Original question
I am using MC3-36K-R1 cards from the Training Kit. Where do I find the keys needed to generate protected and confidential ALUs using halugen?
For example, from the SmartDeck manual there is the following example for generating a confidential ALU.
halugen -tkck tkck0203.key -mcdpkc 1506005D2A56.pkc -ahashk hashmod_0247.pub -confidential -dataonly -autoPad -appk app_provider.priv Eloyality.hzx -o Eloyality_conf_v4.alu
Answer as follows
1. -hashk : This specifies a key loaded into the ROM of the chip called the Hash Modulus. The key used depends upon the mask. All the keys are available for download at https://www.stepxpress.com/services/ – for the training kit, the zip file required is MC3-36K-R1.zip
2. -kck: This specifies the public part of the key (the Transport Key Certifying Key), the private part of which is used to sign individual card key pairs (the mcdpkc) in the KMA. This key is mask specific and the key to use is also in the zip file.
3. -appk: This specifies the private key used to sign the applications with. A key pair can be generated using the batch file create_app_provider_keypair.bat found in the training kit. The public key is uploaded to StepXpress (use the file with the .stx extension) and forms part of the Application Load Certificate (ALC).
4. -mcdpkc: This is the public key certificate of the card (in binary). It can be obtained from the card (in hex) by using the MKD_PKC button in MUtil or using the command hterm -apdu 80100700C8 (ignoring 90 00 at the end of the output, which is the status word)
