问题
I want to change globalplatform default key for loading applet and secure messaging to card manager. I could change my gemalto default GP card key using bellow commands successfuly:
mode_211
enable_trace
establish_context
card_connect -readerNumber 1
select -AID A000000018434D00
open_sc -security 1 -keyind 0 -keyver 1 -key 47454d5850524553534f53414d504c45 -keyDerivation visa2 // Open secure channel
put_sc_key -keyver 0 -newkeyver 1 -key 505152535455565758595a5b5c5d5e5f // Put secure channel keys
card_disconnect
release_context
But when i want to make secure channel to card manager by new key, cryptogram which produces in host side doesn't match to card side. The old key doesn't work too. Commands for authentication to card manager are:
open_sc -security 1 -keyind 0 -keyver 0 -key 505152535455565758595a5b5c5d5e5f -keyDerivation visa2 // Open secure channel
also i tested
open_sc -security 1 -keyind 0 -keyver 1 -key 505152535455565758595a5b5c5d5e5f -keyDerivation visa2 // Open secure channel
and
open_sc -security 1 -keyind 1 -keyver 0 -key 505152535455565758595a5b5c5d5e5f -keyDerivation visa2 // Open secure channel
and
open_sc -security 1 -keyind 1 -keyver 0 -key 505152535455565758595a5b5c5d5e5f -keyDerivation visa2 // Open secure channel
Also i tested the process by smartcafe smart expert 3.2 (G&D card) and the results are same.
I appreciate if anyone can help me.
回答1:
You need to use:
open_sc -security 1 -key 505152535455565758595a5b5c5d5e5f
As the new key is not diversified (derived) and you must use it directly.
Good luck!
And beware that there is a limit on unsuccessful authentications -- you might lock your card.
来源:https://stackoverflow.com/questions/36481171/authentication-failed-to-java-card-manager-after-changing-global-platform-defaul