I want to generate secure channel between card and terminal. This is my code:
final static byte INIT_UPDATE = (byte) 0x50;
final static byte EXT_AUTHENTICATE = (byte) 0x82;
SecureChannel sc;
public void process(APDU apdu) throws ISOException {
if (selectingApplet()) {
return;
}
byte[] buffer = apdu.getBuffer();
short inlength = 0;
try
{
switch (buffer[ISO7816.OFFSET_INS]) {
case INIT_UPDATE:
case EXT_AUTHENTICATE:
makeSecureChannel(apdu);
break;
}
catch (CryptoException e)
{
short r = e.getReason();
ISOException.throwIt(r);
}
}
private void makeSecureChannel(APDU apdu)
{
byte[] buf = apdu.getBuffer();
byte cla = buf[ISO7816.OFFSET_CLA];
byte ins = buf[ISO7816.OFFSET_INS];
try
{
apdu.setIncomingAndReceive();
if(ins == INIT_UPDATE)
{
sc = GPSystem.getSecureChannel();
}
short len = sc.processSecurity(apdu);
apdu.setOutgoing();
apdu.setOutgoingLength(len);
apdu.sendBytes(ISO7816.OFFSET_CDATA, (short) len);
}
catch(APDUException ex1)
{
ISOException.throwIt(ex1.getReason());
}
}
when I send command 80 50 20 00 08 01 15 6A 2A F5 64 87 CF I get error 6a88 and when i send command 00 50 20 00 08 01 15 6A 2A F5 64 87 CF I get error 6e00.
Can every body help me?
Statusword 6E00 is not very interesting. It means that you're sending an incorrect CLA (class) byte. And that's because INITIALIZE UPDATE is not defined in ISO 7816, so it is a proprietary command. And proprietary commands must have their proprietary bit set. So class byte 80 is the only correct one.
That out of the way, let's focus on the response of INIT UPDATE: 6A88. 6A88 means "reference data not found". This probably means that the key referenced by P1 and P2 do not match. Put both P1 and P2 to 00 to make sure that the key is automatically selected (and check the "key information" in the response data if you want to explicitly select the key version in P1).