AnsweredAssumed Answered

Curious behaviour through Applet SCP03 session

Question asked by Antoine Provot on Dec 30, 2019
Latest reply on Feb 24, 2020 by Kan_Li


I'm facing a curious behaviour that I think comes from my SCP03 keys but I don't know where I missed the point.


Here's what I did:


When I installed a new SE050 on my setup I tried to open a session with the RESERVED_ID_TRANSPORT authentification object (0x7fff0200). It didn't work. I tried to check if the ID existed, and it didn't (what is curious considering what is said in the AN12514).


Then I opened a session with the RESERVED_ID_PLATFORM_SCP (0x7fff0207) that worked.

I processed the whole SCP03 authentification with success.


 But now that I'm working with fully ciphered ProcessSessionCommand APDU with CMAC and RMAC I noticed that some APDU where forbiden (0x69 0x82 statusword) like DF_Diversify, but not others, like checkIfObjectExist.

Even more strand: if I create a AES key with the auth object mask 0x40 it works, but if I remove it it does not.


I managed to generate AES keys authentification objects to authentify with, but once the authentification done, I had the same problems.


What is the correct way to distribute keys with a brand new SE050? How to connect first to distribute a specific SCP03 masterkey, and how to use the corresponding session key to have a full usage of the applet ?


Kind regards,