This new version of the Amendment, which comes with an updated API, defines:
- A new Confidential Key Loading Scenario, Scenario #4: ECC based Key Agreement Model using a mechanism that does not require the use of a secure channel to ensure the identity of the parties.
- The option of generating AES keys with Scenario #1
- A mechanism for Applications to request a CASD signature, the CASD Signature Service. This service is available through the new AuthoritySignature interface, and the corresponding Global Service.
This maintenance release of GPCS Amendment A: Confidential Card Content Management contains errata and precisions. Main aspects:
It acknowledges the existence of and reserves appropriate values for a variant of scenario #3 which was defined by the GSMA for the eSIM.
It clarifies the encoding of some length fields for scenario #1 when RSA keys longer than 128 bytes are used.
It clarifies how an off-card entity may look up for an appropriate CA Public Key in order to verify a CASD certificate.
This version of Card Specification Amendment A: Confidential Card Content Management mainly contains changes due to restructuring of the Card Specification and its amendments:
Tokens and the DGIs for key personalization were removed and are now in the Card Specification
Key Agreement Scenario 3 was taken in from Amendment E
Several Clarifications were also added.