Trouble Shooting & Sample Application

Trouble Shooting

Problem seen Cause Action to take
Running hterm returns

i2c IO/1 set low failed
i2c IO/1 set high failed
Missing Write ACK
COM Port not connected


Interface chip has stopped responding Unplug Trust Hub and plug it back in.


Sample Application

A simple, example PKI application that will run on Trust Hub can be found in the workspace. It makes use of the template structure.

It demonstrates the use of the PIN management primitives, generation of RSA key pairs, RSA raw signatures and in-chip debugging.

Run the “debug with hsim” debug configuration to step through the code.

To load to a Trust Hub dongle (enabled with the Developer Community issuer-id)

  • Load the application using  load_chip.bat with the COM port number as a parameter e.g.
    • load_chip.bat 5
  • Select the application and run  it, entering the APDU commands from debug_hsim.txt at the command line
    • hterm -serial COM5:i2c -selectaid F00000FF -interact

Debugging in-chip can be tried by using either of the in-chip debug configurations.


Supported APDU Commands


  1. The P1 and P2 APDU bytes are not used by any of the commands in this application.
  2. The class byte (CLA) must be one of the following:
    a. 0xBB: Supported for the delete app command CLA=0xBB, INS=0x00
    b. 0x80: An application command
    c. 0x81: Debug application command in chip: Note that the debug in-chip feature should be removed before deployment of the completed application.
  3. The following status words may be returned when executing any command:
    a. 6700: The value of Lc and/or Le is/are not as defined by the command.
    b. 6900: The initial PIN value must be set before the application can be used again.
    c. 6982: Permission denied: the PIN must be verified.
    d. 6983: The key storage has been corrupted: the application can no longer be used.
    e. 6A80: The command data (Lc, Le, Data) is not consistent with the requirements for the command.
    f. 6D00: INS not supported
    g. 6E00: CLA not supported.
    h. 9000: Success
    i. 9Fxx: MULTOS abended, reason code xx


INS Lc Data Le Description Possible error status words
0x10 0x0B PIN data (8)

PIN length (1)

PIN Try Counter (1)

PIN Try Limit (1)

n/a Initialise PIN.

The value is given in “data” with the given length.

This application uses a fixed PIN length of 5 bytes.

The PIN can be changed by subsequent calls.

Following this command completing successfully the PIN must be verified for future commands.

6A00: PIN length doesn’t equal 5 bytes.

6F00: An unknown error occurred initialising the PIN.

0x11 0x05 PIN data n/a Verify PIN.

Attempt to verify the PIN with the given data.

The PIN remains verified until the device is reset or the app is deselected.

6A81: The PIN is blocked because there have been too many incorrect attempts.

6A82: PIN verification is not required yet.

6982: PIN verification failed.

0x20 n/a n/a 0x00 Generate RSA Key Pair.

Generates a 2048 bit RSA key pair with an exponent of 0x03.

The public modulus is returned by the command, the private key remains in the internal key storage.

Following this command completing successfully the PIN must be verified for future commands.

6F00: An unknown error occurred during key generation.
0x21 0x000100 Data to sign (256 bytes). Must be formatted according to the signature scheme being used. 0x0000 Generate RSA Signature.

Performs a modular exponentiation CRT with the private key over the given data and returns the result.

6985: The RSA key pair has not been generated yet.