2 Replies Latest reply: Dec 22, 2010 1:09 PM by safarmer RSS

    JCOP put-key encryption key

    807339
      Hi there,

      I can't find which key is used to encrypt key data given to put-key command per parameter. I give an example:
      put-key 1/1/DES-ECB/404142434445464748494a4b4c4d4e4f
                      1/2/DES-ECB/404142434445464748494a4b4c4d4e4f
                      1/3/DES-ECB/404142434445464748494a4b4c4d4e4f
       => 80 D8 00 81 43 01 80 10 EF BE E6 C6 D9 9D 7B 70    ....C.........{p
          BD E9 D7 E9 27 F0 20 AF 03 8B AF 47 80 10 EF BE    ....'. ....G....
          E6 C6 D9 9D 7B 70 BD E9 D7 E9 27 F0 20 AF 03 8B    ....{p....'. ...
          AF 47 80 10 EF BE E6 C6 D9 9D 7B 70 BD E9 D7 E9    .G........{p....
          27 F0 20 AF 03 8B AF 47 00                         '. ....G.
       (391 msec)
       <= 01 8B AF 47 8B AF 47 8B AF 47 90 00                ...G..G..G..
      Status: No Error
      It's about analyzing the data field of the APDU. If I understand GP card spec 2.1.1 page 131 table 9-50 correctly, the first key starts at offset 9 (0xEF...) and the length of the key is coded at offset 8 (0x10) so I interpret this as coded in bit (16Byte - OK). It's easy to see that the 16 Bytes starting at offset 9 is not the one which was given the put-key command as parameter (404142...) so the key is definitely encrypted which makes, needless to say, sense :)

      The thing is, I can't find any info what key is used to encrypt the keys except "When using this command to load or replace secret or private keys, the key values shall be encrypted and the
      reference of the encrypting key and algorithm to be used is known implicitly according to the current context.". Unfortunately the key is not implicitly known by me :(

      I found out that the used key must be a static key, because the ciphertext is always the same in different secure channel sessions.

      Thanks for your help in advance!