Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
620 views
in Technique[技术] by (71.8m points)

smartcard - AID of JCOP's Security Domain and meaning of "Card Not Fused" or "Not Pre-Personalized"

I download a software named JCOP Manger from here to deal with my CJ3A080 jcop java card.

It recognize my card currectly. but it don't let my to install or list applets! why?

Output of this software:

enter image description here

I try to select the ISD using CardTool (The software that I use to send APDU to card), but as you see below none of common AIDs not found on the card :

Note that, CardTool output format is as below :

< CLA | INS | P1 | P2 | Lc | Le
< Command Data Field (If Possible)
> Response Data Field (If Possible)
> SW1 SW2

So, This is output of CardTool :

Answer-to-Reset
3B  F8  13  00  00  81  31  FE  45  4A  43  4F  50  76  32  34  31  B7  

< 00 A4 04 00 08 00
< A0 00 00 00 03 00 00 00
> 6A82


< 00 A4 04 00 07 00
< A0 00 00 00 03 00 00
> 6A82

< 00 A4 04 00 08 00
< A0 00 00 00 18 43 4D 00
> 6A82

< 00 A4 04 00 08 00
< A0 00 00 01 51 00 00 00
> 6A82

< 00 A4 04 00 07 00
< A0 00 00 00 03 53 50
> 6A82

I also try gp.exe tool, and this is its output :

E:GP>gp -list
Exception in thread "main" java.lang.IllegalStateException: No selected ISD!
        at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:327)
        at openkms.gp.GPTool.main(GPTool.java:280)

E:GP>

The questions are:

  • 1- What does this mean? "Not Fused (Not Pre-Personalized)"
  • 2- How I can personalize it?
  • 3- How we can find that if a card fused or not?
  • 4- What is the AID of Security Domain?

I asked all these 4 questions in a singe topic, because these are closely related to each other

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Before a smart card can be used, it needs to be "pre-personalized": some basic settings need to be written, ISD keys initialized, etc. If a card is not pre-personalized, it will not respond to normal APDUs. The pre-personalization process is vendor-specific and there is a chain of trust involved, so you will need to ask your card supplier for the tools, keys and documentation so you can do it.

This blog post http://colinoflynn.com/tiki-view_blog_post.php?postId=34 explains how to know if a JCOP card has been pre-personalized, by sending a SELECT APDU to a special AID. It is probably the same command the JCOP Manager tool you used for your screenshot is sending.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...