Open kaoh opened 6 years ago
Hi,
The problem can be the key version parameters: "-keyver 0 -newkeyver 2"
keyver 0 is indicating the default version, usually used during mutual authentication to take the first available one. Maybe you have to use different values here, e.g. "-keyver 1 -newkeyver 1" to overwrite key set version 1 with new values.
Original comment by: kaoh
Thanks for the answer! I've already tried different versions of the versions, but for some reason it's impossible to load the keys:
0 to 0 :
put_dm_keys -keyver 0 -newkeyver 0 -file /disk2/Cards/newgit/var/svn/svnETD/YouROK/JavaCard/AisaCard/apdu_tests/rsapkcs1/pub.pem -pass [The_key_is_8_characters_in_length] -key [The_key_is_32_characters_in_length]
Command --> 80D80001A000A1803BAC9523A55469AF1035251FBFF034BB324CE3720808430AE6D8C2473D548CA86A6E1C4BF94EEB899C67D6EAD11A995D77F914654473BB7E088CB930CE953893BA01372CE4D128D980AB5B5657764E26AB1F6B01B954CF77554DD191309F1BFBD356ABAC8ADE1BCD87B83C6FC868F6FFE08A9C6DE02A1FFA9285E184EFAE7ACE00A003010001008010F9A55CEFECB901603D7FA351FFEA516803B846EC00
Wrapped command --> 84D80001B0F62450DC942FDC2C2DF107D3C5A37AD5622C9655A974408393F0F4742DA7F6A62CFC3150D43744B4574DC6F49F88C08AD9E61B5981C875753A410AC31A6AD083DCD7A1D4F18BC0AF62CBC1A552D1718E455E6354BAD28CE4CB920D93CF8F8E5D7CF920250D4E6CB637D360BB846E0C2D590DFDFC8D9419FEB155570E338FB341E2543BF8757B666F00E78AB5F989AED33BCDD32EE3EEA3E21C1CFA3879554111EB9B3EA010A5188F32C7FA3CF03CEB8C00
Response <-- 6A80
put_delegated_management_keys() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)
0 to 1:
put_dm_keys -keyver 0 -newkeyver 1 -file /disk2/Cards/newgit/var/svn/svnETD/YouROK/JavaCard/AisaCard/apdu_tests/rsapkcs1/pub.pem -pass [The_key_is_8_characters_in_length] -key [The_key_is_32_characters_in_length]
Command --> 80D80001A001A1803BAC9523A55469AF1035251FBFF034BB324CE3720808430AE6D8C2473D548CA86A6E1C4BF94EEB899C67D6EAD11A995D77F914654473BB7E088CB930CE953893BA01372CE4D128D980AB5B5657764E26AB1F6B01B954CF77554DD191309F1BFBD356ABAC8ADE1BCD87B83C6FC868F6FFE08A9C6DE02A1FFA9285E184EFAE7ACE00A003010001008010A1E37F0D48C342BEEA61174882172ACF03B846EC00
Wrapped command --> 84D80001B0484C0003713B7EDA44D6BCFF0B915B78C180A1CB4E05904A67214681036C25D49E5FB36F4F04A4F3E501A4506324A2DFC6FE9FEA428CEB5AA38AB85C2539A7E18F471962484D2D8267611E0A24CED478D369D16CF156F0BA94A70430B80EC4F75B977BAC084D41826E085077106CA8FD036ADD045AC066EDD1EF87145F1B5CBFC8EF5EB09C343EE627222BFE2AF71FCE700F7906E0E368C27CB16BF548AA8072D9AC3FDB6ADD7F62F3C624AC7F9E129F00
Response <-- 6A86
put_delegated_management_keys() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
1 to 1:
put_dm_keys -keyver 1 -newkeyver 1 -file /disk2/Cards/newgit/var/svn/svnETD/YouROK/JavaCard/AisaCard/apdu_tests/rsapkcs1/pub.pem -pass [The_key_is_8_characters_in_length] -key [The_key_is_32_characters_in_length]
Command --> 80D80101A001A1803BAC9523A55469AF1035251FBFF034BB324CE3720808430AE6D8C2473D548CA86A6E1C4BF94EEB899C67D6EAD11A995D77F914654473BB7E088CB930CE953893BA01372CE4D128D980AB5B5657764E26AB1F6B01B954CF77554DD191309F1BFBD356ABAC8ADE1BCD87B83C6FC868F6FFE08A9C6DE02A1FFA9285E184EFAE7ACE00A003010001008010578B322D083DCCECAD759DAD7495E0E703B846EC00
Wrapped command --> 84D80101B0C867D37089C785A281111CD7566EE3B94DF59FAB1B7941185E431B314F1856A0B8456AF1EF0DEA5002EF48D94B11F3EB365C496D3DD54A2EE00742EBF60F9A25CF58FFCE5541211F19CD16ADDD337DC1A24F7DCB97939A704FF88E01F02355A758FB1DF5A309BFFEFE0A410C8ED056B11CFD34F332AA9C713314BDEAA120982C37D417B34024136C046A86E735EC831AFA7DAE5859D7CC201680736EACBE1F926D6D462631145947EC1459E567676DCA00
Response <-- 6A86
put_delegated_management_keys() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
1 to 2:
put_dm_keys -keyver 1 -newkeyver 2 -file /disk2/Cards/newgit/var/svn/svnETD/YouROK/JavaCard/AisaCard/apdu_tests/rsapkcs1/pub.pem -pass [The_key_is_8_characters_in_length] -key [The_key_is_32_characters_in_length]
Command --> 80D80101A002A1803BAC9523A55469AF1035251FBFF034BB324CE3720808430AE6D8C2473D548CA86A6E1C4BF94EEB899C67D6EAD11A995D77F914654473BB7E088CB930CE953893BA01372CE4D128D980AB5B5657764E26AB1F6B01B954CF77554DD191309F1BFBD356ABAC8ADE1BCD87B83C6FC868F6FFE08A9C6DE02A1FFA9285E184EFAE7ACE00A003010001008010C8A943BE91EB3EAEFD76EB57D1E83CB503B846EC00
Wrapped command --> 84D80101B066755A307ADB1D78125062B7DD8CAC43DF524F803837BDA77E6E54B341D0250A25EFBDA6B8588F702A97F8F9C58D1185D3908AD14AC23591EB760C0C8C9BFF9CC457335F36F94CDCC55C1C08D0637AC6773CA68F14EE40A7B36722C8D8C4F4AD6A9490BE74B6A1B24DA77CA2B8559DC5AC1F5EEC4EE87F326AAE0ACB20708D6B8FE1293B7C92D1E4AD2B6406BE349011CECF8282C3490B04CD7B1C9C2C420B7CFE16AB36CA4AACF2467C95AC284A73BE00
Response <-- 6A86
put_delegated_management_keys() returns 0x80206A86 (6A86: Incorrect parameters (P1, P2).)
2 to 2:
put_dm_keys -keyver 2 -newkeyver 2 -file /disk2/Cards/newgit/var/svn/svnETD/YouROK/JavaCard/AisaCard/apdu_tests/rsapkcs1/pub.pem -pass [The_key_is_8_characters_in_length] -key [The_key_is_32_characters_in_length]
Command --> 80D80201A002A1803BAC9523A55469AF1035251FBFF034BB324CE3720808430AE6D8C2473D548CA86A6E1C4BF94EEB899C67D6EAD11A995D77F914654473BB7E088CB930CE953893BA01372CE4D128D980AB5B5657764E26AB1F6B01B954CF77554DD191309F1BFBD356ABAC8ADE1BCD87B83C6FC868F6FFE08A9C6DE02A1FFA9285E184EFAE7ACE00A003010001008010D739F1121DC2441D3CA2CBA35224388203B846EC00
Wrapped command --> 84D80201B07B585955082410774DED31CE2D4720A31F3A90AB61F555DFD70B232D9CD8248DBF0D0A0AE660BB0109E2A4FA57AB1FC342361BE4B5C2665A2DC96ADA9DDEB09C936F934A5E27EE7CE854B28C8F11E890F408CF0F70C0EC266E1BA7930D49297F74A48DECF9D50CDD7CFF5F13D215597366E79C30BFF91F4C132DAF84CA57F70572F71598E73A4201F2C359B6500B5275AACBB5ED127EBE581C00B3D749F2F1A410A10C04C25D19F484EC0DC78D96858E00
Response <-- 6A88
put_delegated_management_keys() returns 0x80206A88 (6A88: Referenced data not found.)
But any combination comes with errors. Can it is necessary somehow on special to create SSD with DM or to use any other algorithm for generation of RSA keys?
Original comment by: grv333
Are there any ideas, what could be the problem?
Original comment by: *anonymous
No, the combination 0,0 seems not bad, but the error sounds like an encoding problem of the transmitted data of the PUT_KEY command, it would be necessary to have a look into the manual how the data has to be sent. Usually the manufacturers do not provide a manual or hide it under NDAs. I'm also not sure if during the creation of a security domain any data must be passed for an inital key set for DM. Otherwise a default key must be used or the SD is not functional.
Original comment by: kaoh
Is this problem solved? I cannot see the comments except kaoh's and the solution to this question.
Most likely not, the bug is from a long time ago and a new bug description is needed. Since I also have no cards not the card type is mentioned to reproduce this, it is unlikely to going to be fixed without funding.
I encountered problems when I tried to put the public RSA key on the Supplementary Security Domain (SSD) with the Delegate Management(DM) privs to smart card using the GPShell utility. What I do:
I generate a private key using the options:
Based on it, I generate a public key:
I create on the smart card a domain with Delegated Management privs with the help of Global Platform Pro:
Reuslt:
I install the keys MAC, ENC and DEK (By Global Platform Pro):
Domain became PERSONALIZED:
With the help of GPShell I try to put the public RSA key to the domain:
Gives out the error parameters P1, P2, but I can not understand what the problem is and what I'm doing wrong. It is possible that the length of the password or the key, or their appearance, does not. Is it possible to somehow load keys with the help of Global Platform Pro or is it possible only with the help of GPShell?
Reported by: grv333