Java Card

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ext-auth command In JCOP

843851Feb 25 2005 — edited Feb 28 2005

Hi,

I am developing an applet using JCOP tools and JCOP card BIO 31. The following is an extract from my script running.

Card Manager AID   :  A000000003000000
Card Manager state :  OP_READY

    Application:  SELECTABLE (--------) "WalletAp"      
    Sec. Domain:PERSONALIZED (S-------) A000000003535041
    Load File  :      LOADED (--------) A0000000620001   (java.lang)
    Load File  :      LOADED (--------) A0000000620101   (javacard.framework)
    Load File  :      LOADED (--------) A0000000620102   (javacard.security)
    Load File  :      LOADED (--------) A0000000620201   (javacardx.crypto)
    Load File  :      LOADED (--------) A0000000030000   (visa.openplatform)
    Load File  :      LOADED (--------) A0000001320001   (org.javacardforum.javacard.biometry)
    Load File  :      LOADED (--------) A0000000035350   (Security Domain)
    Load File  :      LOADED (--------) A000000063       (PKCS15)
    Load File  :      LOADED (--------) "walletPackage" 
/select |WalletAp => 00 A4 04 00 08 57 61 6C 6C 65 74 41 70 00          .....WalletAp.
 (35308 usec)
 <= 90 00                                              ..
Status: No Error
init-update 1 => 80 50 01 00 08 9D 14 01 2B 1E CF 00 42 00          .P......+...B.
 (88671 usec)
 <= 50 41 23 50 28 0D AA CF 17 10 01 01 FC 42 8B 7C    PA#P(........B.|
    05 80 72 3B 11 C6 5C 23 B8 D2 9F 07 90 00          ..r;..\#......
Status: No Error
ext-auth mac => 84 82 01 00 10 5E 6B 78 28 9D 3F BF CB B1 A8 51    .....^kx(.?....Q
    A3 D4 DC 5B F7                                     ...[.
 (56037 usec)
 <= 90 00                                              ..
Status: No Error
/send 0002000008 => 00 02 00 00 08                                     .....
 (32022 usec)
 <= 69 82                                              i.
Status: Security condition not satisfied

and an extract from the applet is

if (OPSystem.getCardContentState() != OPSystem.APPLET_PERSONALIZED) 
{
  apdu.setIncomingAndReceive();
  switch (buffer[ISO7816.OFFSET_INS] & 0xff) 
  {
    case (byte) 0x50 : // VOP INITIALIZE UPDATE
       secureChannel[0] = OPSystem.getSecurityDomain().openSecureChannel(apdu);

       apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, buffer[ISO7816.OFFSET_LC]);
       break;

    case 0x82 : // VOP EXTERNAL AUTHENTICATE
        OPSystem.getSecurityDomain().verifyExternalAuthenticate(secureChannel[0], apdu);
        break;
    case (byte) 0x02 :
/* Now use different parameter for Signature.getInstance, ALG_DES_MAC8_PKCS5
* to handle padding * */
        OPSystem.getSecurityDomain().unwrap(secureChannel[0],apdu);
        // set key data: des-key will take 8 bytes even if we get more from
       // terminal
       desKey.setKey(buffer, ISO7816.OFFSET_CDATA);
        // finally set applet life cycle state to PERSONALIZED
       OPSystem.setCardContentState(OPSystem.APPLET_PERSONALIZED);
       break;
  } // end switch
}

I don't understand how my last APDU being sent does not include an appended MAC since I authenticated using

 ext-auth mac

Although I still don't understand everything that happens behind the scenes when init-update 1 and ext-auth mac are executed, I thought I had a good idea but am stumped. Can anyone point out the error of my ways :o)

Thanks in advance,
Ann

Locked Post

New comments cannot be posted to this locked post.

Locked on Mar 28 2005

Added on Feb 25 2005

#java-card

4 comments

254 views