G&D SmartCafe (Sm@rtCafé) Expert 3.2 72K is a trick master

[cellarweasel]

So I've done the naive thing and bought 3 "Giesecke and Devrient Sm@rtCafé Expert 3.2 72K". AKA SmartCafe Expert 3.2 Java card 72k Specifically because the keying was called out and made to look easy at this here and GPP's readmes. And also because US DOE is thinking about G+D cards but that's my own work trauma that started this adventure and I don't want to go into it too much.

I'm going to keep the GlobalPlatformPros discussion prompts as structure to avoid restating a lot of things. Also lol, you can tell I'm considering filing this against GPP.

If you can't authenticate to the card, first read this

If you are sure that this is a bug or missing feature (with available documentation/specification), do open an issue. If you do not know the exact keying information, please ask your card vendor.
-- I thought I would know this as it is called out explicitly here in Gids and there in GlobalPlatformPro. But the feedback when I actually run the commands is weird and hard to understand which I'll get to below. The weird feedback between two different versions of GPP probably is be a bug in GPP not Gids. HOWEVER:

https://www.mysmartlogon.com/generic-identity-device-specification-gids-smart-card/tested-cards/ says that this "Needs and unpublished version of the applet" <- Is that out of date or still real?!

Describe the bug

using two different versions of GPP I get two different confusing command prompts back. (lack of feedback really, like maybe it worked but then I can't list things so I'm pretty sure it didn't.)

Information about your card and used reader

GlobalplatformPro Version: I've gotten both the 2018 release (which supports the proper short opts as documented) and the 2020 release which I was having some troubles translating its long options into what is written on both here and GPPs README. :/ This if this is where my troubles start I'll move this over to GPP's discussion forum instead.
Card Platform Version: These Smartcafe Expert 3.2s are Javacard 2.2.1 and GlobalPlatform 2.1.1. That means they were last state of the art in ~2006!! (Eesh)
Reader model/name: SCR3310 by Identive. The UFO puck. I also have a HID 3121 is that helps.

Expected behavior/ of what you expected to happen.

After running
gp -unlock -emv like as described both on the readme and the Testedcards bit
and
gp -install GidsApplet.cap -default

❯ globalplatformpro -install Downloads/GidsApplet.cap   -default -d -v -i
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F

I expected it to just work. As the -unlock is supposed to remove the key diversification. But it only get the below message when I try to list my card. And nothing else!! I'm just following the directions. I'm left with a headscratcher.

(this is using the older 2018 release of gpp as it doesn't just fail with the help syntax)

❯ globalplatformpro -l -d -v -i
Warning: no keys given, using default test key 404142434445464748494A4B4C4D4E4F

I think I'm getting the keying correct because before I did the proper key stuff I used to get errors like described in these posts like this
"Error: At position 1 the len is more then 3 [32]" from GlobalPlatformPro.
https://stackoverflow.com/questions/68087131/cannot-list-or-install-cap-files-in-javacard-after-unlocking-why-and-how-to-so
https://muscle.musclecard.narkive.com/AWWgaYSL/get-error-while-loading-applet-on-smartcafe-expert-3-2-72k-smart-card
kaoh/globalplatform#48

[vletoux]

The key message about https://www.mysmartlogon.com/generic-identity-device-specification-gids-smart-card/tested-cards/ was than to read / save RSA key, you need to twist the way you access the key in order to use it.
I wrote this page in 2016 so work has been done on this since the publication.

For example there are now profiles in the build script.

Once the applet has been charged and uploaded, you may encounter issues that I can fix.
I mean error in Windows / opensc commands whose root is APDU error command.
That I can debug and I already know a few workarounds.

The installation on a card, I can't debug it.
globalplatformpro is the best software I know for that (thanks Martin) but you should create a ticket here: https://github.com/martinpaljak/GlobalPlatformPro/issues
Also if I remember correctly, globalplatformpro can output the APDU send to the card. I don't see them.

I moved 5 years ago so the card I was using for testing has been probably lost on my side and I cannot test anymore.

[vletoux]

Also I remind the installation steps:

• installation of the applet (certutil -scinfo should show "GIDS")
• personalization (setup PIN / admin key using our program) (certutil -scinfo show an empty card)
• certificate import / generation (needs ADCS / certutil to import)

[martinpaljak]

@cellarweasel the tested cards page is seriously outdated. Please do give a full trace of what you're doing. If you're having issues with GPPro, opening a discussion there might be more fruitful (luckily I follow this repo)

java -jar gp.jar (-emv if the card used EMV diversification) -install GidsApplet.cap should be sufficient

[cellarweasel]

Thank you both so much for getting me straightened out! and thank you both for your time! I feel like I am in the presence of giants.
After following both of your directions I got another of my cards, a JCOP3, loaded up and completed like a charm.
However these Smartcafe Expert 3.2s are giving me yet more trouble, which I will take to the GPPro discussions.

Thank you very much vletoux for the GIDs applet!

Martin I'll be seeing you over in your area!