Skip to Main Content
Forums

Java Card

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

SCP 03 doubt with AES256 KDF

User_SYC18Oct 5 2022 — edited Oct 5 2022

Hello, in Global Platform specifications v1.2, chapter 4.1.5 Data Derivation states:
A 2-byte integer “L” specifying the length in bits of the derived data (value '0040', '0080', '00C0', or '0100').
A 1-byte counter “i” as specified in the KDF (which may take the values '01' or '02'; value '02' is used when “L” takes the values '00C0' and '0100', i.e. when the PRF of the KDF is to be called twice to generate enough derived data).

Now, when generating for example 256 bit session keys, do one needs to call:

  1. Twice the KDF, the first time with L='0080', i='01' then L='0100', i='02', or
  2. Twice the KDF, the first time with L='0100', i='01' then L='0100', i='02'?
    Best regards,
    Alberto
Comments
Post Details
Added on Oct 5 2022
#java-card
1 comment
349 views