I am trying to figure out if there are any fields which inform the reader that the static keys for SCP02 are derived using a Master key and the derivation data (as in EMV CPS 1.1) or are 3 statically stored keys.
(SC-ENC, SC-MAC, Data-ENC)
I am playing with G&D JCS suite and find that I can put new keys into the domain using either format and that when I authenticate with a particular key set everything works as it should.
(PUT KEY VERSION 02 as a set of 3 keys for SC-ENC, SC-MAC and Data-ENC;
(PUT KEY VERSION 05 as a Master Key with Derivation Data & CMK/xMK derivation scheme)
What I can't work out is whether there is a field for the key derivation to be described or whether the JCS Suite stores locally information about the keys which it has put onto the specific card type.
If JCS is storing this information locally then is it correct to surmise that the back end system must always know what type of key exists already.
I assumed that the 'i' parameter would inform this, but it doesn't seem to make any difference (i=55 for both types of stored key because i parameter is given before the key is selected).
(i=55 would seem to be wrong in the case of a master Key being used to derive the Static keys as bit 0 should be cleared)
Perhaps I'm reading this backwards and the i parameter informs which types of keys should be PUT and that any new keys should be consistent with that?
(But then I note that G&D smartcafe Expert 3.2 product has i=15 but the default Keys certainly use Key derivation from a Master)
The smart card management system (SCMS) or trusted service manager (TSM) should know these details. The smart card does not give you this information in any way. From what I remember of JCS, it uses key profiles to define each keyset and this is where the diversification information is stored.
Thanks for your reply. I was kind of coming around to thinking that the keys had to be known by whatever the card was connecting too anyway.
I just can't get my head around what bit 1 of the 'i' parameter is for though.
They even give an example implementation option which specifies 1 Secure Channel Base Key
The only advantage I can see is that you save some storage space if lots of keys are associated with the channel, but as the diversification data is transmitted in the response to the INITIALIZE_UPDATE command then the channel strength is effectively reduced to a single Key.
PS On further investigation on my SmartCafe card I observed that although the G&D tool shows that there is a master key & derivation data which creates the 3 static keys, when I update the key or create a new key the JCS suite derives the individual keys and loads all 3 individually as if they were separate keys anyway...
PPS - It's not really a big issue for me, just an interesting aside which I thought I'd share...