Retrieving card-individual keys via CardKeyProvider

When working with a batch of cards, or more than one card in general, it is a lot of effort to manually retrieve the card-specific PIN (like ADM1) or key material (like SCP02/SCP03 keys).

To increase productivity in that regard, pySim has a concept called the CardKeyProvider. This is a generic mechanism by which different parts of the pySim[-shell] code can programmatically request card-specific key material from some data source (provider).

For example, when you want to verify the ADM1 PIN using the verify_adm command without providing an ADM1 value yourself, pySim-shell will request the ADM1 value for the ICCID of the card via the CardKeyProvider.

There can in theory be multiple different CardKeyProviders. You can for example develop your own CardKeyProvider that queries some kind of database for the key material, or that uses a key derivation function to derive card-specific key material from a global master key.

The only actual CardKeyProvider implementation included in pySim is the CardKeyProviderCsv which retrieves the key material from a [potentially encrypted] CSV file.

The CardKeyProviderCsv

The CardKeyProviderCsv allows you to retrieve card-individual key material from a CSV (comma separated value) file that is accessible to pySim.

The CSV file must have the expected column names, for example ICCID and ADM1 in case you would like to use that CSV to obtain the card-specific ADM1 PIN when using the verify_adm command.

You can specify the CSV file to use via the –csv command-line option of pySim-shell. If you do not specify a CSV file, pySim will attempt to open a CSV file from the default location at ~/.osmocom/pysim/card_data.csv, and use that, if it exists.

Column-Level CSV encryption

pySim supports column-level CSV encryption. This feature will make sure that your key material is not stored in plaintext in the CSV file.

The encryption mechanism uses AES in CBC mode. You can use any key length permitted by AES (128/192/256 bit).

Following GSMA FS.28, the encryption works on column level. This means different columns can be decrypted using different key material. This means that leakage of a column encryption key for one column or set of columns (like a specific security domain) does not compromise various other keys that might be stored in other columns.

You can specify column-level decryption keys using the –csv-column-key command line argument. The syntax is FIELD:AES_KEY_HEX, for example:

pySim-shell.py –csv-column-key SCP03_ENC_ISDR:000102030405060708090a0b0c0d0e0f

In order to avoid having to repeat the column key for each and every column of a group of keys within a keyset, there are pre-defined column group aliases, which will make sure that the specified key will be used by all columns of the set:

  • UICC_SCP02 is a group alias for UICC_SCP02_KIC1, UICC_SCP02_KID1, UICC_SCP02_KIK1

  • UICC_SCP03 is a group alias for UICC_SCP03_KIC1, UICC_SCP03_KID1, UICC_SCP03_KIK1

  • SCP03_ECASD is a group alias for SCP03_ENC_ECASD, SCP03_MAC_ECASD, SCP03_DEK_ECASD

  • SCP03_ISDA is a group alias for SCP03_ENC_ISDA, SCP03_MAC_ISDA, SCP03_DEK_ISDA

  • SCP03_ISDR is a group alias for SCP03_ENC_ISDR, SCP03_MAC_ISDR, SCP03_DEK_ISDR

Field naming

  • For look-up of UICC/SIM/USIM/ISIM or eSIM profile specific key material, pySim uses the ICCID field as lookup key.

  • For look-up of eUICC specific key material (like SCP03 keys for the ISD-R, ECASD), pySim uses the EID field as lookup key.

As soon as the CardKeyProviderCsv finds a line (row) in your CSV where the ICCID or EID match, it looks for the column containing the requested data.

ADM PIN

The verify_adm command will attempt to look up the ADM1 column indexed by the ICCID of the SIM/UICC.

SCP02 / SCP03

SCP02 and SCP03 each use key triplets consisting if ENC, MAC and DEK keys. For more details, see the applicable GlobalPlatform specifications.

If you do not want to manually enter the key material for each specific card as arguments to the establish_scp02 or establish_scp03 commands, you can make use of the –key-provider-suffix option. pySim uses this suffix to compose the column names for the CardKeyProvider as follows.

  • SCP02_ENC_ + suffix for the SCP02 ciphering key

  • SCP02_MAC_ + suffix for the SCP02 MAC key

  • SCP02_DEK_ + suffix for the SCP02 DEK key

  • SCP03_ENC_ + suffix for the SCP03 ciphering key

  • SCP03_MAC_ + suffix for the SCP03 MAC key

  • SCP03_DEK_ + suffix for the SCP03 DEK key

So for example, if you are using a command like establish_scp03 –key-provider-suffix ISDR, then the column names for the key material look-up are SCP03_ENC_ISDR, SCP03_MAC_ISDR and SCP03_DEK_ISDR, respectively.

The identifier used for look-up is determined by the definition of the Security Domain. For example, the eUICC ISD-R and ECASD will use the EID of the eUICC. On the other hand, the ISD-P of an eSIM or the ISD of an UICC will use the ICCID.