Begin the mutual authentication process for establishing a Session.
Start negotiating a Session with the device. This command tells the device which Authentication Key to use and sends the host challenge part. The response will contain the device challenge and device authentication part. To establish the session continue with Authenticate Session.
Create a new session with Authentication Key 1
using the password password
. This does
both the session creation and authentication steps:
yubihsm> session open 1 password Created session 0
Tc = 0x03 |
Lc = 10 |
Vc = I || H |
I := Key set ID (2 bytes)
H := Host Challenge (8 bytes)
The device generates a random Card Challenge C
(8 bytes).
The device derives three Session Keys (S-ENC
, S-MAC
and S-RMAC
) starting
from the set of two static keys identified by I
(K-ENC
and K-MAC
) and
the two challenges H
and C
, using the same procedure described in SCP03.
The device uses S-MAC
together with H
and C
to compute the Card Cryptogram
A
. The host will compute the Host Cryptogram B
after having received C
and derived S-MAC
.
On success the device generates a Session ID S
(1 byte) and sets the
message counter for the current Session to 1
.
Tr = 0x83 |
Lr = 17 |
Vr = S || C || A |