打开与 Java 卡和全球平台的安全连接

Opening a secure connection with Java Card and Global Platform

在模拟器上成功开发 Java 卡片后,现在我正在处理一个真正的 Java 卡片(Gemalto IDCore 3010). I have been experiencing with the Global Platform,但即使是最基本的示例代码我也有问题,这将列出卡上的小程序。

这是原代码:

mode_201
enable_trace
establish_context
card_connect
select -AID a0000000030000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f // Open secure channel
get_status -element e0
card_disconnect
release_context

我修改后是这样的:

//I changed this, because the Card Management & API is compliant with GP2.1.1. 
mode_211
enable_trace
establish_context
//Switches are not necessary as I am using only one single-slot card reader
card_connect
//The auto-detected ISD AID of the card is: A000000018434D00
select -AID A000000018434D00
//This is the line where the command fails
open_sc -security 0 -keyind 0 -keyver 0 -keyDerivation none -key 47454d5850524553534f53414d504c45   // Open secure channel
//This would list applets and packages and security domains
get_status -element e0
card_disconnect
release_context

在全球平台页面上,您可以找到 open_sc 命令的开关:

open_sc -keyind x -keyver x -key xyz -mac_key xyz -enc_key xyz -kek_key xyz -security x -scp x -scpimpl x -keyDerivation x
Open secure channel

但遗憾的是我找不到关于这些开关的足够信息。

这是我使用修改后的代码得到的错误消息:

C:\JavaCard\GPShell-1.4.4>GPShell.exe list.txt
mode_211
enable_trace
establish_context
card_connect
select -AID A000000018434D00
Command --> 00A4040008A000000018434D00
Wrapped command --> 00A4040008A000000018434D00
Response <-- 6F198408A000000018434D00A50D9F6E061291518101009F6501FF9000
open_sc -security 0 -keyind 0 -keyver 0 -keyDerivation none -key 47454d585052455
3534f53414d504c45   // Open secure channel
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 6A88
GP211_get_secure_channel_protocol_details() returns 0x80206A88 (6A88: Referenced
 data not found.)

有人能告诉我哪里出了问题以及我应该如何参数化和执行 open_sc 命令吗?非常感谢!

解决方案:这是工作版本:

mode_201
enable_trace
establish_context
card_connect
select -AID A000000018434D00
open_sc -scp 1 -scpimpl 0x15 -security 3 -keyind 0 -keyver 0 -key 47454d5850524553534f53414d504c45 -keyDerivation visa2
get_status -element e0
card_disconnect
release_context

不幸的是,与日常生活中的其他设备相比,智能卡通常没有完整的手册或说明。如果你没有一些必要的参数,你就会迷路。尝试使用开关 mode_201:

mode_201
enable_trace
enable_timer
establish_context
card_connect
select -AID A000000018434D00
open_sc -security 3 -keyind 0 -keyver 0 -key 47454d5850524553534f53414d504c45 -keyDerivation visa2 // Open secure channel
get_status -element e0
card_disconnect
release_context

有一个名为 listgemXpressoProR3_2E64.txt 的示例文件:https://sourceforge.net/p/globalplatform/code/HEAD/tree/trunk/gpshell/helloInstallgemXpressoProR3_2E64.txt

也许您的卡与这张 Gemalto 卡兼容。

请尝试以下脚本:

mode_211
gemXpressoPro
enable_trace
establish_context
card_connect -readerNumber 1
select -AID A000000018434D00
open_sc -security 3 -keyind 0 -keyver 0 -key 47454d5850524553534f53414d504c45 -mac_key 47454d5850524553534f53414d504c45 -enc_key 47454d5850524553534f53414d504c45 // Open secure channel
delete -AID A000000482
card_disconnect
release_context