<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic J3R180 from chinese distributor - initialization required? in Smart Cards and Secure Element</title>
    <link>https://community.nxp.com/t5/Smart-Cards-and-Secure-Element/J3R180-from-chinese-distributor-initialization-required/m-p/1898456#M143</link>
    <description>&lt;P&gt;Hello everybody,&lt;/P&gt;&lt;P&gt;recently I ordered a batch of JCOP4 J3R180 samples from a Chinese NXP distributor claiming SCP03 as being the default setting in their product listing.&lt;/P&gt;&lt;P&gt;However, on arrival those cards had their factory default keys (key version 255) still active and the cards are in SCP02 mode. After a bit of back and forth and the distributor claiming I would not pay I finally got the according keys from them and could access the cards.&lt;/P&gt;&lt;P&gt;But: it is impossible to create a supplemental security domain with SCP03 enabled. I followed GlobalPlatform Confidential Card Content Management, etc. and tried parameter 81020370 (SCP03 i70) during initialization of the SSD. But those cards deny that parameter setting. Other J3R200/J3R180 happily accept exactly the very same command.&lt;/P&gt;&lt;P&gt;So, the distributor told me I've to "do initialization" - without any details. They're now trying to sell me additional services after delivering misconfigured cards.&lt;/P&gt;&lt;P&gt;I tried STORE-DATA to the ISD with DGI 0070 and 810402550370 to migrate from SCP02 to a SCP03 key-set as this worked out on other secure elements. The cards accept the STORE-DATA command and a key-set pushed via STORE-DATA as well with key version 0x31 and AES-128 gets created - but cannot be used during init-update. So this tell's me SCP03 is not enabled on those cards. I already have one card locked up with a SCP03 key-set and version 0x31 - not being able to complete init update.&lt;/P&gt;&lt;P&gt;They stick to their explanation that some initialization has to be done.&lt;/P&gt;&lt;P&gt;I've docstore access and know the JCOP Tools for JCOP3, JCOP4 and JCOP5. But obviously I missed something until now. Where do I have to look for?&lt;/P&gt;&lt;P&gt;This can't be more than a single APDU if they are correct. Or do they try to scam us?&lt;/P&gt;&lt;P&gt;Thanks &amp;amp; best regards,&lt;/P&gt;&lt;P&gt;Christian&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Wed, 03 Jul 2024 15:01:29 GMT</pubDate>
    <dc:creator>ckahlo</dc:creator>
    <dc:date>2024-07-03T15:01:29Z</dc:date>
    <item>
      <title>J3R180 from chinese distributor - initialization required?</title>
      <link>https://community.nxp.com/t5/Smart-Cards-and-Secure-Element/J3R180-from-chinese-distributor-initialization-required/m-p/1898456#M143</link>
      <description>&lt;P&gt;Hello everybody,&lt;/P&gt;&lt;P&gt;recently I ordered a batch of JCOP4 J3R180 samples from a Chinese NXP distributor claiming SCP03 as being the default setting in their product listing.&lt;/P&gt;&lt;P&gt;However, on arrival those cards had their factory default keys (key version 255) still active and the cards are in SCP02 mode. After a bit of back and forth and the distributor claiming I would not pay I finally got the according keys from them and could access the cards.&lt;/P&gt;&lt;P&gt;But: it is impossible to create a supplemental security domain with SCP03 enabled. I followed GlobalPlatform Confidential Card Content Management, etc. and tried parameter 81020370 (SCP03 i70) during initialization of the SSD. But those cards deny that parameter setting. Other J3R200/J3R180 happily accept exactly the very same command.&lt;/P&gt;&lt;P&gt;So, the distributor told me I've to "do initialization" - without any details. They're now trying to sell me additional services after delivering misconfigured cards.&lt;/P&gt;&lt;P&gt;I tried STORE-DATA to the ISD with DGI 0070 and 810402550370 to migrate from SCP02 to a SCP03 key-set as this worked out on other secure elements. The cards accept the STORE-DATA command and a key-set pushed via STORE-DATA as well with key version 0x31 and AES-128 gets created - but cannot be used during init-update. So this tell's me SCP03 is not enabled on those cards. I already have one card locked up with a SCP03 key-set and version 0x31 - not being able to complete init update.&lt;/P&gt;&lt;P&gt;They stick to their explanation that some initialization has to be done.&lt;/P&gt;&lt;P&gt;I've docstore access and know the JCOP Tools for JCOP3, JCOP4 and JCOP5. But obviously I missed something until now. Where do I have to look for?&lt;/P&gt;&lt;P&gt;This can't be more than a single APDU if they are correct. Or do they try to scam us?&lt;/P&gt;&lt;P&gt;Thanks &amp;amp; best regards,&lt;/P&gt;&lt;P&gt;Christian&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 03 Jul 2024 15:01:29 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Smart-Cards-and-Secure-Element/J3R180-from-chinese-distributor-initialization-required/m-p/1898456#M143</guid>
      <dc:creator>ckahlo</dc:creator>
      <dc:date>2024-07-03T15:01:29Z</dc:date>
    </item>
  </channel>
</rss>

