CREATE SESSION Command

Begin the mutual authentication process for establishing a Session.

Description

Start negotiating a Session with the device. This command tells the device which Authentication Key to use and sends the host challenge part. The response will contain the device challenge and device authentication part. To establish the session continue with AUTHENTICATE SESSION Command.

Shell Example

Create a new session with Authentication Key 1 using the password password. This does both the session creation and authentication steps:

yubihsm> session open 1 password
Created session 0

Protocol Details

Command

Tc = 0x03
Lc = 10
Vc = I || H

Parameters:

I := Key set ID (2 bytes)

H := Host Challenge (8 bytes)

The device generates a random Card Challenge C (8 bytes).

The device derives three Session Keys (S-ENC, S-MAC and S-RMAC) starting from the set of two static keys identified by I (K-ENC and K-MAC) and the two challenges H and C, using the same procedure described in SCP03.

The device uses S-MAC together with H and C to compute the Card Cryptogram A. The host will compute the Host Cryptogram B after having received C and derived S-MAC.

On success the device generates a Session ID S (1 byte) and sets the message counter for the current Session to 1.

Response

Tr = 0x83
Lr = 17
Vr = S || C || A