CREATE SESSION Command
Begin the mutual authentication process for establishing a Session.
Start negotiating a Session with the device. This command tells the device which Authentication Key to use and sends the host challenge part. The response will contain the device challenge and device authentication part. To establish the session continue with AUTHENTICATE SESSION Command.
Create a new session with Authentication Key
1 using the password
password. This does both the session creation and authentication steps:
yubihsm> session open 1 password Created session 0
I:= Key set ID (2 bytes)
H:= Host Challenge (8 bytes)
The device generates a random Card Challenge
C (8 bytes).
The device derives three Session Keys (
S-RMAC) starting from the set of two static keys identified by
K-MAC) and the two challenges
C, using the same procedure described in SCP03.
The device uses
S-MAC together with
C to compute the Card Cryptogram
A. The host will compute the Host Cryptogram
B after having received
C and derived
On success the device generates a Session ID
S (1 byte) and sets the message counter for the current Session to