key >>>>>> 404142434445464748494a4b4c4d4e4f >>>>>> --> 8050000008D6C5DC4AD8A949EE00 >>>>>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000 >>>>>> --> 848201001007037657966B46ED92B673CE885CA553 >>>>>> <-- 9000 >>>>>> get_status -element e0 >>>>>> --> 80F2E000024F0000 >>>>>> <-- >>>>>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000 >>>>>> >>>>>> >>>>>> >>>>>> List of applets (AID state privileges) >>>>>> a000000003000000 1 9e >>>>>> a0000000035350 1 0 >>>>>> a000000001 1 0 >>>>>> a00000000101 7 2 >>>>>> delete -AID a00000000101 >>>>>> --> 80E40000084F06A0000000010100 >>>>>> <-- 6985 >>>>>> delete_applet() returns 0x80206985 (6985: Command not allowed - >>>>>> Conditions of use not satisfied.) >>>>> >>>>> >>>>> Usually at first all applets which have reference to the applet >>>>> must bed >>>>> deleted. This should not be the case. >>>>> Then the applet must be deleted before the package. >>>>> Then the package can be deleted. >>>>> >>>>> But there are cards, which delete all dependent data if the package is >>>>> deleted. So try to delete the package: >>>>> >>>>> delete -AID a000000001 >>>>> >>>>> I remember that I implemented it that way that always for GP 211 cards >>>>> all related data is also deleted. So, it should work. >>>> >>>> >>>> No; same error: >>>> >>>> delete -AID a000000001 >>>> delete_applet() returns 0x80206985 (6985: Command not allowed - >>>> Conditions of use not satisfied.) >>>> >>>> >>>>> At one card I know of the package AID and the applet AID together must >>>>> be specified to delete it. This is not supported by GPShell. You must >>>>> manually look into the documentation of your card, what is necessary. >>>>> Use the script and instead of the delete command insert a send_apdu >>>>> command which could look like: >>>>> >>>>> 80 E4 00 80 0e >>>> >>>> >>>> 0e should be 0f, I assume? >>>> >>>> >>>>> 4f 06 a0 00 00 00 01 01 >>>>> 4f 05 a0 00 00 00 01 >>>>> 00 >>>>> >>>>> (I have separated with newlines and spaces, must be written together.) >>>>> Maybe the order of the 2nd and 3rd line must be changed. >>>> >>>> >>>> Either way around, that gets: >>>> >>>> send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 >>>> Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 >>>> 01 00 >>>> send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in >>>> command data.) >>>> >>>> >>>> I guess I need to go hunting for a Cosmo V5.2 manual... >>>> >>>> Thx, >>>> >>>> ~Iain >>>> >>>> >>>> >>>> >>>>>> Snit Mo wrote on 03/27/06 06:07 PM: >>>>>> >>>>>>> I have to assume that your card doesn't have the usual test key >>>>>>> (4041..4f). Where did you get the card from? Can you ask them what >>>>>>> the key is? >>>>>>> >>>>>>> Also, you may want to try Oberthur AppLoader. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote: >>>>>>> >>>>>>>> Snit Mo wrote on 03/27/06 05:45 PM: >>>>>>>> >>>>>>>>> Hello, Iain, >>>>>>>> >>>>>>>> Hi :) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo >>>>>>>>> 5.2. The >>>>>>>>> default key is 404142...4f. See the result at the end of this >>>>>>>>> file. >>>>>>>> >>>>>>>> Doesn't work for me - I wonder why... >>>>>>>> >>>>>>>> mode_211 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a000000003000000 >>>>>>>> --> 00A4040008A000000003000000 >>>>>>>> <-- >>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>>>>>> >>>>>>>> >>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>> --> 00CA006600 >>>>>>>> <-- >>>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000 >>>>>>>> >>>>>>>> >>>>>>>> --> 8050000008C13CAC00B446633A00 >>>>>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000 >>>>>>>> mutual_authentication() returns 0x80302000 (The verification of >>>>>>>> the card >>>>>>>> cryptogram failed.) >>>>>>>> >>>>>>>> ~Iain >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> For changing keys, use attached files. replacekey-cosmo-gp211 >>>>>>>>> changes >>>>>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt >>>>>>>>> puts it >>>>>>>>> back to 4041...4f. Perhaps I should include these in later >>>>>>>>> releases >>>>>>>>> ... >>>>>>>>> >>>>>>>>> $ ./Release/GPShell.exe listgp211.txt >>>>>>>>> mode_211 >>>>>>>>> enable_trace >>>>>>>>> establish_context >>>>>>>>> card_connect >>>>>>>>> select -AID a000000003000000 >>>>>>>>> --> 00A4040008A000000003000000 >>>>>>>>> <-- >>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>>>> >>>>>>>>> >>>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291 >>>>>>>>> >>>>>>>>> >>>>>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000 >>>>>>>>> >>>>>>>>> >>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>> --> 00CA006600 >>>>>>>>> <-- >>>>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03 >>>>>>>>> >>>>>>>>> >>>>>>>>> 640B06092A864886FC6B0401059000 >>>>>>>>> --> 8050000008B7070A7E2C84570000 >>>>>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000 >>>>>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D >>>>>>>>> <-- 9000 >>>>>>>>> get_status -element 20 >>>>>>>>> --> 80F22000024F0000 >>>>>>>>> <-- >>>>>>>>> 07A0000000035350010009A00000006203010C01010006A0000000010101009000 >>>>>>>>> >>>>>>>>> List of applets (AID state privileges) >>>>>>>>> a0000000035350 1 0 >>>>>>>>> a00000006203010c01 1 0 >>>>>>>>> a00000000101 1 0 >>>>>>>>> card_disconnect >>>>>>>>> release_context >>>>>>>>> >>>>>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote: >>>>>>>>> >>>>>>>>>> Iain MacDonnell wrote: >>>>>>>>>> >>>>>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Iain MacDonnell wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - >>>>>>>>>>>>>>>>> have you >>>>>>>>>>>>>>>>> ever >>>>>>>>>>>>>>>>> tried this stuff on a big-endian machine? >>>>>>>>>>>> >>>>>>>>>>>> I have run some big endian tests on a Solaris system running >>>>>>>>>>>> on a Sparc. >>>>>>>>>>>> >>>>>>>>>>>> For some reason the following happens: >>>>>>>>>>>> >>>>>>>>>>>> char *test = "EE"; >>>>>>>>>>>> sscanf (test, "%02x", &temp); >>>>>>>>>>>> >>>>>>>>>>>> if temp is a char the conversion is always 00, if temp is an >>>>>>>>>>>> int, it >>>>>>>>>>>> works. >>>>>>>>>>>> >>>>>>>>>>>> Please try out the GPShell version in CVS. I have fixed >>>>>>>>>>>> probably all >>>>>>>>>>>> conversions, but I have no possibility to test it. >>>>>>>>>>> >>>>>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I >>>>>>>>>>> haven't >>>>>>>>>>> exercised all functions, but it's able to 'select' and >>>>>>>>>>> 'open_sc' OK. >>>>>>>>>>> I'll let you know, of course, if I run into any further >>>>>>>>>>> problems. >>>>>>>>>>> >>>>>>>>>>> Side question: do you happen to have the developer keys for >>>>>>>>>>> Oberthur >>>>>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change >>>>>>>>>>> in the example GPShell scripts to establish a secure channel? >>>>>>>>>> >>>>>>>>>> For for for a Oberthur card it works with the default 0x40 ... >>>>>>>>>> 0x4F key. >>>>>>>>>> >>>>>>>>>> I executed the list.txt file: >>>>>>>>>> >>>>>>>>>> mode_201 >>>>>>>>>> enable_trace >>>>>>>>>> establish_context >>>>>>>>>> card_connect >>>>>>>>>> select -AID a0000000030000 >>>>>>>>>> --> 00A4040007A0000000030000 >>>>>>>>>> <-- >>>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure >>>>>>>>>> channel >>>>>>>>>> --> 805000000803AF9CAB5BC9A73A00 >>>>>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000 >>>>>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E >>>>>>>>>> <-- 9000 >>>>>>>>>> get_status -element e0 >>>>>>>>>> --> 80F2E000024F0000 >>>>>>>>>> <-- 6A86 >>>>>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect >>>>>>>>>> parameters (P1, P2).) >>>>>>>>>> >>>>>>>>>> Obviously the card has problem to list the applications. Don't >>>>>>>>>> know way. >>>>>>>>>> >>>>>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it >>>>>>>>>> can not >>>>>>>>>> treat the GET RESPONSE command. Is this a usual feature? I >>>>>>>>>> cannot use >>>>>>>>>> the card. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> I'm >>>>>>>>>>> getting mutual_authentication() returns 0x80302000. I read >>>>>>>>>>> about the >>>>>>>>>>> need to specify a sdAID, but that seems to apply only to >>>>>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' >>>>>>>>>>> example >>>>>>>>>>> doesn't seem to exist...? >>>>>>>>>> >>>>>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey >>>>>>>>>> for the >>>>>>>>>> CFlex card works with the mentioned change. >>>>>>>>>> >>>>>>>>>> Karsten >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Thanks! >>>>>>>>>>> >>>>>>>>>>> ~Iain >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>>>>> --> 00A404000700000000000000 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Note that the AID is not showing in this APDU... >>>>>>>>>>>>>>>> compared to >>>>>>>>>>>>>>>> below.... >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the >>>>>>>>>>>>>>> conversion >>>>>>>>>>>>>>> routines, if something like this is used, I'm not sure. >>>>>>>>>>>>> >>>>>>>>>>>>> This could be the guilty routine (?): >>>>>>>>>>>>> >>>>>>>>>>>>> It scans two bytes interpreted as a hex byte: >>>>>>>>>>>>> >>>>>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) >>>>>>>>>>>>> >>>>>>>>>>>>>> 0) { >>>>>>>>>>>>> >>>>>>>>>>>>> i++; >>>>>>>>>>>>> } >>>>>>>>>>>>> >>>>>>>>>>>>> I will see. >>>>>>>>>>>>> >>>>>>>>>>>>> Karsten >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, Karsten >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> <-- 6A82 >>>>>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The >>>>>>>>>>>>>>>>> application to be >>>>>>>>>>>>>>>>> selected could not be found.) >>>>>>>>>>>>>>>>> # uname -a >>>>>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc >>>>>>>>>>>>>>>>> SUNW,Sun-Blade-100 >>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've >>>>>>>>>>>>>>>>> successfully used >>>>>>>>>>>>>>>>> this stuff on Solaris x86... >>>>>>>>>>>>>> >>>>>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this >>>>>>>>>>>>>> should not >>>>>>>>>>>>>> effect endianess. I will look into GPShell. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Karsten >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>>>> --> 00A4040007A0000000030000 >>>>>>>>>>>>>>>> <-- >>>>>>>>>>>>>>>> 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000 >>>>>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600 >>>>>>>>>>>>>>>> <-- >>>>>>>>>>>>>>>> 000012010000111401020101E86DFA173682E4673596888A215DE86C9000 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2 >>>>>>>>>>>>>>>> <-- 9000 >>>>>>>>>>>>>>>> get_status -element e0 >>>>>>>>>>>>>>>> --> 80F2E000024F0000 >>>>>>>>>>>>>>>> <-- >>>>>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> List of applets (AID state privileges) >>>>>>>>>>>>>>>> a0000000030000 7 0 >>>>>>>>>>>>>>>> a0000000620001 1 0 >>>>>>>>>>>>>>>> a0000000620101 1 0 >>>>>>>>>>>>>>>> a0000000620102 1 0 >>>>>>>>>>>>>>>> a0000000620201 1 0 >>>>>>>>>>>>>>>> a0000000030000 1 0 >>>>>>>>>>>>>>>> a000000001 1 0 >>>>>>>>>>>>>>>> a00000000101 7 0 >>>>>>>>>>>>>>>> card_disconnect >>>>>>>>>>>>>>>> release_context >>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ~Iain >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>>>>> scripting >>>>>>>>>>>>>>>> language >>>>>>>>>>>>>>>> that extends applications into web and mobile media. >>>>>>>>>>>>>>>> Attend the live >>>>>>>>>>>>>>>> webcast >>>>>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>>>>> coding >>>>>>>>>>>>>>>> territory! >>>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>>>> scripting >>>>>>>>>>>>>>> language >>>>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>> live webcast >>>>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>>>> coding >>>>>>>>>>>>>>> territory! >>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>>> scripting >>>>>>>>>>>>>> language >>>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>>> the live >>>>>>>>>>>>>> webcast >>>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>>> coding >>>>>>>>>>>>>> territory! >>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>> scripting >>>>>>>>>>>>> language >>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>> the live >>>>>>>>>>>>> webcast >>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>> coding >>>>>>>>>>>>> territory! >>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> mode_211 >>>>>>>>>> enable_trace >>>>>>>>>> establish_context >>>>>>>>>> card_connect >>>>>>>>>> select -AID a0000000030000 >>>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>>>> -mac_key 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>>>> 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>>>> 505152535455565758595a5b5c5d5e5f // Put secure channel keys >>>>>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>>>> card_disconnect >>>>>>>>>> release_context >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> mode_211 >>>>>>>>>> enable_trace >>>>>>>>>> establish_context >>>>>>>>>> card_connect >>>>>>>>>> select -AID a0000000030000 >>>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>>>> -mac_key 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>>>> 505152535455565758595a5b5c5d5e5f // Open secure channel >>>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>>>> card_disconnect >>>>>>>>>> release_context >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------- >>>>>> >>>>>> >>>>>> Using Tomcat but need to do more? Need to support web services, >>>>>> security? >>>>>> Get stuff done quickly with pre-integrated technology to make your >>>>>> job easier >>>>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>>>>> Geronimo >>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Globalplatform-users mailing list >>>>>> Glo...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>> >>>>> >>> ------------------------------------------------------------------------ >>> >>> ------------------------------------------------------------------------- >>> >>> Using Tomcat but need to do more? Need to support web services, >>> security? >>> Get stuff done quickly with pre-integrated technology to make your >>> job easier >>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>> Geronimo >>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Globalplatform-developers mailing list >>> Glo...@li... >>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >> >> > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > > ------------------------------------------------------------------------ > > _______________________________________________ > Globalplatform-developers mailing list > Glo...@li... > https://lists.sourceforge.net/lists/listinfo/globalplatform-developers |
|
From: Iain M. <Ds...@Ds...> - 2006-10-19 07:10:18
|
Karsten Ohme wrote on 10/18/06 11:52 PM: > Iain MacDonnell wrote: >> Hah! Got it: >> >> send_apdu -sc 1 -APDU 80E40080074F05A00000000100 > > Strange. I would expect that this is the same command of the usual > delete command. The sc -1 qualifier should have no effect. > > Ah! I guess, I haven't implemented it 80E40080 but with 80E40000, the > usual delete command. Because the latter can cause problems. E.g. for > OP201 cards, which do not know 80. Maybe you could use 80 when in mode_211 ? The down-side of using send_apdu is that when it fails (i.e. if there's nothing to delete), gpshell exits right away. >> Send APDU: 80 E4 00 80 07 4F 05 A0 00 00 00 01 00 >> Recv APDU: 00 90 00 >> get_status -element e0 >> get_status -element e0 >> >> List of applets (AID state privileges) >> a000000003000000 1 9e >> a0000000035350 1 0 >> >> >> Based loosely on: >> >> http://lists.drizzle.com/pipermail/muscle/2006-May/005353.html > >> 80 E4 00 80 0e > > > 0e should be 0f, I assume? > > No. The last 00 is the Le field. So 0e should be correct. This is way > 6a80 was thrown. I wasn't counting the 00 at the end :) With 0e, it said: send_apdu -sc 1 -APDU 80E400800E4F06A000000001014F05A00000000100 Send APDU: 80 E4 00 80 0E 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 --> 80E400800E4F06A000000001014F05A00000000100 send_APDU() returns 0x80301000 (A APDU command can't be recognized as a valid T=0 protocol Case 1-4 ISO7816-4 APDU) ~Iain >> 4f 06 a0 00 00 00 01 01 >> 4f 05 a0 00 00 00 01 >> 00 >> >> (I have separated with newlines and spaces, must be written together.) >> Maybe the order of the 2nd and 3rd line must be changed. > > > Either way around, that gets: > > send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 > Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 > send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in > command data.) > >> Thanks :) >> >> ~Iain >> >> >> >> Iain MacDonnell wrote on 10/18/06 04:30 PM: >> >>> >>> Karsten Ohme wrote on 10/18/06 04:02 PM: >>> >>>> Iain MacDonnell wrote: >>>> >>>>> So I think the Cosmo52 cards I was trying to use before had had their >>>>> keys swapped without my knowledge. Trying again, with cards that I know >>>>> are new, and I can establish a secure channel, and load and instantiate >>>>> the MCardApplet .... but I can't seem to delete it!! Am I missing >>>>> something? I've tried various combinations of scp/scpimpl/security and >>>>> sdAIDs of a000000003000000 and a0000000030000 - the result is always >>>>> 6985... >>>>> >>>>> mode_211 >>>>> establish_context >>>>> card_connect >>>>> enable_trace >>>>> select -AID a000000003000000 >>>>> --> 00A4040008A000000003000000 >>>>> <-- >>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>>> >>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key >>>>> 404142434445464748494a4b4c4d4e4f -mac_key >>>>> 404142434445464748494a4b4c4d4e4f >>>>> --> 8050000008D6C5DC4AD8A949EE00 >>>>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000 >>>>> --> 848201001007037657966B46ED92B673CE885CA553 >>>>> <-- 9000 >>>>> get_status -element e0 >>>>> --> 80F2E000024F0000 >>>>> <-- >>>>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000 >>>>> >>>>> >>>>> List of applets (AID state privileges) >>>>> a000000003000000 1 9e >>>>> a0000000035350 1 0 >>>>> a000000001 1 0 >>>>> a00000000101 7 2 >>>>> delete -AID a00000000101 >>>>> --> 80E40000084F06A0000000010100 >>>>> <-- 6985 >>>>> delete_applet() returns 0x80206985 (6985: Command not allowed - >>>>> Conditions of use not satisfied.) >>>> >>>> Usually at first all applets which have reference to the applet must bed >>>> deleted. This should not be the case. >>>> Then the applet must be deleted before the package. >>>> Then the package can be deleted. >>>> >>>> But there are cards, which delete all dependent data if the package is >>>> deleted. So try to delete the package: >>>> >>>> delete -AID a000000001 >>>> >>>> I remember that I implemented it that way that always for GP 211 cards >>>> all related data is also deleted. So, it should work. >>> >>> No; same error: >>> >>> delete -AID a000000001 >>> delete_applet() returns 0x80206985 (6985: Command not allowed - >>> Conditions of use not satisfied.) >>> >>> >>>> At one card I know of the package AID and the applet AID together must >>>> be specified to delete it. This is not supported by GPShell. You must >>>> manually look into the documentation of your card, what is necessary. >>>> Use the script and instead of the delete command insert a send_apdu >>>> command which could look like: >>>> >>>> 80 E4 00 80 0e >>> >>> 0e should be 0f, I assume? >>> >>> >>>> 4f 06 a0 00 00 00 01 01 >>>> 4f 05 a0 00 00 00 01 >>>> 00 >>>> >>>> (I have separated with newlines and spaces, must be written together.) >>>> Maybe the order of the 2nd and 3rd line must be changed. >>> >>> Either way around, that gets: >>> >>> send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 >>> Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 >>> send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in >>> command data.) >>> >>> >>> I guess I need to go hunting for a Cosmo V5.2 manual... >>> >>> Thx, >>> >>> ~Iain >>> >>> >>> >>> >>>>> Snit Mo wrote on 03/27/06 06:07 PM: >>>>> >>>>>> I have to assume that your card doesn't have the usual test key >>>>>> (4041..4f). Where did you get the card from? Can you ask them what >>>>>> the key is? >>>>>> >>>>>> Also, you may want to try Oberthur AppLoader. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote: >>>>>> >>>>>>> Snit Mo wrote on 03/27/06 05:45 PM: >>>>>>> >>>>>>>> Hello, Iain, >>>>>>> Hi :) >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo >>>>>>>> 5.2. The >>>>>>>> default key is 404142...4f. See the result at the end of this file. >>>>>>> Doesn't work for me - I wonder why... >>>>>>> >>>>>>> mode_211 >>>>>>> enable_trace >>>>>>> establish_context >>>>>>> card_connect >>>>>>> select -AID a000000003000000 >>>>>>> --> 00A4040008A000000003000000 >>>>>>> <-- >>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>>>>> >>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>> --> 00CA006600 >>>>>>> <-- >>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000 >>>>>>> >>>>>>> --> 8050000008C13CAC00B446633A00 >>>>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000 >>>>>>> mutual_authentication() returns 0x80302000 (The verification of >>>>>>> the card >>>>>>> cryptogram failed.) >>>>>>> >>>>>>> ~Iain >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> For changing keys, use attached files. replacekey-cosmo-gp211 >>>>>>>> changes >>>>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it >>>>>>>> back to 4041...4f. Perhaps I should include these in later releases >>>>>>>> ... >>>>>>>> >>>>>>>> $ ./Release/GPShell.exe listgp211.txt >>>>>>>> mode_211 >>>>>>>> enable_trace >>>>>>>> establish_context >>>>>>>> card_connect >>>>>>>> select -AID a000000003000000 >>>>>>>> --> 00A4040008A000000003000000 >>>>>>>> <-- >>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>>> >>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291 >>>>>>>> >>>>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000 >>>>>>>> >>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>> --> 00CA006600 >>>>>>>> <-- >>>>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03 >>>>>>>> >>>>>>>> 640B06092A864886FC6B0401059000 >>>>>>>> --> 8050000008B7070A7E2C84570000 >>>>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000 >>>>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D >>>>>>>> <-- 9000 >>>>>>>> get_status -element 20 >>>>>>>> --> 80F22000024F0000 >>>>>>>> <-- >>>>>>>> 07A0000000035350010009A00000006203010C01010006A0000000010101009000 >>>>>>>> >>>>>>>> List of applets (AID state privileges) >>>>>>>> a0000000035350 1 0 >>>>>>>> a00000006203010c01 1 0 >>>>>>>> a00000000101 1 0 >>>>>>>> card_disconnect >>>>>>>> release_context >>>>>>>> >>>>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote: >>>>>>>> >>>>>>>>> Iain MacDonnell wrote: >>>>>>>>> >>>>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>> Iain MacDonnell wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - >>>>>>>>>>>>>>>> have you >>>>>>>>>>>>>>>> ever >>>>>>>>>>>>>>>> tried this stuff on a big-endian machine? >>>>>>>>>>> I have run some big endian tests on a Solaris system running >>>>>>>>>>> on a Sparc. >>>>>>>>>>> >>>>>>>>>>> For some reason the following happens: >>>>>>>>>>> >>>>>>>>>>> char *test = "EE"; >>>>>>>>>>> sscanf (test, "%02x", &temp); >>>>>>>>>>> >>>>>>>>>>> if temp is a char the conversion is always 00, if temp is an >>>>>>>>>>> int, it >>>>>>>>>>> works. >>>>>>>>>>> >>>>>>>>>>> Please try out the GPShell version in CVS. I have fixed >>>>>>>>>>> probably all >>>>>>>>>>> conversions, but I have no possibility to test it. >>>>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I >>>>>>>>>> haven't >>>>>>>>>> exercised all functions, but it's able to 'select' and >>>>>>>>>> 'open_sc' OK. >>>>>>>>>> I'll let you know, of course, if I run into any further problems. >>>>>>>>>> >>>>>>>>>> Side question: do you happen to have the developer keys for >>>>>>>>>> Oberthur >>>>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change >>>>>>>>>> in the example GPShell scripts to establish a secure channel? >>>>>>>>> For for for a Oberthur card it works with the default 0x40 ... >>>>>>>>> 0x4F key. >>>>>>>>> >>>>>>>>> I executed the list.txt file: >>>>>>>>> >>>>>>>>> mode_201 >>>>>>>>> enable_trace >>>>>>>>> establish_context >>>>>>>>> card_connect >>>>>>>>> select -AID a0000000030000 >>>>>>>>> --> 00A4040007A0000000030000 >>>>>>>>> <-- >>>>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>>>> >>>>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237 >>>>>>>>> >>>>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000 >>>>>>>>> >>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>> --> 805000000803AF9CAB5BC9A73A00 >>>>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000 >>>>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E >>>>>>>>> <-- 9000 >>>>>>>>> get_status -element e0 >>>>>>>>> --> 80F2E000024F0000 >>>>>>>>> <-- 6A86 >>>>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect >>>>>>>>> parameters (P1, P2).) >>>>>>>>> >>>>>>>>> Obviously the card has problem to list the applications. Don't >>>>>>>>> know way. >>>>>>>>> >>>>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it >>>>>>>>> can not >>>>>>>>> treat the GET RESPONSE command. Is this a usual feature? I >>>>>>>>> cannot use >>>>>>>>> the card. >>>>>>>>> >>>>>>>>> >>>>>>>>>> I'm >>>>>>>>>> getting mutual_authentication() returns 0x80302000. I read >>>>>>>>>> about the >>>>>>>>>> need to specify a sdAID, but that seems to apply only to >>>>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example >>>>>>>>>> doesn't seem to exist...? >>>>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the >>>>>>>>> CFlex card works with the mentioned change. >>>>>>>>> >>>>>>>>> Karsten >>>>>>>>> >>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> >>>>>>>>>> ~Iain >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>>>> --> 00A404000700000000000000 >>>>>>>>>>>>>>> Note that the AID is not showing in this APDU... compared to >>>>>>>>>>>>>>> below.... >>>>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the >>>>>>>>>>>>>> conversion >>>>>>>>>>>>>> routines, if something like this is used, I'm not sure. >>>>>>>>>>>> This could be the guilty routine (?): >>>>>>>>>>>> >>>>>>>>>>>> It scans two bytes interpreted as a hex byte: >>>>>>>>>>>> >>>>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) >>>>>>>>>>>>> 0) { >>>>>>>>>>>> i++; >>>>>>>>>>>> } >>>>>>>>>>>> >>>>>>>>>>>> I will see. >>>>>>>>>>>> >>>>>>>>>>>> Karsten >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, Karsten >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <-- 6A82 >>>>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The >>>>>>>>>>>>>>>> application to be >>>>>>>>>>>>>>>> selected could not be found.) >>>>>>>>>>>>>>>> # uname -a >>>>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc >>>>>>>>>>>>>>>> SUNW,Sun-Blade-100 >>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've >>>>>>>>>>>>>>>> successfully used >>>>>>>>>>>>>>>> this stuff on Solaris x86... >>>>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this >>>>>>>>>>>>> should not >>>>>>>>>>>>> effect endianess. I will look into GPShell. >>>>>>>>>>>>> >>>>>>>>>>>>> Karsten >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>>> --> 00A4040007A0000000030000 >>>>>>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000 >>>>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600 >>>>>>>>>>>>>>> <-- >>>>>>>>>>>>>>> 000012010000111401020101E86DFA173682E4673596888A215DE86C9000 >>>>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2 >>>>>>>>>>>>>>> <-- 9000 >>>>>>>>>>>>>>> get_status -element e0 >>>>>>>>>>>>>>> --> 80F2E000024F0000 >>>>>>>>>>>>>>> <-- >>>>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> List of applets (AID state privileges) >>>>>>>>>>>>>>> a0000000030000 7 0 >>>>>>>>>>>>>>> a0000000620001 1 0 >>>>>>>>>>>>>>> a0000000620101 1 0 >>>>>>>>>>>>>>> a0000000620102 1 0 >>>>>>>>>>>>>>> a0000000620201 1 0 >>>>>>>>>>>>>>> a0000000030000 1 0 >>>>>>>>>>>>>>> a000000001 1 0 >>>>>>>>>>>>>>> a00000000101 7 0 >>>>>>>>>>>>>>> card_disconnect >>>>>>>>>>>>>>> release_context >>>>>>>>>>>>>>> # >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ~Iain >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>>>> scripting >>>>>>>>>>>>>>> language >>>>>>>>>>>>>>> that extends applications into web and mobile media. >>>>>>>>>>>>>>> Attend the live >>>>>>>>>>>>>>> webcast >>>>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>>>> coding >>>>>>>>>>>>>>> territory! >>>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>>> scripting >>>>>>>>>>>>>> language >>>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>>> the >>>>>>>>>>>>>> live webcast >>>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>>> coding >>>>>>>>>>>>>> territory! >>>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>> scripting >>>>>>>>>>>>> language >>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>> the live >>>>>>>>>>>>> webcast >>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>> coding >>>>>>>>>>>>> territory! >>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>> scripting >>>>>>>>>>>> language >>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>> the live >>>>>>>>>>>> webcast >>>>>>>>>>>> and join the prime developer group breaking into this new coding >>>>>>>>>>>> territory! >>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>>> Glo...@li... >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>> >>>>>>>>> >>>>>>>>> mode_211 >>>>>>>>> enable_trace >>>>>>>>> establish_context >>>>>>>>> card_connect >>>>>>>>> select -AID a0000000030000 >>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>>> -mac_key 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>>> 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>>> 505152535455565758595a5b5c5d5e5f // Put secure channel keys >>>>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>>> card_disconnect >>>>>>>>> release_context >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------ >>>>>>>>> >>>>>>>>> >>>>>>>>> mode_211 >>>>>>>>> enable_trace >>>>>>>>> establish_context >>>>>>>>> card_connect >>>>>>>>> select -AID a0000000030000 >>>>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>>>> -mac_key 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>>>> 505152535455565758595a5b5c5d5e5f // Open secure channel >>>>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>>>> card_disconnect >>>>>>>>> release_context >>>>> >>>>> ------------------------------------------------------------------------- >>>>> >>>>> Using Tomcat but need to do more? Need to support web services, >>>>> security? >>>>> Get stuff done quickly with pre-integrated technology to make your >>>>> job easier >>>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>>>> Geronimo >>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >>>>> >>>>> _______________________________________________ >>>>> Globalplatform-users mailing list >>>>> Glo...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> Using Tomcat but need to do more? Need to support web services, security? >> Get stuff done quickly with pre-integrated technology to make your job easier >> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Globalplatform-developers mailing list >> Glo...@li... >> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers > |
|
From: Iain M. <Ds...@Ds...> - 2006-10-18 23:45:31
|
Hah! Got it: send_apdu -sc 1 -APDU 80E40080074F05A00000000100 Send APDU: 80 E4 00 80 07 4F 05 A0 00 00 00 01 00 Recv APDU: 00 90 00 get_status -element e0 get_status -element e0 List of applets (AID state privileges) a000000003000000 1 9e a0000000035350 1 0 Based loosely on: http://lists.drizzle.com/pipermail/muscle/2006-May/005353.html Thanks :) ~Iain Iain MacDonnell wrote on 10/18/06 04:30 PM: > > > Karsten Ohme wrote on 10/18/06 04:02 PM: >> Iain MacDonnell wrote: >>> So I think the Cosmo52 cards I was trying to use before had had their >>> keys swapped without my knowledge. Trying again, with cards that I know >>> are new, and I can establish a secure channel, and load and instantiate >>> the MCardApplet .... but I can't seem to delete it!! Am I missing >>> something? I've tried various combinations of scp/scpimpl/security and >>> sdAIDs of a000000003000000 and a0000000030000 - the result is always >>> 6985... >>> >>> mode_211 >>> establish_context >>> card_connect >>> enable_trace >>> select -AID a000000003000000 >>> --> 00A4040008A000000003000000 >>> <-- >>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000 >>> >>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key >>> 404142434445464748494a4b4c4d4e4f -mac_key >>> 404142434445464748494a4b4c4d4e4f >>> --> 8050000008D6C5DC4AD8A949EE00 >>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000 >>> --> 848201001007037657966B46ED92B673CE885CA553 >>> <-- 9000 >>> get_status -element e0 >>> --> 80F2E000024F0000 >>> <-- >>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000 >>> >>> >>> List of applets (AID state privileges) >>> a000000003000000 1 9e >>> a0000000035350 1 0 >>> a000000001 1 0 >>> a00000000101 7 2 >>> delete -AID a00000000101 >>> --> 80E40000084F06A0000000010100 >>> <-- 6985 >>> delete_applet() returns 0x80206985 (6985: Command not allowed - >>> Conditions of use not satisfied.) >> >> Usually at first all applets which have reference to the applet must bed >> deleted. This should not be the case. >> Then the applet must be deleted before the package. >> Then the package can be deleted. >> >> But there are cards, which delete all dependent data if the package is >> deleted. So try to delete the package: >> >> delete -AID a000000001 >> >> I remember that I implemented it that way that always for GP 211 cards >> all related data is also deleted. So, it should work. > > No; same error: > > delete -AID a000000001 > delete_applet() returns 0x80206985 (6985: Command not allowed - > Conditions of use not satisfied.) > > >> At one card I know of the package AID and the applet AID together must >> be specified to delete it. This is not supported by GPShell. You must >> manually look into the documentation of your card, what is necessary. >> Use the script and instead of the delete command insert a send_apdu >> command which could look like: >> >> 80 E4 00 80 0e > > 0e should be 0f, I assume? > > >> 4f 06 a0 00 00 00 01 01 >> 4f 05 a0 00 00 00 01 >> 00 >> >> (I have separated with newlines and spaces, must be written together.) >> Maybe the order of the 2nd and 3rd line must be changed. > > Either way around, that gets: > > send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100 > Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00 > send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in > command data.) > > > I guess I need to go hunting for a Cosmo V5.2 manual... > > Thx, > > ~Iain > > > > >>> Snit Mo wrote on 03/27/06 06:07 PM: >>> >>>> I have to assume that your card doesn't have the usual test key >>>> (4041..4f). Where did you get the card from? Can you ask them what >>>> the key is? >>>> >>>> Also, you may want to try Oberthur AppLoader. >>>> >>>> Thanks, >>>> >>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote: >>>> >>>>> Snit Mo wrote on 03/27/06 05:45 PM: >>>>> >>>>>> Hello, Iain, >>>>> Hi :) >>>>> >>>>> >>>>> >>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo 5.2. >>>>>> The >>>>>> default key is 404142...4f. See the result at the end of this file. >>>>> Doesn't work for me - I wonder why... >>>>> >>>>> mode_211 >>>>> enable_trace >>>>> establish_context >>>>> card_connect >>>>> select -AID a000000003000000 >>>>> --> 00A4040008A000000003000000 >>>>> <-- >>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000 >>>>> >>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>> --> 00CA006600 >>>>> <-- >>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000 >>>>> >>>>> --> 8050000008C13CAC00B446633A00 >>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000 >>>>> mutual_authentication() returns 0x80302000 (The verification of the >>>>> card >>>>> cryptogram failed.) >>>>> >>>>> ~Iain >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> For changing keys, use attached files. replacekey-cosmo-gp211 >>>>>> changes >>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it >>>>>> back to 4041...4f. Perhaps I should include these in later releases >>>>>> ... >>>>>> >>>>>> $ ./Release/GPShell.exe listgp211.txt >>>>>> mode_211 >>>>>> enable_trace >>>>>> establish_context >>>>>> card_connect >>>>>> select -AID a000000003000000 >>>>>> --> 00A4040008A000000003000000 >>>>>> <-- >>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>> >>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291 >>>>>> >>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000 >>>>>> >>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>> 404142434445464748494a4b4c4d4e4 >>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>> --> 00CA006600 >>>>>> <-- >>>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03 >>>>>> >>>>>> 640B06092A864886FC6B0401059000 >>>>>> --> 8050000008B7070A7E2C84570000 >>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000 >>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D >>>>>> <-- 9000 >>>>>> get_status -element 20 >>>>>> --> 80F22000024F0000 >>>>>> <-- >>>>>> 07A0000000035350010009A00000006203010C01010006A0000000010101009000 >>>>>> >>>>>> List of applets (AID state privileges) >>>>>> a0000000035350 1 0 >>>>>> a00000006203010c01 1 0 >>>>>> a00000000101 1 0 >>>>>> card_disconnect >>>>>> release_context >>>>>> >>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote: >>>>>> >>>>>>> Iain MacDonnell wrote: >>>>>>> >>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM: >>>>>>>> >>>>>>>> >>>>>>>>> Karsten Ohme wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Karsten Ohme wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Iain MacDonnell wrote: >>>>>>>>>>>> >>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - >>>>>>>>>>>>>> have you >>>>>>>>>>>>>> ever >>>>>>>>>>>>>> tried this stuff on a big-endian machine? >>>>>>>>> I have run some big endian tests on a Solaris system running on >>>>>>>>> a Sparc. >>>>>>>>> >>>>>>>>> For some reason the following happens: >>>>>>>>> >>>>>>>>> char *test = "EE"; >>>>>>>>> sscanf (test, "%02x", &temp); >>>>>>>>> >>>>>>>>> if temp is a char the conversion is always 00, if temp is an >>>>>>>>> int, it >>>>>>>>> works. >>>>>>>>> >>>>>>>>> Please try out the GPShell version in CVS. I have fixed >>>>>>>>> probably all >>>>>>>>> conversions, but I have no possibility to test it. >>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I >>>>>>>> haven't >>>>>>>> exercised all functions, but it's able to 'select' and 'open_sc' >>>>>>>> OK. >>>>>>>> I'll let you know, of course, if I run into any further problems. >>>>>>>> >>>>>>>> Side question: do you happen to have the developer keys for >>>>>>>> Oberthur >>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change >>>>>>>> in the example GPShell scripts to establish a secure channel? >>>>>>> For for for a Oberthur card it works with the default 0x40 ... >>>>>>> 0x4F key. >>>>>>> >>>>>>> I executed the list.txt file: >>>>>>> >>>>>>> mode_201 >>>>>>> enable_trace >>>>>>> establish_context >>>>>>> card_connect >>>>>>> select -AID a0000000030000 >>>>>>> --> 00A4040007A0000000030000 >>>>>>> <-- >>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201 >>>>>>> >>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237 >>>>>>> >>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000 >>>>>>> >>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>> 404142434445464748494a4b4c4d4e4 >>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>> --> 805000000803AF9CAB5BC9A73A00 >>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000 >>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E >>>>>>> <-- 9000 >>>>>>> get_status -element e0 >>>>>>> --> 80F2E000024F0000 >>>>>>> <-- 6A86 >>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters >>>>>>> (P1, P2).) >>>>>>> >>>>>>> Obviously the card has problem to list the applications. Don't >>>>>>> know way. >>>>>>> >>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it >>>>>>> can not >>>>>>> treat the GET RESPONSE command. Is this a usual feature? I cannot >>>>>>> use >>>>>>> the card. >>>>>>> >>>>>>> >>>>>>>> I'm >>>>>>>> getting mutual_authentication() returns 0x80302000. I read about >>>>>>>> the >>>>>>>> need to specify a sdAID, but that seems to apply only to >>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example >>>>>>>> doesn't seem to exist...? >>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the >>>>>>> CFlex card works with the mentioned change. >>>>>>> >>>>>>> Karsten >>>>>>> >>>>>>> >>>>>>>> Thanks! >>>>>>>> >>>>>>>> ~Iain >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>>> mode_201 >>>>>>>>>>>>>> enable_trace >>>>>>>>>>>>>> establish_context >>>>>>>>>>>>>> card_connect >>>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>>> --> 00A404000700000000000000 >>>>>>>>>>>>> Note that the AID is not showing in this APDU... compared to >>>>>>>>>>>>> below.... >>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the >>>>>>>>>>>> conversion >>>>>>>>>>>> routines, if something like this is used, I'm not sure. >>>>>>>>>> This could be the guilty routine (?): >>>>>>>>>> >>>>>>>>>> It scans two bytes interpreted as a hex byte: >>>>>>>>>> >>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > >>>>>>>>>> 0) { >>>>>>>>>> i++; >>>>>>>>>> } >>>>>>>>>> >>>>>>>>>> I will see. >>>>>>>>>> >>>>>>>>>> Karsten >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>> Thanks, Karsten >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>>> <-- 6A82 >>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The >>>>>>>>>>>>>> application to be >>>>>>>>>>>>>> selected could not be found.) >>>>>>>>>>>>>> # uname -a >>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc >>>>>>>>>>>>>> SUNW,Sun-Blade-100 >>>>>>>>>>>>>> # >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've >>>>>>>>>>>>>> successfully used >>>>>>>>>>>>>> this stuff on Solaris x86... >>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this >>>>>>>>>>> should not >>>>>>>>>>> effect endianess. I will look into GPShell. >>>>>>>>>>> >>>>>>>>>>> Karsten >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt >>>>>>>>>>>>> mode_201 >>>>>>>>>>>>> enable_trace >>>>>>>>>>>>> establish_context >>>>>>>>>>>>> card_connect >>>>>>>>>>>>> select -AID a0000000030000 >>>>>>>>>>>>> --> 00A4040007A0000000030000 >>>>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000 >>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key >>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600 >>>>>>>>>>>>> <-- >>>>>>>>>>>>> 000012010000111401020101E86DFA173682E4673596888A215DE86C9000 >>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2 >>>>>>>>>>>>> <-- 9000 >>>>>>>>>>>>> get_status -element e0 >>>>>>>>>>>>> --> 80F2E000024F0000 >>>>>>>>>>>>> <-- >>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> List of applets (AID state privileges) >>>>>>>>>>>>> a0000000030000 7 0 >>>>>>>>>>>>> a0000000620001 1 0 >>>>>>>>>>>>> a0000000620101 1 0 >>>>>>>>>>>>> a0000000620102 1 0 >>>>>>>>>>>>> a0000000620201 1 0 >>>>>>>>>>>>> a0000000030000 1 0 >>>>>>>>>>>>> a000000001 1 0 >>>>>>>>>>>>> a00000000101 7 0 >>>>>>>>>>>>> card_disconnect >>>>>>>>>>>>> release_context >>>>>>>>>>>>> # >>>>>>>>>>>>> >>>>>>>>>>>>> ~Iain >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>>> scripting >>>>>>>>>>>>> language >>>>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>>>> the live >>>>>>>>>>>>> webcast >>>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>>> coding >>>>>>>>>>>>> territory! >>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>>> Glo...@li... >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>>> scripting >>>>>>>>>>>> language >>>>>>>>>>>> that extends applications into web and mobile media. Attend the >>>>>>>>>>>> live webcast >>>>>>>>>>>> and join the prime developer group breaking into this new >>>>>>>>>>>> coding >>>>>>>>>>>> territory! >>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Globalplatform-users mailing list >>>>>>>>>>>> Glo...@li... >>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ------------------------------------------------------- >>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>>> scripting >>>>>>>>>>> language >>>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>>> the live >>>>>>>>>>> webcast >>>>>>>>>>> and join the prime developer group breaking into this new coding >>>>>>>>>>> territory! >>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>>> Glo...@li... >>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ------------------------------------------------------- >>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking >>>>>>>>>> scripting >>>>>>>>>> language >>>>>>>>>> that extends applications into web and mobile media. Attend >>>>>>>>>> the live >>>>>>>>>> webcast >>>>>>>>>> and join the prime developer group breaking into this new coding >>>>>>>>>> territory! >>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Globalplatform-developers mailing list >>>>>>>>>> Glo...@li... >>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers >>>>>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> mode_211 >>>>>>> enable_trace >>>>>>> establish_context >>>>>>> card_connect >>>>>>> select -AID a0000000030000 >>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>> -mac_key 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel >>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>> 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>> 505152535455565758595a5b5c5d5e5f // Put secure channel keys >>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>> card_disconnect >>>>>>> release_context >>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> mode_211 >>>>>>> enable_trace >>>>>>> establish_context >>>>>>> card_connect >>>>>>> select -AID a0000000030000 >>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 >>>>>>> -mac_key 505152535455565758595a5b5c5d5e5f -enc_key >>>>>>> 505152535455565758595a5b5c5d5e5f -kek_key >>>>>>> 505152535455565758595a5b5c5d5e5f // Open secure channel >>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key >>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key >>>>>>> 404142434445464748494a4b4c4d4e4f -kek_key >>>>>>> 404142434445464748494a4b4c4d4e4f // Put secure channel keys >>>>>>> card_disconnect >>>>>>> release_context >>> >>> ------------------------------------------------------------------------- >>> >>> Using Tomcat but need to do more? Need to support web services, >>> security? >>> Get stuff done quickly with pre-integrated technology to make your >>> job easier >>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>> Geronimo >>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >>> _______________________________________________ >>> Globalplatform-users mailing list >>> Glo...@li... >>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users >> |
|
From: Iain M. <mu...@ds...> - 2006-10-18 23:30:52
|
Karsten Ohme wrote on 10/18/06 04:02 PM:
> Iain MacDonnell wrote:
>> So I think the Cosmo52 cards I was trying to use before had had their
>> keys swapped without my knowledge. Trying again, with cards that I know
>> are new, and I can establish a secure channel, and load and instantiate
>> the MCardApplet .... but I can't seem to delete it!! Am I missing
>> something? I've tried various combinations of scp/scpimpl/security and
>> sdAIDs of a000000003000000 and a0000000030000 - the result is always
>> 6985...
>>
>> mode_211
>> establish_context
>> card_connect
>> enable_trace
>> select -AID a000000003000000
>> --> 00A4040008A000000003000000
>> <--
>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000
>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key
>> 404142434445464748494a4b4c4d4e4f -mac_key 404142434445464748494a4b4c4d4e4f
>> --> 8050000008D6C5DC4AD8A949EE00
>> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000
>> --> 848201001007037657966B46ED92B673CE885CA553
>> <-- 9000
>> get_status -element e0
>> --> 80F2E000024F0000
>> <--
>> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000
>>
>> List of applets (AID state privileges)
>> a000000003000000 1 9e
>> a0000000035350 1 0
>> a000000001 1 0
>> a00000000101 7 2
>> delete -AID a00000000101
>> --> 80E40000084F06A0000000010100
>> <-- 6985
>> delete_applet() returns 0x80206985 (6985: Command not allowed -
>> Conditions of use not satisfied.)
>
> Usually at first all applets which have reference to the applet must bed
> deleted. This should not be the case.
> Then the applet must be deleted before the package.
> Then the package can be deleted.
>
> But there are cards, which delete all dependent data if the package is
> deleted. So try to delete the package:
>
> delete -AID a000000001
>
> I remember that I implemented it that way that always for GP 211 cards
> all related data is also deleted. So, it should work.
No; same error:
delete -AID a000000001
delete_applet() returns 0x80206985 (6985: Command not allowed -
Conditions of use not satisfied.)
> At one card I know of the package AID and the applet AID together must
> be specified to delete it. This is not supported by GPShell. You must
> manually look into the documentation of your card, what is necessary.
> Use the script and instead of the delete command insert a send_apdu
> command which could look like:
>
> 80 E4 00 80 0e
0e should be 0f, I assume?
> 4f 06 a0 00 00 00 01 01
> 4f 05 a0 00 00 00 01
> 00
>
> (I have separated with newlines and spaces, must be written together.)
> Maybe the order of the 2nd and 3rd line must be changed.
Either way around, that gets:
send_apdu -sc 1 -APDU 80E400800F4F06A000000001014F05A00000000100
Send APDU: 80 E4 00 80 0F 4F 06 A0 00 00 00 01 01 4F 05 A0 00 00 00 01 00
send_APDU() returns 0x80206A80 (6A80: Wrong data / Incorrect values in
command data.)
I guess I need to go hunting for a Cosmo V5.2 manual...
Thx,
~Iain
>> Snit Mo wrote on 03/27/06 06:07 PM:
>>
>>> I have to assume that your card doesn't have the usual test key
>>> (4041..4f). Where did you get the card from? Can you ask them what
>>> the key is?
>>>
>>> Also, you may want to try Oberthur AppLoader.
>>>
>>> Thanks,
>>>
>>> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote:
>>>
>>>> Snit Mo wrote on 03/27/06 05:45 PM:
>>>>
>>>>> Hello, Iain,
>>>> Hi :)
>>>>
>>>>
>>>>
>>>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo 5.2. The
>>>>> default key is 404142...4f. See the result at the end of this file.
>>>> Doesn't work for me - I wonder why...
>>>>
>>>> mode_211
>>>> enable_trace
>>>> establish_context
>>>> card_connect
>>>> select -AID a000000003000000
>>>> --> 00A4040008A000000003000000
>>>> <--
>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>> --> 00CA006600
>>>> <--
>>>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
>>>> --> 8050000008C13CAC00B446633A00
>>>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
>>>> mutual_authentication() returns 0x80302000 (The verification of the card
>>>> cryptogram failed.)
>>>>
>>>> ~Iain
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> For changing keys, use attached files. replacekey-cosmo-gp211 changes
>>>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it
>>>>> back to 4041...4f. Perhaps I should include these in later releases
>>>>> ...
>>>>>
>>>>> $ ./Release/GPShell.exe listgp211.txt
>>>>> mode_211
>>>>> enable_trace
>>>>> establish_context
>>>>> card_connect
>>>>> select -AID a000000003000000
>>>>> --> 00A4040008A000000003000000
>>>>> <-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
>>>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000
>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>> --> 00CA006600
>>>>> <-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
>>>>> 640B06092A864886FC6B0401059000
>>>>> --> 8050000008B7070A7E2C84570000
>>>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
>>>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
>>>>> <-- 9000
>>>>> get_status -element 20
>>>>> --> 80F22000024F0000
>>>>> <-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000
>>>>>
>>>>> List of applets (AID state privileges)
>>>>> a0000000035350 1 0
>>>>> a00000006203010c01 1 0
>>>>> a00000000101 1 0
>>>>> card_disconnect
>>>>> release_context
>>>>>
>>>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>>>>>
>>>>>> Iain MacDonnell wrote:
>>>>>>
>>>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>>>>>
>>>>>>>
>>>>>>>> Karsten Ohme wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Karsten Ohme wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Iain MacDonnell wrote:
>>>>>>>>>>>
>>>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>>>>>>>> ever
>>>>>>>>>>>>> tried this stuff on a big-endian machine?
>>>>>>>> I have run some big endian tests on a Solaris system running on a Sparc.
>>>>>>>>
>>>>>>>> For some reason the following happens:
>>>>>>>>
>>>>>>>> char *test = "EE";
>>>>>>>> sscanf (test, "%02x", &temp);
>>>>>>>>
>>>>>>>> if temp is a char the conversion is always 00, if temp is an int, it
>>>>>>>> works.
>>>>>>>>
>>>>>>>> Please try out the GPShell version in CVS. I have fixed probably all
>>>>>>>> conversions, but I have no possibility to test it.
>>>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
>>>>>>> exercised all functions, but it's able to 'select' and 'open_sc' OK.
>>>>>>> I'll let you know, of course, if I run into any further problems.
>>>>>>>
>>>>>>> Side question: do you happen to have the developer keys for Oberthur
>>>>>>> Cosmo v5.2 handy and/or is there something else I need to change
>>>>>>> in the example GPShell scripts to establish a secure channel?
>>>>>> For for for a Oberthur card it works with the default 0x40 ... 0x4F key.
>>>>>>
>>>>>> I executed the list.txt file:
>>>>>>
>>>>>> mode_201
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> --> 00A4040007A0000000030000
>>>>>> <--
>>>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>>>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>> 404142434445464748494a4b4c4d4e4
>>>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>> --> 805000000803AF9CAB5BC9A73A00
>>>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>>>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>>>>>> <-- 9000
>>>>>> get_status -element e0
>>>>>> --> 80F2E000024F0000
>>>>>> <-- 6A86
>>>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
>>>>>>
>>>>>> Obviously the card has problem to list the applications. Don't know way.
>>>>>>
>>>>>> By the way. I have problems with my Oberthur Cosmo card, that it can not
>>>>>> treat the GET RESPONSE command. Is this a usual feature? I cannot use
>>>>>> the card.
>>>>>>
>>>>>>
>>>>>>> I'm
>>>>>>> getting mutual_authentication() returns 0x80302000. I read about the
>>>>>>> need to specify a sdAID, but that seems to apply only to
>>>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
>>>>>>> doesn't seem to exist...?
>>>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
>>>>>> CFlex card works with the mentioned change.
>>>>>>
>>>>>> Karsten
>>>>>>
>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> ~Iain
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>>> mode_201
>>>>>>>>>>>>> enable_trace
>>>>>>>>>>>>> establish_context
>>>>>>>>>>>>> card_connect
>>>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>>>> --> 00A404000700000000000000
>>>>>>>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>>>>>>>> below....
>>>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>>>>>>>> routines, if something like this is used, I'm not sure.
>>>>>>>>> This could be the guilty routine (?):
>>>>>>>>>
>>>>>>>>> It scans two bytes interpreted as a hex byte:
>>>>>>>>>
>>>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>>>>>>> i++;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> I will see.
>>>>>>>>>
>>>>>>>>> Karsten
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>> Thanks, Karsten
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>> <-- 6A82
>>>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>>>>>>>> selected could not be found.)
>>>>>>>>>>>>> # uname -a
>>>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>>>>>>>> #
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>>>>>>> successfully used
>>>>>>>>>>>>> this stuff on Solaris x86...
>>>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>>>>>>>> effect endianess. I will look into GPShell.
>>>>>>>>>>
>>>>>>>>>> Karsten
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>> mode_201
>>>>>>>>>>>> enable_trace
>>>>>>>>>>>> establish_context
>>>>>>>>>>>> card_connect
>>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>>>>>> <-- 9000
>>>>>>>>>>>> get_status -element e0
>>>>>>>>>>>> --> 80F2E000024F0000
>>>>>>>>>>>> <--
>>>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> List of applets (AID state privileges)
>>>>>>>>>>>> a0000000030000 7 0
>>>>>>>>>>>> a0000000620001 1 0
>>>>>>>>>>>> a0000000620101 1 0
>>>>>>>>>>>> a0000000620102 1 0
>>>>>>>>>>>> a0000000620201 1 0
>>>>>>>>>>>> a0000000030000 1 0
>>>>>>>>>>>> a000000001 1 0
>>>>>>>>>>>> a00000000101 7 0
>>>>>>>>>>>> card_disconnect
>>>>>>>>>>>> release_context
>>>>>>>>>>>> #
>>>>>>>>>>>>
>>>>>>>>>>>> ~Iain
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>>>> language
>>>>>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>>>>>> webcast
>>>>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>>>>> territory!
>>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>>>> Glo...@li...
>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>>>
>>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>>> language
>>>>>>>>>>> that extends applications into web and mobile media. Attend the
>>>>>>>>>>> live webcast
>>>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>>>> territory!
>>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>>> Glo...@li...
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>>
>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>> language
>>>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>>>> webcast
>>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>>> territory!
>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Globalplatform-developers mailing list
>>>>>>>>>> Glo...@li...
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------
>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>> language
>>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>>> webcast
>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>> territory!
>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>> _______________________________________________
>>>>>>>>> Globalplatform-developers mailing list
>>>>>>>>> Glo...@li...
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> mode_211
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>>>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>> card_disconnect
>>>>>> release_context
>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> mode_211
>>>>>> enable_trace
>>>>>> establish_context
>>>>>> card_connect
>>>>>> select -AID a0000000030000
>>>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Open secure channel
>>>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>> card_disconnect
>>>>>> release_context
>>
>> -------------------------------------------------------------------------
>> Using Tomcat but need to do more? Need to support web services, security?
>> Get stuff done quickly with pre-integrated technology to make your job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Globalplatform-users mailing list
>> Glo...@li...
>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>
|
|
From: Karsten O. <wid...@t-...> - 2006-10-18 23:16:55
|
Iain MacDonnell wrote:
> So I think the Cosmo52 cards I was trying to use before had had their
> keys swapped without my knowledge. Trying again, with cards that I know
> are new, and I can establish a secure channel, and load and instantiate
> the MCardApplet .... but I can't seem to delete it!! Am I missing
> something? I've tried various combinations of scp/scpimpl/security and
> sdAIDs of a000000003000000 and a0000000030000 - the result is always
> 6985...
>
> mode_211
> establish_context
> card_connect
> enable_trace
> select -AID a000000003000000
> --> 00A4040008A000000003000000
> <--
> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000
> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key
> 404142434445464748494a4b4c4d4e4f -mac_key 404142434445464748494a4b4c4d4e4f
> --> 8050000008D6C5DC4AD8A949EE00
> <-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000
> --> 848201001007037657966B46ED92B673CE885CA553
> <-- 9000
> get_status -element e0
> --> 80F2E000024F0000
> <--
> 08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000
>
> List of applets (AID state privileges)
> a000000003000000 1 9e
> a0000000035350 1 0
> a000000001 1 0
> a00000000101 7 2
> delete -AID a00000000101
> --> 80E40000084F06A0000000010100
> <-- 6985
> delete_applet() returns 0x80206985 (6985: Command not allowed -
> Conditions of use not satisfied.)
Usually at first all applets which have reference to the applet must bed
deleted. This should not be the case.
Then the applet must be deleted before the package.
Then the package can be deleted.
But there are cards, which delete all dependent data if the package is
deleted. So try to delete the package:
delete -AID a000000001
I remember that I implemented it that way that always for GP 211 cards
all related data is also deleted. So, it should work.
At one card I know of the package AID and the applet AID together must
be specified to delete it. This is not supported by GPShell. You must
manually look into the documentation of your card, what is necessary.
Use the script and instead of the delete command insert a send_apdu
command which could look like:
80 E4 00 80 0e
4f 06 a0 00 00 00 01 01
4f 05 a0 00 00 00 01
00
(I have separated with newlines and spaces, must be written together.)
Maybe the order of the 2nd and 3rd line must be changed.
Karsten
>
>
> TIA,
>
> ~Iain
>
>
>
>
> Snit Mo wrote on 03/27/06 06:07 PM:
>
>>I have to assume that your card doesn't have the usual test key
>>(4041..4f). Where did you get the card from? Can you ask them what
>>the key is?
>>
>>Also, you may want to try Oberthur AppLoader.
>>
>>Thanks,
>>
>>On 3/27/06, Iain MacDonnell <mu...@ds...> wrote:
>>
>>>Snit Mo wrote on 03/27/06 05:45 PM:
>>>
>>>>Hello, Iain,
>>>
>>>Hi :)
>>>
>>>
>>>
>>>>Use listgp211.txt. It works fine for me with Oberthur Cosmo 5.2. The
>>>>default key is 404142...4f. See the result at the end of this file.
>>>
>>>Doesn't work for me - I wonder why...
>>>
>>>mode_211
>>>enable_trace
>>>establish_context
>>>card_connect
>>>select -AID a000000003000000
>>>--> 00A4040008A000000003000000
>>><--
>>>6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
>>>open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>404142434445464748494a4b4c4d4e4f -enc_key
>>>404142434445464748494a4b4c4d4e4f // Open secure channel
>>>--> 00CA006600
>>><--
>>>6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
>>>--> 8050000008C13CAC00B446633A00
>>><-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
>>>mutual_authentication() returns 0x80302000 (The verification of the card
>>>cryptogram failed.)
>>>
>>> ~Iain
>>>
>>>
>>>
>>>
>>>
>>>>For changing keys, use attached files. replacekey-cosmo-gp211 changes
>>>>key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it
>>>>back to 4041...4f. Perhaps I should include these in later releases
>>>>...
>>>>
>>>>$ ./Release/GPShell.exe listgp211.txt
>>>>mode_211
>>>>enable_trace
>>>>establish_context
>>>>card_connect
>>>>select -AID a000000003000000
>>>>--> 00A4040008A000000003000000
>>>><-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
>>>>0000000300001912529119135291000000000000000000000000000000009F6501FF9000
>>>>open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
>>>>f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>--> 00CA006600
>>>><-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
>>>>640B06092A864886FC6B0401059000
>>>>--> 8050000008B7070A7E2C84570000
>>>><-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
>>>>--> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
>>>><-- 9000
>>>>get_status -element 20
>>>>--> 80F22000024F0000
>>>><-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000
>>>>
>>>>List of applets (AID state privileges)
>>>>a0000000035350 1 0
>>>>a00000006203010c01 1 0
>>>>a00000000101 1 0
>>>>card_disconnect
>>>>release_context
>>>>
>>>>On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>>>>
>>>>>Iain MacDonnell wrote:
>>>>>
>>>>>>Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>>>>
>>>>>>
>>>>>>>Karsten Ohme wrote:
>>>>>>>
>>>>>>>
>>>>>>>>Karsten Ohme wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>>Karsten Ohme wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>Iain MacDonnell wrote:
>>>>>>>>>>
>>>>>>>>>>>>BTW, I've run into what appears to be a bigger problem - have you
>>>>>>>>>>>>ever
>>>>>>>>>>>>tried this stuff on a big-endian machine?
>>>>>>>
>>>>>>>I have run some big endian tests on a Solaris system running on a Sparc.
>>>>>>>
>>>>>>>For some reason the following happens:
>>>>>>>
>>>>>>>char *test = "EE";
>>>>>>>sscanf (test, "%02x", &temp);
>>>>>>>
>>>>>>>if temp is a char the conversion is always 00, if temp is an int, it
>>>>>>>works.
>>>>>>>
>>>>>>>Please try out the GPShell version in CVS. I have fixed probably all
>>>>>>>conversions, but I have no possibility to test it.
>>>>>>
>>>>>>Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
>>>>>>exercised all functions, but it's able to 'select' and 'open_sc' OK.
>>>>>>I'll let you know, of course, if I run into any further problems.
>>>>>>
>>>>>>Side question: do you happen to have the developer keys for Oberthur
>>>>>>Cosmo v5.2 handy and/or is there something else I need to change
>>>>>>in the example GPShell scripts to establish a secure channel?
>>>>>
>>>>>For for for a Oberthur card it works with the default 0x40 ... 0x4F key.
>>>>>
>>>>>I executed the list.txt file:
>>>>>
>>>>>mode_201
>>>>>enable_trace
>>>>>establish_context
>>>>>card_connect
>>>>>select -AID a0000000030000
>>>>>--> 00A4040007A0000000030000
>>>>><--
>>>>>6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>>>01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>>>>>0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>>>>>open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>404142434445464748494a4b4c4d4e4
>>>>>f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>--> 805000000803AF9CAB5BC9A73A00
>>>>><-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>>>>>--> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>>>>><-- 9000
>>>>>get_status -element e0
>>>>>--> 80F2E000024F0000
>>>>><-- 6A86
>>>>>OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
>>>>>
>>>>>Obviously the card has problem to list the applications. Don't know way.
>>>>>
>>>>>By the way. I have problems with my Oberthur Cosmo card, that it can not
>>>>>treat the GET RESPONSE command. Is this a usual feature? I cannot use
>>>>>the card.
>>>>>
>>>>>
>>>>>>I'm
>>>>>>getting mutual_authentication() returns 0x80302000. I read about the
>>>>>>need to specify a sdAID, but that seems to apply only to
>>>>>>'install_for_load', and the referenced 'putkey-cosmo.txt' example
>>>>>>doesn't seem to exist...?
>>>>>
>>>>>Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
>>>>>CFlex card works with the mentioned change.
>>>>>
>>>>>Karsten
>>>>>
>>>>>
>>>>>>Thanks!
>>>>>>
>>>>>> ~Iain
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>>>>>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>>mode_201
>>>>>>>>>>>>enable_trace
>>>>>>>>>>>>establish_context
>>>>>>>>>>>>card_connect
>>>>>>>>>>>>select -AID a0000000030000
>>>>>>>>>>>>--> 00A404000700000000000000
>>>>>>>>>>>
>>>>>>>>>>>Note that the AID is not showing in this APDU... compared to
>>>>>>>>>>>below....
>>>>>>>>>>
>>>>>>>>>>Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>>>>>>>routines, if something like this is used, I'm not sure.
>>>>>>>>
>>>>>>>>This could be the guilty routine (?):
>>>>>>>>
>>>>>>>>It scans two bytes interpreted as a hex byte:
>>>>>>>>
>>>>>>>>while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>>>>>> i++;
>>>>>>>>}
>>>>>>>>
>>>>>>>>I will see.
>>>>>>>>
>>>>>>>>Karsten
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>Thanks, Karsten
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>><-- 6A82
>>>>>>>>>>>>select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>>>>>>>selected could not be found.)
>>>>>>>>>>>># uname -a
>>>>>>>>>>>>SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>>>>>>>#
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>Maybe the endianess is a red herring too ... but I've
>>>>>>>>>>>>successfully used
>>>>>>>>>>>>this stuff on Solaris x86...
>>>>>>>>>
>>>>>>>>>Mmmh, actually I use only byte arrays, no numbers, this should not
>>>>>>>>>effect endianess. I will look into GPShell.
>>>>>>>>>
>>>>>>>>>Karsten
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>>Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>># /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>>mode_201
>>>>>>>>>>>enable_trace
>>>>>>>>>>>establish_context
>>>>>>>>>>>card_connect
>>>>>>>>>>>select -AID a0000000030000
>>>>>>>>>>>--> 00A4040007A0000000030000
>>>>>>>>>>><-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>>>>>open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>>>>404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>>>404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>>>>--> 80500000088409FFE1A2E28B4600
>>>>>>>>>>><-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>>>>>--> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>>>>><-- 9000
>>>>>>>>>>>get_status -element e0
>>>>>>>>>>>--> 80F2E000024F0000
>>>>>>>>>>><--
>>>>>>>>>>>07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>List of applets (AID state privileges)
>>>>>>>>>>>a0000000030000 7 0
>>>>>>>>>>>a0000000620001 1 0
>>>>>>>>>>>a0000000620101 1 0
>>>>>>>>>>>a0000000620102 1 0
>>>>>>>>>>>a0000000620201 1 0
>>>>>>>>>>>a0000000030000 1 0
>>>>>>>>>>>a000000001 1 0
>>>>>>>>>>>a00000000101 7 0
>>>>>>>>>>>card_disconnect
>>>>>>>>>>>release_context
>>>>>>>>>>>#
>>>>>>>>>>>
>>>>>>>>>>> ~Iain
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>-------------------------------------------------------
>>>>>>>>>>>This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>>>language
>>>>>>>>>>>that extends applications into web and mobile media. Attend the live
>>>>>>>>>>>webcast
>>>>>>>>>>>and join the prime developer group breaking into this new coding
>>>>>>>>>>>territory!
>>>>>>>>>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>>
>>>>>>>>>>>_______________________________________________
>>>>>>>>>>>Globalplatform-users mailing list
>>>>>>>>>>>Glo...@li...
>>>>>>>>>>>https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>-------------------------------------------------------
>>>>>>>>>>This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>>language
>>>>>>>>>>that extends applications into web and mobile media. Attend the
>>>>>>>>>>live webcast
>>>>>>>>>>and join the prime developer group breaking into this new coding
>>>>>>>>>>territory!
>>>>>>>>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>
>>>>>>>>>>_______________________________________________
>>>>>>>>>>Globalplatform-users mailing list
>>>>>>>>>>Glo...@li...
>>>>>>>>>>https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>-------------------------------------------------------
>>>>>>>>>This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>language
>>>>>>>>>that extends applications into web and mobile media. Attend the live
>>>>>>>>>webcast
>>>>>>>>>and join the prime developer group breaking into this new coding
>>>>>>>>>territory!
>>>>>>>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>
>>>>>>>>>_______________________________________________
>>>>>>>>>Globalplatform-developers mailing list
>>>>>>>>>Glo...@li...
>>>>>>>>>https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>>
>>>>>>>>
>>>>>>>>-------------------------------------------------------
>>>>>>>>This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>language
>>>>>>>>that extends applications into web and mobile media. Attend the live
>>>>>>>>webcast
>>>>>>>>and join the prime developer group breaking into this new coding
>>>>>>>>territory!
>>>>>>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>_______________________________________________
>>>>>>>>Globalplatform-developers mailing list
>>>>>>>>Glo...@li...
>>>>>>>>https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>
>>>>>------------------------------------------------------------------------
>>>>>
>>>>>mode_211
>>>>>enable_trace
>>>>>establish_context
>>>>>card_connect
>>>>>select -AID a0000000030000
>>>>>open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>put_sc_key -keyver 1 -newkeyver 1 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>>>>>#put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>card_disconnect
>>>>>release_context
>>>>>
>>>>>------------------------------------------------------------------------
>>>>>
>>>>>mode_211
>>>>>enable_trace
>>>>>establish_context
>>>>>card_connect
>>>>>select -AID a0000000030000
>>>>>open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Open secure channel
>>>>>put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>>>card_disconnect
>>>>>release_context
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Globalplatform-users mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
|
|
From: Iain M. <mu...@ds...> - 2006-10-18 22:41:15
|
So I think the Cosmo52 cards I was trying to use before had had their
keys swapped without my knowledge. Trying again, with cards that I know
are new, and I can establish a secure channel, and load and instantiate
the MCardApplet .... but I can't seem to delete it!! Am I missing
something? I've tried various combinations of scp/scpimpl/security and
sdAIDs of a000000003000000 and a0000000030000 - the result is always
6985...
mode_211
establish_context
card_connect
enable_trace
select -AID a000000003000000
--> 00A4040008A000000003000000
<--
6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB5B4288191242881913428819144288000CC71300000000000000009F6501FF9000
open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -enc_key
404142434445464748494a4b4c4d4e4f -mac_key 404142434445464748494a4b4c4d4e4f
--> 8050000008D6C5DC4AD8A949EE00
<-- 000042583011BB5B4288FF01B9E74AB54E60408208AF848B1016E81F9000
--> 848201001007037657966B46ED92B673CE885CA553
<-- 9000
get_status -element e0
--> 80F2E000024F0000
<--
08A000000003000000019E07A0000000035350010005A000000001010006A0000000010107029000
List of applets (AID state privileges)
a000000003000000 1 9e
a0000000035350 1 0
a000000001 1 0
a00000000101 7 2
delete -AID a00000000101
--> 80E40000084F06A0000000010100
<-- 6985
delete_applet() returns 0x80206985 (6985: Command not allowed -
Conditions of use not satisfied.)
TIA,
~Iain
Snit Mo wrote on 03/27/06 06:07 PM:
> I have to assume that your card doesn't have the usual test key
> (4041..4f). Where did you get the card from? Can you ask them what
> the key is?
>
> Also, you may want to try Oberthur AppLoader.
>
> Thanks,
>
> On 3/27/06, Iain MacDonnell <mu...@ds...> wrote:
>>
>> Snit Mo wrote on 03/27/06 05:45 PM:
>>> Hello, Iain,
>> Hi :)
>>
>>
>>> Use listgp211.txt. It works fine for me with Oberthur Cosmo 5.2. The
>>> default key is 404142...4f. See the result at the end of this file.
>> Doesn't work for me - I wonder why...
>>
>> mode_211
>> enable_trace
>> establish_context
>> card_connect
>> select -AID a000000003000000
>> --> 00A4040008A000000003000000
>> <--
>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F42583011BB524288191242881913428819144288000CC71300000000000000009F6501FF9000
>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>> 404142434445464748494a4b4c4d4e4f -enc_key
>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>> --> 00CA006600
>> <--
>> 6631732F06072A864886FC6B01600C060A2A864886FC6B02020001630906072A864886FC6B03640B06092A864886FC6B0401059000
>> --> 8050000008C13CAC00B446633A00
>> <-- 000042583011BB5242880101ABBC16B787DA1960AC4EE7E255D338669000
>> mutual_authentication() returns 0x80302000 (The verification of the card
>> cryptogram failed.)
>>
>> ~Iain
>>
>>
>>
>>
>>> For changing keys, use attached files. replacekey-cosmo-gp211 changes
>>> key from 4041...4f to 5051...5f. recyclekey-cosmo-gp211.txt puts it
>>> back to 4041...4f. Perhaps I should include these in later releases
>>> ...
>>>
>>> $ ./Release/GPShell.exe listgp211.txt
>>> mode_211
>>> enable_trace
>>> establish_context
>>> card_connect
>>> select -AID a000000003000000
>>> --> 00A4040008A000000003000000
>>> <-- 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5291
>>> 0000000300001912529119135291000000000000000000000000000000009F6501FF9000
>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>> --> 00CA006600
>>> <-- 6631732F06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03
>>> 640B06092A864886FC6B0401059000
>>> --> 8050000008B7070A7E2C84570000
>>> <-- 0000529100000003000001013E5B6BEE91B858BE6750A80612655CA69000
>>> --> 84820100102AF486A3BFA39CFFC188D51C8F21EA3D
>>> <-- 9000
>>> get_status -element 20
>>> --> 80F22000024F0000
>>> <-- 07A0000000035350010009A00000006203010C01010006A0000000010101009000
>>>
>>> List of applets (AID state privileges)
>>> a0000000035350 1 0
>>> a00000006203010c01 1 0
>>> a00000000101 1 0
>>> card_disconnect
>>> release_context
>>>
>>> On 3/27/06, Karsten Ohme <wid...@t-...> wrote:
>>>> Iain MacDonnell wrote:
>>>>> Karsten Ohme wrote on 03/26/06 01:00 PM:
>>>>>
>>>>>> Karsten Ohme wrote:
>>>>>>
>>>>>>> Karsten Ohme wrote:
>>>>>>>
>>>>>>>> Karsten Ohme wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Iain MacDonnell wrote:
>>>>>>>>>>> BTW, I've run into what appears to be a bigger problem - have you
>>>>>>>>>>> ever
>>>>>>>>>>> tried this stuff on a big-endian machine?
>>>>>> I have run some big endian tests on a Solaris system running on a Sparc.
>>>>>>
>>>>>> For some reason the following happens:
>>>>>>
>>>>>> char *test = "EE";
>>>>>> sscanf (test, "%02x", &temp);
>>>>>>
>>>>>> if temp is a char the conversion is always 00, if temp is an int, it
>>>>>> works.
>>>>>>
>>>>>> Please try out the GPShell version in CVS. I have fixed probably all
>>>>>> conversions, but I have no possibility to test it.
>>>>> Current CVS seems to be working fine on Solaris 10 / SPARC. I haven't
>>>>> exercised all functions, but it's able to 'select' and 'open_sc' OK.
>>>>> I'll let you know, of course, if I run into any further problems.
>>>>>
>>>>> Side question: do you happen to have the developer keys for Oberthur
>>>>> Cosmo v5.2 handy and/or is there something else I need to change
>>>>> in the example GPShell scripts to establish a secure channel?
>>>> For for for a Oberthur card it works with the default 0x40 ... 0x4F key.
>>>>
>>>> I executed the list.txt file:
>>>>
>>>> mode_201
>>>> enable_trace
>>>> establish_context
>>>> card_connect
>>>> select -AID a0000000030000
>>>> --> 00A4040007A0000000030000
>>>> <--
>>>> 6F6E8408A000000003000000A562732F06072A864886FC6B01600C060A2A864886FC6B020201
>>>> 01630906072A864886FC6B03640B06092A864886FC6B0401059F6E2A2050500040414091005F5237
>>>> 0000004600001912523719135237000000000000000000000000000000009F6501FF9000
>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>> 404142434445464748494a4b4c4d4e4
>>>> f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>> --> 805000000803AF9CAB5BC9A73A00
>>>> <-- 00005237000000460000010100CB902348832FB5492783C164F1FF749000
>>>> --> 84820100106E04B80DBD241D26EEC85AEF6EBC9B5E
>>>> <-- 9000
>>>> get_status -element e0
>>>> --> 80F2E000024F0000
>>>> <-- 6A86
>>>> OP201_get_status() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
>>>>
>>>> Obviously the card has problem to list the applications. Don't know way.
>>>>
>>>> By the way. I have problems with my Oberthur Cosmo card, that it can not
>>>> treat the GET RESPONSE command. Is this a usual feature? I cannot use
>>>> the card.
>>>>
>>>>> I'm
>>>>> getting mutual_authentication() returns 0x80302000. I read about the
>>>>> need to specify a sdAID, but that seems to apply only to
>>>>> 'install_for_load', and the referenced 'putkey-cosmo.txt' example
>>>>> doesn't seem to exist...?
>>>> Don't know. Maybe Snit knows. He wrote it. Maybe the putkey for the
>>>> CFlex card works with the mentioned change.
>>>>
>>>> Karsten
>>>>
>>>>> Thanks!
>>>>>
>>>>> ~Iain
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>>> mode_201
>>>>>>>>>>> enable_trace
>>>>>>>>>>> establish_context
>>>>>>>>>>> card_connect
>>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>>> --> 00A404000700000000000000
>>>>>>>>>> Note that the AID is not showing in this APDU... compared to
>>>>>>>>>> below....
>>>>>>>>> Mmmh, this is a bigger problem. I will see to fix the conversion
>>>>>>>>> routines, if something like this is used, I'm not sure.
>>>>>>> This could be the guilty routine (?):
>>>>>>>
>>>>>>> It scans two bytes interpreted as a hex byte:
>>>>>>>
>>>>>>> while (sscanf (&(dummy[i*2]), "%02x", &(pOptionStr->AID[i])) > 0) {
>>>>>>> i++;
>>>>>>> }
>>>>>>>
>>>>>>> I will see.
>>>>>>>
>>>>>>> Karsten
>>>>>>>
>>>>>>>
>>>>>>>>> Thanks, Karsten
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>> <-- 6A82
>>>>>>>>>>> select_application() returns 0x80216A82 (6A82: The application to be
>>>>>>>>>>> selected could not be found.)
>>>>>>>>>>> # uname -a
>>>>>>>>>>> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
>>>>>>>>>>> #
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Maybe the endianess is a red herring too ... but I've
>>>>>>>>>>> successfully used
>>>>>>>>>>> this stuff on Solaris x86...
>>>>>>>> Mmmh, actually I use only byte arrays, no numbers, this should not
>>>>>>>> effect endianess. I will look into GPShell.
>>>>>>>>
>>>>>>>> Karsten
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> Same card, same reader, same sources, but on Solaris x86:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> # /opt/ITmuscle/bin/gpshell list-cflex.txt
>>>>>>>>>> mode_201
>>>>>>>>>> enable_trace
>>>>>>>>>> establish_context
>>>>>>>>>> card_connect
>>>>>>>>>> select -AID a0000000030000
>>>>>>>>>> --> 00A4040007A0000000030000
>>>>>>>>>> <-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
>>>>>>>>>> open_sc -security 1 -keyind 0 -keyver 0 -mac_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f -enc_key
>>>>>>>>>> 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>>>>>>>> --> 80500000088409FFE1A2E28B4600
>>>>>>>>>> <-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
>>>>>>>>>> --> 8482010010C8207C7B2A3E416884B431EF23B61CD2
>>>>>>>>>> <-- 9000
>>>>>>>>>> get_status -element e0
>>>>>>>>>> --> 80F2E000024F0000
>>>>>>>>>> <--
>>>>>>>>>> 07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> List of applets (AID state privileges)
>>>>>>>>>> a0000000030000 7 0
>>>>>>>>>> a0000000620001 1 0
>>>>>>>>>> a0000000620101 1 0
>>>>>>>>>> a0000000620102 1 0
>>>>>>>>>> a0000000620201 1 0
>>>>>>>>>> a0000000030000 1 0
>>>>>>>>>> a000000001 1 0
>>>>>>>>>> a00000000101 7 0
>>>>>>>>>> card_disconnect
>>>>>>>>>> release_context
>>>>>>>>>> #
>>>>>>>>>>
>>>>>>>>>> ~Iain
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> -------------------------------------------------------
>>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>>> language
>>>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>>>> webcast
>>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>>> territory!
>>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>>> Glo...@li...
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------
>>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>>> language
>>>>>>>>> that extends applications into web and mobile media. Attend the
>>>>>>>>> live webcast
>>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>>> territory!
>>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Globalplatform-users mailing list
>>>>>>>>> Glo...@li...
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-users
>>>>>>>>
>>>>>>>>
>>>>>>>> -------------------------------------------------------
>>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>>> language
>>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>>> webcast
>>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>>> territory!
>>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Globalplatform-developers mailing list
>>>>>>>> Glo...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>>>>>>> language
>>>>>>> that extends applications into web and mobile media. Attend the live
>>>>>>> webcast
>>>>>>> and join the prime developer group breaking into this new coding
>>>>>>> territory!
>>>>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>>>>>>> _______________________________________________
>>>>>>> Globalplatform-developers mailing list
>>>>>>> Glo...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> mode_211
>>>> enable_trace
>>>> establish_context
>>>> card_connect
>>>> select -AID a0000000030000
>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel
>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Put secure channel keys
>>>> #put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>> card_disconnect
>>>> release_context
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> mode_211
>>>> enable_trace
>>>> establish_context
>>>> card_connect
>>>> select -AID a0000000030000
>>>> open_sc -scp 1 -scpimpl 5 -security 1 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Open secure channel
>>>> put_sc_key -keyver 1 -newkeyver 1 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Put secure channel keys
>>>> card_disconnect
>>>> release_context
|
|
From: Karsten O. <wid...@t-...> - 2006-10-18 13:35:01
|
Hello, In CVS is a new version with support for GemXpresso Pro cards. I have now such a card and could test it with a GemXpresso Pro R3.2 E64. GPShell and GlobalPlatform is updated. In some time a release will come. Karsten |
|
From: Xu S. <jav...@ho...> - 2006-09-21 09:48:24
|
SGkgYWxsICwNCkhhcHB5IHRvIHNlZSB5b3VyIGVmZm9ydCBvbiB0aGUgZGV2ZWxvcG1lbnQgb2Yg R1AuIEkndmUgYmVlbiB1c2luZyBKQ09QL1N1biBKQ1dERS9TSU1BbGxpYW5jZSBMb2FkZXIvdmVu ZGVyIHNwZWNpZmljIHRvb2xzIGZvciBhIGZldyB5ZWFycyxJJ20gbG9va2luZyBmb3J3YXJkIHRv IHRhbGtpbmcgdG8geW91IGFmdGVyIHRoZSB1c2Ugd2l0aCB0aGlzIGxpYnJhcnkuIA0KDQpXaXRo IGJlc3QgcmVnYXJkcywgTWl0IGZyZXVuZGxpY2hlbSBHcnVzcw0KWHUgU29uZw0K |
|
From: Karsten O. <wid...@t-...> - 2006-09-15 17:59:12
|
Slobodan Milnovic wrote: > [cut] > >>>You could probably benefit from their support, but your >> >>implementation >> >>>looks quite nice and functional anyway... >> >>They have support? Really? What support? I'm a Open Source >>developer and this is a commercial organization, although I >>don't know of another free implementation with these features. > > > :) Exactly that is the reason they should support it. But I understand > now the background story between you and the GP.org... > > [cut] > >>So, try out GPShell (which only supports Card Manager >>Security Domains) and see what it can do. I have tested it >>with CFlex, Oberthur, JCOP and G&D cards. > > > I will. At work, we are using the "official" GP implementation. There is a official implementation? Never heard of. I only know the JCOP tools from IBM, which are not part of a development kit for a special card type. I cannot find it at the web site. > I've > just started looking into it so I don't know yet all the details, but I > like the idea of not beeing tied up into one implementation. > > And since I've been using linux professionaly for some time now, I > prefer the open source over the closed source every time. :) The new 2.2 specification is a pain in my neck, I hope it will last some time, until cards will arrive supporting it. This whole cryptographic stuff. This is too much. 4 different kinds of secure channel protocols. They are kidding. This is not the easy way. I wonder, when there will be cards supporting the new ones. > > Thanks for the information, I'll check it thoroughly. > >>I just got a GemXpresso card, so with some time also these >>kind of cards, which are tricky or lets say ioutside the spec >>will be supported. > > > Well, we still haven't decided yet which cards will be used for the > project we are starting now (we are using several for different things > at the moment), and my boss has informed me that for some cards (don't > know yet which ones) we even don't have any specifications, just one GP > script that "does the job"... As in, "we are not trustworthy" (we as in > one of the biggest and oldest banks in croatia and not as in us > developers :) )... Go figure... It's gonna be fun, I can feel it... :))) > > Thank you again for answering my questions, I'll let you know my > impressions in a while. :) This would be great. Karsten > > Bye. > > P.S. I have subscribed to the mail list, so you don't have to send the > e-mails directly to me, you can send it to the list, if that was your > intention. But it's no problem for me. :) |
|
From: Slobodan M. <Slo...@pb...> - 2006-09-15 10:44:34
|
> -----Original Message----- > From: Karsten Ohme [mailto:wid...@t-...]=20 > Sent: Thursday, September 14, 2006 9:07 PM > To: Slobodan Milnovic > Cc: glo...@li... > Subject: Re: [Globalplatform-users] Relation between this=20 > project and www.globalplatform.org >=20 > Slobodan Milnovic wrote: > > Hi, > >=20 > > I was wondering, what is the relation (if any) between this project=20 > > and the globalplatform organization, because I was unable=20 > to find any=20 > > information about this project on www.globalplatform.org,=20 > and also the=20 > > homepage of this project is just an empty directory? >=20 > This project is free software and has nothing to do with the=20 > GlobalPlatform organization aprt from that it implements the=20 > GP standard. (At least up to GP 2.1.1) You could probably benefit from their support, but your implementation looks quite nice and functional anyway... =20 > Yes, the homepage is empty. With some time (missing), this=20 > could be done. You can find necessary information at the=20 > sorceforge page under Docs and within the API documentation. Or aks. I've found the documentaton, that was no problem, there just wasn't any information about the relation between this project and globalplatform.org. Not that I cannot live without that information, I was just curious. :) I'd like to ask one more thing, is your implementation complete regarding the GP 2.1.1? |
2 messages has been excluded from this view by a project administrator.
