Question
I try to get into cipher, mutual authenticate and such and figured it might be good to see what is "on" the market. Now, cipurse states in its specifications a term like this to generate the session key:
https://stackoverflow.com/questions/22152591
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiank0 = AES (key = PAD2 (kP) XOR PAD (rT), kID) XOR kID
where k0 is the session key, kP is an on-card calculated key, rT is the response from the terminal. PAD stands for padding (leading zeroes), PAD 2 for double padding (leading zeros) and kID is the secret key from the card.
Now as far as I am aware I create a key this way:
AESKey k0_pre = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_AES_128, false);
k0_pre.clearKey();
k0_pre.setKey(key, (short) 0);
Now the one question I have is concerning just a little comma nameingly
key = PAD2 (kP) XOR PAD (rT), kID
setKey takes a byte[] and an offset, kID is not an offset cleary - should this comma be and "AND" or should those two expressions should be concatenated or something completely different?
The example kID in the guidelines is
53 45 43 5f 4d 45 4d 4f 52 59 20 4b 45 59 20 31
The result after for PAD2 (kP) XOR PAD (rT) is
00 00 00 00 b7 a0 d2 cb 01 15 25 3f c4 0d 43 8f
and the k0_pre is then to be:
72 4b e3 3e 05 47 b5 99 9c 78 13 9d 8b 25 94 e6
I just don't know how this AES Key is generated out of "2" input keys
Solution
I found the answer some place else:
The encryption of a 128-bit message block m using a 128-bit key k using the advanced encryption standard
AES is denoted by c := AES (key = k, m).
So, for my question the secret key kID is the message block, now it all makes sense!
