Certificates and smart cards

Is it possible to store a certificate on a smart card using Java card technology? All I want to do is write the bytes to the card and read the bytes from it. I don't want anything per sey to execute on the card. Is this possible?

Yes, you can operate any javacard like normal smart card. That means you don't identify javacard from its aspect at all because javacard transmit/accept APDU/response as same as non-javacard.
No doubt to contact me if you have any question: [email protected]
Chen Song
P.R.China

Similar Messages

  • PKI Certificates on smart cards.

    Hi techies,
    I am a Smart card operating system developer.
    I m working on a PKI OS project.
    and i m stuck while implementing the verify certificate command.
    Well currently the issue i m facing is how to store certificates on smart card.
    i mean which file to use, which format to use, (may be x.509), which document is relevent for implementation point of view.
    could anybody help me out.
    Regards,
    Rishabh Agarwal

    Hi Polat,
    thanks for reply as i thought i wont have any reply.
    well I am talking about a native card not a java card but i think it doesnt make any diffrence as at application level both are same. (diffrent at implementation level not application level)
    so here i got some clue after searching meterial and brainstorming... we need to read following documents
    1) PKCS#1 v2.1
    2) PKCS#15
    3) PKCS#7 (may be, as i havent gone through it yet)
    I am almost ready with my OS for native card and have tested some its features except related to certificate...
    Now i want to test it with some CSP application i dont know how will it go... i m trying to get some demo CSP code in which i can change and test my card by integrating it to some windows aplications.
    if you have any clue about abovementioned then pls let me know..
    and please ask if you need any help from my side
    Regards
    Rishabh Agarwal

  • Token and smart card reader are not detected on Mavericks if not plugged on a USB port during system boot

    Well, both token and smart card reader are not detected on OS X 10.9 if not plugged on a USB port during system boot. So, if I am already working within the system and need to use my certificates I have to plug the token or smart card reader on a USB port and restart Mavericks.
    Token is a GD Starsign and Smart Card Reader is a SCR3310 v2.
    Thoughts?

    SCS is a very good app, since I've read that Apple has discontinued support for PC/SC interfaces after the release of Mountain Lion.
    (My previous installation was a Mavericks upgrade from Lion)
    However, I don't know what and how to debug using Smart Card Services. Do you know any commands to use?
    Apparently, the SC reader reports no issues: the LED is blinking blue when no smart card is present and becomes fixed blue when a smart card is inserted – according to the manuals, this shows that there is correct communication between the OS and the CCID reader.
    I don't know what to do; I'm beginning to hypothesize it's a digital signer issue. In fact, my smart card only supports one application called File Protector (by Actalis) to officially sign digital documents. This application seems to have major difficulties in identifying the miniLector EVO.
    The generic and ambiguous internal error comes when I try to manually identify the peripheral.
    Athena CNS is one of the Italian smart cards and is automatically recognized and configured (so it's correct – no doubts about this), while "ACS ACR 38U-CCID 00 00" seems to be the real name of the miniLector.
    (I'm assuming this because System Information also returns that the real manufacturer is ACS... bit4id is a re-brander)
    However, when I click on it and then tap OK, it returns internal error.
    As first attempt, I would try to completely erase&clean File Protector files to try a reinstall. Then, if this still doesn't work, I'd debug using the terminal.
    So:
    - Do you know any applications to 100% clean files created by an installer?
    - Do you have in mind any solutions that I might have forgotten?
    Thanks in advance from an OS X fan!

  • ISE 802.1x EAP-TLS machine and smart card authentication

    I suspect I know the answer to this, but thought that I would throw it out there anway...
    With Cisco ISE 1.2 is it possible to enable 802.1x machine AND user smart card  authentication simultaneously for wired/wireless clients (specifically  Windows 7/8, but Linux or OSX would also be good).  I can find plenty of  information regarding 802.1x machine authentication (EAP-TLS) and user  password authentication (PEAP), but none about dual EAP-TLS  authentication using certificates for machines and users at the same time.  I think I can figure out how to configure such a policy in ISE, but options seem to be lacking on the client end.  For example, the Windows 7 supplicant seems only able to present either a machine or user smart card certificate, not one then the other.  Plus, I am not sure how the client would know which certificate to present, or if the type can be specified from the authenticator.

    Hope this video link will help you
    http://www.labminutes.com/sec0045_ise_1_1_wired_dot1x_machine_auth_eap-tls

  • PEAP-TLS: same settings in PEAP Properties and Smart Card & Cert Properties?

    When setting up a GPO for a wireless network profile via GPMC in Windows 2008 R2, in the
    Protected EAP Properties window there are check boxes for
    Validate server certificate and Do not prompt user to authorize new servers or trusted certification authorities, a textbox for
    Connect to these servers, and a selections list for
    Trusted Root Certification Authorities.
    All these configurable options show up again if you click on Configure when using
    Smart Card or other certificate as the authentication method.  You can set them as you wish there, different from PEAP Properties even.
    My question is, which set of options takes precedence? A sane person will probably keep them the same, but why have that confusion in the interface?

    Hi Roland,
    All of these two settings will take effect.
    PEAP is an EAP method that addresses this security issue by first creating a secure channel that is both encrypted and integrity-protected with TLS. Then, a new EAP negotiation with another EAP method occurs within the secure channel, authenticating the
    network access attempt of the access client.
    Therefore, the first settings is the settings of the TLS secure channel (outer layer), and the second settings is the settings of new EAP negotiation (inner layer). If we choose "Smart Card or other certificate" as the authentication method of PEAP,
    there will be two TLS secure channel actually.
    For detailed information, please refer to the link below,
    Extensible Authentication Protocol Overview
    http://technet.microsoft.com/en-us/library/bb457039.aspx
    Best Regards.
    Steven Lee
    TechNet Community Support

  • Problem Signing Email with Digital Certificate from Smart Card, Outlook 2013

    Hi there, I'm the IT guy for a small company.  I've configured several people in the company to use their smart cards for email signing through Outlook 2013, but a a few computers are giving me this error:
    "Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address '<e-mail address>'. Either get a new digital ID to use with this account, or use the Accounts button to
    send the message using an account that you have certificates for."
    I've been in the Trust Center, I see the signing and encrypting certificates. (SHA-1 and 3DES).  Yet when I try to sign, Outlook always fails on the error.
    For my computer, I was able to fix this by adding a "SupressNameChecks" DWORD set to 1 in the Registry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook.  However, this fix is not working for the other people in the company.
    Any other ideas?  Really pulling my hair out on this one, I've tried everything I could find on the net it seems.

    Hi,
    Please checked “E-mail name” under the section ‘Include this information in alternate subject name” on the Subject Name tab of the certificate template.
    We can export the entrust managed services root CA cert from a working machine and import into the trusted root store of a non-working machine. For detailed steps about it, please refer to:
    How To Import and Export Certificates So That You Can Use S/MIME in Outlook Web Access on Multiple Computers
    http://support.microsoft.com/kb/823503/en-us
    Hope it helps.
    Regards,
    Winnie Liang
    TechNet Community Support

  • Java card and smart card ??

    hello , i don't know if they are the same ?? are they ?? i've been dealing with gemplus and don't know any active groups .. am i allowed to discuss here ?? or to ask questions here ??

    Hi,
    I am using core java language provided by NetBeans 3.6 to write a program to read certificate and keys from a smart card(provided by smart silicon systems ltd.). I am also using Keytools provided by a company.
    I am very new to cryptography but i want to learn. I have tried several websites but didnt get any answer...
    Please help .If anyone has some sample codes that i can run and see it will really great.
    Thanks and regards
    sanmishra

  • Remote desktop and smart cards

    I frequently work from home using my mac to access my windows based desktop at the office. I use the microsoft remote desktop v. 1.0.3. for MAC. Now that my agency is moving to smart card identification requirements for access I need to be able to use the smart card at home to sign onto the office desktop.
    The RDC for MAC does not have an option for smart card readers (as opposed to the RDC for windows version). Is there alternative software that would be simple to install on my MAC (I am not an IT sophisticate) that will give me smart card access?

    Microsoft Remote Desktop Connection (RDC) for Mac and Apple Remote Desktop (ARD) are two completely different tools with marginally similar capabilities. Unfortunately, as you've already discovered, neither offers Smart Card capabilities to allow you to authenticate to your Windows computer at work.
    If your Mac is an Intel Mac then you could probably run Windows using Parallels or Boot Camp on your home computer and use the Windows RDC client to make your connection. I don't suggest trying to use VirtualPC if you have a PowerPC Mac simply because your Smart Card reader will most likely be USB and VirtualPC has a bad track record with USB devices.
    Hope this helps!
    bill
      Mac OS X (10.4.10)   1 GHz Powerbook G4

  • MS Remote Desktop and smart card reader

    I have installed MS Remote Desktop Conn. on my iMac and connected a smart card reader via the USB. Although my reader energizes when the computer is on, the computer doesn't seem to recognize the reader. When I insert a CAC card into the reader and try to log in remotely, I continue to get a "username/password" box instead of the CAC PIN number. Do I need to install some kind of smart card driver or does Apple already have it? I'm at a loss as to how to fix this.

    I was able to get rdesktop 1.6.0 to install on my Mac and I was able to get CAC log-in to work.
    However, the installation is a little tricky. I downloaded rdesktop 1.6.0 from this link:
    <<http://www.rdesktop.org>>
    My instructions for installation:
    1. Make sure Xcode Tools is installed on your computer. It should be on your OS X install disk.
    2. Find out where your X11 libraries are located:
    -From the Finder menu, selct "Go" >> "Go to Folder..."
    -Type (without the quotes) "/usr/X11", and click "Go"
    You should see a bunch of folders. Make sure the "include" and "lib" folders are there. Otherwise you need to find out where the X11 "include" and "lib" folders are located on your computer.
    3. Download rdesktop and place the (unarchived) rdesktop-1.6.0 folder on your Desktop
    4. Open the X11 application (should be in your Utilities folder)
    5. In the X11 window type the following (without the quotes):
    "cd Desktop/rdesktop-1.6.0 && ./configure --enable-smartcard -x-includes=/usr/X11/include -x-libraries=/usr/X11/lib && make && sudo make install"
    4. Hit enter. When prompted, enter your administrator password and hit enter.
    rdesktop should now be installed in the following folder:
    /usr/local/bin
    So, to launch rdesktop with smartcard log in enabled, open the X11 application (or Terminal application) and type the following (without the quotes, and replace your.server.address with the server address):
    "cd /usr/local/bin && ./rdesktop -r scard your.server.address"
    Hit enter and it should launch a new X11 window that will try to access the remote server where you should be prompted for your PIN.
    To explore more options with rdesktop, open X11 and type the following (without quotes):
    "cd /usr/local/bin && ./rdesktop"
    Hit enter and you should get a list of options available to rdesktop.

  • Remote desktop and smart card

    Hi.
    I need to use a smart card while working with remote desktop.
    My office pc runs win XP and have a smart card connected. I can not use that card when working remotly, its not found. Like its disconnected.
    I also have a smart card connected to my Mac at home. The smart card works fine when the VPN connection ask for my code.
    The problem is that it does not get forwarded. I have tried to use MS Remote Desktop for mac and CoRD.
    But none of them supports the smart card.
    It works fine with parallels/win7 on my mac, I can then use my smart card.
    How ever I would like to not use the win/ on my mac.
    Do anybody have a soulution to this? Are there any Remote desktop applications that support forwarding of smart card for Mac OS?
    Thanx for any tips

    You can install rdesktop with Smart Card support.
    It is fairly easy if you use something like MacPorts, Fink, or Homebrew.
    I know MacPorts has a port for it that I used in the past.

  • Pkcs#11 and smart card reader

    Hi everybody,
    In my applet code
    i'm trying to implement "attached signature" reading keystore from a smartcard.
    I'm using SunPKCS11 provider and infocamere smart card, so i load SunPKCS11.dll for PKCS#11 standard.
    my code is:
    String pkcs11ConfigFile = "c:\\smartcards\\config\\SI_PKCS11.cfg";
    Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(pkcs11ConfigFile);
    Security.addProvider(pkcs11Provider);
    where SI_PKCS11.cfg file contains 2 lines like follow:
    name = test
    library = C:\WINNT\system32\SI_PKCS11.dll
    when I try to sign without smart card in the device reader i catch "PKCS#11 not found" exception, while when I try with smart card inside the device the applet stop on loading the provider and it doesn't continue without any errors in java console. Can anyone help me?
    thanks a lot for every answer
    best reagards

    I should add that I am using Windows 7 and my CSS version is 8.3, I can also verify my smart card works for other applications, only thinkvantage CSS 8.3 does not work.

  • SUN One web server 6.1,strong authentication and smart card

    Hi guys,
    I am experiencing a weired issue with smart cards.
    scenario:
    SOWS 6.1 SP6, smart card Gem Plus and Internet explorer 6 and 7 as client and strong authentication.
    Once I put my smart card and insert the PIN code to get into the html page, when I tried to just move the mouse in a frame, I got lots of PIN request. I have notest the there are lots of SSLv3 sessions opened. When I put the PIN code after a while and again when I move the mouse quickly I got the same request
    I tried with Firefox and the it works fine.
    Anyone experienced a sort of same issue? any clue? Could it be that Firefox store the PIN code somewhere and IE doesn't?
    Cheers

    Hi,
    Yes, Firefox and other mozilla products by default only require the pin for tokens the first time they are needed. In Seamonkey, the preference is in edit/preference/privacy & security/master passwords/master password timeout/web browser will ask for your master password . There is an equivalent in Firefox, but since i don't use it, I don't know the exact location of that pref.
    The fact that you are being prompted multiple times in IE means that there are multiple SSL handshakes happening. This may be because the server is forcing a new SSL handshake on each HTTP request. . There may be a way for the web server to be configured not to do that by setting client auth globally on the listen socket instead of setting it on a specific URL space.

  • MIDlets and smart cards ???

    Hi
    A question:
    We have smart cards and SIM cards, a smart card with a much smaller plastic substrate than credit-card sized smart cards.
    We have the Java[tm] programming language.
    We know, that there are wireless phones that can execute so-called MIDlets. And - as far as I know - they can execute those MIDlets because they have a java-understanding SIM-card.
    So the language is the same and the "hardware" is the same.
    So where are the differences bedween programs for smart cards and MIDlets. Is it the same?
    RB

    You mix Java on SIM cards with Java on phones! MIDlets are executed by a Java VM that runs on the mobile phone hardware. Java Card Applets, however, are executed by a Java VM that runs on a smart card hardware. This smart card might be a SIM card, which sits inside a mobile phone but appart from that we are talking about two differnent things - two different Java runtime environments. Please consult the MIDP/Java Card specifications.

  • Blackberry Z10 and Smart Card Reader Battery Life

    We have several users with new Z10s using Smart Card Reader 2.  After activation with BAS10, users state the Smart Card Sled battery life has dramatically decreased from the old setup with 9930s on BAS5.  One user states he can have it fully charged at work and it will be dead by the time he gets home.
    I searched around a bit, and haven't found anyone else reporting this issue.  Any ideas what might be causing this?

    Hi my two Z10 don't have this issue, what OS version are you running? The newer version should have fixed the battery issue.

  • X240 touch screen and smart card seader problem

    Hello
    I installed Smart Card Reader (FRU 04X3984) to my X240 touch and after that the touch screen doesnt work. OS says that the "no pen or touch input available for this display". If I unplug the SCR cable from MB then touch function is going to work again. There are no conflict messages in system, they just doesnt work together!! 

    Hello moban2010,
    It sounds like you have two separate issues going on here. For the display and touchscreen response I suggest you use the following article to help isolate and resolve the situation.
    iPhone, iPad, iPod touch: Troubleshooting touchscreen response
    http://support.apple.com/kb/ts1827
    For the alert you are getting that your sim card is not installed, there is another great article.
    iPhone: Troubleshooting No SIM
    http://support.apple.com/kb/TS4148
    Thanks for reaching out,
    -Joe

Maybe you are looking for

  • Outlook for Mac Export using AppleScript

    Hello, Is it possible to write an AppleScript that will perform the export function in Outlook for Mac?  I'm looking for a script I could add to Task Scheduler and automate an export every day. Thanks

  • Sequencing podcast entries

    Greetings all- Is there a way to re-order podcast entries? I am creating a sequence of podcasts in iWeb. Having created them in random order and wishing to publish them in a particular sequence, I am unable to discover a way to re-order them. Is ther

  • Safari will not load graphics

    Two days ago Safari quite loading graphic images, it will load text but no images. I have checked all the settings and nothing has changed. I uninstalled and re-installed Safari with the same result. Ran a virus scan and Drive Genius 3, Also ran Cock

  • Date/Calendar picker-- please help

    Hello Would someone please help me out? I am trying to get the date picker from the demo below. http://www.toedter.com/en/jcalendar/demo.html However, I have a JButton in my short program. Once I click on the JButton, I need the calendar to show just

  • Switching Accounts at New Every 2 deadline.

    So I am currently on my parents family share account and I want to switch from that to my Fiancé's account. I am due for an upgrade mid-November and I was wondering if it's possible for me to switch over when signing a new contract. My only concern i