AID of JCOP's Security Domain and meaning of “Card Not Fused” or “Not Pre-Personalized”

天大地大妈咪最大 提交于 2019-12-18 09:29:32

问题


I download a software named JCOP Manger from here to deal with my CJ3A080 jcop java card.

It recognize my card currectly. but it don't let my to install or list applets! why?

Output of this software:

I try to select the ISD using CardTool (The software that I use to send APDU to card), but as you see below none of common AIDs not found on the card :

Note that, CardTool output format is as below :

< CLA | INS | P1 | P2 | Lc | Le
< Command Data Field (If Possible)
> Response Data Field (If Possible)
> SW1 SW2

So, This is output of CardTool :

Answer-to-Reset
3B  F8  13  00  00  81  31  FE  45  4A  43  4F  50  76  32  34  31  B7  

< 00 A4 04 00 08 00
< A0 00 00 00 03 00 00 00
> 6A82


< 00 A4 04 00 07 00
< A0 00 00 00 03 00 00
> 6A82

< 00 A4 04 00 08 00
< A0 00 00 00 18 43 4D 00
> 6A82

< 00 A4 04 00 08 00
< A0 00 00 01 51 00 00 00
> 6A82

< 00 A4 04 00 07 00
< A0 00 00 00 03 53 50
> 6A82

I also try gp.exe tool, and this is its output :

E:\GP>gp -list
Exception in thread "main" java.lang.IllegalStateException: No selected ISD!
        at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:327)
        at openkms.gp.GPTool.main(GPTool.java:280)

E:\GP>

The questions are:

  • 1- What does this mean? "Not Fused (Not Pre-Personalized)"
  • 2- How I can personalize it?
  • 3- How we can find that if a card fused or not?
  • 4- What is the AID of Security Domain?

I asked all these 4 questions in a singe topic, because these are closely related to each other


回答1:


Before a smart card can be used, it needs to be "pre-personalized": some basic settings need to be written, ISD keys initialized, etc. If a card is not pre-personalized, it will not respond to normal APDUs. The pre-personalization process is vendor-specific and there is a chain of trust involved, so you will need to ask your card supplier for the tools, keys and documentation so you can do it.

This blog post http://colinoflynn.com/tiki-view_blog_post.php?postId=34 explains how to know if a JCOP card has been pre-personalized, by sending a SELECT APDU to a special AID. It is probably the same command the JCOP Manager tool you used for your screenshot is sending.



来源:https://stackoverflow.com/questions/27076532/aid-of-jcops-security-domain-and-meaning-of-card-not-fused-or-not-pre-person

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!