Attention is currently required from: dexter, fixeria, laforge.
Hello Jenkins Builder, dexter, fixeria,
I'd like you to reexamine a change. Please visit
https://gerrit.osmocom.org/c/pysim/+/36930?usp=email
to look at the new patch set (#2).
The following approvals got outdated and were removed: Code-Review+1 by fixeria, Verified+1 by Jenkins Builder
Change subject: CardKeyProvider: Implement support for column-based transport key encryption ......................................................................
CardKeyProvider: Implement support for column-based transport key encryption
It's generally a bad idea to keep [card specific] key material lying around unencrypted in CSV files. The industry standard solution in the GSMA is a so-called "transport key", which encrypts the key material.
Let's introduce support for this in the CardKeyProvider (and specifically, the CardKeyProviderCSV) and allow the user to specify transport key material as command line options to pySim-shell.
Different transport keys can be used for different key materials, so allow specification of keys on a CSV-column base.
The higher-level goal is to allow the CSV file not only to store the ADM keys (like now), but also global platform key material for establishing SCP towards various security domains in a given card.
Change-Id: I13146a799448d03c681dc868aaa31eb78b7821ff --- A contrib/csv-encrypt-columns.py M docs/card-key-provider.rst M pySim-shell.py M pySim/card_key_provider.py 4 files changed, 189 insertions(+), 15 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/30/36930/2