I am having a problem with the EXTERNAL AUTHENTICATE process on my EMV card. When I authenticate the card to the host, the host responds failed : Card Cryptogram Verification Error.
Card cryptogram is obtained from the previous process to the card : INITIALIZE UPDATE.
INITIALIZE UPDATE response
Key Diversification Data (10 bytes)
Key Information (2 bytes)
Sequence Counter (2 bytes)
Card Challenge (6 bytes)
Card Cryptogram (8 bytes)
After we discussed with the host team, there might be a process that does not match in the Card Cryptogram calculation.
So we are looking for algorithms or formulas to calculate Cryptogram cards manually.
Is there an algorithm or formula for manually calculating Card Cryptogram?
Instead of INITIALIZE UPDATE data response.
My reference : How can I check INITIALIZE UPDATE and EXTERNAL AUTHENTICATE correctness?
I don't see the point. If the GP doesn't handle the INITIALIZE UPDATE command then it won't establish the security context. Computing the cryptogram is in that case no use at all. I don't think you have direct - or at least enough - access to the keys from the applet that acts as a security domain either, so retrieving the keys to perform the calculation should not be possible.
Really, the onus is on the host to fix the issue, not the card. Usually cards are implemented and tested against the specs, so there must be a missing option or the host may be using a different SCP which results in the cryptogram failing.