views:

62

answers:

1

Hi, I am currentlly on a project that requires me to load a JavaCard application Applet ( a .cap ) file to a JavaCard. Our framework is based on Visual C++ and PCSC, so we need to load the same applet to a series of JavaCards. Does anyone know how this can be processed? I mean, where should I start. Thanks!

A: 

You are correct that this is not a trivial job.

There are differences between different javacards, but generally you need to do 4 things:

  • initialize secure communications with the card (because many javacards are "global platform" cards they require a secure channel)
  • send a command saying "i wanna install an applet"
  • send the binary data for the applet to be installed
  • send a command to "instantiate" the applet after the binary data is sent

I'd recommend using the eclipse plugin to install the applet initially, because you can see the APDUs generated by the plugin to do the steps above. Once you know the APDU commands you must send to install your applet, you can directly send these commands using the PCSC interface from your C++ code to automate installation on a large number of cards.

My company makes a web browser plugin called Card Boss for doing this kind of thing (card communications via pcsc) from a browser - there's a web page you can use where you can type your own APDUs and send them to the card at the follwing URL:

https://cardboss.cometway.com/content.agent?page_name=Card+Boss+Lab

If you use our tool, your applet installation script should look something like this (note that this is a script for a JCOP card using the default jcop keys)

    MESSAGE BOX Installing applets...

    INIT CHANNEL 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f, 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f

    // INSTALL CAP: 
    SEND 80 E6 02 00 1D 10 A0 00 00 00 09 00 03 FF FF FF FF 89 10 71 00 01 08 A0 00 00 00 03 00 00 00 00 00 00 

    // LOADING CAP: 
    SEND 80 E8 00 00 FA C4 82 01 03 01 00 25 DE CA FF (snip, I removed a bunch 
of binary data representing the cap file to shorten this post, and you might
need multiple SEND commands because of limits on the size of APDUS)

    // INSTANTIATING Applet
    SEND 80 E6 0C 00 1E 05 63 6F 6D 65 74 07 63 6F 6D 65 74 00 01 05 00 00 00 00 00 01 00 06 C9 04 68 2C 00 03 00 00 
Damien
I have used the Sun javacard package and one of its bat scripts to generate these APDUS, but I stopped there because I was not sure that those commands are fine, now I know they are thanks:-) I am updating this code from some else that left the company and it seems that he has done everything, even the secure channel, but he relies on his own script file which is rather different. I think I will need to figure it out. As well, as the key for it. But Man, you just made me jump a lot more further!
zlogdan