Gemplus Authentication Procedure
843851Jan 8 2006 — edited Jan 17 2006I read the previous posts about gemplus authentication, i'm trying to estabilsh a secure channel with gemsafe cards.
The cards are Gemxpresso R3.2, and i don't have the RAD tools, i'm trying to upload a java applet on it, but i can't authenticate with globalplatform tools.
As far i understood they gave me the KMC (motherkey) with VISA2 diversification.
They KMC they gave me is : 47 45 4D 58 50 52 45 53 53 4F 53 41 4D 50 4C 45
I discovered the diversification is:
K_ENC : XX XX CC CC CC CC F0 01 XX XX CC CC CC CC 0F 01
K_MAC : XX XX CC CC CC CC F0 01 XX XX CC CC CC CC 0F 01
K_KEK : XX XX CC CC CC CC F0 01 XX XX CC CC CC CC 0F 01
Where XX XX are the two least significant bytes of security domain AID, and CC are the 4 bytes of ic serial number, which can be easily take from byte 5,6,7,8 of key diversification data returned by INITIALIZE UPDATE response.
After that i must encrypt key diversification data with the KMC using 3DES_ECB.
I tried but it doesn't work, has someone a hint about that?
And those who have the rad tool can check the default key/keyset of the Gemxpresso R3.2?
thank you.