-
-
Notifications
You must be signed in to change notification settings - Fork 212
Keys
The gp command line tool (and all command samples) use the 40..4F test key by default. This is convenient for development and testing, as one does not need to specify the key information repeatedly, which facilitates simple and easy command line usage. For real life cards and real life usage scenarios you probably need to use real, per-card keys.
If you do not have the keys, do not ask for help, but ask your card vendor for the keys instead. Only the card vendor can help you.
You need three keys to make use of the card manager with SCP01, SCP02 or SCP03: ENC, MAC and DEK. If you have the actual keys and they are all different, you can specify them with -key-enc, -key-mac and -key-dek on the command line. Alternatively, if there is just a single key (like is assumed by the default test key with the value 40..4F) you can use -key to specify it. If using a single key, -kcv can be used to specify the Key Check Value, which is often provided by vendors.
Default 40..4F works for most cards with SCP01 and SCP02 and some cards with SCP03 with AES-128 keys. You MUST know the keys for your card. Ask your card vendor for the keys. GlobalPlatformPro is quite useless without the necessary keys.
Command line samples assume default test keys of 40..4F. If you need a custom key, specify it with -key (you can give separate keyset components with . You need to know the details or ask your card provider. Some cards require key diversification with -emv or -visa2 (ask your vendor if unsure). A Key Check Value can be given with -kcv option.
Basic usage
- Getting Started
- Support GlobalPlatformPro development
- Glossary
- Environment variables
- Keys
- Secure Channel Establishment
- Application management
- Frequently Asked Questions
- Support & Questions
Advanced topics
- Lifecycle management
- Supplementary security domains
- DAP Verification
- Delegated management & receipts
- PACE
Development
JavaCard ecosystem