Reputation: 6126
I have a java card. How I can find the algorithms that the card support and use for it's cryptography? What happens when I click on the authenticate button in jcmanager (for example)? How I can authenticate with APDUs?
This is output of jcmanager when I clicked on Authenticate :
Open terminal ...
EstablishContext(): ...
Wait for card in a certain reader ...
Pick reader ...
**********************
Selecting Card Manager
***********************
-> 00 A4 04 00 08 A0 00 00 00 03 00 00 00
<- 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
************
Init Update
*************
-> 80 50 00 00 08 D3 90 22 B2 C5 7C D4 DD
<- 00 00 11 60 01 00 7F 8B 0A F9 02 02 00 99 3E 01 33 1B 3F 8E 33 BA E4 AD 82 6E 3C C1 90 00
HostChallenge: D3 90 22 B2 C5 7C D4 DD
CardChallenge: 3E 01 33 1B 3F 8E
Card Calculated Card Cryptogram: 33 BA E4 AD 82 6E 3C C1
Derivation Data is 01 82 00 99 00 00 00 00 00 00 00 00 00 00 00 00
Host Cryptogram Data (to encrypt) 00 99 3E 01 33 1B 3F 8E D3 90 22 B2 C5 7C D4 DD 80 00 00 00 00 00 00 00
Card Cryptogram Data (to encrypt for verification) D3 90 22 B2 C5 7C D4 DD 00 99 3E 01 33 1B 3F 8E 80 00 00 00 00 00 00 00
S_ENC: CE 69 1B 1E C8 EC DB B0 0A 9B 18 4A 53 58 04 BB CE 69 1B 1E C8 EC DB B0
The Current session MAC key is F8 85 4D 94 19 BC 83 4C 99 BA E9 94 15 00 A6 B8
The Current session DEK key is 6D 72 48 D4 23 BF 3B 1C 7C 2F 1F BC 7C 04 E9 F6
Encrypted CardCryptoGram is 58 20 23 4E 14 8B FE AA F8 6D 14 20 3D 41 18 E4 33 BA E4 AD 82 6E 3C C1
Encrypted HostCryptoGram is 07 D0 B3 EB 0F 1B 7E 54 84 34 08 6C 5F D9 E5 55 4B 5F 0D F6 87 52 99 2E
-> 84 82 03 00 10 4B 5F 0D F6 87 52 99 2E 17 29 AA 68 12 98 CE 2D
<- 90 00
Authenticated
Is this right :
I send a random 8 byte number to the card: -> 80 50 00 00 08 D3 90 22 B2 C5 7C D4 DD
and in the answer of my command, card give me a random numbers + the encrypted random number that I sent to the card. What happens next? my card and my reader with which algorithm encrypt and decrypt random numbers (cardchallenge and host challenge)?
Upvotes: 0
Views: 246
Reputation: 61
The algorithms supported by your particular card can be obtained via JCAlgTest project. JCAlgTest project page also provides results for 63+ cards gathered by other users. Use ATR of your card to search for similar one in JCAlgTest database. Alternatively, use ATR parsing tool and find match your card by name. The JCAlgTest project also provides performance comparison for selected cards.
Upvotes: 1
Reputation: 2647
you are totally mixing up things.
FIRST there is Global Platform. Global Platform specifies how to interact with the card manager/security domain: e.g. how to authenticate with the card manager, how to upload a cap file, how to install a cap file, to lock the card to unlock the card to change the keys you mentioned above etc...
SECOND there is the Java Card applet which you code in a way you want your smartcard to behave lateron.
your question is very unclear.
do you mean cryptographic algorithms regarding global platform or jor java card code?
for first identiy your card and read the corresponding Global Platform Specification, there are various authentication modes called scp01 scp02 ...
if you mean javacard: the JC Specification is not mandatory so its the manufactureres choice what crypto to implement. to find out you can either trial&error or you talk to the manufacturer
for authentication to the card manager you should always use a tool (either GPJ GPshell or JCOP tools<--last one is not freely available) generating the APDUs and crypto behind it instead of manually sending APDUs.
however, if you want to know the details read Global Platform Specification instead of asking on a forum
Upvotes: 1