5 Replies Latest reply: Jan 30, 2013 5:01 AM by 970895 RSS

    PUT KEY - calculation of Encrypted Key value problem

    970895
      Hi,

      I have problem with calculation of the Encrypted key value for using in put key command. After calculation the first 8 bytes of the Encrypted Key Value are right and the rest are different. Where can I have a mistake? Similar problem have Kishan Saralaya in this thread SCP02 Put key problem but he don't write where was the problem.

      My algo and results:

      Sequence number : 0008 (obtain from INIT UPDATE command)
      the default initiate key = 404142434445464748494a4b4c4d4e4f
      I want set the New key = 101112131415161718191a1b1c1d1e1f

      1.
      DECSessionKey = TripleDes in CBC(0181 + 0008 + 00 00 00 00 00 00 00 00 00 00 00 00) with initiate key
      DECSessionKey = B4 F7 5C E0 A9 5E A3 F8 6B BD 05 1C B7 7C 0F AE

      2.
      Encrypted Key Value = TripleDes in CBC mode(101112131415161718191a1b1c1d1e1f) with DECSessionKey
      Encrypted Key Value = D6 AA 05 53 6E BB 5C 63 25 D2 82 97 30 75 B3 AD

      From JCShell I see, that encrypted Key Value must be D6 AA 05 53 6E BB 5C 63 E0 B1 8D 3A AE 9C D0 A5. As I wrote, there is a mismtach between last 8 bytes of calculated keys.

      Does anybody see some mistake in my calculation?
      Thank you,
      Milanatik
        • 1. Re: PUT KEY - calculation of Encrypted Key value problem
          801926
          It depends what SCP and what option you use. Likely it's SCP02 option 55, there you need to take care to use ECB for DEK session key calculation (see GP 2.1.1, E.4.7). For SCP01, DEK key is static.
          • 2. Re: PUT KEY - calculation of Encrypted Key value problem
            970895
            Hi lexdabear,

            thank you for your quick answer.

            I am using SCP02 secure channel protocol, but I don't know which implementation option "i" I'm using...I suppose that 55 or 15. How can I check it?
            I think, that in explicit secure channel session is all DES Session Keys(C-MAC, R-MAC, S-ENC, DEK) generated using tripleDES in CBC mode. In GPcard spec v2.2 is it written in E.4.1.

            I have read something about cryptographics algorithms in GPcard spec and maybe I feel a source of problem - Initial chaining vector(ICV). Below, you can see the log from JCshell. I think, that in calculating the Encrypted Key Value I am using ICV with value also 0 and that is bad. In GPspec v2.2, part E.1.3, I read :

            "The integrity of the sequence of APDU command or response messages being transmitted to the receiving entity is achieved by using the MAC from the current command or response as the (possibly encrypted) Initial Chaining Vector (ICV) for the subsequent command or response. This ensures the receiving entity that all messages in a sequence have been received. Computing the ICV is detailed in Appendix E.3 - Cryptographic Algorithms."

            So, is it needed to put as the ICV the calculated value of MAC from ext-auth command? Or the value of the ICV is calculated in a different way?

            Thank you,
            MIlanatik

            My log:
            cm> init-update 255
            => 80 50 00 00 08 AB E6 0E 71 20 D4 E0 8E 00 .P......q ....
            (69114 usec)
            <= 00 00 20 66 00 06 85 95 90 42 FF 02 00 08 8B 32 .. f.....B.....2
            0E C6 0E 9B 03 69 5E 27 D7 A4 F9 E2 90 00 .....i^'......
            -----------------------------------------------------------------------------------------------
            My note:
            sequence number 0008
            Card challenge: 8B320EC60E9B
            Card cryptogram: 03695E27D7A4F9E2
            ----------------------------------------------------------------------------------------------
            Status: No Error
            cm> ext-auth
            => 84 82 00 00 10 3B 2B BE 2C 53 6F BC 41 3A 41 60 .....;+.,So.A:A`
            FC FB AD 58 3A ...X:
            -----------------------------------------------------------------------------------------------
            My note:
            calculated Host cryptogram: 3B2BBE2C566FBC41
            Calculated MAC: 3A4160FCFBAD583A
            Initial Vector: 0
            ----------------------------------------------------------------------------------------------
            (77098 usec)
            <= 90 00 ..
            Status: No Error
            cm> set-key 20/1/DES-ECB/101112131415161718191a1b1c1d1e1f
            cm> set-key 20/2/DES-ECB/101112131415161718191a1b1c1d1e1f
            cm> set-key 20/3/DES-ECB/101112131415161718191a1b1c1d1e1f
            cm> print-key
            20/1/DES-ECB/101112131415161718191A1B1C1D1E1F
            20/2/DES-ECB/101112131415161718191A1B1C1D1E1F
            20/3/DES-ECB/101112131415161718191A1B1C1D1E1F
            cm> put-keyset 20
            => 80 D8 00 81 43 14 80 10 D6 AA 05 53 6E BB 5C 63 ....C......Sn.\c
            E0 B1 8D 3A AE 9C D0 A5 03 FE 8A 09 80 10 D6 AA ...:............
            05 53 6E BB 5C 63 E0 B1 8D 3A AE 9C D0 A5 03 FE .Sn.\c...:......
            8A 09 80 10 D6 AA 05 53 6E BB 5C 63 E0 B1 8D 3A .......Sn.\c...:
            AE 9C D0 A5 03 FE 8A 09 00 .........
            (160237 usec)
            <= 14 FE 8A 09 FE 8A 09 FE 8A 09 90 00 ............
            Status: No Error
            • 3. Re: PUT KEY - calculation of Encrypted Key value problem
              801926
              GP 2.1.1:
              E.4.7 Sensitive Data Encryption and Decryption
              Data encryption is used when transmitting sensitive data to the card and is over and beyond the security level
              required for the Secure Channel; For instance all DES keys transmitted to a card (e.g. in a PUT KEY command)
              should be encrypted.
              The data encryption process uses the data encryption session key and the encryption method described in
              Appendix B.1.1.2 – Encryption/Decryption ECB Mode when using explicit initiation of the Secure Channel and
              ..
              ICV is zero for ENC and DEK keys.
              • 4. Re: PUT KEY - calculation of Encrypted Key value problem
                970895
                Hi lexdabear,

                thank you for your answer, but now I'm really confused...

                Can you write the brief sequence of steps, how to calculate the encrypted ked value? All needed data you can find on replies above.

                Thank you,
                Milan
                • 5. Re: PUT KEY - calculation of Encrypted Key value problem
                  970895
                  Hi all,

                  my problem have been solved! Thank lexdabear for hints.

                  Here are the steps to calculate Encrypted Key value for use in PUT KEY command for SCP02:

                  Sequence number : 0008 (obtain from INIT UPDATE command)
                  the default initiate key = 404142434445464748494a4b4c4d4e4f
                  I want set the New key = 101112131415161718191a1b1c1d1e1f

                  1. Calculate DEK Session Key
                  DEKSessionKey = TripleDES in CBC(0181 + 0008 + 00 00 00 00 00 00 00 00 00 00 00 00) with initiate key as the key
                  DEKSessionKey = B4 F7 5C E0 A9 5E A3 F8 6B BD 05 1C B7 7C 0F AE

                  2. Calculate Encrypted Key value
                  Encrypted Key Value = DES in ECB mode(value of the new key - 101112131415161718191a1b1c1d1e1f) with DEKSessionKey as the key
                  Encrypted Key Value = D6 AA 05 53 6E BB 5C 63 E0 B1 8D 3A AE 9C D0 A5

                  3. Calculate Key check value - the first 3 bytes of the result
                  Key check Value = DES in ECB mode([0,0,0,0,0,0,0,0]) with new key as the key.
                  Key check Value = FE 8A 09

                  Now you have all what you need to construct PUT KEY command.

                  Mialn