I have found a quite promising article on Javaworld (Write OpenCard services for downloading Java Card apps):Right. Sometimes there are also manufacturers (e.g. Gemplus) that use on some cards (e.g. GemXPresso Pro, GemXpresso 211PK, ... in my thoughts) a mother key that used the information in the ATR to obtain the 3 static keys used to genererate the 3 sessions keys.Now the only thing we need to do is send these APDUs to the card. YouJCOP cards require authentication to load and instantiate applets. In
can?t tell me that this is impossible.
addition, data blocks that are loaded must be "signed" (checksummed) with a
separate authentication key. scriptgen does not do this. (and it isn't even
possible to do it offline. Global Platform uses something called Key
diversification which transforms static keys into session keys, and you use
the session keys to authenticate commands and load blocks).
I may have code to do this somewhere.
http://www.javaworld.com/javaworld/jw-02-1999/jw-02-javadev.html
The example is for a cyberflex 16 but should apply to Openplatform Cards in general. The IBM JCOP cards are also using the Openplatform model for downloading applets.
What do you think?
best regards,
Christian
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
