Monday 24 August 2009

More on GPShell commands

It can be hard to know the AID of the applet instance to select with the GPShell select command, and the accompanying readme really doesn't enlighten the novice developer.

I find that the best way to get the necessary info is to open a secure channel to the Card Manager, and then do a get_status instruction. For example:
select -AID a000000003000000
mode_211
enable_trace
establish_context
card_connect
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
get_status -element 40
This returns all selectable applet instances on the card.

Note that the select command requires hex values: ASCII characters don't seem to be supported (with or without single or double quotation marks), and an error is not thrown; instead some default domain or package on the card is selected (APDU 00A4040000). This can lead to extreme frustration on the part of the developer when all subsequent test APDU's return the status word 6D00 (unknown INS value).

4 comments:

Unknown said...

Great blog, very technical, I like it :) thanks for your link and comment. I'll try to read all your posts now!

Br,
Thomas

Anonymous said...

Hi, your blog is great, just what I was looking for! Please allow me one question: do you know where I could obtain information about the Java Card API implemented by JCOP 41 cards? I'm starting to develop some ECC applications and cannot find where to obtain information about the classes supported.

Thanks in advance.

__ said...

@Thomas
Thanks, it's good to know my experience is useful to someone.

@jax

The best source is NXP, since they are the developers of JCOP ;) If you want their official support, you will probably need to sign an NDA with them. Send them a mail: tools dot jcop at nxp dot com.

Also check my previous post:
http://0x9000.blogspot.com/2009/08/jcop-version-and-feature-info.html

CC info on JCOP41v2.3.1:
http://www.commoncriteriaportal.org/files/epfiles/0426b.pdf

Also search on Sun Java Forums (Java Card section) :D

sylvio said...

thanks a lot, very usefull blog