https://community.nxp.com/t5/Secure-Authentication/AESKey-Session-Authentication-for-SE050/m-p/2079726#M1819 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/249272">@nana11</a>&nbsp;,</P> <P>&nbsp;</P> <P>Was your SE050 provisioned for demo purpose? Please kindly refer to&nbsp;se05x_mw_v04.05.01/simw-top/doc/demos/se05x/se05x_Delete_and_test_provision/Readme.html for more details.</P> <P>&nbsp;</P> <P>Hope that helps,</P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Mon, 14 Apr 2025 07:52:00 GMT Kan_Li 2025-04-14T07:52:00Z https://community.nxp.com/t5/Secure-Authentication/AESKey-Session-Authentication-for-SE050/m-p/2079387#M1818 <P>Hello,</P><P class="">I'm trying to establish an AESKey secure session with a SE050 board using the Java SmartCard I/O API but am running into authentication issues.<BR /><BR />When I send the SCPExternalAuthenticate command, I consistently get a 6700 ("Wrong length") error regardless of what I try.</P><P class="">what works:<BR />1. I can successfully select the SE050 applet<BR />2.&nbsp;I can successfully create an AES key authentication object<BR />3.&nbsp;I can successfully start a session using the created authentication object<BR />4.&nbsp;The SCPInitializeUpdate command completes successfully</P><P class="">log:<BR /><BR />Found terminal: Identiv uTrust 3700 F CL Reader<BR />Card is present in Identiv uTrust 3700 F CL Reader<BR />Successfully connected to SE050.<BR />Selecting applet with command: 00A4040010A0000003965453000000010300000000<BR />Select response: SW=9000, Data=0301016FFF010B<BR />SE050 applet selected successfully.<BR />Enter 4-byte object ID for your AES key (8 hex characters, e.g., 12345678):<BR />88888881<BR />Enter 16-byte AES key (32 hex characters):<BR />404142434445464748494A4B4C4D4E4F<BR />Creating session...<BR />CreateSession command: 8004001B064104888888810C<BR />CreateSession response: SW=9000, Data=4182000801A1883AD1C0DDE6<BR />Session created. Session ID: 01A1883AD1C0DDE6<BR />Host challenge: 0F935F37FFC7DD2C<BR />SCPInitializeUpdate command: 8005000019100801A1883AD1C0DDE6410D80500000080F935F37FFC7DD2C<BR />SCPInitializeUpdate response: SW=9000, Data=000000000000000000000003606897205702C2B9EF8AC6E05E6B26EB83<BR />Key diversification data: 00000000000000000000<BR />Key info: 00<BR />Card challenge: 03606897205702C2<BR />Card cryptogram: B9EF8AC6E05E6B26<BR />Derived S-ENC key: E2D59DD0015AA32B377A5CC6EED41DE6<BR />Derived S-MAC key: 3458D77ADD4D1BF923D10367959E4C4B<BR />Derived S-RMAC key: BC7323AE62CF71AD7DC3C59D56D1AFA6<BR />Expected card cryptogram: 88612A8EC56FA45C<BR />Card cryptogram doesn't match expected value, but proceeding anyway...<BR />Host cryptogram: 88612A8EC56FA45C<BR />SCPExternalAuthenticate command: 8005000021100801A1883AD1C0DDE64115848203000888612A8EC56FA45C5AD68E843A534B64<BR />SCPExternalAuthenticate response: SW=6700, Data=<BR />Authentication failed.<BR /><BR />my SE050 details:<BR />Applet Select Response Information:<BR />Major: 3<BR />Minor: 1<BR />Patch: 1<BR />AppletConfig: 0x6fff<BR />SE050 Variant: SE050E2 (FIPS mode enabled)<BR />Secure Box version: 1.b<BR /><BR />what i need to check when i&nbsp;SCPExternalAuthenticate?&nbsp;<BR /><BR />thanks</P> Sun, 13 Apr 2025 00:00:00 GMT https://community.nxp.com/t5/Secure-Authentication/AESKey-Session-Authentication-for-SE050/m-p/2079387#M1818 nana11 2025-04-13T00:00:00Z https://community.nxp.com/t5/Secure-Authentication/AESKey-Session-Authentication-for-SE050/m-p/2079726#M1819 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/249272">@nana11</a>&nbsp;,</P> <P>&nbsp;</P> <P>Was your SE050 provisioned for demo purpose? Please kindly refer to&nbsp;se05x_mw_v04.05.01/simw-top/doc/demos/se05x/se05x_Delete_and_test_provision/Readme.html for more details.</P> <P>&nbsp;</P> <P>Hope that helps,</P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Mon, 14 Apr 2025 07:52:00 GMT https://community.nxp.com/t5/Secure-Authentication/AESKey-Session-Authentication-for-SE050/m-p/2079726#M1819 Kan_Li 2025-04-14T07:52:00Z