0

Referring to the Stack Flow discussion at: How can I check INITIALIZE UPDATE and EXTERNAL AUTHENTICATE correctness?

How was the derivation_const_ENC of 0182 arrived at?

Secondly, I am trying to authenticate to a smart card CardManager with an AES key set and SCP03. Is anyone aware of a CardManager class with initializeUpdate and externalAuthenticate methods that supports SCP03 ?

I have tried a key type of AES (0x88) with a key version of 255 with my old versions of CardManager, OPApplet, and OPKey, but the verification of the response from initializeUpdate fails with a "wrong R-APDU length". If I use a DES key set and SCP_UNDEFINED, it works.

vlp
  • 7,811
  • 2
  • 23
  • 51
user1011176
  • 1
  • 1
  • I would suggest to separate this into two questions. – guidot Oct 27 '22 at 20:42
  • As far as I know the [GlobalPlatformPro](https://github.com/martinpaljak/GlobalPlatformPro) supports SCP03. The key derivation process is precisely described in the SCP protocol specification -- have a look here. – vlp Oct 28 '22 at 10:49
  • Yes, I know Global Platform 2.3.1 supports SCP03 (which must be used when an AES key set is used). My question pertains more to what com.ibm.jc.CardManager, OPApplet, and OPKey provided for the various flavors of SCP02 and DES. The inherited methods of initializeUpdate and externalAuthenticate (from OPApplet) performed the functions involved in the handshake for SCP02 and DES. Where can I find updated versions of these classes that support the handshake for SCP03 and AES ? – user1011176 Oct 29 '22 at 14:57

0 Answers0