In response field of Initialized Update command, Key Diversification data (which contains manufacture ID and last two bytes of security domain AID) is returned to Off Card entity.
I would like to know for what purpose this data is used ?
I read somewhere that, this key diversification data is used in derivation of base keys at Off Card end's. I don't know this is right or wrong.
If it is right then how can the base keys are derived at off card's end using this diversification data ??
Please provide your suggestion!!
Key Diversification Data is used to obtain keys for that card applying an algorithm to those bytes (which should be unique to the card) using a Master Key.
There are two widely used key derivation algorithms:
They are very similar: they get a few of the 10-bytes of the Key Diversification Data from the response to INITIALIZE UPDATE, append a few fixed bytes and then encrypt them applying 3DES using the Master Key as encryption key.
The "fixed bytes" are different, so we get the three SCP02 keys we need:
Hope this helps! It is not described in the GlobalPlatform spec, so I takes a while to learn it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With