This discussion is archived
9 Replies Latest reply: Nov 19, 2012 11:51 AM by safarmer RSS

put RSA key(scp02)

964439 Newbie
Currently Being Moderated
hi,
I have a Kona26 card,
I can put DES key with SCP02 on it, but I can't put RSA key with scp02 on it, also I want this key for terminal side.

Edited by: 961436 on Oct 17, 2012 1:49 AM
  • 1. Re: put RSA key(scp02)
    964439 Newbie
    Currently Being Moderated
    help me!!!!

    Edited by: 961436 on Oct 22, 2012 12:09 AM
  • 2. Re: put RSA key(scp02)
    964439 Newbie
    Currently Being Moderated
    :(
  • 3. Re: put RSA key(scp02)
    safarmer Expert
    Currently Being Moderated
    SCP02 only uses DES (2TDEA) keys. You either need to get support for an asymmetric SCP or you need to do the crypto yourself.

    - Shane
  • 4. Re: put RSA key(scp02)
    964439 Newbie
    Currently Being Moderated
    Thanks for reply,
    I want to put RSA key for DM (Delegated Management) purpose, not for an authentication,
    you know I'm able to generate RSA key on the card, but I can't put RSA key from terminal to card for DM purpose or DAP.
  • 5. Re: put RSA key(scp02)
    safarmer Expert
    Currently Being Moderated
    In this case, the SCP has nothing to do with what you are doing other than proving you are authenticated.

    Can you explain how you have tried to put the key?

    - Shane
  • 6. Re: put RSA key(scp02)
    964439 Newbie
    Currently Being Moderated
    Thanks Shane for your instant answer!

    For Put key I send the following commands to the card:
    1- Initialize update
    2- External Authenticate (Security Level = no security)
    3- Put Key command as below:
    cla ins p1 p2
    80 D8 00 01
    Data field:
    06A180BC87AA974F1B3A5896ACB8E6B0769F8C595D1BB48DB57C01E12F68A25C06A7513D1D06974FE0F50496F62AA72FAA3743E680216F5CA1D23C08CE823A6B3D653BBDC7AB8383E423E17C68F4508F0FE77A4149697D6A6D4FCBCC250A87C0FD987C40BF8F6942A3F8E818B73FEC386F74703F905504A6D4603CD39D7336954F353500A00301000100

    the detail values of Data field are as following:
    06(key set number)
    A1(Modulus tag)
    80(modulus len)
    BC87AA974F1B3A5896ACB8E6B0769F8C595D1BB48DB57C01E12F68A25C06A7513D1D06974FE0F50496F62AA72FAA3743E680216F5CA1D23C08CE823A6B3D653BBDC7AB8383E423E17C68F4508F0FE77A4149697D6A6D4FCBCC250A87C0FD987C40BF8F6942A3F8E818B73FEC386F74703F905504A6D4603CD39D7336954F3535(Modulus value)
    00(Modulus check sum)
    A0(exponent tag)
    03(exponent len)
    010001(exponent value)
    00(exponent check sum)

    The Put Key command fails and returns 6A80 status word.
    I don't know what is the problem with PUT KEY (RSA) on SCP02 cards, I don't have this problem on SCP01 cards.

    Thanks again!
  • 7. Re: put RSA key(scp02)
    safarmer Expert
    Currently Being Moderated
    To put the DAP key. Try this, from the UICC configuration guide:
    Key Version number '70' with Key Identifier '01' is reserved for the Token Key, which is either a RSA public key or a DES key
    Key Version Number '11' is reserved for DAP as specified in ETSI TS 102 226
    Use 0x11 as the new key version for DAP and 0x70 for DM.

    - Shane
  • 8. Re: put RSA key(scp02)
    964439 Newbie
    Currently Being Moderated
    Thanks a lot for paying attention and your kind helpful answer,

    I have several kind of SCP02 cards which I'm able to put key RSA key on some of them, not all of them, all cards support SCP02 protocol, so I'm wonder that what happens? why I couldn't put key RSA key on cards which support SCP02?

    Further more, I'am able to generate RSA key on-card on all different kind of my SCP02 cards,

    I look forward to hearing from you and thanks for your attention,
  • 9. Re: put RSA key(scp02)
    safarmer Expert
    Currently Being Moderated
    There are a lot of details in the GP and Java Card specifications that are either loosely defined or optional. You will find many areas where there are implementation specific differences. It may be that one card only supports generating keys while others support PUT KEY. This is a big reason why you need to extensively test on the target card platform.

    - Shane

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points