This content has been marked as final. Show 9 replies
Edited by: 961436 on Oct 22, 2012 12:09 AM
SCP02 only uses DES (2TDEA) keys. You either need to get support for an asymmetric SCP or you need to do the crypto yourself.
Thanks for reply,
I want to put RSA key for DM (Delegated Management) purpose, not for an authentication,
you know I'm able to generate RSA key on the card, but I can't put RSA key from terminal to card for DM purpose or DAP.
In this case, the SCP has nothing to do with what you are doing other than proving you are authenticated.
Can you explain how you have tried to put the key?
Thanks Shane for your instant answer!
For Put key I send the following commands to the card:
1- Initialize update
2- External Authenticate (Security Level = no security)
3- Put Key command as below:
cla ins p1 p2
80 D8 00 01
the detail values of Data field are as following:
06(key set number)
00(Modulus check sum)
00(exponent check sum)
The Put Key command fails and returns 6A80 status word.
I don't know what is the problem with PUT KEY (RSA) on SCP02 cards, I don't have this problem on SCP01 cards.
To put the DAP key. Try this, from the UICC configuration guide:
Key Version number '70' with Key Identifier '01' is reserved for the Token Key, which is either a RSA public key or a DES keyUse 0x11 as the new key version for DAP and 0x70 for DM.
Key Version Number '11' is reserved for DAP as specified in ETSI TS 102 226
Thanks a lot for paying attention and your kind helpful answer,
I have several kind of SCP02 cards which I'm able to put key RSA key on some of them, not all of them, all cards support SCP02 protocol, so I'm wonder that what happens? why I couldn't put key RSA key on cards which support SCP02?
Further more, I'am able to generate RSA key on-card on all different kind of my SCP02 cards,
I look forward to hearing from you and thanks for your attention,
There are a lot of details in the GP and Java Card specifications that are either loosely defined or optional. You will find many areas where there are implementation specific differences. It may be that one card only supports generating keys while others support PUT KEY. This is a big reason why you need to extensively test on the target card platform.