This content has been marked as final. Show 2 replies
The smart card management system (SCMS) or trusted service manager (TSM) should know these details. The smart card does not give you this information in any way. From what I remember of JCS, it uses key profiles to define each keyset and this is where the diversification information is stored.
Thanks for your reply. I was kind of coming around to thinking that the keys had to be known by whatever the card was connecting too anyway.
I just can't get my head around what bit 1 of the 'i' parameter is for though.
They even give an example implementation option which specifies 1 Secure Channel Base Key
The only advantage I can see is that you save some storage space if lots of keys are associated with the channel, but as the diversification data is transmitted in the response to the INITIALIZE_UPDATE command then the channel strength is effectively reduced to a single Key.
PS On further investigation on my SmartCafe card I observed that although the G&D tool shows that there is a master key & derivation data which creates the 3 static keys, when I update the key or create a new key the JCS suite derives the individual keys and loads all 3 individually as if they were separate keys anyway...
PPS - It's not really a big issue for me, just an interesting aside which I thought I'd share...