9 Replies Latest reply on Nov 19, 2012 7:51 PM by safarmer

    put RSA key(scp02)

      I have a Kona26 card,
      I can put DES key with SCP02 on it, but I can't put RSA key with scp02 on it, also I want this key for terminal side.

      Edited by: 961436 on Oct 17, 2012 1:49 AM
        • 1. Re: put RSA key(scp02)
          help me!!!!

          Edited by: 961436 on Oct 22, 2012 12:09 AM
          • 2. Re: put RSA key(scp02)
            • 3. Re: put RSA key(scp02)
              SCP02 only uses DES (2TDEA) keys. You either need to get support for an asymmetric SCP or you need to do the crypto yourself.

              - Shane
              • 4. Re: put RSA key(scp02)
                Thanks for reply,
                I want to put RSA key for DM (Delegated Management) purpose, not for an authentication,
                you know I'm able to generate RSA key on the card, but I can't put RSA key from terminal to card for DM purpose or DAP.
                • 5. Re: put RSA key(scp02)
                  In this case, the SCP has nothing to do with what you are doing other than proving you are authenticated.

                  Can you explain how you have tried to put the key?

                  - Shane
                  • 6. Re: put RSA key(scp02)
                    Thanks Shane for your instant answer!

                    For Put key I send the following commands to the card:
                    1- Initialize update
                    2- External Authenticate (Security Level = no security)
                    3- Put Key command as below:
                    cla ins p1 p2
                    80 D8 00 01
                    Data field:

                    the detail values of Data field are as following:
                    06(key set number)
                    A1(Modulus tag)
                    80(modulus len)
                    BC87AA974F1B3A5896ACB8E6B0769F8C595D1BB48DB57C01E12F68A25C06A7513D1D06974FE0F50496F62AA72FAA3743E680216F5CA1D23C08CE823A6B3D653BBDC7AB8383E423E17C68F4508F0FE77A4149697D6A6D4FCBCC250A87C0FD987C40BF8F6942A3F8E818B73FEC386F74703F905504A6D4603CD39D7336954F3535(Modulus value)
                    00(Modulus check sum)
                    A0(exponent tag)
                    03(exponent len)
                    010001(exponent value)
                    00(exponent check sum)

                    The Put Key command fails and returns 6A80 status word.
                    I don't know what is the problem with PUT KEY (RSA) on SCP02 cards, I don't have this problem on SCP01 cards.

                    Thanks again!
                    • 7. Re: put RSA key(scp02)
                      To put the DAP key. Try this, from the UICC configuration guide:
                      Key Version number '70' with Key Identifier '01' is reserved for the Token Key, which is either a RSA public key or a DES key
                      Key Version Number '11' is reserved for DAP as specified in ETSI TS 102 226
                      Use 0x11 as the new key version for DAP and 0x70 for DM.

                      - Shane
                      • 8. Re: put RSA key(scp02)
                        Thanks a lot for paying attention and your kind helpful answer,

                        I have several kind of SCP02 cards which I'm able to put key RSA key on some of them, not all of them, all cards support SCP02 protocol, so I'm wonder that what happens? why I couldn't put key RSA key on cards which support SCP02?

                        Further more, I'am able to generate RSA key on-card on all different kind of my SCP02 cards,

                        I look forward to hearing from you and thanks for your attention,
                        • 9. Re: put RSA key(scp02)
                          There are a lot of details in the GP and Java Card specifications that are either loosely defined or optional. You will find many areas where there are implementation specific differences. It may be that one card only supports generating keys while others support PUT KEY. This is a big reason why you need to extensively test on the target card platform.

                          - Shane