====== GPShell ======

===== Building GPShell on Windows =====
  * Checkout code at svn co https://globalplatform.svn.sourceforge.net/svnroot/globalplatform
  * Download lib and dlls (http://sourceforge.net/projects/globalplatform/files/GlobalPlatform%20Library/)
  * Download ZLib compression library: http://gnuwin32.sourceforge.net/packages/zlib.htm
  * Download OpenSSL sources: http://gnuwin32.sourceforge.net/packages/openssl.htm
    * if necessary, build *.lib from *.dll: http://adrianhenke.wordpress.com/2008/12/05/create-lib-file-from-dll/
  * Open solution GlobalPlatform: \trunk\globalplatform\GlobalPlatform.sln
    * configure include and library paths for zlib (zlib.h) and openssl (err.h)
  * Open project trunk/GPShell/GPShell.vcproj
  * Copy dlls into project directory
    * GlobalPlatform.dll
    * GPPCSCConnectionPlugin.dll
    * libeay32.dll
    * ssleay32.dll
    * zlib1.dll
  * mode_211 -> PLATFORM_MODE_GP_211 -> GP_211
    * GP211_get_secure_channel_protocol_details
    * GP211_mutual_authentication


===== General script =====

<code c>
# vyber modu, muzes mit mode_201 nebo mode_211
mode_211
# nektere karty specifickym zpusobem krypli protokol, pokud autentizace neprobehne, zkus odkomentovat dalsi radek
# gemXpressoPro
enable_trace
establish_context
card_connect
# vyber card manageru - myslim ze tvoje karta bude mit A000000018434D00
# dalsi bezne moznosti jsou: A000000018434D a000000003000000
select -AID A000000018434D00

# autentizace a derivovani klicu sezeni - verze pro staticke klice
# prepinac security urcuje uroven kanalu: 0 nic, 1 integrita, 3 sifrovani i integrita
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f

# autentizace a derivovani klicu sezeni - verze pro jeden mother key
#open_sc -security 1 -keyind 0 -keyver 0 -key 47454d5850524553534f53414d504c45

# ted bys mel mit kanal, muzes si treba vypsat obsah karty
get_status -element 40

# enbo smazat predchozi applet a nahrat novy. Nejdriv se maze instance appletu, pak package, ze keterho se instance dela (opacne nefunguje)
delete -AID 6D7970616330303031
delete -AID 6D797061636B616731

# a nainstalujes novy. Pozor. *.cap je konvertovany applet z puvodniho *.jar. Muzes se jeste setkat s koncovkou jar (ale konvertovanym), *.ijc
# (konvertovany) nebo *.sap (pro Gemalto simultor, nelze nakartu)
# -AID je aid apletu, -pkgAID je aid pro package daneho appletu
#  -nvDataLimit 8000 je omezeni, kolik applet potrebuje datoveho uloziste v bajtech na karte, -priv dava data pri instalci appletu (jde
# do konstruktoru, je to tvoje vec, muzes si tam treba svoje davat seriove cislo pro danou kartu nebo klice)
install -file AlgTest.cap -priv 00 -nvDataLimit 8000 -AID 6D7970616330303031 -pkgAID 6D797061636B616731

#odpojeni, konec
card_disconnect
release_context
</code>

====== Oberthur CosmoV7 ======
===== PutKey =====

<code c>
mode_211 // NOTE: must be mode_211 mode, otherwise will fail with 0x6a88 during put_sc_key (although everything else will stay same)
enable_trace
establish_context
card_connect

# CM is already pre-selected on Oberthur Cosmo v7 card, so select is not necessary
select -AID A0000001510000

open_sc -security 0 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel 
#open_sc -security 3 -keyind 0 -keyver 3 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f // Open secure channel 
#open_sc -security 3 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f // Open secure channel 

# put new keyset version 2 (NOTE: if this is first time a new keyset is created, then default keyset (-keyind 0 -keyver 0) will be replaced). Newly created keyset can be used for authentication both with (-keyind 0 -keyver 0) and (-keyind 0 -keyver 2)
#put_sc_key -keyver 0 -newkeyver 2 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f

# put another new keyset version 3 
#put_sc_key -keyver 0 -newkeyver 3 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f

# replace keys in keyset version 2 (NOTE: must use -keyver instead of -newkeyver)
#put_sc_key -keyver 1 -keyver 2 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f

get_status -element 80

card_disconnect
release_context


# The problem: When trying to modify default keyset on Oberthur Cosmo v7 card, PUT KEY (put_sc_key in GPShell) command fail with 0x6a88 (REFFERENCE_DATA_NOT_FOUND)
# Solution: 
# 1. Correct secure channel version must be used. Although Oberthur supports both SCP01 and SCP02, SCP02 must be used, otherwise command will fail.
#      mode_211
# 2. Mode of secure channel is not important (will work with open_sc -security = 0, 1 and 3)
# 3. Put new keys into newly created keyset version 2. NOTE: if this is first time a new keyset is created, then default keyset (-keyind 0 -keyver 0) will be replaced). Newly created keyset can be used for authentication both with (-keyind 0 -keyver 0) and (-keyind 0 -keyver 2)
#      put_sc_key -keyver 0 -newkeyver 2 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f
# 4. Old default keys should not work (next command will fail)
#     open_sc -security 0 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
# 5. Authentication with new keys should work.  Both (open_sc -keyind 0 -keyver 0) and (open_sc open_sc -keyind 0 -keyver 2) should work at this moment
#     open_sc -security 3 -keyind 0 -keyver 0 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f
#     open_sc -security 3 -keyind 0 -keyver 2 -mac_key 505152535455565758595a5b5c5d5e5f -enc_key 505152535455565758595a5b5c5d5e5f -kek_key 505152535455565758595a5b5c5d5e5f
# 6. You can change replace already inserted keys by 
#     put_sc_key -keyver 1 -keyver 2 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f -kek_key 404142434445464748494a4b4c4d4e4f
</code>