forked from OpenSC/OpenSC
-
Notifications
You must be signed in to change notification settings - Fork 2
Using smart cards with Java SE
Viktor Tarasov edited this page Dec 11, 2012
·
1 revision
Access to native PKCS#11 providers. Requires JNI and necessary host-side software.
- OpenSC-Java https://www.opensc-project.org/opensc-java/browser/trunk/pkcs11
- IAIK http://jce.iaik.tugraz.at/sic/Products/Core-Crypto-Toolkits/PKCS-11-Wrapper
- Sun PKCS#11 in 1.5+ http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
Access to PC/SC for Java versions before 1.6. Should not be used for new applications, use Java 1.6 and javax.smartcardio instead - jPCSC – http://www.linuxnet.com/middle.html
List of “interesting” applications and libraries that make use of javax.smartcardio
- Low level PC/SC bridge (replaces and obsoletes jPCSC) http://java.sun.com/javase/6/docs/jre/api/security/smartcardio/spec/javax/smartcardio/package-summary.html
- PKCS#15 support (OpenSC-Java)
- GPJ http://sourceforge.net/projects/gpj/
- scuba http://scuba.sourceforge.net/
- OpenCard Framework http://www.openscdp.org/ocf/
- Smart Card Shell http://www.openscdp.org/scsh3/index.html
- wiki:OpenPGP GUI http://sourceforge.net/projects/javaopenpgpcard/
- Generic APDU sending GUI http://sourceforge.net/projects/jsmartcard/
- NFC link for ACR122U http://code.google.com/p/nfcip-java/
- Serbian eID interface: https://gitorious.org/freesteel/jfreesteel
- MOCCA – applet for digital signatures for several eID cards with direct APDU-s http://mocca.egovlabs.gv.at/BKUOnline/
- On Mac OS X 10.6 and 10.7 run the JRE with -d32 to force it into 32bit mode, otherwise smart card events won’t work or a crash happens:
java(2885,0x104c77000) malloc: *** mmap(size=140454020517888) failed (error code=12)- error: can’t allocate region
- set a breakpoint in malloc_error_break to debug
Invalid memory access of location 0×0 rip=0×10c0d766e
Segmentation fault: 11
- pcsc-lite library location. If no PC/SC implementation is found by default (exception) path to the library location might be needed (on Debian for example)
- sun.security.smartcardio.library_=_/usr/lib/libpcsclite.so
- Automatic GET RESPONSE issuing. Cards that behave in a certain way, might need to have the automatic GET RESPONSE issuing turned off (for example see problem description)
- sun.security.smartcardio.t0GetResponse_=_false
- sun.security.smartcardio.t1GetResponse_=_false
Similar to the PKCS#15 generation/parsing software in OpenSC, but implemented in Java. Both use Bouncy Castle for actual ASN.1 encoding/decoding. Both use javax.smartcardio instead of the pcsc/openct/ctapi layer of OpenSC.
- in OpenSC-Java https://www.opensc-project.org/opensc-java/browser/trunk/pkcs15
- In javacardsign http://javacardsign.svn.sourceforge.net/viewvc/javacardsign/pkihostapi/src/net/sourceforge/javacardsign/iso7816_15/
- Alternative: use Java ASN.1 compiler instead.
GlobalPlatform deals with loading and managing JavaCard applets. There are currently two known implementations of GlobalPlatform specific functionality:
- GPJ (see above) uses javax.smartcardio and does not provide a GUI. Ideal for integrating purposes.
- jcManager http://www.brokenmill.com/2010/03/java-secure-card-manager/ uses jPCSC (see above) and provides a rudimentary GUI.