Search code examples
smartcardjavacardglobalplatform

What is the difference between OP_READY and SECURED statuses?


I put ISD status of my java card in SECURED status. I want to know what capability of card lost in this new status in comparison to OP_READY?

Note: as I try, I can upload and install new .cap files on card and delete them successfully yet [in this new ISD status]!

I'll be thankful if somebody explain simply the primary differences between different statuses? I already read Global Platform Specification 2.2.2 , but it is a little hard to understand for me unfortunately!


Solution

  • OP_READY is the very initial state of a card. In this state the card is ready to be personalized (e.g. add suplementary security domains (if the card supports this), add keys to the security domain). Moreover, any pre-loaded executable load files will be registered in the GP registry (i.e. visible if you list applications/executable load files with any of your favorite GP tools) and the ISD has an initial key set for card management.

    SECURED is the state the card should be in when delivered to an end-user (or alternatively CARD_LOCKED if only final applications should be selectable). In this state, security domains for production use should have been setup (i.e. you installed any required SSDs, set up all the necessary management keys, etc). Any of the pre-loaded executable load files that were not used (i.e. not installed) will typically no longer be visible in this state. You will still be able to load and install applets in this state. And you should still be able to change keys in this state.

    As opposed to SECURED, in CARD_LOCKED you would not be able to change management keys or load and install applets.