JavacardOS will not accept order any more, please contact our partner Feitian online Store:
https://ftsafe.en.alibaba.com/index.html

PIN + Certificate ( Date Expired )

JavaCard Applet Development Related Questions and Answers.
Post Reply Previous topicNext topic
teixeira
Posts: 13
Joined: Tue Dec 06, 2016 10:53 am
Points :130
Location: Brazil
Contact:
Contact teixeira

PIN + Certificate ( Date Expired )

Post by teixeira » Tue Dec 13, 2016 3:20 pm

Hello everyone !

My project will be divided:
1 - Applet (JavaCard 2.2.1)
2 - Desktop App (JavaFX)

App Desktop, will only be accessed with the card, okay?

My applet will consist of:

1 - PassWord (PIN) maximum 3 attempts.

2 - My applet, need to create certificate, date (expired) (still do not know how to do ...)

I am sending, my source code if it is "safe" with the PIN.

PS: Can I consider that my applet is secure?

Code: Select all


import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.OwnerPIN;
import javacard.framework.PINException;

/*
 * BOSSWARE
 * @date 12-12-2016
 * By: JOSE TEIXEIRA - teixeira.totvs@gmail.com
 * 
 * */
public class SEID extends Applet {
   
   // appletID for selected
   public final static byte TSPIN_CLA = (byte) 0xA0;
    
   // method check PIN
   public final static byte PIN_CHECK = (byte) 0xD0;

   // method change PIN
   public final static byte PIN_CHANGE = (byte) 0xD2;
 
   // properties limit PIN check
   public final static byte PIN_TRY_LIMIT = (byte)5;
   
   // propertis lenght PIN
   public final static byte PIN_LENGTH = (byte) 4;
   
   public byte i = (byte)0x00;
   
   // default PIN! change first connection !
   final static byte[] default_pin = { (byte)0x12, (byte)0x34 };
 
   OwnerPIN pin;
   
   public SEID(){
      
      pin = new OwnerPIN(PIN_TRY_LIMIT, PIN_LENGTH);
 
      
      try
      {
         byte pinLength = (byte)default_pin.length;
         pin.update(default_pin, (short)0, (byte) pinLength);
      } catch (PINException e)
      {
         ISOException.throwIt(e.getReason());
      }
   }

   public static void install(byte[] bArray, short bOffset, byte bLength) {
      // GP-compliant JavaCard applet registration
      new SEID().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
   }

   public void process(APDU apdu) {
      // Good practice: Return 9000 on SELECT
            if (selectingApplet())
            {
               return;
            }
            byte[] buffer = apdu.getBuffer();
       
            if (buffer[ISO7816.OFFSET_CLA] != TSPIN_CLA)
               ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
       
            switch (buffer[ISO7816.OFFSET_INS])
            {
             case (byte) 0x00:
             break;
       
            case PIN_CHECK:
               if (!pin.check(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive()))
                  ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
               break;
       
            case PIN_CHANGE:
               JCSystem.beginTransaction();
               pin.update(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive());
               JCSystem.commitTransaction();
               break;
       
            default:
               // good practice: If you don't know the INStruction, say so:
               ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
            }
         }
}




Thank you all !
Top
User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3053
Contact:
Contact UNKNwYSHSA

Re: PIN + Certificate ( Date Expired )

Post by UNKNwYSHSA » Tue Dec 13, 2016 10:05 pm

1 The PIN can be changed after the PIN verified, but your code has no check for this.
This means everyone can change your PIN, the Applet is not secure.
You should code like this:

Code: Select all

            case PIN_CHANGE:
                if (!pin.isVerified()) {
                    ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                }
               JCSystem.beginTransaction();
               pin.update(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive());
               JCSystem.commitTransaction();
               break;

2 You should check length for new PIN value. Normally, the length is 6 ~ 8 bytes.
sense and simplicity
Top
teixeira
Posts: 13
Joined: Tue Dec 06, 2016 10:53 am
Points :130
Location: Brazil
Contact:
Contact teixeira

Re: PIN + Certificate ( Date Expired )

Post by teixeira » Tue Dec 13, 2016 10:40 pm

Hi, UNKNWYSHSA !

Thank you !

Now, to expire date? card expiring date...
Top
User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3053
Contact:
Contact UNKNwYSHSA

Re: PIN + Certificate ( Date Expired )

Post by UNKNwYSHSA » Tue Dec 13, 2016 10:54 pm

You can store the issue date in the card.
And check the card if expired or not with one APDU command with current date.
sense and simplicity
Top
teixeira
Posts: 13
Joined: Tue Dec 06, 2016 10:53 am
Points :130
Location: Brazil
Contact:
Contact teixeira

Re: PIN + Certificate ( Date Expired )

Post by teixeira » Tue Dec 13, 2016 11:05 pm

I understand. The current date, I will send to the current date APDU SQL SERVER GETDATE ().

Thank you.
Top
User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3053
Contact:
Contact UNKNwYSHSA

Re: PIN + Certificate ( Date Expired )

Post by UNKNwYSHSA » Tue Dec 13, 2016 11:13 pm

Yes, you can send date with your own defined data format.
sense and simplicity
Top
Post Reply Previous topicNext topic

Return to “Questions & Answers”

Who is online

Users browsing this forum: No registered users and 6 guests

JavaCard OS : Disclaimer