Inserting a new card
A smart card daemon (service) must be running on the host computer in order to communicate with smart cards.
The service is a part of the operating system. In case it is not running, enable the service. Search "Services" in your programs and enable all services that contain "Smart Card" in their name. Up to Windows 8, only one service exists. From Windows 10, there are two services that must be enabled: Smart Card service and Certificate Propagation service.
Note: plug-in the smart card before service enablement. It might turn these services on. Also, your OS will consider the services wasteful otherwise: they will be most likely shut down again.
Install the PC/SC driver and make sure the driver is running. You can download any driver, a good working one is OpenSC. It is also available through various distributions and packaging systems for Linux.
Upon a card insertion, the card is detected automatically. In case another card reader is inserted the application will
- switch to a new card in case the other reader is empty
- not take any action in case another card is being displayed The active card (and reader) selection can be switched in the Readers menu item.
Because we are inserting a new card, we need to authenticate to it. The application will detect the card type and use the corresponding default test key (or ask for the most common test key use otherwise). If you've already changed the test key to a new value, the authentication will fail. In that case, further attempts to authenticate are blocked - unless you change the cards.ini file (set auth=true and fill in the correct authentication key).
The card authentication is executed as follows:
- If the card is present in cards.ini file, the authentication is performed, if auth = true is set and the key value is not in invalid format
- If the card is not present in the file (e.g. new card inserted), or the key is invalid, a default test key is searched for.
- If the test key is found the card is authenticated immediately with it as we suppose user did not change the test key.
- If no test key found the user is asked whether to use the common test key 4041..4E4F.
We support only the one-valued key input. Each card needs three different keys in order to authenticate to it as an administrator (to modify or display its contents): ENC, MAC, DEK. These three keys can be derived from the one "Master key" (the only one we support) using a diversification method.
Important file is cards.ini file in [your user home folder]/JcAppStore/data. This file contains every card that has been inserted since the installation - in case there are multiple cards present, search the card by ID. The ID value is displayed every time some warning pops up (or when the card is successfully authenticated to, in the middle of the main menu bar).
We do not recommend to change default master key if you don't have a reason to do so (e.g. you know you have to). However, if you've already changed it (or the application doesn't know the default test key for your card), then you need to modify the cards.ini file.
- Locate the file in [your user home folder]/JCAppStore/data/
- Search for your card block, beginning with [card id value here]. The card id can be obtained from the store (just plug in the card, the error message will show you the card id).
- Modify the key field - set the correct master key value (in hex string: characters 0-9A-F, we don't support the 3-piece keys yet).
- Modify the auth field - set value to true if not set, for the store to actually try to authenticate to the card.
In case the JCAppStore fails to authenticate to your card although you did not change the test key, let us know. We will add the card to our list as it is unknown card type.