I have a bunch of Java Cards for with the supplier claims SCP is 01 and key diversification algorithm is Visa2. I have been trying to authenticate with them using JCOP Tools for the better part of last two days, to no avail.
From what I understand, after selecting AID, the response of init-update command is KEYDATA, which should be used to generate ENC, DEC, and MAC keys using KMC. But the funny thing is, although I get SW12 = 0x9000 and 28 bytes of data in response to init-update, JCOP tools says:
jcshell: Error code: -5 (Authentication failed)
jcshell: Wrong response APDU
My question is, does JCOP tools have build in support for Visa2 key diversification algorithm? And, if not, what is the proper sequence of events to generate ENC, DEC and MAC keys using Visa2 algorithm?
JCOP tools is returning an error because after checking the init-update response, the card cryptogram returned by the card did not pass the checks - the key used by the card to generate this cryptogram is not the one expected by JCOP tools.
I don't know whether JCOP Tools supports Visa2 diversification, but here is a workaround you can use:
GPShell (http://sourceforge.net/p/globalplatform/wiki/GPShell/) implements the Visa2 algorithm. It is Open Source, so you can see the entire algorithm sequence in its source code and also use it to verify your own results. Or just use it to work with your cards...