如何检查INITIALIZE UPDATE和EXTERNAL AUTHENTICATE正确性?

时间:2014-06-07 04:46:23

标签: smartcard javacard globalplatform

enter image description here

我通过opensc-tool向我的Java卡发送了80 50 00 00 08 00 00 00 00 00 00 00 00 [ INITILIZE UPDATE 命令]并收到了00 00 11 60 01 00 8A 79 0A F9 FF 02 00 11 79 11 36 5D 71 00 A5 A5 EC 63 BB DC 05 CC [初始化响应]作为其卡的回复。

如你所见:

在命令中,我发送00 00 00 00 00 00 00 00作为主机挑战,并在回复中:

00 00 11 60 01 00 8A 79 0A F9 = 关键多元化数据

FF 02 = 关键信息

00 11 79 11 36 5D 71 00 = 卡片挑战

A5 A5 EC 63 BB DC 05 CC = 卡密码

现在我想检查自己,卡片密码是否正常。我怎么能这样做?例如,我使用3DES加密算法[我的卡的密钥= 00 00 00 00 00 00 00 00]加密this站点中的4041...4F,但输出与我上面写的卡密码不相同。为什么呢?

接下来的问题是,如果我想向卡发送 EXTERNAL AUTHENTICATION 命令,它的数据字段是什么(在上述INITILIZE UPDATE之后)?

更新

这是GPJ输出:

C:\Users\ghasemi\Desktop\gpj-20120310>GPJ
C:\Users\ghasemi\Desktop\gpj-20120310>java -jar gpj.jar
Found terminals: [PC/SC terminal ACS CCID USB Reader 0]
Found card in terminal: ACS CCID USB Reader 0
ATR: 3B 68 00 00 00 73 C8 40 12 00 90 00
.
.
.
DEBUG: Command  APDU: 00 A4 04 00 08 A0 00 00 00 03 00 00 00
DEBUG: Response APDU: 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00
Successfully selected Security Domain OP201a A0 00 00 00 03 00 00 00

DEBUG: Command  APDU: 80 50 00 00 08 7F 41 A9 E7 19 37 83 FA
DEBUG: Response APDU: 00 00 11 60 01 00 8A 79 0A F9 FF 02 00 1B 9B 95 B9 5E 5E BC BA 51 34 84 D9 C1 B9 6E 90 00
DEBUG: Command  APDU: 84 82 00 00 10 13 3B 4E C5 2C 9E D8 24 50 71 83 3A 78 AE 75 23
DEBUG: Response APDU: 90 00
DEBUG: Command  APDU: 84 82 00 00 08 13 3B 4E C5 2C 9E D8 24
DEBUG: Response APDU: 90 00

C:\Users\ghasemi\Desktop\gpj-20120310>

所以: 

Host_Challenge :: 7F41A9E7193783FA

Diversification_Data :: 0000116001008A790AF9

Key_Information :: FF02

Sequence_Counter :: 001B

Card_Challenge :: 9B95B95E5EBC

Card_Cryptogram :: BA513484D9C1B96E

Host_Cryptogram[16,24] = 13 3B 4E C5 2C 9E D8 24

现在,让我们手动制作Host_Cryptogram: 

Derivation_data=derivation_const_ENC|sequence_counter|0000 0000 0000 0000 0000 0000

Derivation_Data = 0182001B000000000000000000000000

k_ENC :: 404142434445464748494A4B4C4D4E4F

IV = 00 00 00 00 00 00 00 00

S_ENC = encrypt(TDES_CBC, K_ENC, IV, derivation_data)

所以:

我使用http://tripledes.online-domain-tools.com/,其输出值为:

S_ENC = 448b0a5967ca246d058703ff0c694f15

并且: 

Padding_DES = 80 00 00 00 00 00 00 00
Host_auth_data = sequence_counter | card_challenge | host_challenge | padding_DES
IV = Card_Cryptogram :: BA513484D9C1B96E
host_cryptogram = encrypt(TDES_CBC, S_ENC, IV, host_auth_data)

所以: 

Host_Authentication_Data : 001B9B95B95E5EBC7F41A9E7193783FA8000000000000000

同样,我使用了http://tripledes.online-domain-tools.com/

和: 

Host_Cryptogram : 3587b531db71ac52392493c08cff189ce7b9061029c63b62

所以: 

Host_Cryptogram[16,24] = e7b9061029c63b62

为什么这两种方式[手动和GPJ输出]给我们两个主机密码?

1 个答案:

答案 0 :(得分:3)

从你发送的INITIALIZE UPDATE命令,你得到

host_challenge = 00 00 00 00 00 00 00 00

响应INITIALIZE UPDATE命令,你得到

diversification_data = 00 00 11 60 01 00 8A 79 0A F9
key_information = FF 02
sequence_counter = 00 11
card_challenge = 79 11 36 5D 71 00
card_cryptogram = A5 A5 EC 63 BB DC 05 CC

关键信息表示SCP02(02)。密钥多样化数据可用于导出卡特定的K_ENC。假设我们有像这样的K_ENC 

K_ENC = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

然后我们可以像这样

派生会话加密密钥 
derivation_const_ENC = 01 82
derivation_data = derivation_const_ENC | sequence_counter |  00 00 00 00 00 00 00 00 00 00 00 00

IV = 00 00 00 00 00 00 00 00
S_ENC = encrypt(TDES_CBC, K_ENC, IV, derivation_data)

接下来,我们可以汇编用于计算主机密码的验证数据:

padding_DES = 80 00 00 00 00 00 00 00
host_auth_data = sequence_counter | card_challenge | host_challenge | padding_DES

然后我们可以使用会话加密密钥来加密身份验证数据:

IV = 00 00 00 00 00 00 00 00
host_cryptogram = encrypt(TDES_CBC, S_ENC, IV, host_auth_data)

加密认证数据的最后8个字节是我们发送给卡的实际主机密码:

EXTERNAL_AUTHENTICATE_data = host_cryptogram[16, 24]

现在我们可以组装EXTERNAL AUTHENTICATE命令:

EXTERNAL_AUTHENTICATE = 84 82 03 00 08 | EXTERNAL_AUTHENTICATE_data

然后我们可以计算S_MAC密钥(类似于上面的S_ENC)和该命令上的MAC,并将其附加到命令数据以获得可以发送到卡的完整EXTERNAL AUTHENTICATE命令:

EXTERNAL_AUTHENTICATE = 84 82 03 00 10 | EXTERNAL_AUTHENTICATE_data | MAC

更新

使用http://tripledes.online-domain-tools.com/重现GPJ的结果

您的K_ENC是404142434445464748494A4B4C4D4E4F。在线工具不能正确支持2-key-3DES,因此您必须先将密钥转换为3密钥形式:

K_ENC = 404142434445464748494A4B4C4D4E4F4041424344454647

使用此密钥和零IV加密派生数据(0182001B000000000000000000000000)。你得到了

S_ENC = fb063cc2e17b979b10e22f82110234b4

在3键表示法中,这是

S_ENC = fb063cc2e17b979b10e22f82110234b4fb063cc2e17b979b

使用此密钥和零IV加密主机验证数据(001b9b95b95e5ebc7f41a9e7193783fa8000000000000000):

HOST_CRYPTOGRAM = 773e790c91acce3167d99f92c60e2afd133b4ec52c9ed824
相关问题
最新问题