AnsweredAssumed Answered

Curious behaviour through Applet SCP03 session

Question asked by Antoine Provot on Dec 30, 2019
Latest reply on Feb 24, 2020 by Kan_Li

Hi,

I'm facing a curious behaviour that I think comes from my SCP03 keys but I don't know where I missed the point.

 

Here's what I did:

 

When I installed a new SE050 on my setup I tried to open a session with the RESERVED_ID_TRANSPORT authentification object (0x7fff0200). It didn't work. I tried to check if the ID existed, and it didn't (what is curious considering what is said in the AN12514).

 

Then I opened a session with the RESERVED_ID_PLATFORM_SCP (0x7fff0207) that worked.

I processed the whole SCP03 authentification with success.

 

 But now that I'm working with fully ciphered ProcessSessionCommand APDU with CMAC and RMAC I noticed that some APDU where forbiden (0x69 0x82 statusword) like DF_Diversify, but not others, like checkIfObjectExist.

Even more strand: if I create a AES key with the auth object mask 0x40 it works, but if I remove it it does not.

 

I managed to generate AES keys authentification objects to authentify with, but once the authentification done, I had the same problems.

 

What is the correct way to distribute keys with a brand new SE050? How to connect first to distribute a specific SCP03 masterkey, and how to use the corresponding session key to have a full usage of the applet ?

 

Kind regards,

 

Antoine

Outcomes