Subject: Re: gpshell + gemXpresso Pro - msg#00017

List: lib.muscle

Date: Prev Next Index Thread: Prev Next Index

Julien Cordry wrote:
> Hello everyone !
>
> I am a complete newbie to smart cards.
>
> I am trying to load the helloWorld applet on a GemXpresso Pro R3.
>
> I am using :
> globalplatform-3.0.2
> gpshell-1.3.1
>
> Here is what I get from my script :
> gemXpressoPro
> enable_trace
> establish_context
> card_connect
> select -AID a000000018434d
> --> 00A4040007A000000018434D
> <-- 6F198408A000000018434D00A50D9F6E061291301503029F6501FF9000
> open_sc -security 0 -keyind 00 -keyver 00 -key
> 47454d5850524553534f53414d504c45 -enc_key 6ef05c1e2e9ba55b5b2619828743f795
> -mac_key 15ca7679aa807160881c9f0c50306f6d -kek_key
> 54455354204b45594558542041555448 // Open secure channel
> --> 80CA9F7F00
> <--
> 9F7F2A40906622129130150302303106121016235D4082326712833267000000000000000000000000000000009000
> --> 805000000872B9BA65C206717500
> <-- 4D00303106121016235DFF0198680F69B2A0BDA3C133D069AF7D330C9000
> --> 84820000108AF1516FC87F60D03EE6DC4783A769C1
> <-- 9000
> get_status -element e0
> --> 80F2E000024F0000
> <--
> 08A000000018434D00019A09A00000001830040181010010A00000001830040100000000000000FF010010A00000001830030100000000000000FF010010A00000001830040100000000000000FE010010A00000001830030100000000000000FE010008A000000018100106010008A000000018100101010007A0000000030000010008A000000018100102010007A0000000620201010007A0000000620102010007A0000000620101010007A0000000620001010008A00000001810010801000D6F656E63686D610C0ACE0D0C01010010A000000018300301000000000000000007040E6F656E63686D610C0ACE0D0C010107009000
>
> List of applets (AID state privileges)
> a000000018434d00 1 9a
> a00000001830040181 1 0
> a00000001830040100000000000000ff 1 0
> a00000001830030100000000000000ff 1 0
> a00000001830040100000000000000fe 1 0
> a00000001830030100000000000000fe 1 0
> a000000018100106 1 0
> a000000018100101 1 0
> a0000000030000 1 0
> a000000018100102 1 0
> a0000000620201 1 0
> a0000000620102 1 0
> a0000000620101 1 0
> a0000000620001 1 0
> a000000018100108 1 0
> 6f656e63686d610c0ace0d0c01 1 0
> a0000000183003010000000000000000 7 4
> 6f656e63686d610c0ace0d0c0101 7 0
> install -sc 1 -file HelloWorld.bin -nvDataLimit 2000 -instParam 00 -priv 0
> --> 80E602001B09A00000006203010C0107A00000000300000006EF04C60201A80000
> <-- 6985
> install_for_load() returns 0x80206985 (6985: Command not allowed -
> Conditions of use not satisfied.)

Try to explicitly specify a Security Domain, i.e. the Card Issuer Domain
AID, with -sdAID a000000018434d, the same AID you have selected with
select (or a000000018434d00 or a0000000030000).

Karsten
>
>
> What could be the problem here ?
>

Was this page helpful?

Thread at a glance:

Previous Message by Date: click to view message preview

gpshell + gemXpresso Pro

Hello everyone ! I am a complete newbie to smart cards. I am trying to load the helloWorld applet on a GemXpresso Pro R3. I am using : globalplatform-3.0.2 gpshell-1.3.1 Here is what I get from my script : gemXpressoPro enable_trace establish_context card_connect select -AID a000000018434d --> 00A4040007A000000018434D <-- 6F198408A000000018434D00A50D9F6E061291301503029F6501FF9000 open_sc -security 0 -keyind 00 -keyver 00 -key 47454d5850524553534f53414d504c45 -enc_key 6ef05c1e2e9ba55b5b2619828743f795 -mac_key 15ca7679aa807160881c9f0c50306f6d -kek_key 54455354204b45594558542041555448 // Open secure channel --> 80CA9F7F00 <-- 9F7F2A40906622129130150302303106121016235D4082326712833267000000000000000000000000000000009000 --> 805000000872B9BA65C206717500 <-- 4D00303106121016235DFF0198680F69B2A0BDA3C133D069AF7D330C9000 --> 84820000108AF1516FC87F60D03EE6DC4783A769C1 <-- 9000 get_status -element e0 --> 80F2E000024F0000 <-- 08A000000018434D00019A09A00000001830040181010010A00000001830040100000000000000FF010010A00000001830030100000000000000FF010010A00000001830040100000000000000FE010010A00000001830030100000000000000FE010008A000000018100106010008A000000018100101010007A0000000030000010008A000000018100102010007A0000000620201010007A0000000620102010007A0000000620101010007A0000000620001010008A00000001810010801000D6F656E63686D610C0ACE0D0C01010010A000000018300301000000000000000007040E6F656E63686D610C0ACE0D0C010107009000 List of applets (AID state privileges) a000000018434d00 1 9a a00000001830040181 1 0 a00000001830040100000000000000ff 1 0 a00000001830030100000000000000ff 1 0 a00000001830040100000000000000fe 1 0 a00000001830030100000000000000fe 1 0 a000000018100106 1 0 a000000018100101 1 0 a0000000030000 1 0 a000000018100102 1 0 a0000000620201 1 0 a0000000620102 1 0 a0000000620101 1 0 a0000000620001 1 0 a000000018100108 1 0 6f656e63686d610c0ace0d0c01 1 0 a0000000183003010000000000000000 7 4 6f656e63686d610c0ace0d0c0101 7 0 install -sc 1 -file HelloWorld.bin -nvDataLimit 2000 -instParam 00 -priv 0 --> 80E602001B09A00000006203010C0107A00000000300000006EF04C60201A80000 <-- 6985 install_for_load() returns 0x80206985 (6985: Command not allowed - Conditions of use not satisfied.) What could be the problem here ? -- Julien Cordry mailto:julien.cordry@xxxxxxx

Next Message by Date: click to view message preview

how to view my certificate....

All, It’s been almost ten years since I’ve sent in an “I’m completely lost” email to a group or forum, but as far as interrogating the certificate on my SmartCard goes, I’m at that point. ;-> So here goes… I’ve compiled [and am running] pcsc-lite 1.3.1 and the OmniKey 3121 driver on my Fedora [Core 5] box. When I insert and then remove my card, I get the following in /var/log/messages, which I think is good: Jun 8 07:58:17 xxxxxxxxxxxxxxx pcscd: eventhandler.c:419:EHStatusHandlerThread() Card inserted into OMNIKEY CardMan 3x21 00 00 Jun 8 07:58:17 RLVSIWMACKENZD2 pcscd: Card ATR: 3B 75 12 00 00 29 05 01 04 01 Jun 8 08:22:13 xxxxxxxxxxxxxxx pcscd: eventhandler.c:350:EHStatusHandlerThread() Card Removed From OMNIKEY CardMan 3x21 00 00 I pulled [and compiled] all the GlobalPlatform code from sourceforge. The following commands [I think] show that I have both GlobalPlatform 3.0.2 and gpshell 1.3.1 compiled successfully. /home/xxx/card_stuff/globalplatform>which gpshell /usr/local/bin/gpshell /home/mackenzd/card_stuff/globalplatform>ls -al /usr/local/lib/libG* -rw-r--r-- 1 root root 193996 Jun 7 13:58 /usr/local/lib/libGlobalPlatform.a -rwxr-xr-x 1 root root 894 Jun 7 13:58 /usr/local/lib/libGlobalPlatform.la lrwxrwxrwx 1 root root 26 Jun 7 13:58 /usr/local/lib/libGlobalPlatform.so -> libGlobalPlatform.so.1.2.0 lrwxrwxrwx 1 root root 26 Jun 7 13:58 /usr/local/lib/libGlobalPlatform.so.1 -> libGlobalPlatform.so.1.2.0 -rwxr-xr-x 1 root root 172026 Jun 7 13:58 /usr/local/lib/libGlobalPlatform.so.1.2.0 So now where do I go/what do I do to see the certificate on my card. How would I, say, change my pin. The OpenManager GUI Screenshot on Sourceforge looks nice, but I don’t know how to invoke it. Thanks and any help is really, really appreciated. Lost in the woods, David _______________________________________________ Muscle mailing list Muscle@xxxxxxxxxxxxxxxxxxxx http://lists.drizzle.com/mailman/listinfo/muscle

Previous Message by Thread: click to view message preview

Next Message by Thread: click to view message preview

Re: gpshell + gemXpresso Pro

On Thu, Jun 08, 2006 at 01:41:48AM +0200, Karsten Ohme wrote : > Julien Cordry wrote: > > Hello everyone ! > > > > I am a complete newbie to smart cards. > > > > I am trying to load the helloWorld applet on a GemXpresso Pro R3. > > > > I am using : > > globalplatform-3.0.2 > > gpshell-1.3.1 I forgot : pcsc-lite 1.2.9_beta9 pcsc-towitoko-2.0.7 > > > > Here is what I get from my script : > > gemXpressoPro > > enable_trace > > establish_context > > card_connect > > select -AID a000000018434d > > --> 00A4040007A000000018434D > > <-- 6F198408A000000018434D00A50D9F6E061291301503029F6501FF9000 > > open_sc -security 0 -keyind 00 -keyver 00 -key > > 47454d5850524553534f53414d504c45 -enc_key > > 6ef05c1e2e9ba55b5b2619828743f795 > > -mac_key 15ca7679aa807160881c9f0c50306f6d -kek_key > > 54455354204b45594558542041555448 // Open secure channel > > --> 80CA9F7F00 > > <-- > > 9F7F2A40906622129130150302303106121016235D4082326712833267000000000000000000000000000000009000 > > --> 805000000872B9BA65C206717500 > > <-- 4D00303106121016235DFF0198680F69B2A0BDA3C133D069AF7D330C9000 > > --> 84820000108AF1516FC87F60D03EE6DC4783A769C1 > > <-- 9000 > > get_status -element e0 > > --> 80F2E000024F0000 > > <-- > > 08A000000018434D00019A09A00000001830040181010010A00000001830040100000000000000FF010010A0000000183003010000000000 0000FF010010A00000001830040100000000000000FE010010A00000001830030100000000000000FE010008A000000018100106010008A0 00000018100101010007A0000000030000010008A000000018100102010007A0000000620201010007A0000000620102010007A000000062 0101010007A0000000620001010008A00000001810010801000D6F656E63686D610C0ACE0D0C01010010A000000018300301000000000000 000007040E6F656E63686D610C0ACE0D0C010107009000 > > > > List of applets (AID state privileges) > > a000000018434d00 1 9a > > a00000001830040181 1 0 > > a00000001830040100000000000000ff 1 0 > > a00000001830030100000000000000ff 1 0 > > a00000001830040100000000000000fe 1 0 > > a00000001830030100000000000000fe 1 0 > > a000000018100106 1 0 > > a000000018100101 1 0 > > a0000000030000 1 0 > > a000000018100102 1 0 > > a0000000620201 1 0 > > a0000000620102 1 0 > > a0000000620101 1 0 > > a0000000620001 1 0 > > a000000018100108 1 0 > > 6f656e63686d610c0ace0d0c01 1 0 > > a0000000183003010000000000000000 7 4 > > 6f656e63686d610c0ace0d0c0101 7 0 > > install -sc 1 -file HelloWorld.bin -nvDataLimit 2000 -instParam 00 > > -priv 0 > > --> > > 80E602001B09A00000006203010C0107A00000000300000006EF04C60201A80000 > > <-- 6985 > > install_for_load() returns 0x80206985 (6985: Command not allowed - > > Conditions of use not satisfied.) > > Try to explicitly specify a Security Domain, i.e. the Card Issuer > Domain > AID, with -sdAID a000000018434d, the same AID you have selected with > select (or a000000018434d00 or a0000000030000). > > Karsten Thanks. Specifying the sdAID seems to be the right idea here : install -sc 1 -sdAID a000000018434d00 -file HelloWorld.bin -nvDataLimit 2000 -instParam 00 -priv 0 --> 80E602001C09A00000006203010C0108A000000018434D000006EF04C60201A80000 <-- 009000 --> 80E80000EFC482019B010013DECAFFED010204000109A00000006203010C0102001F0013001F000E000B0036000C0067000A00130000006C 00000000000001010004000B01020107A000000062010103000E010AA00000006203010C0101001406000C00800301000107010000001F07 0067000210188C000118110100900B8700188B00027A02308F00033D8C00043B7A0523198B00052D198B0006320329041F651B1A08AD0016 041F8D00073B16041F41290419088B00083270E6198B00093B19160408418B000A1903088B000B19AD000316048B000C7A08000A00000000 000000000000050036000D020000000680030003 <-- 6985 load_applet() returns 0x80206985 (6985: Command not allowed - Conditions of use not satisfied.) Now this looks like an other security issue in le load command. > > > > > > What could be the problem here ? > > > -- Julien Cordry

Loading Comments...