globalplatform/globalplatform.h File Reference

#include <stdio.h>
#include "types.h"
#include "unicode.h"
#include "error.h"
#include "errorcodes.h"
#include "library.h"
#include "connection.h"
#include "security.h"
#include "stringify.h"

Go to the source code of this file.

Classes

struct  OPGP_PROGRESS_CALLBACK_PARAMETERS
struct  OPGP_PROGRESS_CALLBACK
struct  OP201_APPLICATION_DATA
struct  OPGP_AID
struct  OPGP_LOAD_FILE_PARAMETERS
struct  GP211_APPLICATION_DATA
struct  GP211_EXECUTABLE_MODULES_DATA

Defines

#define max(a, b)   (((a)>(b))?(a):(b))
#define OPGP_WORK_UNKNOWN   -1
 The amount of work is not known.
#define OPGP_TASK_FINISHED   1
 The task is finished.
#define INIT_PROGRESS_CALLBACK_PARAMETERS(callbackParameters, callback)

Functions

OPGP_API OPGP_ERROR_STATUS OPGP_select_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, PBYTE AID, DWORD AIDLength)
 GlobalPlatform2.1.1: Selects an application on a card by AID.
OPGP_API OPGP_ERROR_STATUS GP211_get_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE cardElement, GP211_APPLICATION_DATA *applData, GP211_EXECUTABLE_MODULES_DATA *executableData, PDWORD dataLength)
 GlobalPlatform2.1.1: Gets the life cycle status of Applications, the Issuer Security Domains, Security Domains and Executable Load Files and their privileges or information about Executable Modules of the Executable Load Files.
OPGP_API OPGP_ERROR_STATUS GP211_set_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE cardElement, PBYTE AID, DWORD AIDLength, BYTE lifeCycleState)
 GlobalPlatform2.1.1: Sets the life cycle status of Applications, Security Domains or the Card Manager.
OPGP_API OPGP_ERROR_STATUS GP211_mutual_authentication (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE baseKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16], BYTE keySetVersion, BYTE keyIndex, BYTE secureChannelProtocol, BYTE secureChannelProtocolImpl, BYTE securityLevel, BYTE derivationMethod, GP211_SECURITY_INFO *secInfo)
 GlobalPlatform2.1.1: Mutual authentication.
OPGP_API OPGP_ERROR_STATUS GP211_init_implicit_secure_channel (PBYTE AID, DWORD AIDLength, BYTE baseKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16], BYTE secureChannelProtocolImpl, BYTE sequenceCounter[2], GP211_SECURITY_INFO *secInfo)
 GlobalPlatform2.1.1: Inits a Secure Channel implicitly.
OPGP_API OPGP_ERROR_STATUS close_implicit_secure_channel (GP211_SECURITY_INFO *secInfo)
 GlobalPlatform2.1.1: Closes a Secure Channel implicitly.
OPGP_API OPGP_ERROR_STATUS GP211_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength)
 GlobalPlatform2.1.1: Retrieve card data.
OPGP_API OPGP_ERROR_STATUS GP211_get_data_iso7816_4 (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength)
 Retrieve card data according ISO/IEC 7816-4 command not within a secure channel.
OPGP_API OPGP_ERROR_STATUS GP211_get_secure_channel_protocol_details (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE *secureChannelProtocol, BYTE *secureChannelProtocolImpl)
 GlobalPlatform2.1.1: This returns the Secure Channel Protocol and the Secure Channel Protocol implementation.
OPGP_API OPGP_ERROR_STATUS GP211_get_sequence_counter (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE sequenceCounter[2])
 GlobalPlatform2.1.1: This returns the current Sequence Counter.
OPGP_API OPGP_ERROR_STATUS GP211_put_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE dataObject, DWORD dataObjectLength)
 GlobalPlatform2.1.1: Put card data.
OPGP_API OPGP_ERROR_STATUS GP211_pin_change (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE tryLimit, PBYTE newPIN, DWORD newPINLength)
 GlobalPlatform2.1.1: Changes or unblocks the global PIN.
OPGP_API OPGP_ERROR_STATUS GP211_put_3des_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE _3DESKey[16])
 GlobalPlatform2.1.1: replaces a single 3DES key in a key set or adds a new 3DES key.
OPGP_API OPGP_ERROR_STATUS GP211_put_rsa_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase)
 GlobalPlatform2.1.1: replaces a single public RSA key in a key set or adds a new public RSA key.
OPGP_API OPGP_ERROR_STATUS GP211_put_secure_channel_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, BYTE baseKey[16], BYTE newS_ENC[16], BYTE newS_MAC[16], BYTE newDEK[16])
 GlobalPlatform2.1.1: replaces or adds a secure channel key set consisting of S-ENC, S-MAC and DEK.
OPGP_API OPGP_ERROR_STATUS GP211_delete_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex)
 GlobalPlatform2.1.1: deletes a key or multiple keys.
OPGP_API OPGP_ERROR_STATUS GP211_get_key_information_templates (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keyInformationTemplate, GP211_KEY_INFORMATION *keyInformation, PDWORD keyInformationLength)
 GlobalPlatform2.1.1: Retrieves key information of keys on the card.
OPGP_API OPGP_ERROR_STATUS GP211_delete_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, OPGP_AID *AIDs, DWORD AIDsLength, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataLength)
 GlobalPlatform2.1.1: Deletes a Executable Load File or an application.
OPGP_API OPGP_ERROR_STATUS GP211_install_for_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], BYTE loadToken[128], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit)
 GlobalPlatform2.1.1: Prepares the card for loading an application.
OPGP_API OPGP_ERROR_STATUS GP211_get_extradition_token_signature_data (PBYTE securityDomainAID, DWORD securityDomainAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, PBYTE extraditionTokenSignatureData, PDWORD extraditionTokenSignatureDataLength)
 GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Extradition Token.
OPGP_API OPGP_ERROR_STATUS GP211_get_load_token_signature_data (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE loadTokenSignatureData, PDWORD loadTokenSignatureDataLength)
 GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in a Load Token.
OPGP_API OPGP_ERROR_STATUS GP211_get_install_token_signature_data (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, PBYTE installTokenSignatureData, PDWORD installTokenSignatureDataLength)
 GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Install Token.
OPGP_API OPGP_ERROR_STATUS GP211_calculate_load_token (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDataBlockHash[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, BYTE loadToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
 GlobalPlatform2.1.1: Calculates a Load Token using PKCS#1.
OPGP_API OPGP_ERROR_STATUS GP211_calculate_install_token (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
 GlobalPlatform2.1.1: Calculates an Install Token using PKCS#1.
OPGP_API OPGP_ERROR_STATUS GP211_calculate_load_file_data_block_hash (OPGP_STRING executableLoadFileName, unsigned char hash[20])
 GlobalPlatform2.1.1: Calculates a Load File Data Block Hash.
OPGP_API OPGP_ERROR_STATUS GP211_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, GP211_DAP_BLOCK *dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback)
 GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) to the card.
OPGP_API OPGP_ERROR_STATUS GP211_load_from_buffer (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, GP211_DAP_BLOCK *dapBlock, DWORD dapBlockLength, PBYTE loadFileBuffer, DWORD loadFileBufSize, GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback)
 GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) from a buffer to the card.
OPGP_API OPGP_ERROR_STATUS GP211_install_for_install (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable)
 GlobalPlatform2.1.1: Installs an application on the card.
OPGP_API OPGP_ERROR_STATUS GP211_install_for_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable)
 GlobalPlatform2.1.1: Makes an installed application selectable.
OPGP_API OPGP_ERROR_STATUS GP211_install_for_install_and_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE executableModuleAID, DWORD executableModuleAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE installParameters, DWORD installParametersLength, BYTE installToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable)
 GlobalPlatform2.1.1: Installs and makes an installed application selectable.
OPGP_API OPGP_ERROR_STATUS GP211_install_for_personalization (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE applicationAID, DWORD applicationAIDLength)
 GlobalPlatform2.1.1: Informs a Security Domain that a associated application will retrieve personalization data.
OPGP_API OPGP_ERROR_STATUS GP211_install_for_extradition (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE securityDomainAID, DWORD securityDomainAIDLength, PBYTE applicationAID, DWORD applicationAIDLength, BYTE extraditionToken[128], GP211_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable)
 GlobalPlatform2.1.1: Associates an application with another Security Domain.
OPGP_API OPGP_ERROR_STATUS GP211_put_delegated_management_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE receiptKey[16])
 GlobalPlatform2.1.1: Adds a key set for Delegated Management.
OPGP_API OPGP_ERROR_STATUS GP211_send_APDU (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE capdu, DWORD capduLength, PBYTE rapdu, PDWORD rapduLength)
 Sends an application protocol data unit.
OPGP_API OPGP_ERROR_STATUS GP211_calculate_3des_DAP (BYTE loadFileDataBlockHash[20], PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE DAPVerificationKey[16], GP211_DAP_BLOCK *loadFileDataBlockSignature)
 GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using 3DES.
OPGP_API OPGP_ERROR_STATUS GP211_calculate_rsa_DAP (BYTE loadFileDataBlockHash[20], PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING PEMKeyFileName, char *passPhrase, GP211_DAP_BLOCK *loadFileDataBlockSignature)
 GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using SHA-1 and PKCS#1 (RSA).
OPGP_API OPGP_ERROR_STATUS GP211_validate_delete_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLength)
 GlobalPlatform2.1.1: Validates a Load Receipt.
OPGP_API OPGP_ERROR_STATUS GP211_validate_install_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationAID, DWORD applicationAIDLength)
 GlobalPlatform2.1.1: Validates an Install Receipt.
OPGP_API OPGP_ERROR_STATUS GP211_validate_load_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength)
 GlobalPlatform2.1.1: Validates a Load Receipt.
OPGP_ERROR_STATUS GP211_validate_extradition_receipt (DWORD confirmationCounter, PBYTE cardUniqueData, DWORD cardUniqueDataLength, BYTE receiptKey[16], GP211_RECEIPT_DATA receiptData, PBYTE oldSecurityDomainAID, DWORD oldSecurityDomainAIDLength, PBYTE newSecurityDomainAID, DWORD newSecurityDomainAIDLength, PBYTE applicationOrExecutableLoadFileAID, DWORD applicationOrExecutableLoadFileAIDLength)
 GlobalPlatform2.1.1: Validates an Extradition Receipt.
OPGP_API OPGP_ERROR_STATUS OPGP_manage_channel (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO *cardInfo, GP211_SECURITY_INFO *secInfo, BYTE openClose, BYTE channelNumberToClose, BYTE *channelNumberOpened)
 ISO 7816-4 / GlobalPlatform2.1.1: Opens or closes a Logical Channel.
OPGP_API OPGP_ERROR_STATUS OPGP_select_channel (OPGP_CARD_INFO *cardInfo, BYTE channelNumber)
 ISO 7816-4 / GlobalPlatform2.1.1: If multiple Logical Channels are open or a new Logical Channel is opened with select_application(), selects the Logical Channel.
OPGP_API OPGP_ERROR_STATUS GP211_store_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, PBYTE data, DWORD dataLength)
 GlobalPlatform2.1.1: The STORE DATA command is used to transfer data to an Application or the Security Domain processing the command.
OPGP_API OPGP_ERROR_STATUS OP201_get_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE cardElement, OP201_APPLICATION_DATA *applData, PDWORD applDataLength)
 Open Platform: Gets the life cycle status of Applications, the Card Manager and Executable Load Files and their privileges.
OPGP_API OPGP_ERROR_STATUS OP201_set_status (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE cardElement, PBYTE AID, DWORD AIDLength, BYTE lifeCycleState)
 Open Platform: Sets the life cycle status of Applications, Security Domains or the Card Manager.
OPGP_API OPGP_ERROR_STATUS OP201_mutual_authentication (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE baseKey[16], BYTE encKey[16], BYTE macKey[16], BYTE kekKey[16], BYTE keySetVersion, BYTE keyIndex, BYTE securityLevel, BYTE derivationMethod, OP201_SECURITY_INFO *secInfo)
 Open Platform: Mutual authentication.
OPGP_API OPGP_ERROR_STATUS OP201_get_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE recvBuffer, PDWORD recvBufferLength)
 Open Platform: Retrieve card data.
OPGP_API OPGP_ERROR_STATUS OP201_put_data (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE identifier[2], PBYTE dataObject, DWORD dataObjectLength)
 Open Platform: Put card data.
OPGP_API OPGP_ERROR_STATUS OP201_pin_change (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE tryLimit, PBYTE newPIN, DWORD newPINLength, BYTE KEK[16])
 Open Platform: Changes or unblocks the global PIN.
OPGP_API OPGP_ERROR_STATUS OP201_put_3desKey (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, BYTE _3desKey[16], BYTE KEK[16])
 Open Platform: replaces a single 3DES key in a key set or adds a new 3DES key.
OPGP_API OPGP_ERROR_STATUS OP201_put_rsa_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase)
 Open Platform: replaces a single public RSA key in a key set or adds a new public RSA key.
OPGP_API OPGP_ERROR_STATUS OP201_put_secure_channel_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, BYTE new_encKey[16], BYTE new_macKey[16], BYTE new_KEK[16], BYTE KEK[16])
 Open Platform: replaces or adds a secure channel key set consisting of encryption key, MAC key and key encryption.
OPGP_API OPGP_ERROR_STATUS OP201_delete_key (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE keyIndex)
 Open Platform: deletes a key or multiple keys.
OPGP_API OPGP_ERROR_STATUS OP201_get_key_information_templates (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keyInformationTemplate, OP201_KEY_INFORMATION *keyInformation, PDWORD keyInformationLength)
 Open Platform: Retrieves key information of keys on the card.
OPGP_API OPGP_ERROR_STATUS OP201_delete_application (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, OPGP_AID *AIDs, DWORD AIDsLength, OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataLength)
 Open Platform: Deletes a Executable Load File or an application.
OPGP_API OPGP_ERROR_STATUS OP201_install_for_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], BYTE loadToken[128], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit)
 Open Platform: Prepares the card for loading an application.
OPGP_API OPGP_ERROR_STATUS OP201_get_load_token_signature_data (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE loadTokenSignatureData, PDWORD loadTokenSignatureDataLength)
 Open Platform: Function to retrieve the data to sign by the Card Issuer in a Load Token.
OPGP_API OPGP_ERROR_STATUS OP201_get_install_token_signature_data (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, PBYTE installTokenSignatureData, PDWORD installTokenSignatureDataLength)
 Open Platform: Function to retrieve the data to sign by the Card Issuer in an Install Token.
OPGP_API OPGP_ERROR_STATUS OP201_calculate_load_token (PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength, BYTE loadFileDAP[20], DWORD nonVolatileCodeSpaceLimit, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, BYTE loadToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
 Open Platform: Calculates a Load Token using PKCS#1.
OPGP_API OPGP_ERROR_STATUS OP201_calculate_install_token (BYTE P1, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OPGP_STRING PEMKeyFileName, char *passPhrase)
 Open Platform: Calculates an Install Token using PKCS#1.
OPGP_API OPGP_ERROR_STATUS OP201_calculate_load_file_DAP (OP201_DAP_BLOCK *dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, unsigned char hash[20])
 Open Platform: Calculates a Load File DAP.
OPGP_API OPGP_ERROR_STATUS OP201_load (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, OP201_DAP_BLOCK *dapBlock, DWORD dapBlockLength, OPGP_STRING executableLoadFileName, OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback)
 Open Platform: Loads a Executable Load File (containing an application) to the card.
OPGP_API OPGP_ERROR_STATUS OP201_load_from_buffer (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, OP201_DAP_BLOCK *dapBlock, DWORD dapBlockLength, PBYTE loadFilebuf, DWORD loadFileBufSize, OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable, OPGP_PROGRESS_CALLBACK *callback)
 Open Platform: Loads a Executable Load File (containing an application) from a buffer to the card.
OPGP_API OPGP_ERROR_STATUS OP201_install_for_install (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable)
 Open Platform: Installs an application on the card.
OPGP_API OPGP_ERROR_STATUS OP201_install_for_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, BYTE installToken[128], OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable)
 Open Platform: Makes an installed application selectable.
OPGP_API OPGP_ERROR_STATUS OP201_install_for_install_and_make_selectable (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE AIDWithinLoadFileAID, DWORD AIDWithinLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength, BYTE applicationPrivileges, DWORD volatileDataSpaceLimit, DWORD nonVolatileDataSpaceLimit, PBYTE applicationInstallParameters, DWORD applicationInstallParametersLength, BYTE installToken[128], OP201_RECEIPT_DATA *receiptData, PDWORD receiptDataAvailable)
 Open Platform: Installs and makes an installed application selectable.
OPGP_API OPGP_ERROR_STATUS OP201_put_delegated_management_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, BYTE keySetVersion, BYTE newKeySetVersion, OPGP_STRING PEMKeyFileName, char *passPhrase, BYTE receiptGenerationKey[16], BYTE KEK[16])
 Open Platform: Adds a key set for Delegated Management.
OPGP_API OPGP_ERROR_STATUS OP201_send_APDU (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, OP201_SECURITY_INFO *secInfo, PBYTE capdu, DWORD capduLength, PBYTE rapdu, PDWORD rapduLength)
 Sends an application protocol data unit.
OPGP_API OPGP_ERROR_STATUS OP201_calculate_3des_DAP (PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING executableLoadFileName, BYTE DAP_verification_key[16], OP201_DAP_BLOCK *dapBlock)
 Open Platform: Calculates a Load File Data Block DAP using 3DES.
OPGP_API OPGP_ERROR_STATUS OP201_calculate_rsa_DAP (PBYTE securityDomainAID, DWORD securityDomainAIDLength, OPGP_STRING executableLoadFileName, OPGP_STRING PEMKeyFileName, char *passPhrase, OP201_DAP_BLOCK *dapBlock)
 Open Platform: Calculates a Load File Data Block DAP using SHA-1 and PKCS#1 (RSA).
OPGP_API OPGP_ERROR_STATUS OP201_validate_delete_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE AID, DWORD AIDLength)
 Open Platform: Validates a Load Receipt.
OPGP_API OPGP_ERROR_STATUS OP201_validate_install_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE applicationInstanceAID, DWORD applicationInstanceAIDLength)
 Open Platform: Validates an Install Receipt.
OPGP_API OPGP_ERROR_STATUS OP201_validate_load_receipt (DWORD confirmationCounter, BYTE cardUniqueData[10], BYTE receiptGenerationKey[16], OP201_RECEIPT_DATA receiptData, PBYTE executableLoadFileAID, DWORD executableLoadFileAIDLength, PBYTE securityDomainAID, DWORD securityDomainAIDLength)
 Open Platform: Validates a Load Receipt.
OPGP_API OPGP_ERROR_STATUS GP211_begin_R_MAC (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo, BYTE securityLevel, PBYTE data, DWORD dataLength)
 Initiates a R-MAC session.
OPGP_API OPGP_ERROR_STATUS GP211_end_R_MAC (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, GP211_SECURITY_INFO *secInfo)
 Terminates a R-MAC session.
OPGP_API OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters (OPGP_STRING loadFileName, OPGP_LOAD_FILE_PARAMETERS *loadFileParams)
 Reads the parameters of an Executable Load File.
OPGP_API OPGP_ERROR_STATUS OPGP_VISA2_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, PBYTE AID, DWORD AIDLength, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
 Derives the static keys from a master key according the VISA 2 key derivation scheme.
OPGP_API OPGP_ERROR_STATUS OPGP_cap_to_ijc (OPGP_CSTRING capFileName, OPGP_STRING ijcFileName)
 Converts a CAP file to an IJC file (Executable Load File).
OPGP_API OPGP_ERROR_STATUS OPGP_extract_cap_file (OPGP_CSTRING fileName, PBYTE loadFileBuf, PDWORD loadFileBufSize)
 Extracts a CAP file into a buffer.
OPGP_API OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters_from_buffer (PBYTE loadFileBuf, DWORD loadFileBufSize, OPGP_LOAD_FILE_PARAMETERS *loadFileParams)
 Receives Executable Load File as a buffer instead of a FILE.
OPGP_API OPGP_ERROR_STATUS OPGP_EMV_CPS11_derive_keys (OPGP_CARD_CONTEXT cardContext, OPGP_CARD_INFO cardInfo, BYTE masterKey[16], BYTE S_ENC[16], BYTE S_MAC[16], BYTE DEK[16])
 Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme.

Variables

static const BYTE OPGP_VISA_DEFAULT_KEY [16] = {0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F}
static const BYTE OPGP_GEMXPRESSO_DEFAULT_KEY [16] = {0x47, 0x45, 0x4d, 0x58, 0x50, 0x52, 0x45, 0x53, 0x53, 0x4f, 0x53, 0x41, 0x4d, 0x50, 0x4c, 0x45}
static const BYTE GP211_CARD_MANAGER_AID [7] = {0xA0, 0x00, 0x00, 0x01, 0x51, 0x00, 0x00}
 The AID of the Issuer Security Domain defined by GlobalPlatform 2.1.1 specification.
static const BYTE GP211_CARD_MANAGER_AID_ALT1 [8] = {0xA0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00}
 This AID is also used for the Issuer Security Domain, e.g. by JCOP 41 cards.
static const BYTE GP211_LIFE_CYCLE_LOAD_FILE_LOADED = 0x01
 Executable Load File is loaded.
static const BYTE GP211_LIFE_CYCLE_CARD_OP_READY = 0x01
 Card is OP ready.
static const BYTE GP211_LIFE_CYCLE_CARD_INITIALIZED = 0x07
 Card is initialized.
static const BYTE GP211_LIFE_CYCLE_CARD_SECURED = 0x0f
 Card is in secured state.
static const BYTE GP211_LIFE_CYCLE_CARD_LOCKED = 0x7f
 Card is locked.
static const BYTE GP211_LIFE_CYCLE_CARD_TERMINATED = 0xff
 Card is terminated.
static const BYTE GP211_LIFE_CYCLE_APPLICATION_INSTALLED = 0x03
 Application is installed.
static const BYTE GP211_LIFE_CYCLE_APPLICATION_SELECTABLE = 0x07
 Application is selectable.
static const BYTE GP211_LIFE_CYCLE_APPLICATION_LOCKED = 0xff
 Application is locked.
static const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_INSTALLED = 0x03
 Application is installed.
static const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_SELECTABLE = 0x07
 Application is selectable.
static const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_PERSONALIZED = 0xff
 Application is personalized.
static const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_LOCKED = 0xff
 Application is locked.
static const BYTE GP211_MANAGE_CHANNEL_OPEN = 0x00
 Open the next available Supplementary Logical Channel.
static const BYTE GP211_MANAGE_CHANNEL_CLOSE = 0x80
 Close the Supplementary Logical Channel.
static const BYTE GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN = 0x80
 Application is security domain.
static const BYTE GP211_APPLICATION_PRIVILEGE_DAP_VERIFICATION = 0x40
 Application can require DAP verification for loading and installating applications.
static const BYTE GP211_APPLICATION_PRIVILEGE_DELEGATED_MANAGEMENT = 0x20
 Security domain has delegeted management right.
static const BYTE GP211_APPLICATION_PRIVILEGE_CARD_MANAGER_LOCK_PRIVILEGE = 0x10
 Application can lock the Card Manager.
static const BYTE GP211_APPLICATION_PRIVILEGE_CARD_MANAGER_TERMINATE_PRIVILEGE = 0x08
 Application can terminate the card.
static const BYTE GP211_APPLICATION_PRIVILEGE_DEFAULT_SELECTED = 0x04
 Application is default selected.
static const BYTE GP211_APPLICATION_PRIVILEGE_PIN_CHANGE_PRIVILEGE = 0x02
 Application can change global PIN.
static const BYTE GP211_APPLICATION_PRIVILEGE_MANDATED_DAP_VERIFICATION = 0x01
 Security domain requires DAP verification for loading and installating applications.
static const BYTE GP211_STATUS_APPLICATIONS = 0x40
 Indicate Applications or Security Domains in GP211_get_status() (request GP211_APPLICATION_DATA) or GP211_set_status().
static const BYTE GP211_STATUS_ISSUER_SECURITY_DOMAIN = 0x80
 Indicate Issuer Security Domain in GP211_get_status() (request GP211_APPLICATION_DATA) or GP211_set_status().
static const BYTE GP211_STATUS_LOAD_FILES = 0x20
 Request GP211_APPLICATION_DATA for Executable Load Files in GP211_get_status().
static const BYTE GP211_STATUS_LOAD_FILES_AND_EXECUTABLE_MODULES = 0x10
 Request GP211_EXECUTABLE_MODULES_DATA for Executable Load Files and their Executable Modules in GP211_get_status().
static const BYTE GP211_GET_DATA_ISSUER_IDENTIFICATION_NUMBER [2] = {0x00, 0x42}
 Issuer Identification Number, if Card Manager selected.
static const BYTE GP211_GET_DATA_APPLICATION_PROVIDER_IDENTIFICATION_NUMBER [2] = {0x00, 0x42}
 Application Provider Identification Number, if Security Domain selected.
static const BYTE GP211_GET_DATA_CARD_IMAGE_NUMBER [2] = {0x00, 0x45}
 Card Image Number, if Card Manager selected.
static const BYTE GP211_GET_DATA_SECURITY_DOMAIN_IMAGE_NUMBER [2] = {0x00, 0x45}
 Security Domain Image Number, if Security Domain selected.
static const BYTE GP211_GET_DATA_ISSUER_SECURITY_DOMAIN_AID [2] = {0x00, 0x4F}
 Change Issuer Security Domain AID, if Issuer Security Domain selected.
static const BYTE GP211_GET_DATA_SECURITY_DOMAIN_AID [2] = {0x00, 0x4F}
 Change Security Domain AID, if Security Domain selected.
static const BYTE GP211_GET_DATA_CARD_DATA [2] = {0x00, 0x66}
 Card Data.
static const BYTE GP211_GET_DATA_SEQUENCE_COUNTER_DEFAULT_KEY_VERSION [2] = {0x00, 0xC1}
 Sequence Counter of the default Key Version Number.
static const BYTE GP211_GET_DATA_CONFIRMATION_COUNTER [2] = {0x00, 0xC2}
 Confirmation Counter.
static const BYTE GP211_GET_DATA_FREE_EEPROM_MEMORY_SPACE [2] = {0x00, 0xC6}
 Free EEPROM memory space.
static const BYTE GP211_GET_DATA_FREE_COR_RAM [2] = {0x00, 0xC7}
 Free transient Clear on Reset memory space (COR RAM).
static const BYTE GP211_GET_DATA_DIVERSIFICATION_DATA [2] = {0x00, 0xCF}
 Diversification data.
static const BYTE GP211_GET_DATA_KEY_INFORMATION_TEMPLATE [2] = {0x00, 0xE0}
static const BYTE GP211_GET_DATA_CPLC_PERSONALIZATION_DATE [2] = {0x9F, 0x66}
 CPLC personalization date.
static const BYTE GP211_GET_DATA_CPLC_PRE_PERSONALIZATION_DATE [2] = {0x9F, 0x67}
 CPLC pre-personalization date.
static const BYTE GP211_GET_DATA_CPLC_ICC_MANUFACTURER_EMBEDDING_DATE [2] = {0x9F, 0x68}
 CPLC ICC manufacturer, embedding date.
static const BYTE GP211_GET_DATA_CPLC_MODULE_FABRICATOR_PACKAGING_DATE [2] = {0x9F, 0x69}
 CPLC module fabricator, module packaging date.
static const BYTE GP211_GET_DATA_CPLC_FABRICATION_DATE_SERIAL_NUMBER_BATCH_IDENTIFIER [2] = {0x9F, 0x6A}
 CPLC fabrication date, serial number, batch identifier.
static const BYTE GP211_GET_DATA_CPLC_WHOLE_CPLC [2] = {0x9F, 0x7F}
 Whole CPLC data from ROM and EEPROM.
static const BYTE GP211_GET_DATA_FCI_DATA [2] = {0xBF, 0x0C}
 File Control Information (FCI) discretionary data.
static const BYTE GP211_GET_DATA_PROTOCOL [2] = {0xDF, 0x70}
 Data for protocol change.
static const BYTE GP211_GET_DATA_ATR_HISTRORICAL_BYTES [2] = {0xDF, 0x71}
 Change ATR historical bytes.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_INITIALIZATION_FINGERPRINT [2] = {0xDF, 0x76}
 EFprod data initialization fingerprint.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_INITIALIZATION_DATA [2] = {0xDF, 0x77}
 EFprod data initialization data.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_PRODUCTION_KEY_INDEX [2] = {0xDF, 0x78}
 EFprod data production key index.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_PROTOCOL_VERSION [2] = {0xDF, 0x79}
 EFprod data protocol version.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_CHECKSUM [2] = {0xDF, 0x7A}
 EFprod data checksum.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_SOFTWARE_VERSION [2] = {0xDF, 0x7B}
 EFprod data software version.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_RFU [2] = {0xDF, 0x7C}
 EFprod data RFU.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_PROFILE_WITH_PROFILE_VERSION [2] = {0xDF, 0x7D}
 EFprod data profile with profile version.
static const BYTE GP211_GET_DATA_EF_PROD_DATA_LOCATION_MACHINE_DATE_TIME [2] = {0xDF, 0x7E}
 EFprod data location, machine number, date, time.
static const BYTE GP211_GET_DATA_WHOLE_EF_PROD [2] = {0xDF, 0x7F}
 Whole EFprod data block (39 Byte).
static const BYTE GP211_GET_DATA_KEY_DIVERSIFICATION [2] = {0x00, 0xCF}
 Key diversification data. KMC_ID (6 bytes) + CSN (4 bytes). KMC_ID is usually the IIN (Issuer identification number). CSN is the card serial number.
static const BYTE OP201_CARD_MANAGER_AID [7] = {0xA0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00}
 The AID of the Card Manager defined by Open Platform specification.
static const BYTE OP201_LIFE_CYCLE_LOAD_FILE_LOGICALLY_DELETED = 0x00
 Executable Load File is logically deleted.
static const BYTE OP201_LIFE_CYCLE_LOAD_FILE_LOADED = 0x01
 Executable Load File is loaded.
static const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_OP_READY = 0x01
 Card is OP ready.
static const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_INITIALIZED = 0x07
 Card is initialized.
static const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_SECURED = 0x0f
 Card is in secured state.
static const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_CM_LOCKED = 0x7f
 Card is locked.
static const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_TERMINATED = 0xff
 Card is terminated.
static const BYTE OP201_LIFE_CYCLE_APPLICATION_LOGICALLY_DELETED = 0x00
 Application is logically deleted.
static const BYTE OP201_LIFE_CYCLE_APPLICATION_INSTALLED = 0x03
 Application is installed.
static const BYTE OP201_LIFE_CYCLE_APPLICATION_SELECTABLE = 0x07
 Application is selectable.
static const BYTE OP201_LIFE_CYCLE_APPLICATION_PERSONALIZED = 0x0f
 Application is personalized.
static const BYTE OP201_LIFE_CYCLE_APPLICATION_BLOCKED = 0x7f
 Application is blocked.
static const BYTE OP201_LIFE_CYCLE_APPLICATION_LOCKED = 0xff
 Application is locked.
static const BYTE OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN = 0x80
 Application is security domain.
static const BYTE OP201_APPLICATION_PRIVILEGE_DAP_VERIFICATION = 0x40
 Application can require DAP verification for loading and installating applications.
static const BYTE OP201_APPLICATION_PRIVILEGE_DELEGATED_MANAGEMENT = 0x20
 Security domain has delegeted management right.
static const BYTE OP201_APPLICATION_PRIVILEGE_CARD_MANAGER_LOCK_PRIVILEGE = 0x10
 Application can lock the Card Manager.
static const BYTE OP201_APPLICATION_PRIVILEGE_CARD_MANAGER_TERMINATE_PRIVILEGE = 0x08
 Application can terminate the card.
static const BYTE OP201_APPLICATION_PRIVILEGE_DEFAULT_SELECTED = 0x04
 Application is default selected.
static const BYTE OP201_APPLICATION_PRIVILEGE_PIN_CHANGE_PRIVILEGE = 0x02
 Application can change global PIN.
static const BYTE OP201_APPLICATION_PRIVILEGE_MANDATED_DAP_VERIFICATION = 0x01
 Security domain requires DAP verification for loading and installating applications.
static const BYTE OP201_STATUS_APPLICATIONS = 0x40
 Indicate Applications or Security Domains in OP201_get_status() or OP201_set_status().
static const BYTE OP201_STATUS_CARD_MANAGER = 0x80
 Indicate Card Manager in OP201_get_status() or OP201_set_status().
static const BYTE OP201_STATUS_LOAD_FILES = 0x20
 Request OP201_APPLICATION_DATA for Executable Load Files in OP201_get_status().
static const BYTE OP201_GET_DATA_ISSUER_BIN [2] = {0x00, 0x42}
 Issuer BIN, if Card Manager selected.
static const BYTE OP201_GET_DATA_APPLICATION_PROVIDER_IDENTIFICATION_NUMBER [2] = {0x00, 0x42}
 Application provider identification number, if Security Domain selected.
static const BYTE OP201_GET_DATA_ISSUER_DATA [2] = {0x00, 0x45}
 Card issuer data, if Card Manager selected.
static const BYTE OP201_GET_DATA_SECURITY_DOMAIN_IMAGE_NUMBER [2] = {0x00, 0x45}
 Security domain image number, if Security Domain selected.
static const BYTE OP201_GET_DATA_CARD_MANAGER_AID [2] = {0x00, 0x4F}
 Change Card Manager AID, if Card Manager selected.
static const BYTE OP201_GET_DATA_SECURITY_DOMAIN_AID [2] = {0x00, 0x4F}
 Change Security Domain AID, if Security Domain selected.
static const BYTE OP201_GET_DATA_CARD_RECOGNITION_DATA [2] = {0x00, 0x66}
 Card recognition data.
static const BYTE OP201_GET_DATA_SEQUENCE_COUNTER_DEFAULT_KEY_VERSION [2] = {0x00, 0xC1}
 Sequence Counter of the default Key Version Number.
static const BYTE OP201_GET_DATA_CONFIRMATION_COUNTER [2] = {0x00, 0xC2}
 Confirmation Counter.
static const BYTE OP201_GET_DATA_FREE_EEPROM_MEMORY_SPACE [2] = {0x00, 0xC6}
 Free EEPROM memory space.
static const BYTE OP201_GET_DATA_FREE_COR_RAM [2] = {0x00, 0xC7}
 Free transient Clear on Reset memory space (COR RAM).
static const BYTE OP201_GET_DATA_DIVERSIFICATION_DATA [2] = {0x00, 0xCF}
 Diversification data.
static const BYTE OP201_GET_DATA_KEY_INFORMATION_TEMPLATE [2] = {0x00, 0xE0}
static const BYTE OP201_GET_DATA_CPLC_PERSONALIZATION_DATE [2] = {0x9F, 0x66}
 CPLC personalization date.
static const BYTE OP201_GET_DATA_CPLC_PRE_PERSONALIZATION_DATE [2] = {0x9F, 0x67}
 CPLC pre-personalization date.
static const BYTE OP201_GET_DATA_CPLC_ICC_MANUFACTURER_EMBEDDING_DATE [2] = {0x9F, 0x68}
 CPLC ICC manufacturer, embedding date.
static const BYTE OP201_GET_DATA_CPLC_MODULE_FABRICATOR_PACKAGING_DATE [2] = {0x9F, 0x69}
 CPLC module fabricator, module packaging date.
static const BYTE OP201_GET_DATA_CPLC_FABRICATION_DATE_SERIAL_NUMBER_BATCH_IDENTIFIER [2] = {0x9F, 0x6A}
 CPLC fabrication date, serial number, batch identifier.
static const BYTE OP201_GET_DATA_CPLC_WHOLE_CPLC [2] = {0x9F, 0x7F}
 Whole CPLC data from ROM and EEPROM.
static const BYTE OP201_GET_DATA_FCI_DATA [2] = {0xBF, 0x0C}
 File Control Information (FCI) discretionary data.
static const BYTE OP201_GET_DATA_PROTOCOL [2] = {0xDF, 0x70}
 Data for protocol change.
static const BYTE OP201_GET_DATA_ATR_HISTRORICAL_BYTES [2] = {0xDF, 0x71}
 Change ATR historical bytes.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_INITIALIZATION_FINGERPRINT [2] = {0xDF, 0x76}
 EFprod data initialization fingerprint.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_INITIALIZATION_DATA [2] = {0xDF, 0x77}
 EFprod data initialization data.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_PRODUCTION_KEY_INDEX [2] = {0xDF, 0x78}
 EFprod data production key index.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_PROTOCOL_VERSION [2] = {0xDF, 0x79}
 EFprod data protocol version.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_CHECKSUM [2] = {0xDF, 0x7A}
 EFprod data checksum.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_SOFTWARE_VERSION [2] = {0xDF, 0x7B}
 EFprod data software version.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_RFU [2] = {0xDF, 0x7C}
 EFprod data RFU.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_PROFILE_WITH_PROFILE_VERSION [2] = {0xDF, 0x7D}
 EFprod data profile with profile version.
static const BYTE OP201_GET_DATA_EF_PROD_DATA_LOCATION_MACHINE_DATE_TIME [2] = {0xDF, 0x7E}
 EFprod data location, machine number, date, time.
static const BYTE OP201_GET_DATA_WHOLE_EF_PROD [2] = {0xDF, 0x7F}
 Whole EFprod data block (39 Byte).
static const BYTE OPGP_DERIVATION_METHOD_NONE = 0
 No key derivation is used during mutual authentication.
static const BYTE OPGP_DERIVATION_METHOD_VISA2 = 1
 The VISA2 key derivation is used during mutual authentication.
static const BYTE OPGP_DERIVATION_METHOD_EMV_CPS11 = 2
 The EMV CPS 11 derivation is used during mutual authentication.

Detailed Description

This file contains all GlobalPlatform related functionality.

Define Documentation

#define INIT_PROGRESS_CALLBACK_PARAMETERS ( callbackParameters,
callback   ) 
Value:
if (callback != NULL) {callbackParameters.parameters = callback->parameters; \
        callbackParameters.finished = !OPGP_TASK_FINISHED;}
#define OPGP_TASK_FINISHED   1

The task is finished.

#define OPGP_WORK_UNKNOWN   -1

The amount of work is not known.

Function Documentation

OPGP_API OPGP_ERROR_STATUS close_implicit_secure_channel ( GP211_SECURITY_INFO secInfo  ) 

GlobalPlatform2.1.1: Closes a Secure Channel implicitly.

OPGP_API OPGP_ERROR_STATUS GP211_begin_R_MAC ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  securityLevel,
PBYTE  data,
DWORD  dataLength 
)

Initiates a R-MAC session.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
securityLevel Level of security for all subsequent commands

  • GP211_SCP02_SECURITY_LEVEL_R_MAC - Each APDU response contains a R-MAC during the session.
  • GP211_SCP02_SECURITY_LEVEL_NO_SECURE_MESSAGING - Only the END R-MAC SESSION response message will contain a R-MAC.
data [in] Data for the BEGIN R-MAC SESSION command, e.g. extra challenge.
dataLength [in] Length of data.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_calculate_3des_DAP ( BYTE  loadFileDataBlockHash[20],
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
BYTE  DAPCalculationKey[16],
GP211_DAP_BLOCK loadFileDataBlockSignature 
)

GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using 3DES.

If a security domain has DAP verification privilege the security domain validates this DAP. The loadFileDataBlockHash can be calculated using calculate_load_file_data_block_hash().

Parameters:
loadFileDataBlockHash [in] The Load File Data Block Hash.
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
DAPCalculationKey [in] The key to calculate the DAP.
*loadFileDataBlockSignature [out] A pointer to the returned GP211_DAP_BLOCK structure.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_calculate_install_token ( BYTE  P1,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  executableModuleAID,
DWORD  executableModuleAIDLength,
PBYTE  applicationAID,
DWORD  applicationAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  installParameters,
DWORD  installParametersLength,
BYTE  installToken[128],
OPGP_STRING  PEMKeyFileName,
char *  passPhrase 
)

GlobalPlatform2.1.1: Calculates an Install Token using PKCS#1.

The parameters must match the parameters of a later GP211_install_for_install(), GP211_install_for_make_selectable() and GP211_install_for_install_and_make_selectable() method.

Parameters:
P1 [in] The parameter P1 in the APDU command.

  • 0x04 for a INSTALL [for install] command
  • 0x08 for an INSTALL [for make selectable] command
  • 0x0C for an INSTALL [for install and make selectable]
  • 0x10 for an INSTALL [for extradiction]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
executableModuleAID [in] The AID of the application class in the package.
executableModuleAIDLength [in] The length of the executableModuleAID buffer.
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters [in] Applet install parameters for the install() method of the application.
installParametersLength [in] The length of the installParameters buffer.
installToken [out] The calculated Install Token. A 1024 bit RSA signature.
PEMKeyFileName [in] A PEM file name with the private RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_calculate_load_file_data_block_hash ( OPGP_STRING  executableLoadFileName,
BYTE  hash[20] 
)

GlobalPlatform2.1.1: Calculates a Load File Data Block Hash.

This is a hash of the Load File Data Block with SHA-1.

Parameters:
executableLoadFileName [in] The name of the Executable Load File to hash.
hash [out] The hash value.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_calculate_load_token ( PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
BYTE  loadFileDataBlockHash[20],
DWORD  nonVolatileCodeSpaceLimit,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
BYTE  loadToken[128],
OPGP_STRING  PEMKeyFileName,
char *  passPhrase 
)

GlobalPlatform2.1.1: Calculates a Load Token using PKCS#1.

The parameters must match the parameters of a later GP211_install_for_load() method.

Parameters:
executableLoadFileAID [in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
loadFileDataBlockHash [in] The Load File DAP. The same calculated as in GP211_install_for_load().
nonVolatileCodeSpaceLimit [in] The minimum space required to store the package.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadToken [out] The calculated Load Token. A 1024 bit RSA signature.
PEMKeyFileName [in] A PEM file name with the private RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_calculate_rsa_DAP ( BYTE  loadFileDataBlockHash[20],
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
OPGP_STRING  PEMKeyFileName,
char *  passPhrase,
GP211_DAP_BLOCK loadFileDataBlockSignature 
)

GlobalPlatform2.1.1: Calculates a Load File Data Block Signature using SHA-1 and PKCS#1 (RSA).

If a security domain has DAP verification privilege the security domain validates this DAP. The loadFileDataBlockHash can be calculated using calculate_load_file_data_block_hash().

Parameters:
loadFileDataBlockHash [in] The Load File Data Block Hash.
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
PEMKeyFileName [in] A PEM file name with the DAP Verification private RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
*loadFileDataBlockSignature [out] A pointer to the returned GP211_DAP_BLOCK structure.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_delete_application ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
OPGP_AID AIDs,
DWORD  AIDsLength,
GP211_RECEIPT_DATA receiptData,
PDWORD  receiptDataLength 
)

GlobalPlatform2.1.1: Deletes a Executable Load File or an application.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
AIDs [in] A pointer to the an array of OPGP_AID structures describing the applications and load files to delete.
AIDsLength [in] The number of OPGP_AID structures.
*receiptData [out] A GP211_RECEIPT_DATA array. If the deletion is performed by a security domain with delegated management privilege this structure contains the according data for each deleted application or package.
receiptDataLength [in, out] A pointer to the length of the receiptData array. If no receiptData is available this length is 0;
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_delete_key ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  keyIndex 
)

GlobalPlatform2.1.1: deletes a key or multiple keys.

If keyIndex is 0xFF (=-1) all keys within a keySetVersion are deleted. If keySetVersion is 0x00 all keys with the specified keyIndex are deleted.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion [in] An existing key set version.
keyIndex [in] An existing key index.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_end_R_MAC ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo 
)

Terminates a R-MAC session.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_data ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  identifier[2],
PBYTE  recvBuffer,
PDWORD  recvBufferLength 
)

GlobalPlatform2.1.1: Retrieve card data.

Retrieves a single card data object from the card identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See GP211_GET_DATA_CPLC_WHOLE_CPLC and so on. For details about the coding of the response see the programmer's manual of your card. There is a convenience method get_key_information_templates() to get the key information template(s) containing key set version, key index, key type and key length of the keys.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
identifier [in] Two byte buffer with high and low order tag value for identifying card data object.
recvBuffer [out] The buffer for the card data object.
recvBufferLength [in, out] The length of the received card data object.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_data_iso7816_4 ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
BYTE  identifier[2],
PBYTE  recvBuffer,
PDWORD  recvBufferLength 
)

Retrieve card data according ISO/IEC 7816-4 command not within a secure channel.

This command is useful to return the Card Data with identifier 0x0066 containing the Card Recognition Data with tag 0x73 containing among others the Secure Channel Protocol and the eventual implementations. For getting the Secure Channel Protocol and Secure Channel Protocol implementation there is the convenience function get_secure_channel_protocol_details(). See also data objects identified in ISO 7816-6.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
identifier [in] Two byte buffer with high and low order tag value for identifying card data.
recvBuffer [out] The buffer for the card data.
recvBufferLength [in, out] The length of the received card data.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_extradition_token_signature_data ( PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
PBYTE  applicationAID,
DWORD  applicationAIDLength,
PBYTE  extraditionTokenSignatureData,
PDWORD  extraditionTokenSignatureDataLength 
)

GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Extradition Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Extradition Token. The parameters must match the parameters of a later GP211_install_for_extradition() method.

Parameters:
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID.
extraditionTokenSignatureData [out] The data to sign in a Install Token.
extraditionTokenSignatureDataLength [in, out] The length of the installTokenSignatureData buffer.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_install_token_signature_data ( BYTE  P1,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  executableModuleAID,
DWORD  executableModuleAIDLength,
PBYTE  applicationAID,
DWORD  applicationAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  installParameters,
DWORD  installParametersLength,
PBYTE  installTokenSignatureData,
PDWORD  installTokenSignatureDataLength 
)

GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in an Install Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Install Token. volatileDataSpaceLimit can be 0, if the card does not need or support this tag. The parameters must match the parameters of a later GP211_install_for_install() and GP211_install_for_make_selectable() method.

Parameters:
P1 [in] The parameter P1 in the APDU command.

  • 0x04 for a INSTALL [for install] command
  • 0x08 for an INSTALL [for make selectable] command
  • 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
executableModuleAID [in] The AID of the application class in the package.
executableModuleAIDLength [in] The length of the executableModuleAID buffer.
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters [in] Applet install parameters for the install() method of the application.
installParametersLength [in] The length of the installParameters buffer.
installTokenSignatureData [out] The data to sign in a Install Token.
installTokenSignatureDataLength [in, out] The length of the installTokenSignatureData buffer.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_key_information_templates ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  keyInformationTemplate,
GP211_KEY_INFORMATION keyInformation,
PDWORD  keyInformationLength 
)

GlobalPlatform2.1.1: Retrieves key information of keys on the card.

The card must support the optional report of key information templates.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keyInformationTemplate [in] The number of the key information template.
*keyInformation [out] A pointer to an array of GP211_KEY_INFORMATION structures.
keyInformationLength [in, out] The number of GP211_KEY_INFORMATION structures.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_load_token_signature_data ( PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
BYTE  loadFileDataBlockHash[20],
DWORD  nonVolatileCodeSpaceLimit,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  loadTokenSignatureData,
PDWORD  loadTokenSignatureDataLength 
)

GlobalPlatform2.1.1: Function to retrieve the data to sign by the Card Issuer in a Load Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Load Token. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags. The parameters must match the parameters of a later GP211_install_for_load() command.

Parameters:
executableLoadFileAID [in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
loadFileDataBlockHash [in] The Load File Data Block Hash. The same calculated as in GP211_install_for_load().
nonVolatileCodeSpaceLimit [in] The minimum space required to store the application code.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadTokenSignatureData [out] The data to sign in a Load Token.
loadTokenSignatureDataLength [in, out] The length of the loadTokenSignatureData buffer.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_secure_channel_protocol_details ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
BYTE secureChannelProtocol,
BYTE secureChannelProtocolImpl 
)

GlobalPlatform2.1.1: This returns the Secure Channel Protocol and the Secure Channel Protocol implementation.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secureChannelProtocol [out] A pointer to the Secure Channel Protocol to use.
*secureChannelProtocolImpl [out] A pointer to the implementation of the Secure Channel Protocol.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_sequence_counter ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
BYTE  sequenceCounter[2] 
)

GlobalPlatform2.1.1: This returns the current Sequence Counter.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
sequenceCounter [out] The sequence counter.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_get_status ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  cardElement,
GP211_APPLICATION_DATA applData,
GP211_EXECUTABLE_MODULES_DATA executableData,
PDWORD  dataLength 
)

GlobalPlatform2.1.1: Gets the life cycle status of Applications, the Issuer Security Domains, Security Domains and Executable Load Files and their privileges or information about Executable Modules of the Executable Load Files.

It depends on the card element to retrieve if an array of GP211_APPLICATION_DATA structures or an array of GP211_EXECUTABLE_MODULES_DATA structures must be passed to this function. For the card element GP211_EXECUTABLE_MODULES_DATA executableData must not be NULL, else applData must not be NULL.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
cardElement [in] Identifier to retrieve data for Load Files, Applications or the Card Manager. See GP211_STATUS_APPLICATIONS and related.
*applData [out] The GP211_APPLICATION_DATA structure.
*executableData [out] The GP211_APPLICATION_DATA structure.
dataLength [in, out] The number of GP211_APPLICATION_DATA or GP211_EXECUTABLE_MODULES_DATA passed and returned.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_init_implicit_secure_channel ( PBYTE  AID,
DWORD  AIDLength,
BYTE  baseKey[16],
BYTE  S_ENC[16],
BYTE  S_MAC[16],
BYTE  DEK[16],
BYTE  secureChannelProtocolImpl,
BYTE  sequenceCounter[2],
GP211_SECURITY_INFO secInfo 
)

GlobalPlatform2.1.1: Inits a Secure Channel implicitly.

It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function GP211_get_secure_channel_protocol_details(). New cards usually use the VISA default key for all DES keys. See OPGP_VISA_DEFAULT_KEY. The current Sequence Counter can be obtained with a call to GP211_get_sequence_counter(). SCP02 is implicitly set and the security level is set to C-MAC only.

Parameters:
AID The AID needed for the calculation of the ICV.
AIDLength The length of the AID buffer.
baseKey [in] Secure Channel base key.
S_ENC [in] Secure Channel Encryption Key.
S_MAC [in] Secure Channel Message Authentication Code Key.
DEK [in] Data Encryption Key.
secureChannelProtocolImpl [in] The Secure Channel Protocol Implementation.
sequenceCounter [in] The sequence counter.
*secInfo [out] The returned GP211_SECURITY_INFO structure.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_install_for_extradition ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
PBYTE  applicationAID,
DWORD  applicationAIDLength,
BYTE  extraditionToken[128],
GP211_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable 
)

GlobalPlatform2.1.1: Associates an application with another Security Domain.

In the case of delegated management an Extradition Token authorizing the INSTALL [for extradition] must be included. Otherwise extraditionToken must be NULL. See calculate_install_token().

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID. GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
extraditionToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable [out] 0 if no receiptData is available.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_install_for_install ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  executableModuleAID,
DWORD  executableModuleAIDLength,
PBYTE  applicationAID,
DWORD  applicationAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  installParameters,
DWORD  installParametersLength,
BYTE  installToken[128],
GP211_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable 
)

GlobalPlatform2.1.1: Installs an application on the card.

In the case of delegated management an Install Token authorizing the INSTALL [for install] must be included. Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If executableModuleAID is NULL and executableModuleAIDLength is 0 applicationAID is assumed for executableModuleAID.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
executableModuleAID [in] The AID of the application class in the package.
executableModuleAIDLength [in] The length of the executableModuleAID buffer.
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters [in] Applet install parameters for the install() method of the application.
installParametersLength [in] The length of the installParameters buffer.
installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable [out] 0 if no receiptData is available.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_install_for_install_and_make_selectable ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  executableModuleAID,
DWORD  executableModuleAIDLength,
PBYTE  applicationAID,
DWORD  applicationAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  installParameters,
DWORD  installParametersLength,
BYTE  installToken[128],
GP211_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable 
)

GlobalPlatform2.1.1: Installs and makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for install and make selectable] must be included. Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If executableModuleAID is NULL and executableModuleAIDLength is 0 applicationAID is assumed for executableModuleAID.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
executableModuleAID [in] The AID of the application class in the package.
executableModuleAIDLength [in] The length of the executableModuleAID buffer.
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
installParameters [in] Applet install parameters for the install() method of the application.
installParametersLength [in] The length of the installParameters buffer.
installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable [out] 0 if no receiptData is available.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_install_for_load ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
BYTE  loadFileDataBlockHash[20],
BYTE  loadToken[128],
DWORD  nonVolatileCodeSpaceLimit,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit 
)

GlobalPlatform2.1.1: Prepares the card for loading an application.

The function assumes that the Issuer Security Domain or Security Domain uses an optional Load File Data Block Hash using the SHA-1 message digest algorithm. The loadFileDataBlockHash can be calculated using GP211_calculate_load_file_data_block_hash() or must be NULL, if the card does not need or support a Load File DAP in this situation, e.g. if you want to load a Executable Load File to the Card Manager Security Domain. In the case of delegated management a Load Token authorizing the INSTALL [for load] must be included. Otherwise loadToken must be NULL. See GP211_calculate_load_token(). The term Executable Load File is equivalent to the GlobalPlatform term Load File Data Block. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the AID of the intended associated Security Domain.
securityDomainAIDLength [in] The length of the Security Domain AID.
loadFileDataBlockHash [in] The Load File Data Block Hash of the Executable Load File to INSTALL [for load].
loadToken [in] The Load Token. This is a 1024 bit (=128 byte) RSA Signature.
nonVolatileCodeSpaceLimit [in] The minimum amount of space that must be available to store the package.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_install_for_make_selectable ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  applicationAID,
DWORD  applicationAIDLength,
BYTE  applicationPrivileges,
BYTE  installToken[128],
GP211_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable 
)

GlobalPlatform2.1.1: Makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for make selectable] must be included. Otherwise installToken must be NULL. For Security domains look in your manual what parameters are necessary.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
applicationAID [in] The AID of the installed application or security domain.
applicationAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable [out] 0 if no receiptData is available.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_install_for_personalization ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  applicationAID,
DWORD  applicationAIDLength 
)

GlobalPlatform2.1.1: Informs a Security Domain that a associated application will retrieve personalization data.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_load ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
GP211_DAP_BLOCK loadFileDataBlockSignature,
DWORD  loadFileDataBlockSignatureLength,
OPGP_STRING  executableLoadFileName,
GP211_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable,
OPGP_PROGRESS_CALLBACK callback 
)

GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) to the card.

An GP211_install_for_load() must precede. The Load File Data Block Signature(s) must be the same block(s) and in the same order like in calculate_load_file_data_block_hash(). If no Load File Data Block Signatures are necessary the loadFileDataBlockSignature must be NULL and the loadFileDataBlockSignatureLength 0.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
*loadFileDataBlockSignature [in] A pointer to GP211_DAP_BLOCK structure(s).
loadFileDataBlockSignatureLength [in] The number of GP211_DAP_BLOCK structure(s).
executableLoadFileName [in] The name of the CAP or IJC file (Executable Load File) to load.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable [out] 0 if no receiptData is available.
*callback [in] An optional callback for measuring the progress. Can be NULL if not needed.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_load_from_buffer ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
GP211_DAP_BLOCK loadFileDataBlockSignature,
DWORD  loadFileDataBlockSignatureLength,
PBYTE  loadFileBuf,
DWORD  loadFileBufSize,
GP211_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable,
OPGP_PROGRESS_CALLBACK callback 
)

GlobalPlatform2.1.1: Loads a Executable Load File (containing an application) from a buffer to the card.

An GP211_install_for_load() must precede. The Load File Data Block Signature(s) must be the same block(s) and in the same order like in calculate_load_file_data_block_hash(). If no Load File Data Block Signatures are necessary the loadFileDataBlockSignature must be NULL and the loadFileDataBlockSignatureLength 0.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
*loadFileDataBlockSignature [in] A pointer to GP211_DAP_BLOCK structure(s).
loadFileDataBlockSignatureLength [in] The number of GP211_DAP_BLOCK structure(s).
loadFileBuf [in] buffer with the contents of a Executable Load File.
loadFileBufSize [in] size of loadFileBuf.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable [out] 0 if no receiptData is available.
*callback [in] An optional callback for measuring the progress. Can be NULL if not needed.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_mutual_authentication ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
BYTE  baseKey[16],
BYTE  S_ENC[16],
BYTE  S_MAC[16],
BYTE  DEK[16],
BYTE  keySetVersion,
BYTE  keyIndex,
BYTE  secureChannelProtocol,
BYTE  secureChannelProtocolImpl,
BYTE  securityLevel,
BYTE  derivationMethod,
GP211_SECURITY_INFO secInfo 
)

GlobalPlatform2.1.1: Mutual authentication.

A keySetVersion and keyIndex of 0x00 selects the first available key set version and key index. There a two Secure Channel Protocols defined be the GlobalPlatform specification. For SCP01 a secure channel key set consist always of at least three keys, from which the Secure Channel Encryption Key and the Secure Channel Message Authentication Code Key is needed for mutual authentication and the generation of session keys. The Data Encryption Key is used when transmitting key sensitive data with a PUT KEY command. For SCP02 a keyset can also have only one Secure Channel base key. It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function get_secure_channel_protocol_details(). New cards usually use the VISA default key for all DES keys. See OPGP_VISA_DEFAULT_KEY. If a derivation method is used the baseKey defines the master key.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
baseKey [in] Secure Channel base key or the master key for the key derivation.
S_ENC [in] Secure Channel Encryption Key.
S_MAC [in] Secure Channel Message Authentication Code Key.
DEK [in] Data Encryption Key.
keySetVersion [in] The key set version on the card to use for mutual authentication.
keyIndex [in] The key index of the encryption key in the key set version on the card to use for mutual authentication.
secureChannelProtocol [in] The Secure Channel Protocol.
secureChannelProtocolImpl [in] The Secure Channel Protocol Implementation.
securityLevel [in] The requested security level.
derivationMethod [in] The derivation method to use for. See OPGP_DERIVATION_METHOD_VISA2. See security.h::GP211_SCP01_SECURITY_LEVEL_C_DEC_C_MAC and others.
*secInfo [out] The returned GP211_SECURITY_INFO structure.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_pin_change ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  tryLimit,
PBYTE  newPIN,
DWORD  newPINLength 
)

GlobalPlatform2.1.1: Changes or unblocks the global PIN.

The single numbers of the new PIN are encoded as single BYTEs in the newPIN buffer. The tryLimit must be in the range of 0x03 and x0A. The PIN must comprise at least 6 numbers and not exceeding 12 numbers. To unblock the PIN use tryLimit with a value of 0x00. In this case newPIN buffer and newPINLength are ignored.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
tryLimit [in] The try limit for the PIN.
newPIN [in] The new PIN.
newPINLength [in] The length of the new PIN.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_put_3des_key ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  keyIndex,
BYTE  newKeySetVersion,
BYTE  _3DESKey[16] 
)

GlobalPlatform2.1.1: replaces a single 3DES key in a key set or adds a new 3DES key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion [in] An existing key set version.
keyIndex [in] The position of the key in the key set version.
newKeySetVersion [in] The new key set version.
_3DESKey [in] The new 3DES key.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_put_data ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  identifier[2],
PBYTE  dataObject,
DWORD  dataObjectLength 
)

GlobalPlatform2.1.1: Put card data.

Puts a single card data object identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See GP211_GET_DATA_CPLC_WHOLE_CPLC. For details about the coding of the dataObject see the programmer's manual of your card.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
identifier [in] Two byte buffer with high and low order tag value for identifying card data object.
dataObject [in] The coded data object.
dataObjectLength [in] The length of the data object.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_put_delegated_management_keys ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  newKeySetVersion,
OPGP_STRING  PEMKeyFileName,
char *  passPhrase,
BYTE  receiptKey[16] 
)

GlobalPlatform2.1.1: Adds a key set for Delegated Management.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion [in] An existing key set version.
newKeySetVersion [in] The new key set version.
PEMKeyFileName [in] A PEM file name with the public RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
receiptKey [in] The new Receipt Generation key.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_put_rsa_key ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  keyIndex,
BYTE  newKeySetVersion,
OPGP_STRING  PEMKeyFileName,
char *  passPhrase 
)

GlobalPlatform2.1.1: replaces a single public RSA key in a key set or adds a new public RSA key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
keySetVersion [in] An existing key set version.
keyIndex [in] The position of the key in the key set version.
newKeySetVersion [in] The new key set version.
PEMKeyFileName [in] A PEM file name with the public RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_put_secure_channel_keys ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  newKeySetVersion,
BYTE  newBaseKey[16],
BYTE  newS_ENC[16],
BYTE  newS_MAC[16],
BYTE  newDEK[16] 
)

GlobalPlatform2.1.1: replaces or adds a secure channel key set consisting of S-ENC, S-MAC and DEK.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication(). It depends on the supported protocol implementation by the card what keys must be passed as parameters. baseKey must be NULL if the protocol uses 3 Secure Channel Keys (Secure Channel Encryption Key, Secure Channel Message Authentication Code Key and Data Encryption Key) and vice versa. Details about the supported Secure Channel Protocol and its implementation can be obtained by a call to the function get_secure_channel_protocol_details().
keySetVersion [in] An existing key set version.
newKeySetVersion [in] The new key set version.
newBaseKey [in] The new Secure Channel base key.
newS_ENC [in] The new S-ENC key.
newS_MAC [in] The new S-MAC key.
newDEK [in] The new DEK.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_send_APDU ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  capdu,
DWORD  capduLength,
PBYTE  rapdu,
PDWORD  rapduLength 
)

Sends an application protocol data unit.

The secInfo pointer can also be null and so this function can be used for arbitrary cards.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
capdu [in] The command APDU.
capduLength [in] The length of the command APDU.
rapdu [out] The response APDU.
rapduLength [in, out] The length of the the response APDU.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_set_status ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  cardElement,
PBYTE  AID,
DWORD  AIDLength,
BYTE  lifeCycleState 
)

GlobalPlatform2.1.1: Sets the life cycle status of Applications, Security Domains or the Card Manager.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
cardElement [in] Identifier for Load Files, Applications or the Card Manager.
AID [in] The AID.
AIDLength [in] The length of the AID.
lifeCycleState [in] The new life cycle state.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_store_data ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
GP211_SECURITY_INFO secInfo,
PBYTE  data,
DWORD  dataLength 
)

GlobalPlatform2.1.1: The STORE DATA command is used to transfer data to an Application or the Security Domain processing the command.

If STORE DATA is used for personalizing an application, a GP211_install_for_personalization().

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
*data [in] Data to send to application or Security Domain.
dataLength [in] The length of the data buffer.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_validate_delete_receipt ( DWORD  confirmationCounter,
PBYTE  cardUniqueData,
DWORD  cardUniqueDataLength,
BYTE  receiptKey[16],
GP211_RECEIPT_DATA  receiptData,
PBYTE  AID,
DWORD  AIDLength 
)

GlobalPlatform2.1.1: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters:
confirmationCounter [in] The confirmation counter.
cardUniqueData [in] The card unique data.
cardUniqueDataLength [in] The length of the card unique data buffer.
receiptKey [in] The 3DES key to generate the receipt.
receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from delete_application() to verify.
AID [in] A buffer with AID of the application which was deleted.
AIDLength [in] The length of the AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_ERROR_STATUS GP211_validate_extradition_receipt ( DWORD  confirmationCounter,
PBYTE  cardUniqueData,
DWORD  cardUniqueDataLength,
BYTE  receiptKey[16],
GP211_RECEIPT_DATA  receiptData,
PBYTE  oldSecurityDomainAID,
DWORD  oldSecurityDomainAIDLength,
PBYTE  newSecurityDomainAID,
DWORD  newSecurityDomainAIDLength,
PBYTE  applicationOrExecutableLoadFileAID,
DWORD  applicationOrExecutableLoadFileAIDLength 
)

GlobalPlatform2.1.1: Validates an Extradition Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters:
confirmationCounter [in] The confirmation counter.
cardUniqueData [in] The card unique data.
cardUniqueDataLength [in] The length of the card unique data buffer.
receiptKey [in] The 3DES key to generate the receipt.
receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from GP211_install_for_extradition() to verify.
oldSecurityDomainAID [in] The AID of the old associated Security Domain.
oldSecurityDomainAIDLength [in] The length of the oldSecurityDomainAID buffer.
newSecurityDomainAID [in] The AID of the new associated Security Domain.
newSecurityDomainAIDLength [in] The length of the newSecurityDomainAID buffer.
applicationOrExecutableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for install].
applicationOrExecutableLoadFileAIDLength [in] The length of the Executable Load File AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_validate_install_receipt ( DWORD  confirmationCounter,
PBYTE  cardUniqueData,
DWORD  cardUniqueDataLength,
BYTE  receiptKey[16],
GP211_RECEIPT_DATA  receiptData,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  applicationAID,
DWORD  applicationAIDLength 
)

GlobalPlatform2.1.1: Validates an Install Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters:
confirmationCounter [in] The confirmation counter.
cardUniqueData [in] The card unique data.
cardUniqueDataLength [in] The length of the card unique data buffer.
receiptKey [in] The 3DES key to generate the receipt.
receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from GP211_install_for_install() to verify.
executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
applicationAID [in] The AID of the installed application.
applicationAIDLength [in] The length of the application instance AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS GP211_validate_load_receipt ( DWORD  confirmationCounter,
PBYTE  cardUniqueData,
DWORD  cardUniqueDataLength,
BYTE  receiptKey[16],
GP211_RECEIPT_DATA  receiptData,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength 
)

GlobalPlatform2.1.1: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters:
confirmationCounter [in] The confirmation counter.
cardUniqueData [in] The card unique data.
cardUniqueDataLength [in] The length of the card unique data buffer.
receiptKey [in] The 3DES key to generate the receipt.
receiptData [in] The GP211_RECEIPT_DATA structure containing the receipt returned from load() to verify.
executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for load].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the AID of the associated Security Domain.
securityDomainAIDLength [in] The length of the Security Domain AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_calculate_3des_DAP ( PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
OPGP_STRING  executableLoadFileName,
BYTE  DAP_verification_key[16],
OP201_DAP_BLOCK dapBlock 
)

Open Platform: Calculates a Load File Data Block DAP using 3DES.

If a security domain has DAP verification privilege the security domain validates this DAP.

Parameters:
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
executableLoadFileName [in] The name of the CAP or IJC file to calculate the DAP for.
DAP_verification_key [in] The key to calculate the DAP.
*dapBlock [out] A pointer to the returned OP201_DAP_BLOCK structure.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_calculate_install_token ( BYTE  P1,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  AIDWithinLoadFileAID,
DWORD  AIDWithinLoadFileAIDLength,
PBYTE  applicationInstanceAID,
DWORD  applicationInstanceAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  applicationInstallParameters,
DWORD  applicationInstallParametersLength,
BYTE  installToken[128],
OPGP_STRING  PEMKeyFileName,
char *  passPhrase 
)

Open Platform: Calculates an Install Token using PKCS#1.

The parameters must match the parameters of a later install_for_install(), install_for_make_selectable() and install_for_install_and_make_selectable() method.

Parameters:
P1 [in] The parameter P1 in the APDU command.

  • 0x04 for a INSTALL [for install] command
  • 0x08 for an INSTALL [for make selectable] command
  • 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
AIDWithinLoadFileAID [in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID [in] The AID of the installed application.
applicationInstanceAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters [in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer.
installToken [out] The calculated Install Token. A 1024 bit RSA signature.
PEMKeyFileName [in] A PEM file name with the private RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_calculate_load_file_DAP ( OP201_DAP_BLOCK dapBlock,
DWORD  dapBlockLength,
OPGP_STRING  executableLoadFileName,
BYTE  hash[20] 
)

Open Platform: Calculates a Load File DAP.

This is a hash of the Load File with SHA-1. A Load File consists of 0 to n Load File Data Block DAP blocks and a mandatory Load File Data Block, e.g. a CAP file. If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0. The dapBlock(s) can be calculated using calculate_3des_dap() or calculate_rsa_dap(). If the Load File Data Block DAP block(s) are already calculated they must be parsed into a OP201_DAP_BLOCK structure. If the Load File Data Block DAP block(s) are already prefixing the CAPFile following the Open Platform Specification 2.0.1', the whole CAPFile including the Load File Data Block DAP block(s) is sufficient, the dapBlock must be NULL and the dapBlockLength 0.

Parameters:
*dapBlock [in] A pointer to OP201_DAP_BLOCK structure(s).
dapBlockLength [in] The number of OP201_DAP_BLOCK structure(s).
executableLoadFileName [in] The name of the CAP or IJC file to hash.
hash [out] The hash value. This are 20 bytes.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_calculate_load_token ( PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
BYTE  loadFileDAP[20],
DWORD  nonVolatileCodeSpaceLimit,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
BYTE  loadToken[128],
OPGP_STRING  PEMKeyFileName,
char *  passPhrase 
)

Open Platform: Calculates a Load Token using PKCS#1.

The parameters must match the parameters of a later install_for_load() method.

Parameters:
executableLoadFileAID [in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
loadFileDAP [in] The Load File DAP. The same calculated as in install_for_load().
nonVolatileCodeSpaceLimit [in] The minimum space required to store the package.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadToken [out] The calculated Load Token. A 1024 bit RSA signature.
PEMKeyFileName [in] A PEM file name with the private RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_calculate_rsa_DAP ( PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
OPGP_STRING  executableLoadFileName,
OPGP_STRING  PEMKeyFileName,
char *  passPhrase,
OP201_DAP_BLOCK dapBlock 
)

Open Platform: Calculates a Load File Data Block DAP using SHA-1 and PKCS#1 (RSA).

If a security domain has DAP verification privilege the security domain validates this DAP.

Parameters:
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
executableLoadFileName [in] The name of the CAP or IJC file to calculate the DAP for.
PEMKeyFileName [in] A PEM file name with the private RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
*dapBlock [out] A pointer to the returned OP201_DAP_BLOCK structure.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_delete_application ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
OPGP_AID AIDs,
DWORD  AIDsLength,
OP201_RECEIPT_DATA receiptData,
PDWORD  receiptDataLength 
)

Open Platform: Deletes a Executable Load File or an application.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
AIDs [in] A pointer to the an array of OPGP_AID structures describing the applications and load files to delete.
AIDsLength [in] The number of OPGP_AID structures.
*receiptData [out] A OP201_RECEIPT_DATA array. If the deletion is performed by a security domain with delegated management privilege this structure contains the according data for each deleted application or package.
receiptDataLength [in, out] A pointer to the length of the receiptData array. If no receiptData is available this length is 0;
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_delete_key ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  keyIndex 
)

Open Platform: deletes a key or multiple keys.

If keyIndex is 0xFF (=-1) all keys within a keySetVersion are deleted. If keySetVersion is 0x00 all keys with the specified keyIndex are deleted.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion [in] An existing key set version.
keyIndex [in] An existing key index.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_get_data ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  identifier[2],
PBYTE  recvBuffer,
PDWORD  recvBufferLength 
)

Open Platform: Retrieve card data.

Retrieves a single card data object from the card identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See OP201_GET_DATA_ISSUER_BIN and so on. For details about the coding of the response see the programmer's manual of your card. There is a convenience method get_key_information_templates() to get the key information template(s) containing key set version, key index, key type and key length of the keys.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
identifier [in] Two byte buffer with high and low order tag value for identifying card data object.
recvBuffer [in] The buffer for the card data object.
recvBufferLength [in] The length of the received card data object.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_get_install_token_signature_data ( BYTE  P1,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  AIDWithinLoadFileAID,
DWORD  AIDWithinLoadFileAIDLength,
PBYTE  applicationInstanceAID,
DWORD  applicationInstanceAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  applicationInstallParameters,
DWORD  applicationInstallParametersLength,
PBYTE  installTokenSignatureData,
PDWORD  installTokenSignatureDataLength 
)

Open Platform: Function to retrieve the data to sign by the Card Issuer in an Install Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Install Token. volatileDataSpaceLimit can be 0, if the card does not need or support this tag. The parameters must match the parameters of a later install_for_install() and install_for_make_selectable() method.

Parameters:
P1 [in] The parameter P1 in the APDU command.

  • 0x04 for a INSTALL [for install] command
  • 0x08 for an INSTALL [for make selectable] command
  • 0x0C for an INSTALL [for install and make selectable]
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
AIDWithinLoadFileAID [in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID [in] The AID of the installed application.
applicationInstanceAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters [in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer.
installTokenSignatureData [out] The data to sign in a Install Token.
installTokenSignatureDataLength [in, out] The length of the installTokenSignatureData buffer.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_get_key_information_templates ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  keyInformationTemplate,
OP201_KEY_INFORMATION keyInformation,
PDWORD  keyInformationLength 
)

Open Platform: Retrieves key information of keys on the card.

The card must support the optional report of key information templates.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keyInformationTemplate [in] The number of the key information template.
*keyInformation [out] A pointer to an array of OP201_KEY_INFORMATION structures.
keyInformationLength [in, out] The number of OP201_KEY_INFORMATION structures.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_get_load_token_signature_data ( PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
BYTE  loadFileDAP[20],
DWORD  nonVolatileCodeSpaceLimit,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  loadTokenSignatureData,
PDWORD  loadTokenSignatureDataLength 
)

Open Platform: Function to retrieve the data to sign by the Card Issuer in a Load Token.

If you are not the Card Issuer and do not know the token verification private key send this data to the Card Issuer and obtain the RSA signature of the data, i.e. the Load Token. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags. The parameters must match the parameters of a later install_for_load() command.

Parameters:
executableLoadFileAID [in] A buffer containing the Executable Load File AID.
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the Security Domain AID.
securityDomainAIDLength [in] The length of the Security Domain AID.
loadFileDAP [in] The Load File DAP. The same calculated as in install_for_load().
nonVolatileCodeSpaceLimit [in] The minimum space required to store the application code.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
loadTokenSignatureData [out] The data to sign in a Load Token.
loadTokenSignatureDataLength [in, out] The length of the loadTokenSignatureData buffer.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_get_status ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  cardElement,
OP201_APPLICATION_DATA applData,
PDWORD  applDataLength 
)

Open Platform: Gets the life cycle status of Applications, the Card Manager and Executable Load Files and their privileges.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardElement [in] Identifier to retrieve data for Load Files, Applications or the Card Manager.
*applData [out] The OP201_APPLICATION_DATA structure containing AID, life cycle state and privileges.
applDataLength [in, out] The number of OP201_APPLICATION_DATA passed and returned.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_install_for_install ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  AIDWithinLoadFileAID,
DWORD  AIDWithinLoadFileAIDLength,
PBYTE  applicationInstanceAID,
DWORD  applicationInstanceAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  applicationInstallParameters,
DWORD  applicationInstallParametersLength,
BYTE  installToken[128],
OP201_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable 
)

Open Platform: Installs an application on the card.

In the case of delegated management an Install Token authorizing the INSTALL [for install] must be included. Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If AIDWithinLoadFileAID is NULL and AIDWithinLoadFileAIDLength is 0 applicationInstanceAID is assumed for AIDWithinLoadFileAID

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
AIDWithinLoadFileAID [in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID [in] The AID of the installed application.
applicationInstanceAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters [in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer.
installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable [out] 0 if no receiptData is available.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_install_for_install_and_make_selectable ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  AIDWithinLoadFileAID,
DWORD  AIDWithinLoadFileAIDLength,
PBYTE  applicationInstanceAID,
DWORD  applicationInstanceAIDLength,
BYTE  applicationPrivileges,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit,
PBYTE  applicationInstallParameters,
DWORD  applicationInstallParametersLength,
BYTE  installToken[128],
OP201_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable 
)

Open Platform: Installs and makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for install and make selectable] must be included. Otherwise installToken must be NULL. See calculate_install_token(). volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tag. For Security domains look in your manual what parameters are necessary. If the tag for application install parameters is mandatory for your card, but you have no install parameters for the install() method of the application anyway you have to use at least a dummy parameter. If AIDWithinLoadFileAID is NULL and AIDWithinLoadFileAIDLength is 0 applicationInstanceAID is assumed for AIDWithinLoadFileAID.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
AIDWithinLoadFileAID [in] The AID of the application class in the package.
AIDWithinLoadFileAIDLength [in] The length of the AIDWithinLoadFileAID buffer.
applicationInstanceAID [in] The AID of the installed application.
applicationInstanceAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
applicationInstallParameters [in] Applet install parameters for the install() method of the application.
applicationInstallParametersLength [in] The length of the applicationInstallParameters buffer.
installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable [out] 0 if no receiptData is available.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_install_for_load ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength,
BYTE  loadFileDAP[20],
BYTE  loadToken[128],
DWORD  nonVolatileCodeSpaceLimit,
DWORD  volatileDataSpaceLimit,
DWORD  nonVolatileDataSpaceLimit 
)

Open Platform: Prepares the card for loading an application.

The function assumes that the Card Manager or Security Domain uses an optional load file DAP using the SHA-1 message digest algorithm. The loadFileDAP can be calculated using calculate_load_file_DAP() or must be NULL, if the card does not need or support a Load File DAP in this situation, e.g. if you want to load a Executable Load File to the Card Manager Security Domain. In the case of delegated management a Load Token authorizing the INSTALL [for load] must be included. Otherwise loadToken must be NULL. See calculate_load_token(). The term Executable Load File is equivalent to the Open Platform term Load File Data Block. volatileDataSpaceLimit and nonVolatileDataSpaceLimit can be 0, if the card does not need or support this tags.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
executableLoadFileAID [in] A buffer with AID of the Executable Load File to INSTALL [for load].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the AID of the intended associated Security Domain.
securityDomainAIDLength [in] The length of the Security Domain AID.
loadFileDAP [in] The load file DAP of the Executable Load File to INSTALL [for load].
loadToken [in] The Load Token. This is a 1024 bit (=128 byte) RSA Signature.
nonVolatileCodeSpaceLimit [in] The minimum amount of space that must be available to store the package.
volatileDataSpaceLimit [in] The minimum amount of RAM space that must be available.
nonVolatileDataSpaceLimit [in] The minimum amount of space for objects of the application, i.e. the data allocated in its lifetime.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_install_for_make_selectable ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
PBYTE  applicationInstanceAID,
DWORD  applicationInstanceAIDLength,
BYTE  applicationPrivileges,
BYTE  installToken[128],
OP201_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable 
)

Open Platform: Makes an installed application selectable.

In the case of delegated management an Install Token authorizing the INSTALL [for make selectable] must be included. Otherwise installToken must be NULL. For Security domains look in your manual what parameters are necessary.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
applicationInstanceAID [in] The AID of the installed application or security domain.
applicationInstanceAIDLength [in] The length of the application instance AID.
applicationPrivileges [in] The application privileges. Can be an OR of multiple privileges. See OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN.
installToken [in] The Install Token. This is a 1024 bit (=128 byte) RSA Signature.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data.
receiptDataAvailable [out] 0 if no receiptData is available.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_load ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
OP201_DAP_BLOCK dapBlock,
DWORD  dapBlockLength,
OPGP_STRING  executableLoadFileName,
OP201_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable,
OPGP_PROGRESS_CALLBACK callback 
)

Open Platform: Loads a Executable Load File (containing an application) to the card.

An install_for_load() must precede. The Load File Data Block DAP block(s) must be the same block(s) and in the same order like in calculate_load_file_DAP(). If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
*dapBlock [in] A pointer to OP201_DAP_BLOCK structure(s).
dapBlockLength [in] The number of OP201_DAP_BLOCK structure(s).
executableLoadFileName [in] The name of the CAP or IJC file to load.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable [out] 0 if no receiptData is available.
*callback [in] A pointer to a OPGP_PROGRESS_CALLBACK defining the callback function and optional parameters for it.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_load_from_buffer ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
OP201_DAP_BLOCK dapBlock,
DWORD  dapBlockLength,
PBYTE  loadFileBuf,
DWORD  loadFileBufSize,
OP201_RECEIPT_DATA receiptData,
PDWORD  receiptDataAvailable,
OPGP_PROGRESS_CALLBACK callback 
)

Open Platform: Loads a Executable Load File (containing an application) from a buffer to the card.

An install_for_load() must precede. The Load File Data Block DAP block(s) must be the same block(s) and in the same order like in calculate_load_file_DAP(). If no Load File Data Block DAP blocks are necessary the dapBlock must be NULL and the dapBlockLength 0.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
*dapBlock [in] A pointer to OP201_DAP_BLOCK structure(s).
dapBlockLength [in] The number of OP201_DAP_BLOCK structure(s).
loadFileBuf [in] buffer with the contents of a Executable Load File.
loadFileBufSize [in] size of loadFileBuf.
*receiptData [out] If the deletion is performed by a security domain with delegated management privilege this structure contains the according data. Can be validated with validate_load_receipt().
receiptDataAvailable [out] 0 if no receiptData is available.
*callback [in] A pointer to a OPGP_PROGRESS_CALLBACK defining the callback function and optional parameters for it.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_mutual_authentication ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
BYTE  baseKey[16],
BYTE  encKey[16],
BYTE  macKey[16],
BYTE  kekKey[16],
BYTE  keySetVersion,
BYTE  keyIndex,
BYTE  securityLevel,
BYTE  derivationMethod,
OP201_SECURITY_INFO secInfo 
)

Open Platform: Mutual authentication.

A keySetVersion and keyIndex of 0x00 selects the first available key set version and key index. If a derivation method is used the baseKey defines the master key.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
baseKey [in] The master key used for the key derivation.
encKey [in] The static encryption key.
macKey [in] The static MAC key.
kekKey [in] The static Key Encryption key.
keySetVersion [in] The key set version on the card to use for mutual authentication.
keyIndex [in] The key index of the encryption key in the key set version on the card to use for mutual authentication.
securityLevel [in] The requested security level.
derivationMethod [in] The derivation method to use for. See OPGP_DERIVATION_METHOD_VISA2.
*secInfo [out] The returned OP201_SECURITY_INFO structure.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_pin_change ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  tryLimit,
PBYTE  newPIN,
DWORD  newPINLength,
BYTE  KEK[16] 
)

Open Platform: Changes or unblocks the global PIN.

The single numbers of the new PIN are encoded as single BYTEs in the newPIN buffer. The tryLimit must be in the range of 0x03 and x0A. The PIN must comprise at least 6 numbers and not exceeding 12 numbers. To unblock the PIN use tryLimit with a value of 0x00. In this case newPIN buffer and newPINLength are ignored.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
tryLimit [in] The try limit for the PIN.
newPIN [in] The new PIN.
newPINLength [in] The length of the new PIN.
KEK [in] The Key Encryption key (KEK).
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_put_3desKey ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  keyIndex,
BYTE  newKeySetVersion,
BYTE  _3desKey[16],
BYTE  KEK[16] 
)

Open Platform: replaces a single 3DES key in a key set or adds a new 3DES key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion [in] An existing key set version.
keyIndex [in] The position of the key in the key set version.
newKeySetVersion [in] The new key set version.
_3desKey [in] The new 3DES key.
KEK [in] The key encryption key (KEK) to encrypt the _3desKey.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_put_data ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  identifier[2],
PBYTE  dataObject,
DWORD  dataObjectLength 
)

Open Platform: Put card data.

Puts a single card data object identified by identifier. Some cards do not provide some data objects. Some possible identifiers are predefined. See OP201_GET_DATA_ISSUER_BIN. For details about the coding of the dataObject see the programmer's manual of your card.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
identifier [in] Two byte buffer with high and low order tag value for identifying card data object.
dataObject [in] The coded data object.
dataObjectLength [in] The length of the data object.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_put_delegated_management_keys ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  newKeySetVersion,
OPGP_STRING  PEMKeyFileName,
char *  passPhrase,
BYTE  receiptGenerationKey[16],
BYTE  KEK[16] 
)

Open Platform: Adds a key set for Delegated Management.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion [in] An existing key set version.
newKeySetVersion [in] The new key set version.
PEMKeyFileName [in] A PEM file name with the public RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
receiptGenerationKey [in] The new Receipt Generation key.
KEK [in] The key encryption key (KEK).
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_put_rsa_key ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  keyIndex,
BYTE  newKeySetVersion,
OPGP_STRING  PEMKeyFileName,
char *  passPhrase 
)

Open Platform: replaces a single public RSA key in a key set or adds a new public RSA key.

A keySetVersion value of 0x00 adds a new key. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version a new key belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion [in] An existing key set version.
keyIndex [in] The position of the key in the key set version.
newKeySetVersion [in] The new key set version.
PEMKeyFileName [in] A PEM file name with the public RSA key.
*passPhrase [in] The passphrase. Must be an ASCII string.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_put_secure_channel_keys ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  keySetVersion,
BYTE  newKeySetVersion,
BYTE  new_encKey[16],
BYTE  new_macKey[16],
BYTE  new_KEK[16],
BYTE  KEK[16] 
)

Open Platform: replaces or adds a secure channel key set consisting of encryption key, MAC key and key encryption.

A keySetVersion value of 0x00 adds a new secure channel key set. Any other value between 0x01 and 0x7f must match an existing key set version. The new key set version defines the key set version the new secure channel keys belongs to. This can be the same key version or a new not existing key set version.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
keySetVersion [in] An existing key set version.
newKeySetVersion [in] The new key set version.
new_encKey [in] The new Encryption key.
new_macKey [in] The new MAC key.
new_KEK [in] The new key encryption key.
KEK [in] The key encryption key (KEK).
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_send_APDU ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
PBYTE  capdu,
DWORD  capduLength,
PBYTE  rapdu,
PDWORD  rapduLength 
)

Sends an application protocol data unit.

The secInfo pointer can also be null and so this function can be used for arbitrary cards.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
capdu [in] The command APDU.
capduLength [in] The length of the command APDU.
rapdu [out] The response APDU.
rapduLength [in, out] The length of the the response APDU.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_set_status ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
OP201_SECURITY_INFO secInfo,
BYTE  cardElement,
PBYTE  AID,
DWORD  AIDLength,
BYTE  lifeCycleState 
)

Open Platform: Sets the life cycle status of Applications, Security Domains or the Card Manager.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the OP201_SECURITY_INFO structure returned by OP201_mutual_authentication().
cardElement [in] Identifier for Load Files, Applications or the Card Manager.
AID [in] The AID.
AIDLength [in] The length of the AID.
lifeCycleState [in] The new life cycle state.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_validate_delete_receipt ( DWORD  confirmationCounter,
BYTE  cardUniqueData[10],
BYTE  receiptGenerationKey[16],
OP201_RECEIPT_DATA  receiptData,
PBYTE  AID,
DWORD  AIDLength 
)

Open Platform: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters:
confirmationCounter [in] The confirmation counter.
cardUniqueData [in] The card unique data (?).
receiptGenerationKey [in] The 3DES key to generate the receipt.
receiptData [in] The OP201_RECEIPT_DATA structure containing the receipt returned from delete_application() to verify.
AID [in] A buffer with AID of the application which was deleted.
AIDLength [in] The length of the AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_validate_install_receipt ( DWORD  confirmationCounter,
BYTE  cardUniqueData[10],
BYTE  receiptGenerationKey[16],
OP201_RECEIPT_DATA  receiptData,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  applicationInstanceAID,
DWORD  applicationInstanceAIDLength 
)

Open Platform: Validates an Install Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters:
confirmationCounter [in] The confirmation counter.
cardUniqueData [in] The card unique data (?).
receiptGenerationKey [in] The 3DES key to generate the receipt.
receiptData [in] The OP201_RECEIPT_DATA structure containing the receipt returned from install_for_install() to verify.
executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for install].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
applicationInstanceAID [in] The AID of the installed application.
applicationInstanceAIDLength [in] The length of the application instance AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OP201_validate_load_receipt ( DWORD  confirmationCounter,
BYTE  cardUniqueData[10],
BYTE  receiptGenerationKey[16],
OP201_RECEIPT_DATA  receiptData,
PBYTE  executableLoadFileAID,
DWORD  executableLoadFileAIDLength,
PBYTE  securityDomainAID,
DWORD  securityDomainAIDLength 
)

Open Platform: Validates a Load Receipt.

Each time a receipt is generated the confirmation counter is incremented by the Card Manager. You may keep track of it. Returns OPGP_ERROR_SUCCESS if receipt is valid.

Parameters:
confirmationCounter [in] The confirmation counter.
cardUniqueData [in] The card unique data (?).
receiptGenerationKey [in] The 3DES key to generate the receipt.
receiptData [in] The OP201_RECEIPT_DATA structure containing the receipt returned from load_application() to verify.
executableLoadFileAID [in] A buffer with AID of the Executable Load File which was INSTALL [for load].
executableLoadFileAIDLength [in] The length of the Executable Load File AID.
securityDomainAID [in] A buffer containing the AID of the associated Security Domain.
securityDomainAIDLength [in] The length of the Security Domain AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_cap_to_ijc ( OPGP_CSTRING  capFileName,
OPGP_STRING  ijcFileName 
)

Converts a CAP file to an IJC file (Executable Load File).

Parameters:
capFileName [in] The name of the CAP file.
ijcFileName [in] The name of the destination IJC file.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_EMV_CPS11_derive_keys ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
BYTE  masterKey[16],
BYTE  S_ENC[16],
BYTE  S_MAC[16],
BYTE  DEK[16] 
)

Derives the static keys from a master key according the EMV CPS 1.1 key derivation scheme.

E.g. Sm Expert 3.0 cards use this scheme.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
masterKey [in] The master key.
S_ENC [out] The static Encryption key.
S_MAC [out] The static Message Authentication Code key.
DEK [out] The static Key Encryption Key.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_extract_cap_file ( OPGP_CSTRING  fileName,
PBYTE  loadFileBuf,
PDWORD  loadFileBufSize 
)

Extracts a CAP file into a buffer.

If loadFileBuf is NULL the loadFileBufSize is ignored and the necessary buffer size is returned in loadFileBufSize and the functions returns.

Parameters:
fileName [in] The name of the CAP file.
loadFileBuf [out] The destination buffer with the Executable Load File contents.
loadFileBufSize [in, out] The size of the loadFileBuf.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_manage_channel ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO cardInfo,
GP211_SECURITY_INFO secInfo,
BYTE  openClose,
BYTE  channelNumberToClose,
BYTE channelNumberOpened 
)

ISO 7816-4 / GlobalPlatform2.1.1: Opens or closes a Logical Channel.

For an OPEN command, the channelNumberToClose is ignored. For an CLOSE command, the channelNumberOpened is returned. After closing a Logical Channel the Basic Logical Channel is assumed for the next transmissions.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
*cardInfo [in, out] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
*secInfo [in, out] The pointer to the GP211_SECURITY_INFO structure returned by GP211_mutual_authentication().
openClose [in] Logical Channel should be opened or closed. See GP211_MANAGE_CHANNEL_OPEN.
channelNumberToClose [in] The Logical Channel number to close.
channelNumberOpened [out] The Logical Channel number opened.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters ( OPGP_STRING  loadFileName,
OPGP_LOAD_FILE_PARAMETERS loadFileParams 
)

Reads the parameters of an Executable Load File.

Parameters:
loadFileName [in] The load file name to parse.
*loadFileParams [out] The parsed parameters.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_read_executable_load_file_parameters_from_buffer ( PBYTE  loadFileBuf,
DWORD  loadFileBufSize,
OPGP_LOAD_FILE_PARAMETERS loadFileParams 
)

Receives Executable Load File as a buffer instead of a FILE.

Parameters:
loadFileBuf [in] The load file buffer.
loadFileBufSize [in] The size of the load file buffer.
*loadFileParams [out] The parsed parameters.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_select_application ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
PBYTE  AID,
DWORD  AIDLength 
)

GlobalPlatform2.1.1: Selects an application on a card by AID.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
AID [in] The AID.
AIDLength [in] The length of the AID.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_select_channel ( OPGP_CARD_INFO cardInfo,
BYTE  channelNumber 
)

ISO 7816-4 / GlobalPlatform2.1.1: If multiple Logical Channels are open or a new Logical Channel is opened with select_application(), selects the Logical Channel.

You must track on your own, what channels are open.

Parameters:
*cardInfo [in, out] The OPGP_CARD_INFO structure returned by OPGP_card_connect().
channelNumber [in] The Logical Channel number to select.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct
OPGP_API OPGP_ERROR_STATUS OPGP_VISA2_derive_keys ( OPGP_CARD_CONTEXT  cardContext,
OPGP_CARD_INFO  cardInfo,
PBYTE  AID,
DWORD  AIDLength,
BYTE  masterKey[16],
BYTE  S_ENC[16],
BYTE  S_MAC[16],
BYTE  DEK[16] 
)

Derives the static keys from a master key according the VISA 2 key derivation scheme.

E.g. GemXpresso cards, JCOP-10 cards or Palmera Protect V5 cards use this scheme.

Parameters:
cardContext [in] The valid OPGP_CARD_CONTEXT returned by OPGP_establish_context()
cardInfo [in] The OPGP_CARD_INFO cardInfo, structure returned by OPGP_card_connect().
AID [in] The AID of the Card Manager.
AIDLength [in] The length of the Card Manager AID / Issuer Security Domain AID.
masterKey [in] The master key.
S_ENC [out] The static Encryption key.
S_MAC [out] The static Message Authentication Code key.
DEK [out] The static Key Encryption Key.
Returns:
OPGP_ERROR_STATUS struct with error status OPGP_ERROR_STATUS_SUCCESS if no error occurs, otherwise error code and error message are contained in the OPGP_ERROR_STATUS struct

Variable Documentation

const BYTE GP211_APPLICATION_PRIVILEGE_CARD_MANAGER_LOCK_PRIVILEGE = 0x10 [static]

Application can lock the Card Manager.

const BYTE GP211_APPLICATION_PRIVILEGE_CARD_MANAGER_TERMINATE_PRIVILEGE = 0x08 [static]

Application can terminate the card.

const BYTE GP211_APPLICATION_PRIVILEGE_DAP_VERIFICATION = 0x40 [static]

Application can require DAP verification for loading and installating applications.

const BYTE GP211_APPLICATION_PRIVILEGE_DEFAULT_SELECTED = 0x04 [static]

Application is default selected.

const BYTE GP211_APPLICATION_PRIVILEGE_DELEGATED_MANAGEMENT = 0x20 [static]

Security domain has delegeted management right.

const BYTE GP211_APPLICATION_PRIVILEGE_MANDATED_DAP_VERIFICATION = 0x01 [static]

Security domain requires DAP verification for loading and installating applications.

const BYTE GP211_APPLICATION_PRIVILEGE_PIN_CHANGE_PRIVILEGE = 0x02 [static]

Application can change global PIN.

const BYTE GP211_APPLICATION_PRIVILEGE_SECURITY_DOMAIN = 0x80 [static]

Application is security domain.

const BYTE GP211_CARD_MANAGER_AID[7] = {0xA0, 0x00, 0x00, 0x01, 0x51, 0x00, 0x00} [static]

The AID of the Issuer Security Domain defined by GlobalPlatform 2.1.1 specification.

const BYTE GP211_CARD_MANAGER_AID_ALT1[8] = {0xA0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00} [static]

This AID is also used for the Issuer Security Domain, e.g. by JCOP 41 cards.

const BYTE GP211_GET_DATA_APPLICATION_PROVIDER_IDENTIFICATION_NUMBER[2] = {0x00, 0x42} [static]

Application Provider Identification Number, if Security Domain selected.

const BYTE GP211_GET_DATA_ATR_HISTRORICAL_BYTES[2] = {0xDF, 0x71} [static]

Change ATR historical bytes.

const BYTE GP211_GET_DATA_CARD_DATA[2] = {0x00, 0x66} [static]

Card Data.

const BYTE GP211_GET_DATA_CARD_IMAGE_NUMBER[2] = {0x00, 0x45} [static]

Card Image Number, if Card Manager selected.

const BYTE GP211_GET_DATA_CONFIRMATION_COUNTER[2] = {0x00, 0xC2} [static]

Confirmation Counter.

const BYTE GP211_GET_DATA_CPLC_FABRICATION_DATE_SERIAL_NUMBER_BATCH_IDENTIFIER[2] = {0x9F, 0x6A} [static]

CPLC fabrication date, serial number, batch identifier.

const BYTE GP211_GET_DATA_CPLC_ICC_MANUFACTURER_EMBEDDING_DATE[2] = {0x9F, 0x68} [static]

CPLC ICC manufacturer, embedding date.

const BYTE GP211_GET_DATA_CPLC_MODULE_FABRICATOR_PACKAGING_DATE[2] = {0x9F, 0x69} [static]

CPLC module fabricator, module packaging date.

const BYTE GP211_GET_DATA_CPLC_PERSONALIZATION_DATE[2] = {0x9F, 0x66} [static]

CPLC personalization date.

const BYTE GP211_GET_DATA_CPLC_PRE_PERSONALIZATION_DATE[2] = {0x9F, 0x67} [static]

CPLC pre-personalization date.

const BYTE GP211_GET_DATA_CPLC_WHOLE_CPLC[2] = {0x9F, 0x7F} [static]

Whole CPLC data from ROM and EEPROM.

const BYTE GP211_GET_DATA_DIVERSIFICATION_DATA[2] = {0x00, 0xCF} [static]

Diversification data.

const BYTE GP211_GET_DATA_EF_PROD_DATA_CHECKSUM[2] = {0xDF, 0x7A} [static]

EFprod data checksum.

const BYTE GP211_GET_DATA_EF_PROD_DATA_INITIALIZATION_DATA[2] = {0xDF, 0x77} [static]

EFprod data initialization data.

const BYTE GP211_GET_DATA_EF_PROD_DATA_INITIALIZATION_FINGERPRINT[2] = {0xDF, 0x76} [static]

EFprod data initialization fingerprint.

const BYTE GP211_GET_DATA_EF_PROD_DATA_LOCATION_MACHINE_DATE_TIME[2] = {0xDF, 0x7E} [static]

EFprod data location, machine number, date, time.

const BYTE GP211_GET_DATA_EF_PROD_DATA_PRODUCTION_KEY_INDEX[2] = {0xDF, 0x78} [static]

EFprod data production key index.

const BYTE GP211_GET_DATA_EF_PROD_DATA_PROFILE_WITH_PROFILE_VERSION[2] = {0xDF, 0x7D} [static]

EFprod data profile with profile version.

const BYTE GP211_GET_DATA_EF_PROD_DATA_PROTOCOL_VERSION[2] = {0xDF, 0x79} [static]

EFprod data protocol version.

const BYTE GP211_GET_DATA_EF_PROD_DATA_RFU[2] = {0xDF, 0x7C} [static]

EFprod data RFU.

const BYTE GP211_GET_DATA_EF_PROD_DATA_SOFTWARE_VERSION[2] = {0xDF, 0x7B} [static]

EFprod data software version.

const BYTE GP211_GET_DATA_FCI_DATA[2] = {0xBF, 0x0C} [static]

File Control Information (FCI) discretionary data.

const BYTE GP211_GET_DATA_FREE_COR_RAM[2] = {0x00, 0xC7} [static]

Free transient Clear on Reset memory space (COR RAM).

const BYTE GP211_GET_DATA_FREE_EEPROM_MEMORY_SPACE[2] = {0x00, 0xC6} [static]

Free EEPROM memory space.

const BYTE GP211_GET_DATA_ISSUER_IDENTIFICATION_NUMBER[2] = {0x00, 0x42} [static]

Issuer Identification Number, if Card Manager selected.

const BYTE GP211_GET_DATA_ISSUER_SECURITY_DOMAIN_AID[2] = {0x00, 0x4F} [static]

Change Issuer Security Domain AID, if Issuer Security Domain selected.

const BYTE GP211_GET_DATA_KEY_DIVERSIFICATION[2] = {0x00, 0xCF} [static]

Key diversification data. KMC_ID (6 bytes) + CSN (4 bytes). KMC_ID is usually the IIN (Issuer identification number). CSN is the card serial number.

const BYTE GP211_GET_DATA_KEY_INFORMATION_TEMPLATE[2] = {0x00, 0xE0} [static]

Key Information Template of first 31 keys. Next templates can be obtained with the tag 0x0x 0xE0, where x > 0.

const BYTE GP211_GET_DATA_PROTOCOL[2] = {0xDF, 0x70} [static]

Data for protocol change.

const BYTE GP211_GET_DATA_SECURITY_DOMAIN_AID[2] = {0x00, 0x4F} [static]

Change Security Domain AID, if Security Domain selected.

const BYTE GP211_GET_DATA_SECURITY_DOMAIN_IMAGE_NUMBER[2] = {0x00, 0x45} [static]

Security Domain Image Number, if Security Domain selected.

const BYTE GP211_GET_DATA_SEQUENCE_COUNTER_DEFAULT_KEY_VERSION[2] = {0x00, 0xC1} [static]

Sequence Counter of the default Key Version Number.

const BYTE GP211_GET_DATA_WHOLE_EF_PROD[2] = {0xDF, 0x7F} [static]

Whole EFprod data block (39 Byte).

const BYTE GP211_LIFE_CYCLE_APPLICATION_INSTALLED = 0x03 [static]

Application is installed.

const BYTE GP211_LIFE_CYCLE_APPLICATION_LOCKED = 0xff [static]

Application is locked.

const BYTE GP211_LIFE_CYCLE_APPLICATION_SELECTABLE = 0x07 [static]

Application is selectable.

const BYTE GP211_LIFE_CYCLE_CARD_INITIALIZED = 0x07 [static]

Card is initialized.

const BYTE GP211_LIFE_CYCLE_CARD_LOCKED = 0x7f [static]

Card is locked.

const BYTE GP211_LIFE_CYCLE_CARD_OP_READY = 0x01 [static]

Card is OP ready.

const BYTE GP211_LIFE_CYCLE_CARD_SECURED = 0x0f [static]

Card is in secured state.

const BYTE GP211_LIFE_CYCLE_CARD_TERMINATED = 0xff [static]

Card is terminated.

const BYTE GP211_LIFE_CYCLE_LOAD_FILE_LOADED = 0x01 [static]

Executable Load File is loaded.

const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_INSTALLED = 0x03 [static]

Application is installed.

const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_LOCKED = 0xff [static]

Application is locked.

const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_PERSONALIZED = 0xff [static]

Application is personalized.

const BYTE GP211_LIFE_CYCLE_SECURITY_DOMAIN_SELECTABLE = 0x07 [static]

Application is selectable.

const BYTE GP211_MANAGE_CHANNEL_CLOSE = 0x80 [static]

Close the Supplementary Logical Channel.

const BYTE GP211_MANAGE_CHANNEL_OPEN = 0x00 [static]

Open the next available Supplementary Logical Channel.

const BYTE GP211_STATUS_APPLICATIONS = 0x40 [static]

Indicate Applications or Security Domains in GP211_get_status() (request GP211_APPLICATION_DATA) or GP211_set_status().

const BYTE GP211_STATUS_ISSUER_SECURITY_DOMAIN = 0x80 [static]

Indicate Issuer Security Domain in GP211_get_status() (request GP211_APPLICATION_DATA) or GP211_set_status().

const BYTE GP211_STATUS_LOAD_FILES = 0x20 [static]

Request GP211_APPLICATION_DATA for Executable Load Files in GP211_get_status().

const BYTE GP211_STATUS_LOAD_FILES_AND_EXECUTABLE_MODULES = 0x10 [static]

Request GP211_EXECUTABLE_MODULES_DATA for Executable Load Files and their Executable Modules in GP211_get_status().

const BYTE OP201_APPLICATION_PRIVILEGE_CARD_MANAGER_LOCK_PRIVILEGE = 0x10 [static]

Application can lock the Card Manager.

const BYTE OP201_APPLICATION_PRIVILEGE_CARD_MANAGER_TERMINATE_PRIVILEGE = 0x08 [static]

Application can terminate the card.

const BYTE OP201_APPLICATION_PRIVILEGE_DAP_VERIFICATION = 0x40 [static]

Application can require DAP verification for loading and installating applications.

const BYTE OP201_APPLICATION_PRIVILEGE_DEFAULT_SELECTED = 0x04 [static]

Application is default selected.

const BYTE OP201_APPLICATION_PRIVILEGE_DELEGATED_MANAGEMENT = 0x20 [static]

Security domain has delegeted management right.

const BYTE OP201_APPLICATION_PRIVILEGE_MANDATED_DAP_VERIFICATION = 0x01 [static]

Security domain requires DAP verification for loading and installating applications.

const BYTE OP201_APPLICATION_PRIVILEGE_PIN_CHANGE_PRIVILEGE = 0x02 [static]

Application can change global PIN.

const BYTE OP201_APPLICATION_PRIVILEGE_SECURITY_DOMAIN = 0x80 [static]

Application is security domain.

const BYTE OP201_CARD_MANAGER_AID[7] = {0xA0, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00} [static]

The AID of the Card Manager defined by Open Platform specification.

const BYTE OP201_GET_DATA_APPLICATION_PROVIDER_IDENTIFICATION_NUMBER[2] = {0x00, 0x42} [static]

Application provider identification number, if Security Domain selected.

const BYTE OP201_GET_DATA_ATR_HISTRORICAL_BYTES[2] = {0xDF, 0x71} [static]

Change ATR historical bytes.

const BYTE OP201_GET_DATA_CARD_MANAGER_AID[2] = {0x00, 0x4F} [static]

Change Card Manager AID, if Card Manager selected.

const BYTE OP201_GET_DATA_CARD_RECOGNITION_DATA[2] = {0x00, 0x66} [static]

Card recognition data.

const BYTE OP201_GET_DATA_CONFIRMATION_COUNTER[2] = {0x00, 0xC2} [static]

Confirmation Counter.

const BYTE OP201_GET_DATA_CPLC_FABRICATION_DATE_SERIAL_NUMBER_BATCH_IDENTIFIER[2] = {0x9F, 0x6A} [static]

CPLC fabrication date, serial number, batch identifier.

const BYTE OP201_GET_DATA_CPLC_ICC_MANUFACTURER_EMBEDDING_DATE[2] = {0x9F, 0x68} [static]

CPLC ICC manufacturer, embedding date.

const BYTE OP201_GET_DATA_CPLC_MODULE_FABRICATOR_PACKAGING_DATE[2] = {0x9F, 0x69} [static]

CPLC module fabricator, module packaging date.

const BYTE OP201_GET_DATA_CPLC_PERSONALIZATION_DATE[2] = {0x9F, 0x66} [static]

CPLC personalization date.

const BYTE OP201_GET_DATA_CPLC_PRE_PERSONALIZATION_DATE[2] = {0x9F, 0x67} [static]

CPLC pre-personalization date.

const BYTE OP201_GET_DATA_CPLC_WHOLE_CPLC[2] = {0x9F, 0x7F} [static]

Whole CPLC data from ROM and EEPROM.

const BYTE OP201_GET_DATA_DIVERSIFICATION_DATA[2] = {0x00, 0xCF} [static]

Diversification data.

const BYTE OP201_GET_DATA_EF_PROD_DATA_CHECKSUM[2] = {0xDF, 0x7A} [static]

EFprod data checksum.

const BYTE OP201_GET_DATA_EF_PROD_DATA_INITIALIZATION_DATA[2] = {0xDF, 0x77} [static]

EFprod data initialization data.

const BYTE OP201_GET_DATA_EF_PROD_DATA_INITIALIZATION_FINGERPRINT[2] = {0xDF, 0x76} [static]

EFprod data initialization fingerprint.

const BYTE OP201_GET_DATA_EF_PROD_DATA_LOCATION_MACHINE_DATE_TIME[2] = {0xDF, 0x7E} [static]

EFprod data location, machine number, date, time.

const BYTE OP201_GET_DATA_EF_PROD_DATA_PRODUCTION_KEY_INDEX[2] = {0xDF, 0x78} [static]

EFprod data production key index.

const BYTE OP201_GET_DATA_EF_PROD_DATA_PROFILE_WITH_PROFILE_VERSION[2] = {0xDF, 0x7D} [static]

EFprod data profile with profile version.

const BYTE OP201_GET_DATA_EF_PROD_DATA_PROTOCOL_VERSION[2] = {0xDF, 0x79} [static]

EFprod data protocol version.

const BYTE OP201_GET_DATA_EF_PROD_DATA_RFU[2] = {0xDF, 0x7C} [static]

EFprod data RFU.

const BYTE OP201_GET_DATA_EF_PROD_DATA_SOFTWARE_VERSION[2] = {0xDF, 0x7B} [static]

EFprod data software version.

const BYTE OP201_GET_DATA_FCI_DATA[2] = {0xBF, 0x0C} [static]

File Control Information (FCI) discretionary data.

const BYTE OP201_GET_DATA_FREE_COR_RAM[2] = {0x00, 0xC7} [static]

Free transient Clear on Reset memory space (COR RAM).

const BYTE OP201_GET_DATA_FREE_EEPROM_MEMORY_SPACE[2] = {0x00, 0xC6} [static]

Free EEPROM memory space.

const BYTE OP201_GET_DATA_ISSUER_BIN[2] = {0x00, 0x42} [static]

Issuer BIN, if Card Manager selected.

const BYTE OP201_GET_DATA_ISSUER_DATA[2] = {0x00, 0x45} [static]

Card issuer data, if Card Manager selected.

const BYTE OP201_GET_DATA_KEY_INFORMATION_TEMPLATE[2] = {0x00, 0xE0} [static]

Key Information Template of first 31 keys. Next templates can be obtained with the tag 0x0x 0xE0, where x > 0.

const BYTE OP201_GET_DATA_PROTOCOL[2] = {0xDF, 0x70} [static]

Data for protocol change.

const BYTE OP201_GET_DATA_SECURITY_DOMAIN_AID[2] = {0x00, 0x4F} [static]

Change Security Domain AID, if Security Domain selected.

const BYTE OP201_GET_DATA_SECURITY_DOMAIN_IMAGE_NUMBER[2] = {0x00, 0x45} [static]

Security domain image number, if Security Domain selected.

const BYTE OP201_GET_DATA_SEQUENCE_COUNTER_DEFAULT_KEY_VERSION[2] = {0x00, 0xC1} [static]

Sequence Counter of the default Key Version Number.

const BYTE OP201_GET_DATA_WHOLE_EF_PROD[2] = {0xDF, 0x7F} [static]

Whole EFprod data block (39 Byte).

const BYTE OP201_LIFE_CYCLE_APPLICATION_BLOCKED = 0x7f [static]

Application is blocked.

const BYTE OP201_LIFE_CYCLE_APPLICATION_INSTALLED = 0x03 [static]

Application is installed.

const BYTE OP201_LIFE_CYCLE_APPLICATION_LOCKED = 0xff [static]

Application is locked.

const BYTE OP201_LIFE_CYCLE_APPLICATION_LOGICALLY_DELETED = 0x00 [static]

Application is logically deleted.

const BYTE OP201_LIFE_CYCLE_APPLICATION_PERSONALIZED = 0x0f [static]

Application is personalized.

const BYTE OP201_LIFE_CYCLE_APPLICATION_SELECTABLE = 0x07 [static]

Application is selectable.

const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_CM_LOCKED = 0x7f [static]

Card is locked.

const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_INITIALIZED = 0x07 [static]

Card is initialized.

const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_OP_READY = 0x01 [static]

Card is OP ready.

const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_SECURED = 0x0f [static]

Card is in secured state.

const BYTE OP201_LIFE_CYCLE_CARD_MANAGER_TERMINATED = 0xff [static]

Card is terminated.

const BYTE OP201_LIFE_CYCLE_LOAD_FILE_LOADED = 0x01 [static]

Executable Load File is loaded.

const BYTE OP201_LIFE_CYCLE_LOAD_FILE_LOGICALLY_DELETED = 0x00 [static]

Executable Load File is logically deleted.

const BYTE OP201_STATUS_APPLICATIONS = 0x40 [static]

Indicate Applications or Security Domains in OP201_get_status() or OP201_set_status().

const BYTE OP201_STATUS_CARD_MANAGER = 0x80 [static]

Indicate Card Manager in OP201_get_status() or OP201_set_status().

const BYTE OP201_STATUS_LOAD_FILES = 0x20 [static]

Request OP201_APPLICATION_DATA for Executable Load Files in OP201_get_status().

const BYTE OPGP_DERIVATION_METHOD_EMV_CPS11 = 2 [static]

The EMV CPS 11 derivation is used during mutual authentication.

const BYTE OPGP_DERIVATION_METHOD_NONE = 0 [static]

No key derivation is used during mutual authentication.

const BYTE OPGP_DERIVATION_METHOD_VISA2 = 1 [static]

The VISA2 key derivation is used during mutual authentication.

const BYTE OPGP_GEMXPRESSO_DEFAULT_KEY[16] = {0x47, 0x45, 0x4d, 0x58, 0x50, 0x52, 0x45, 0x53, 0x53, 0x4f, 0x53, 0x41, 0x4d, 0x50, 0x4c, 0x45} [static]

The default mother key value for new GemXpresso cards.

const BYTE OPGP_VISA_DEFAULT_KEY[16] = {0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F} [static]

The default key value for new cards defined in a VISA specification.

Generated on Wed Aug 11 00:24:29 2010 for GlobalPlatformLibrary by  doxygen 1.6.3