some questions about JCOP and Global Platform keys and authentication
816119Nov 30 2010 — edited Dec 2 2010hi
I am confused with Global Platform keys infrastructure. I work with JCOP 2.4.1 J2A/J3A cards. These cards is in "not fused" state and i know Transport Key for cards. So i can select ROOT-applet and change some parameters by writing directly to EEPROM. One of these parameters - CardManager initial key, actually three initial keys - CM_KEY_1, CM_KEY_2, CM_KEY_3. But what these keys are? I did not find lot of information about these keys. In Global Platform specification i found next information in point "5.1.1.1 Card Life Cycle State OP_READY" - An initial key shall be available within the Issuer Security Domain in OP_READY state. OK, it is all clear - just one key, called "initial key", must be in card when Card ( or CardManager ) in OP_READY state. But why JCOP cards have 3 keys (though they can be all identical )? And, what is more important, how this initial key is used?
From Global Platform i know about Authentication procedure with INITIALIZE UPDATE and EXTERNAL AUTHENTICATE commands. In this procedure static keys S-ENC and S-MAC are used to generate session keys S-ENC and S-MAC. These session keys are used to generate cryptograms for authentication procedure.OK, again it seems to be clear. And, again, what these keys are? How to write these keys to card? Via PUT KEY command? Can these keys be used in OP_READY state?
And how to implement Authentication procedure when there is only one initial key in card and no static S-ENC and S-MAC keys?
Plz, explain all stuffs about these keys or give know where can i find information?