Hi,
I'm a newby in the smartcard world and I'm developing an applet which have to use group signatures inside the smartcard. Due to that fact I NEED to store 2 key values securely into the smartcard (protected with PIN) and they have to be persistent after power off or deselecting. I've read some docs and forums and seen that data can be stored in EEPROM (Is it this what i need to do?/If so, How do I protect this data with the PIN?).
To summaryze: How do I save forever 2 keys that are going to be sent to the smartcard once (since data is going to be send I guess I will have to check if it exists somehow when applet starts but I can't create at installation -or maybe yes if I know the size and after fill the space-) and safely protect it.
Any help,docs or reference will be greatly appreciated
Save data permanently into JavaCard and Protect with PIN
Re: Save data permanently into JavaCard and Protect with PIN
Welcome to the forum.
Firstly, please read the JavaCard documentations and APIs and read concepts on ISO-7816 and ISO-14443 before beginning to work with smart cards. Most people come to work on smart cards without an idea on what it is and the resulting applets they design are poor in terms of security and efficiency which immediately degrades the performance, longevity and security of a good card.
In JavaCard, when you assign a variable and do not set it as transient object, it immediately becomes a persistent object and saves to EEPROM or Flash.
One example is:
This type of direct assignment immediately creates a b object of byte array type on the card and stored permanently unless the values are replaced or the card applet is deleted.
The above code as you may be guessing is to create transient byte array of b that has 2 byte lengths and clears when you "reset the card" by physically pulling the card or disconnecting the reader.
From the above, direct assigning creates permanently stored values while using specialized methods like make TransientXXX... methods will make transient data storage regions in the RAM memory.
Now, about cryptographic keys, you can make it persistent in the card's EEPROM or Flash storage or you can make a key in the RAM memory.
The KeyBuilder class has different types of keys. Those with TRANSIENT flags means temporary keys in RAM and those without are permanent keys.
Also use the JCSystem.beginTransaction and JCSystem.commitTransaction if you want a particular transaction to be atomic in state.
Please read all the necessary documents (below) and learn on your own and ask questions. Once you have a firm understanding, then you can go ahead to design an actual smart card applet for real world security purposes otherwise continue to read and learn first.
Here is the JavaCard 3.0.4 API to help you (http://www.javafind.net/library/111/javacard_specifications-3_0_4-RR/classic/api_classic/index.html) but the API is not going to be useful if you do not do the due diligence of reading up official documents for ISO-7816 (at the very least is a must read), ISO-14443 (for contactless cards), JavaCard documentations for developers (http://www.oracle.com/technetwork/java/javacard/specs-138637.html) and also the GlobalPlatform documents (http://www.win.tue.nl/pinpasjc/docs/Card%20Spec%20v2.1.1%20v0303.pdf).
There is a ton of materials to read but this is a highly recommended way to get started so that you know what to expect and know what you are dealing with.
Firstly, please read the JavaCard documentations and APIs and read concepts on ISO-7816 and ISO-14443 before beginning to work with smart cards. Most people come to work on smart cards without an idea on what it is and the resulting applets they design are poor in terms of security and efficiency which immediately degrades the performance, longevity and security of a good card.
In JavaCard, when you assign a variable and do not set it as transient object, it immediately becomes a persistent object and saves to EEPROM or Flash.
One example is:
Code: Select all
byte[] b = {(byte) 0x01, (byte) 0x02};This type of direct assignment immediately creates a b object of byte array type on the card and stored permanently unless the values are replaced or the card applet is deleted.
Code: Select all
byte[] b = JCSystem.makeTransientByteArray((short) 2, JCSystem.CLEAR_IN_RESET);The above code as you may be guessing is to create transient byte array of b that has 2 byte lengths and clears when you "reset the card" by physically pulling the card or disconnecting the reader.
From the above, direct assigning creates permanently stored values while using specialized methods like make TransientXXX... methods will make transient data storage regions in the RAM memory.
Now, about cryptographic keys, you can make it persistent in the card's EEPROM or Flash storage or you can make a key in the RAM memory.
The KeyBuilder class has different types of keys. Those with TRANSIENT flags means temporary keys in RAM and those without are permanent keys.
Also use the JCSystem.beginTransaction and JCSystem.commitTransaction if you want a particular transaction to be atomic in state.
Please read all the necessary documents (below) and learn on your own and ask questions. Once you have a firm understanding, then you can go ahead to design an actual smart card applet for real world security purposes otherwise continue to read and learn first.
Here is the JavaCard 3.0.4 API to help you (http://www.javafind.net/library/111/javacard_specifications-3_0_4-RR/classic/api_classic/index.html) but the API is not going to be useful if you do not do the due diligence of reading up official documents for ISO-7816 (at the very least is a must read), ISO-14443 (for contactless cards), JavaCard documentations for developers (http://www.oracle.com/technetwork/java/javacard/specs-138637.html) and also the GlobalPlatform documents (http://www.win.tue.nl/pinpasjc/docs/Card%20Spec%20v2.1.1%20v0303.pdf).
There is a ton of materials to read but this is a highly recommended way to get started so that you know what to expect and know what you are dealing with.
-
UNKNwYSHSA
- Posts: 630
- Joined: Thu May 21, 2015 4:05 am
- Points :3053
- Contact:
Re: Save data permanently into JavaCard and Protect with PIN
1 Store data in NVM memory space. Store to the object create by java new statement.
2 You can check PIN before store/read the data, refer to javacard.framework.OwnerPIN.
For your design, you shall seriously read each point as @tay00000 said in the reply above.
2 You can check PIN before store/read the data, refer to javacard.framework.OwnerPIN.
For your design, you shall seriously read each point as @tay00000 said in the reply above.
sense and simplicity
Re: Save data permanently into JavaCard and Protect with PIN
Thank you both for your answers. I'll read the docs in order to improve my knowledge of the javacard technology. By the way, Do you know if there is a limit of non-volatile memory that the JCIDE can emulate?
Re: Save data permanently into JavaCard and Protect with PIN
In JCIDE, different simulators have different size of non-volatile memory.
Simulator NVM List
eJava Token - 110KB
A22CR- 138.53KB
A40CR- 72.80KB
Simulator NVM List
eJava Token - 110KB
A22CR- 138.53KB
A40CR- 72.80KB
Who is online
Users browsing this forum: No registered users and 85 guests