Discussions
Categories
- 384.6K All Categories
- 2.5K Data
- 556 Big Data Appliance
- 1.9K Data Science
- 451.4K Databases
- 222.1K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 32 Multilingual Engine
- 562 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 561 SQLcl
- 4K SQL Developer Data Modeler
- 187.5K SQL & PL/SQL
- 21.4K SQL Developer
- 296.9K Development
- 1 Application Development
- 18 Developer Projects
- 140 Programming Languages
- 293.6K Development Tools
- 112 DevOps
- 3.1K QA/Testing
- 646.2K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 193 Java Community Process
- 106 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 21 Java Essentials
- 167 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 206 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 536 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 178 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 236 Portuguese
JCOP Cards: The verification of the card cryptogram failed
Hi,
I know this topic is not too fresh, but I found no solution that worked so far in:
9583581
or 9553618
or 9615554
I think I understood the following:
- Cards have a special applet called Card Manager (or Security Domain) for example to load and delete other applets
- Communication with the Card Manager goes over a secure channel with specific keys
Questions:
- Are these keys 'open' so they can be used for every card of the same type?
- Are these keys set by the factory and maybe reset by a distributor?
I tried to connect to three different Cards with GPShell but had no success
The Cards are:
- P531G072, JCOP31 V 2.3.1
- P541G072, JCOP41 V 2.3.1
- J3A080, JCOP31 V 2.4.1
AFAIK they all have Java Card 2.2.2 and Global Platform 2.1.1
Here is the GPShell output:
--------
mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped Command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06...(I'll post all bytes if necessary)...9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80 CA006600
WrappedCommand --> 80 CA006600
Response <-- 664C734A0607...(I'll post all bytes if necessary)...9000
Command --> 8050000008C5AF0346CEE0CBC000
WrappedCommand --> 8050000008C5AF0346CEE0CBC000
Response <-- 0000835800116091458101020000DA5C543DB2A6502B6FF5905B0BC19000
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)
-----
Can I somehow check if my Card is already blocked (too much failed attempts?) without waisting another attempt?
Thanks in Advance,
Max
Edited by: 870688 on 06.07.2011 08:18
I know this topic is not too fresh, but I found no solution that worked so far in:
9583581
or 9553618
or 9615554
I think I understood the following:
- Cards have a special applet called Card Manager (or Security Domain) for example to load and delete other applets
- Communication with the Card Manager goes over a secure channel with specific keys
Questions:
- Are these keys 'open' so they can be used for every card of the same type?
- Are these keys set by the factory and maybe reset by a distributor?
I tried to connect to three different Cards with GPShell but had no success
The Cards are:
- P531G072, JCOP31 V 2.3.1
- P541G072, JCOP41 V 2.3.1
- J3A080, JCOP31 V 2.4.1
AFAIK they all have Java Card 2.2.2 and Global Platform 2.1.1
Here is the GPShell output:
--------
mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped Command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06...(I'll post all bytes if necessary)...9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80 CA006600
WrappedCommand --> 80 CA006600
Response <-- 664C734A0607...(I'll post all bytes if necessary)...9000
Command --> 8050000008C5AF0346CEE0CBC000
WrappedCommand --> 8050000008C5AF0346CEE0CBC000
Response <-- 0000835800116091458101020000DA5C543DB2A6502B6FF5905B0BC19000
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)
-----
Can I somehow check if my Card is already blocked (too much failed attempts?) without waisting another attempt?
Thanks in Advance,
Max
Edited by: 870688 on 06.07.2011 08:18
Answers
-
Hi,
Max: Have you found a solution?
I am having the same problem with but with a JCOP21 V 2.3.1 card.
What I have done to keep it from locking is to after a few tries open the card using the client software I got with the card (in my case SafeSign).
Regards,
Markus -
I think I understood the following:That is correct
- Cards have a special applet called Card Manager (or Security Domain) for example to load and delete other applets
- Communication with the Card Manager goes over a secure channel with specific keysQuestions:Development cards generally have know keys that can be used. When you go into production, your cards will have a unique (each card in fact will have its own key)
- Are these keys 'open' so they can be used for every card of the same type?- Are these keys set by the factory and maybe reset by a distributor?Both. The card issue can also set the keys before sending the card out. Check the GlobalPlatform Key Management System specification from the GP website for more details on key management.WrappedCommand --> 80 CA006600Can you provide the full response from the card?
Response <-- 664C734A0607...(I'll post all bytes if necessary)...9000Can I somehow check if my Card is already blocked (too much failed attempts?) without waisting another attempt?No. If you have exceeded the tries your next INIT UPDATE will fail. You should have 10 per card with the JCOP cards from memory. Some Gemalto cards lock after 5.
Cheers,
Shane
This discussion has been closed.