Open luckiday opened 3 years ago
Please also add gp -ldv output and how the domain was created
One of my issues is that the create simple domain command from the branch next
does not work with my card.
# gp -dv -key default -domain 010101010101 --allow-to --allow-from
SCardConnect("Identiv SCR3500 A Contact Reader", T=*) -> T=1, 3BDB18FF8191FE1FC38031A073BE211367432007E3
# GlobalPlatformPro 19.05.16-129-gdfb2cfb
# Running on Mac OS X 10.16 x86_64, Java 11.0.10 by AdoptOpenJDK
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (19ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[INFO] GPSession - Using card master keys with version 0 for setting up session with MAC
A>> T=1 (4+0008) 80500000 08 7FAACBDF4D12D8E9 00
A<< (0028+2) (45ms) 00009326519195994079010200C7FAE7E08D6D38786E1737C311218E 9000
[DEBUG] GPSession - KDD: 00009326519195994079
[DEBUG] GPSession - SSC: 00C7
[DEBUG] GPSession - Host challenge: 7FAACBDF4D12D8E9
[DEBUG] GPSession - Card challenge: 00C7FAE7E08D6D38
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=CA0A9629B52B3ADA8D17DAD8E131D611 MAC=929BF363BD6A81DF1406ABE10AF06F1F RMAC=ED7ED6DFBA8A821135B00431907B99EC
[DEBUG] GPSession - Verified card cryptogram: 786E1737C311218E
[DEBUG] GPSession - Calculated host cryptogram: 250DDE60557E503E
A>> T=1 (4+0016) 84820100 10 250DDE60557E503EF57B561F6C200C62
A<< (0000+2) (25ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F0087BEEE4891698F12 00
A<< (0040+2) (24ms) E3264F08A0000001510000009F700101C5039EFE80C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F24002 0A 4F0005CD697DB4CD983A 00
A<< (0040+2) (24ms) E3264F08A0000001515350419F70010FC503E08000C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F21002 0A 4F0028531F045BADC6EF 00
A<< (0097+2) (38ms) E3254F07A00000015153509F700101CE02FFFF8408A000000151535041CC08A000000151000000E31B4F07A00000006202049F700101CE020100CC08A000000151000000E31B4F07A00000006202029F700101CE020103CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F00C9884007F38D86DE 00
A<< (0087+2) (36ms) E31B4F07A00000015153509F700101CE02FFFFCC08A000000151000000E31B4F07A00000006202049F700101CE020100CC08A000000151000000E31B4F07A00000006202029F700101CE020103CC08A000000151000000 9000
# Note: using detected default AID-s for SSD instantiation: A000000151535041 from A0000001515350
# Final parameters: 810202008202202087022020
A>> T=1 (4+0050) 84E60C00 32 07A000000151535008A0000001515350410601010101010101800EC90C81020200820220208702202000A0979B2B6C040838
A<< (0000+2) (237ms) 6A80
Error: INSTALL [for install and make selectable] failed: 0x6A80 (Wrong data/incorrect values in data)
SCardDisconnect("Identiv SCR3500 A Contact Reader", true) tx:159/rx:326
So I switch back to the master
branch and recompiled gp
. Then the domain is created. Here is the log.
%gp -dv -key default -domain $DOM --allow-to --allow-from
# gp -dv -key default -domain 010101010101 --allow-to --allow-from
SCardConnect("Identiv SCR3500 A Contact Reader", T=*) -> T=1, 3BDB18FF8191FE1FC38031A073BE211367432007E3
# GlobalPlatformPro 19.05.16-124-g50bd9f9
# Running on Mac OS X 10.16 x86_64, Java 11.0.10 by AdoptOpenJDK
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (19ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[INFO] GPSession - Using card master keys with version 0 for setting up session [MAC]
A>> T=1 (4+0008) 80500000 08 EBB5B44D35997157 00
A<< (0028+2) (45ms) 00009326519195994079010200BEAFB62D5028FAFBDBDDA508739DC5 9000
[DEBUG] GPSession - SSC: 00BE
[DEBUG] GPSession - Host challenge: EBB5B44D35997157
[DEBUG] GPSession - Card challenge: 00BEAFB62D5028FA
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=61312BB4F30C1A9576C122005DA3527E MAC=BDD3B922E3DAAB7C361DFDAA9EE8C019 RMAC=59AB83296D36C48A474DE91497936E1B
[DEBUG] GPSession - Verified card cryptogram: FBDBDDA508739DC5
[DEBUG] GPSession - Calculated host cryptogram: CAC6F1B23C6848F8
A>> T=1 (4+0016) 84820100 10 CAC6F1B23C6848F8685AA2048B5B462E
A<< (0000+2) (26ms) 9000
A>> T=1 (4+0010) 84F28002 0A 4F0025ECF2BD8679C5FB 00
A<< (0040+2) (23ms) E3264F08A0000001510000009F700101C5039EFE80C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F24002 0A 4F00A8FB58D9932432C1 00
A<< (0040+2) (24ms) E3264F08A0000001515350419F70010FC503E08000C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F21002 0A 4F006C644970424FEBA4 00
A<< (0097+2) (37ms) E3254F07A00000015153509F700101CE02FFFF8408A000000151535041CC08A000000151000000E31B4F07A00000006202049F700101CE020100CC08A000000151000000E31B4F07A00000006202029F700101CE020103CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F00557FCF50A691D4B4 00
A<< (0087+2) (36ms) E31B4F07A00000015153509F700101CE02FFFFCC08A000000151000000E31B4F07A00000006202049F700101CE020100CC08A000000151000000E31B4F07A00000006202029F700101CE020103CC08A000000151000000 9000
# Note: using detected default AID-s for SSD instantiation: A000000151535041 from A0000001515350
Notice: 0x81 already in parameters or no parameters
# Final parameters:
A>> T=1 (4+0038) 84E60C00 26 07A000000151535008A00000015153504106010101010101018002C90000834B0BC7DBF0C264
A<< (0001+2) (257ms) 00 9000
SCardDisconnect("Identiv SCR3500 A Contact Reader", true) tx:147/rx:327
%gp -connect $DOM -key default -lock emv:default
Looking at key version
010101010101 locked with: 404142434445464748494A4B4C4D4E4F
Keys were diversified with EMV and 00009326519195994079
Write this down, DO NOT FORGET/LOSE IT!
%gp -l
# Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
ISD: A000000151000000 (OP_READY)
Parent: A000000151000000
From: A0000001515350
Privs: SecurityDomain, CardLock, CardTerminate, CardReset, CVMManagement, TrustedPath, AuthorizedManagement, TokenVerification, GlobalDelete, GlobalLock, GlobalRegistry, FinalApplication, ReceiptGeneration
DOM: A000000151535041 (PERSONALIZED)
Parent: A000000151000000
From: A0000001515350
Privs: SecurityDomain, DAPVerification, DelegatedManagement, TrustedPath
DOM: 010101010101 (PERSONALIZED)
Parent: A000000151000000
From: A0000001515350
Privs: SecurityDomain, TrustedPath
PKG: A0000001515350 (LOADED)
Parent: A000000151000000
Version: 255.255
Applet: A000000151535041
PKG: A0000000620204 (LOADED)
Parent: A000000151000000
Version: 1.0
PKG: A0000000620202 (LOADED)
Parent: A000000151000000
Version: 1.3
Install the example cap:
% CAP=tests/Empty_0102030405_8d5ac9e2_2.2.1.cap
% gp -key default -load $CAP -to $DOM -dvl
# gp -key default -load tests/Empty_0102030405_8d5ac9e2_2.2.1.cap -to 010101010101 -dvl
SCardConnect("Identiv SCR3500 A Contact Reader", T=*) -> T=1, 3BDB18FF8191FE1FC38031A073BE211367432007E3
# GlobalPlatformPro 19.05.16-124-g50bd9f9
# Running on Mac OS X 10.16 x86_64, Java 11.0.10 by AdoptOpenJDK
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (36ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
[INFO] GPSession - Using card master keys with version 0 for setting up session [MAC]
A>> T=1 (4+0008) 80500000 08 A012E7D45549D80A 00
A<< (0028+2) (45ms) 00009326519195994079010200C218C143D7040C164CDB4CB916754D 9000
[DEBUG] GPSession - SSC: 00C2
[DEBUG] GPSession - Host challenge: A012E7D45549D80A
[DEBUG] GPSession - Card challenge: 00C218C143D7040C
[DEBUG] GPSession - Card reports SCP02 with key version 1 (0x01)
[INFO] GPSession - Diversified card keys: ENC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) MAC=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) DEK=404142434445464748494A4B4C4D4E4F (KCV: 8BAF47) for SCP02
[INFO] GPSession - Session keys: ENC=125C2A9822D7E11FACB8B2619A4BCE61 MAC=00BD061DFE11161FEACE88CE53081E06 RMAC=66E5D1AED9B8333962786227FB336224
[DEBUG] GPSession - Verified card cryptogram: 164CDB4CB916754D
[DEBUG] GPSession - Calculated host cryptogram: 582AC29FF0AA2F8F
A>> T=1 (4+0016) 84820100 10 582AC29FF0AA2F8FC736858DF62DE930
A<< (0000+2) (25ms) 9000
CAP file (v2.1), contains: applets for JavaCard 2.2.1
Package: testapplets.empty 0102030405 v0.0
Applet: testapplets.empty.Empty 0102030405060708
Import: A0000000620101 v1.2 javacard.framework
Import: A0000000620102 v1.2 javacard.security
Import: A0000000620001 v1.0 java.lang
Generated by Oracle Corporation converter [v3.0.5]
On Mon Mar 08 06:55:27 EET 2021 with JDK 11.0.11-ea (Debian)
Code size 211 bytes (283 with debug)
SHA-256 8d5ac9e226e3f0a89457fb078470a9378daed8b96ba6cbe839513cdf08d27a38
SHA-1 bd74ff188cff4d78d95a6ac1952166338c49f485
A>> T=1 (4+0010) 84F28002 0A 4F007CA0E829B0C9E2B2 00
A<< (0040+2) (24ms) E3264F08A0000001510000009F700101C5039EFE80C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F24002 0A 4F00FB47902BC215B590 00
A<< (0078+2) (33ms) E3264F08A0000001515350419F70010FC503E08000C407A0000001515350CC08A000000151000000E3244F060101010101019F70010FC503808000C407A0000001515350CC08A000000151000000 9000
A>> T=1 (4+0010) 84F21002 0A 4F009090E39249BC17BC 00
A<< (0097+2) (37ms) E3254F07A00000015153509F700101CE02FFFF8408A000000151535041CC08A000000151000000E31B4F07A00000006202049F700101CE020100CC08A000000151000000E31B4F07A00000006202029F700101CE020103CC08A000000151000000 9000
A>> T=1 (4+0010) 84F22002 0A 4F00135243EC2FA1C474 00
A<< (0087+2) (35ms) E31B4F07A00000015153509F700101CE02FFFFCC08A000000151000000E31B4F07A00000006202049F700101CE020100CC08A000000151000000E31B4F07A00000006202029F700101CE020103CC08A000000151000000 9000
A>> T=1 (4+0024) 84E60200 18 05010203040506010101010101000000D597263D7A61BC5E
A<< (0000+2) (153ms) 6985
Applet loading not allowed. Are you sure the domain can accept it?
Error: INSTALL [for load] failed: 0x6985 (Conditions of use not satisfied)
SCardDisconnect("Identiv SCR3500 A Contact Reader", true) tx:133/rx:364
For the issue of creating the domain in the next
branch, it seems that the application specific parameters are not supported in my card
A>> T=1 (4+0050) 84E60C00 32 07A000000151535008A0000001515350410601010101010101800E *C90C810202008202202087022020* 00A0979B2B6C040838
Describe the bug
I am trying to load and install the
.cap
applet following the command in https://github.com/martinpaljak/GlobalPlatformPro/blob/next/tests/sce70.sh after compiling thegp.jar
. But it cannot load the applet to the security domain when running$GP -key default -load $CAP -to $DOM
. I am not sure if it's an issue from the card's capability.Information about your card
Expected behavior
I am trying to install the
.cap
to the customized SD. Tested with both my cap file and the example in https://github.com/martinpaljak/GlobalPlatformPro/tree/next/tests.Full log
Re-run your command with
-d -v -i
switches and:Additional context
I am trying to build an applet that has the capability to load and install the other applets using an SCP02 card(like the RAM functions). What are the privileges that I should give my applet?