In last couple months while learning to develop Java Card applets I managed to develop ISO 7816 compatible file system applet. I successfully implemented most of the standardized APDU commands from 7816-4, -8, -9 standards (I used other available functional descriptions and standards like OpenPGP applet, IAS ECC, MUSCLE, CoolKey etc. to help me understand former standards).
Now I am trying to develop PKCS#11 implementation for this my own applet. I am familiar with using OpenSC tools for already supported cards (opensc-tool, opensc-explorer, pkcs15-init, pkcs15-tool etc.). But I would like to develop driver for this applet for OpenSC.
I browsed information available on their project site on github and found some documentation on implementing custom driver for OpenSC (entersafe card example, and general suggestions for card driver implementation). Also I found that on gooze.eu there were available some tutorials on OpenSC, but this site is no longer available.
So my questions are:
Where can I find some more information on OpenSC API in order to understand available driver code and to manage to develop my own?
Any general overview of API, about OpenSC architecture, description of available functions (description on intended usage of structures and functions such as sc_format_apdu, sc_transpit_apdu, sc_card_operatins as an example etc.) to give me a jumpstart for understanding OpenSC source code and implementing a card driver.
Are there any man pages for OpenSC API (googling I was able to find some, but very incomplete and sporadic).
Any information would be very helpful.
Why don't you either use IsoApplet (that has both JavaCard applet and OpenSC driver) or if you want to develop your own, learn from its source code.
Also, if you have studied the standards and existing applets (and drivers) you should have enough domain knowledge to get an idea of what some of the API functions do. If not, keep your code somewhere in public and you can (hopefully) get support from the OpenSC developers via mailing list.
Related
I recently purchased Micro:Bit. I've seen that micro-python and bluetooth cannot be used at the same time due to memory capacity.
Does anyone know if I would be able to build a decent application using the javascript block programming?
The app basically has to do the following:
Read data from acceleretometer.
Acumulate some accelerometer data.
Send the information to another device connected via bluetooth.
Yes, you should be able to write a program for the microbit that does this. the official documentation describes the services that are available. I also found an example which suggests that there is an app which you can use at the phone end if that's relevant to your application.
The micropython restriction is a combination of the BLE protocol stack requiring 12 kB of RAM, and python being interpreted (so having a high RAM requirement).
You can chose the block version or test javascript - and should be able to write reasonably complex programs (even if the text entry might be best done in an editor). As a final fall-back, you can fall back on C/C++ using the microbit DAL (which seems to be built on top of the mbed offline toolchain).
I've a PKCS-11 supported smartcard? I just want to check that my the smartcard is working fine or not. How can check it on Ubuntu? Please guide me. what software I can use? how what steps should I follow?
It is important to understand that PKCS#11 standard just defines the C language API to access smartcards and other types of cryptographic hardware (or even software). It is usually hardware vendor who provides software library (.dll for windows, .so for unix etc.) that implements PKCS#11 API and is able to access the hardware (smartcard in your case). Your application usually loads PKCS#11 library and uses PKCS#11 API functions it provides.
In most cases it is the best to use PKCS#11 library provided by your smartcard vendor but there are also many independent software vendors such as A.E.T. or Aloaha who provide smartcard middleware (software package that usually contains PKCS#11 library) that can access a bunch of widely used smartcards. You can also take a look at OpenSC project which provides an open source PKCS#11 library that supports many popular smartcards and USB tokens.
Now let's get back to your questions:
Do I have a PKCS-11 supported smartcard?
You have to check whether there exists a library (open source or commercial) that implements PKCS#11 API and supports your smartcard. If you can find such a library then the answer is yes.
How can I check it on Ubuntu?
If you already have PKCS#11 library then you can install "opensc" package which provides command line application called "pkcs11-tool". You can use following command to list readers and cards accessible via your PKCS#11 library:
pkcs11-tool --module your_pkcs11_library.so --list-slots
If you want to use PKCS#11 library provided by OpenSC project then just replace "your_pkcs11_library.so" with "opensc-pkcs11.so".
What software I can use?
PKCS#11 is widely supported standard so this question is hard to answer. I guess you would like to use open source applications with your smartcard because you have mentioned Ubuntu so here is the short list of well known applications that support PKCS#11:
Mozilla Firefox - supports digital signature and client authentication
Mozilla Thunderbird - supports digital signing of e-mails
LibreOffice - supports digital signing of documents
TrueCrypt - supports disk encryption
OpenVPN - supports client authentication
OpenSSH - supports client authentication
To verify Ubuntu sees your smartcard reader and identity card:
Install libusb-1.0-0-dev pcsc-lite pcscd pcsc-tools
The following tools will be installed:
pcscd - systemctl status pcscd - sometimes the card reader crashes this daemon, so you may need to restart it.
opensc-explorer - it searches and displays smartcard readers attached
opensc-tool - Options will provide detailed information about your smartcard reader.
pcsc_scan - will show you smartcard reader and its status. It should show your identity card inserted, as well as when you take it out. If it displays waiting on reader - restart the pcscd service and try again.
The following link describes this more in detail and setting up firefox/chrome for certificates
https://cubiclenate.com/linux/applications/utilities/dod-cac-ubuntu-linuxmint/
I am new to javacard programming.While working with owner pin in my javacard application, I referred that "PIN interface which is in javacard framework package does not make any assumptions about where the data for the PIN value comparison is stored".
And I want to know the following,
Can I get the exact location where my owner pin is stored? If I can how to do that? How to export my updated owner pin?
I have an applet of my javacard application. Now how can I load & install into my javacard.I know there are tools available and come with the smartcard itself. But I want to install without tool and only through apdu commands. Is there any procedure to do that? If so how to do that?
Sorry, you cannot retrieve the OwnerPIN, probably because of security reasons. You will have to implement the PIN interface yourself if you want to do that, but there are about 8 pitfalls in the implementation regarding side channel attacks and such. If you can't think of about 8 attacks, don't go there. Generally, retrieving the PIN as data is not what you should want.
Of course there is a procedure to do that: create your own GlobalPlatform API - you might want to look at open source examples though, such as gjp.
As an extreme hack, you could store the PIN in as the value of a secret key object (which are generally well protected).
Regarding the installation of applets I have a good and bad news for you:
The general process of command for installing is standardized by Global Platform, however that refers only to those commands you send to the Cardmanager-Applet.
However AFAIK there is no vendor independent standard of the Cardmanager-AID. Additionally you have to authenticate yourself to the Cardmanager applet before you can use it. On developer cards this is usually a simple key like 404142434445464748494a4b4c4d4e4f (hex) as used for example by JCOP cards for the first DES key.
Additionally this authentication key can be changed by the card owner. Therefore on non-developer cards you don't have access to the Cardmanager.
Is there a (open source or commercial) software solution available for the Linux platform to build a custom embedded navigation device? It should be able to display maps and do routing (just like a TomTom/Navigon/Garmin/... navi device).
Unfortunately all navigation solutions seem to target Windows CE only.
Something based on OpenStreeMap data is not an option, because the map data is IMHO not always good enough for serious routing / driving instructions.
Since I'm searching for a long time now without luck I'm not too restrictive on the implementation details, however it should be possible to extend the software with custom functions or ideally embed the navigation in my own software.
Android with Google Maps comes to my mind, but I'd like to avoid setting up Android for my device.
Alternatively, if there is no such solution, I might use a end-user navigation device if that allows me some kind of communication with my own device to control it.
I'm open for any suggestions, thanks..
There is a huge list here. Take a look if anything suites your needs.
Is it possible to write a mobile application with J2ME and whenever we want to implement a functionality not offered by J2ME call native mobile API ? (kind of like what is done with .NET, whenever you need something not provided, you just call the Win32 API from the .NET platform).
While JNI is not officially supported in J2ME, the Symbian implementation of J2ME obviously uses something very similar.
Since most J2ME APIs have a corresponding Symbian OS C++ API, what Symbian did (a lot) is develop adaptation layers between the 2.
Between that and the new modular architecture of the IBM J9 virtual machine (from Series60 3rd edition feature pack 2 onward), it is technically possible to add a new API to the virtual machine without actually needing to recompile most of a handset firmware.
However, third party developers simply are not allowed to do it without a lot of help from the handset manufacturer.
A loopback socket connection is the solution that people have tipically implemented to transfer data accross the language barrier. Large-scale deployment is not the easiest task, though, as you technically need to install 2 applications on the device. Once you understand the threading model of the Symbian J2ME implementation, you also realize how ugly and inefficient a hack it is.
When you reach that kind of issue, it's time to learn Symbian OS C++ and do it right.
No. That's not possible with Java ME.
Only sort of. Actually it is possible but not directly. You can write a native server that listens on a local socket and send requests to it from your Java MIDlet. Someone even released a framework to do this called MIDP-JNI (as opposed to real JNI). Obviously the form of the solution imposes some limitations on what you can do with it but it isn't actually impossible.
Be aware that using this approach can make your application much more complex to debug.
If you are specifically looking out for Nokia/Symbian, then APIBridge http://wiki.forum.nokia.com/index.php/J2ME_API_Bridge_Interface could be a solution. Typically it is the 'official' version of 'native server on local socket' kind of thing. The APIBridge is 'extensible' & you can write your own 'plugins' for your suitable 'low-level' task.