I'm facing a curious behaviour that I think comes from my SCP03 keys but I don't know where I missed the point.
Here's what I did:
When I installed a new SE050 on my setup I tried to open a session with the RESERVED_ID_TRANSPORT authentification object (0x7fff0200). It didn't work. I tried to check if the ID existed, and it didn't (what is curious considering what is said in the AN12514).
Then I opened a session with the RESERVED_ID_PLATFORM_SCP (0x7fff0207) that worked.
I processed the whole SCP03 authentification with success.
But now that I'm working with fully ciphered ProcessSessionCommand APDU with CMAC and RMAC I noticed that some APDU where forbiden (0x69 0x82 statusword) like DF_Diversify, but not others, like checkIfObjectExist.
Even more strand: if I create a AES key with the auth object mask 0x40 it works, but if I remove it it does not.
I managed to generate AES keys authentification objects to authentify with, but once the authentification done, I had the same problems.
What is the correct way to distribute keys with a brand new SE050? How to connect first to distribute a specific SCP03 masterkey, and how to use the corresponding session key to have a full usage of the applet ?