Java Card ECKey with NIST P256 Curve. How to encode a negative coefficient?

Similar Messages

• HT1933 I bought six songs using my itunes gift card in February but I cannot play the songs or downlaod them to my ipod because I get an error saying the original file could not be found.  I have used the gift card previously with no issue.  How do I fix

  I bought six songs using my itunes gift card in February but I cannot play the songs or downlaod them to my ipod because I get an error saying the original file could not be found.  I have used the gift card previously with no issue.  How do I fix it?

  Have you moved or deleted those tracks on your computer (the gift card has got nothing to do with it) ?
  You might be able to re-download them via the Purchased link under Quick Links on the right-hand side of the iTunes store home page on your computer's iTunes (re-downloading isn't possible in all countries) - if those songs appear there then delete the entries from your iTunes library (where you are clicking on them to play them and gettinf the 'original file' error), and they should then get a cloud symbol against them for re-downloading.
  If they don't appear in that link then have you got them on, for example, an external drive ?

• Java Card simulator with MD5 MessageDigest support?

  Are there any Java Card simulators with support for the MD5 MessageDigest available? I checked both cref and jcwde, but they only support ALG_SHA.

  Thanks.
  By the way, do you happen to know if the newer JCOP cards (e.g. the NXP (Philips) JCOP 41 V2.2.1/72K USB
  NXP (Philips) JCOP 41 V2.2.1/72K) still support the MD5 MessageDigest? Older JCOP cards seem to support MD5, but at least in the publicly available JCOP 41 specs there is no mention of MD5 anymore; e.g. at http://www.bsi.bund.de/zertifiz/zert/reporte/0426b.pdf

• How do I test a Java card applet with different AIDs on the fly?

  ... Like sweeping cards from employees in a queue of people lining up in the morning?
  When I created my applet, the aid is a fixed value inside the class.
  Whenever I wanted to test it with another value, I changed that AID and rerun the applet.
  I find it very cumbersome that needs to be rerun and rerun, over and over again.
  How do I test the applet easily with any values of AIDs that I'd like to put in, on the fly.
  I know I can't simulate the sweeps of card in the applet because I can't have a main method with a signature
  of Strings[] args or String[] args. I can only have JUnit to help me out, but still java card doesn't allow either
  main(Strings[] args) or TestCase to inherit from.
  Thanks
  Jack

  your question is hard to understand but:
  an applet always has one definite AID and you cant change it after install as far as i know
  a) you want to test many cards with diffrent AIDs?
  ->send a list of select commands and check the return values
  b)you want one card with the same applet to be available for many AIDs?
  ->install many dummy applets forwarding the commands to one core applet
  c)i think i didnt get your point :/

• How do I communicate a Java Card applet with a server?

  I'm new to Java and Java Card and currently developing a smart card system. I'm not sure what to use on my applet or server, JCSystem or SecureConnection or something else?
  If I'm writing a server application, then how do I install it so that I can simulate it with cjre?
  Thanks in advance.
  p/s: Connection is using TSL.

  The flow is like this:
  Java Card --> POS terminal -> Server
  Yes. I'm using JC3.
  Here's what I've achieved so far using SocketConnection
  SocketConnection sc = (SocketConnection) Connector.open("socket://localhost:50007");
  InputStream is = sc.openInputStream();
  OutputStream os = sc.openOutputStream();
  os.write("Hello world!".getBytes());
  is.read(buffer);
  os.close();
  is.close();
  sc.close(); Edited by: andirady on Dec 4, 2012 11:59 PM

• Memory Card Issue with my BlackBerry Curve 9300

  Hello,
  I have been using the memory card for more than a year. It's a SanDisk or a ScanDisk memory card. It's 8 GB. I didn't use the card that came with my BlackBerry Curve 9300 phone. I'm always trying to delete files or to copy files, most of them are music files from my laptop to the memory card via memory card reader.
  Now I am encountering a message that I need to repair the memory card whenever I try to insert it to my phone again. And most of the time whenever the phone automatically repairs it, some files are corrupted or considered as a "lost chunk files".
  How can I recover those files? And why did it happen or always happen in the first place?
  According to this site, you need to reformat it: http://www.techtalkz.com/tips-n-tricks/1535-memory-card-corrupted-here-solution.html
  So what I did is to copied everything to my laptop then reformatted it completely.
  It kinda solved the issue but for how long will I won't be experiencing the "repair memory card" issue and the "lost chunk files" issue?
  Do I need another program to reformat the memory card and not to use the one that comes with every windows computer?
  Does using a memory card reader or using a memory card adapter (for the microSD card) corrupts the memory card?
  I have been researching on how to completely recover the files but I'm a bit confused.
  There are a lot of recovery programs out there.
  Can you guys help me out here? Thanks.
  Here are the researches that I made:
  http://www.diydatarecovery.nl/chkmate.htm
  http://forums.crackberry.com/blackberry-torch-9800-f209/torch-freezes-media-card-corrupted-627384/
  http://www.berryreview.com/2009/01/08/tips-tricks-recover-files-from-a-corrupted-sd-or-microsd-card/
  http://supportforums.blackberry.com/t5/BlackBerry-Torch/Media-card-corrupted/td-p/1181945
  http://www.squidoo.com/recoverphotosblackberry
  http://www.ehow.com/how_2129153_retrieve-pictures-corrupt-memory-card.html
  http://panasonic.jp/support/global/cs/sd/download/index.html
  http://www.datarecoverybook.com/drb/usb-drive.html
  http://www.cgsecurity.org/wiki/TestDisk
  http://www.memorycardrepair.org/memory-card-repair/downloads.html

  vikram82 wrote:
  Tried a couple of things. Still my issue is not resolved
  I think you should try each and everyone of the solutions suggested in the link I provided, given that it covered both harware and software suggestions. And always reset the device by removing the battery whilst the device is powered-on. Leave the battery out for a minute or 2 after each step.
  See if that resolves the problem.
  Blackberry Best Advice - Back-up weekly
  If I have helped you please check the "Kudos" star on the right >>>>

• Java Card compatibility with readers... (please help me!!)

  Hi,
  I would like to know how to determine the compatibility of a existing reader with the JavaCard technology.
  I have studied the standar ISO 7816 and I'm not sure if a reader must be compliant with absolutely all
  parts of the standar (Part 1,2,3,4,5,6) to be capable of read, write Java Cards and select the applet to
  execute.
  Especifically I need to know if the readers GEMPC410 and CASTLES EZ200 are able to read, write
  and execute multiple java applications.
  The specifications that a read, said that GEMPC410 can read and write ISO7816 1/2/3/4 and
  CASTLES EZ200 can read and write ISO7816 1/2/3 but i have the following doubt:
  These readers should be compatible with the part 4 and/or 5 of the ISO standar to
  interchange commands with the reader (Part 4) and identifie the applications to execute (Part 5)?.
  Where I can find more information about this issues?
  Thank you very much for your soon answer.

  Well,
  There are two type of readers you can use with JavaCards:
  Contact readers
  As specified in ISO7816, for the contact readers working with T=0 and T=1 protocols. On win machines they are normally supported with the PC/SC interface, most of the readers are able to talk to that interface. In other words - if you can use any card on ur comp and if it is win platform JC will work fine.
  Contactless readers
  As specified in ISO14443, this babies are talking T=CL protocol. For now I know only JCOP30 products that are operating also in contactless mode. For this you will have to acquire some contactless reader and they are commong with drivers for standalone apps or for the PC/SC IF.
  But chance that you will use the second option in next 3 years is rather small.

• Firewall - Java Card project with two packages.

  My Java Card project has got two Java Card packages. One of them contains only the Java Card applet. The other package contains all other classes. We did the splitting because our application is large and if all the code is left inside the one package if debug mode was checked, the size of the cap file was more than 64 bytes and the CAP file with that size cannot be installed inside the simulator. That situation made the programming difficult. Therefore the splitting took place. What is my question? If we have two packages, is there a firewall between them or the packages are in the same group context.

  A library package has different restrictions to an applet package. As for the firewall, the data created in your library package is owned by the applet instance that created it. That means any data or objects created by calling your library from your applet will be in the same context as your applet. Any other applet accessing this library will not be able to access instances from the original context. This is only a problem with static fields and methods etc that are shared between both applets.
  Cheers,
  Shane

• ECC Curve P-224 implementation in java card

  Hello
  I am implemeting ECC in java card
  but I need the Curve P-224 as my length
  but Keybuilder is only upto P-192 only
  how can I generate ECC curves parameters and generate key pair
  using Curve P-224 .. please help
  Thank you!

  You're right, Java Card API 2.2.1/2 defines only up to 192 bit ECC key length. You have to find a smart card OS provider who has longer ECC key lengths implemented, offering you an industrial extension API to access it via your applet. Best is to contact smart card manufacturers with your question.

• How to ensure applet is written in java card?

  Hi all,
  I have written a java card applet, in which i am using the Biometry API of java card to enroll a fingerprint template in java card. Code is attached below:
  package classicapplet1;
  import javacard.framework.*;
  import javacardx.biometry.BioBuilder;
  import javacardx.biometry.OwnerBioTemplate;
  import javacardx.biometry.SharedBioTemplate;
  import javacardx.biometry.BioException;
  public class JavaBiometrics extends Applet implements SharedBioTemplate{
          public final static byte CLA = (byte)0xCF;
       public final static byte INS_ENROLL = (byte)0x10;
       public final static byte MATCH_TRY_LIMIT = (byte)3;
       public final static byte INVALID_DATA = (byte)0x77;
       public final static byte ERROR_MATCH_FAILED = (byte)0x9101;
       public static final byte CARD_ENROLL_SUCCESS = (byte)0x9000;
       public static final byte CARD_ENROL_FAILED = (byte)0x6900;
       private OwnerBioTemplate bio_temp;
       * Installs this applet.
       * @param bArray
       *            the array containing installation parameters
       * @param bOffset
       *            the starting offset in bArray
       * @param bLength
       *            the length in bytes of the parameter data in bArray
      public static void install(byte[] bArray, short bOffset, byte bLength) {
          new JavaBiometrics(bArray, bOffset, bLength);
       * Only this class's install method should create the applet object.
      protected JavaBiometrics(byte[] bArray, short bOffset, short bLength) {
      byte aidLen = bArray[bOffset];
            if(aidLen == (byte)0)
                 register();
            else
                 register(bArray, (short)(bOffset+1), aidLen);
            bio_temp = BioBuilder.buildBioTemplate(BioBuilder.FINGERPRINT, MATCH_TRY_LIMIT);
  public boolean select()
  return true;
       * Processes an incoming APDU.
       * @see APDU
       * @param apdu
       *            the incoming APDU
      public void process(APDU apdu) {
          //get the incoming APDU buffer
       byte []buffer = apdu.getBuffer();
       //Get the CLA; mask out the logical-channel info
       buffer[ISO7816.OFFSET_CLA] = (byte)(buffer[ISO7816.OFFSET_CLA] & (byte)0xFC);
       //If the INS Select, return -no need to process select
       if(buffer[ISO7816.OFFSET_CLA] == 0 && buffer[ISO7816.OFFSET_INS] == (byte)(0xA4))
            return;
       //If unrecognized class, return "Unsupported class."
       if(buffer[ISO7816.OFFSET_CLA] != CLA)
            ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
       switch(buffer[ISO7816.OFFSET_INS])
       case INS_ENROLL:
            enroll(apdu);
            break;
       default:
            ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
  public void enroll(APDU apdu)
          byte[] buffer = apdu.getBuffer();
          short bytesRead = apdu.setIncomingAndReceive();
          bio_temp.init(buffer, ISO7816.OFFSET_CDATA, bytesRead);
          bio_temp.doFinal();
      public Shareable getShareableInterfaceObject(AID clientAID, byte parameter) {
          return this;
  ///////////// These methods implemets the ShareableBio interface///////////////
  public boolean isInitialized() {
          return bio_temp.isInitialized();
      public boolean isValidated() {
          return bio_temp.isValidated();
      public void reset() {
          bio_temp.reset();
      public byte getTriesRemaining() {
          return bio_temp.getTriesRemaining();
      public byte getBioType() {
          return bio_temp.getBioType();
      public short getVersion(byte[] dest, short offset) {
          return bio_temp.getVersion(dest, offset);
      public short getPublicTemplateData(short publicOffset, byte[] dest, short destOffset, short length)
              throws BioException {
          return bio_temp.getPublicTemplateData(publicOffset, dest, destOffset, length);
      public short initMatch(byte[] candidate, short offset, short length) throws BioException {
          return bio_temp.initMatch(candidate, offset, length);
      public short match(byte[] candidate, short offset, short length) throws BioException {
          return bio_temp.match(candidate, offset, length);
  Problem :
  I have developed this program in Netbeans using java card plug ins. when i am running this program, all the required CAP files and EXP files are generated.
  Now, i have to write this applet on java card through a card reader. My card reader is installed in an embedded system GeoAmida with IP 192.133.133.2 and port number 6789.
  I have used the following settings for my java card device in Netbeans:
  Host : 192.133.133.2
  Server URL: http://192.133.133.2:6789/
  Card Manager URL: http://192.133.133.2:6789/cardmanager/
  HTTP port: 6789
  The output shows me that Instances of this program has been successfully has been created on java card.
  But the problem is how can i ensure that my applet is been successfully installed on the java card?
  The code of host application program, accessing the developed java card applet is given below (it is written in C):
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
  #include <smartcard.h>
  int main()
       int ret, i, smartcard;
       unsigned char applet_id[100], apdu_len, apdu[300],response[300]={0};
       smartcard_info *context;
       smartcard=CONTACTLESS;
       //smartcard=CONTACT_BOT;
       if((context = smartcard_init(smartcard)) == NULL){
            printf("Smartcard Initi. Failed\n");
            return 0xBB;
       /* checking for smartcard */
       while (1){
            if(ret=smartcard_is_present(context, smartcard)!=0)
                 sleep(1);
            else
                 break;
       printf("Selecting Applet \n");
       i = 0;
       applet_id[i++]=0x00; applet_id[i++]=0xA4; applet_id[i++]=0x04; applet_id[i++]=0x00; applet_id[i++]=0x06;
       applet_id[i++]=0xA9; applet_id[i++]=0xBF; applet_id[i++]=0xA2; applet_id[i++]=0xB6; applet_id[i++]=0xB1; applet_id[i++]=0x3E; applet_id[i++]=0x7F;
       if ((ret=smartcard_select_applet(context, smartcard, applet_id, i))!=0){
            printf("select applet failed %02x\n",ret);
            return ;
       printf("Applet Selection Success \n");
  #if 1
       i=0;
       apdu[i++]=0xCF; apdu[i++]=0x10; apdu[i++]=0x04; apdu[i++]=0x04; apdu[i++]=0x7F;
       //apdu[i++]=0x3F; apdu[i++]=0x00;
       apdu_len = i;
       printf("Sending APDU command\n");
       if ((ret=smartcard_apdu(context, smartcard, apdu, apdu_len, response))!=0){
            printf("apdu failed %d\n",ret);
            //return;
       }else
            printf("APDU Success\n");
       //printf("\n");
  #endif
       smartcard_deinit(context);
       return 0;     
  }The output of this program is showing me that applet is been successfully selected, but APDU selection failed. Please solve this problem as soon as possible, because my project is deadline is not very much far.
  Thanks in advance.
  Mukul Gupta

  Hi Shane,
  I am getting error 6a86 which means that value of P1 is less than 1 or more than 8, and we have to change its value to any in between 1 to 8. I did that also but error still remains :(
  Please tell me what is reason behind this error. And, i'll try out your previous solution today, Thanks for it.

• Java application communicate with java card applet without java card

  Can I write java application to communicate with java card applet without using java card?
  Can I send APDU to java card applet on computer(not install in java card)? If it's not, how can I write?
  Best Regard,
  Thanawan

  Your JCOP simulator implements a JCVM/JCRE according
  to specs. The CREF does that same thing excepts it's
  only simulates the API without crypto or third party
  applets. JCOP simulator is more then that. They are using thesame_ codebase for simulator and for oncard JCVM. Basically you are dealing with the same environment in both cases.

• Security in each byte of Java card's EEPROM

  as i undrestand until now in my applet I define a variable and store data in that variable,
  Is it a way to know where these data are stored, I mean I wanna define the memory address of that data by myself,
  caz my card application is multi-app, and maybe in future I want to let someone else load his/her applet in that card beside my applets to do other application
  but from know I wanna think of security that in future let that person to have the memory address from i.e 0x01 up to 0x05
  and have no right to read or write in other memory bytes
  and also each part of memory address should have a security code for authentication...
  what's your idea about this post and what do u sudggest?
  Regards
  Hana

  I'm sorry for my ignorance, but i think that you do not want to mess around with the Card Issuer Keys unless you are the Card Issuer which does not seems like the case.
  I think that you want to use the Secure Channel Protocol inside your own applet(which is what i want to do also) and use your own issued keys.
  Why? Because in a real situation you will not want that your Java Card stuck with only one App, you want it to have as many as the user wants to. For that to happen, the card issuer keeps a keyset to load&install applets, but, when the applet is installed you want to maintain your privacy from the card issuer(and everyone else), so you will need an extra keyset for your own Secure Channel Protocol.
  What i'm saying is that:
  When you enter the Cards Security Domain, you need the cards security domain keys.
  When you select your applet, all your comunications become "plain-text" and you will not have any transaction security.
  I would like to know how to open this SCP channel from my app, but unfortunatelly i cannot help you any further.
  Edited by: rochajoel on Aug 31, 2009 9:48 AM

• JCOP and Java Card Reference Implementation

  Hello,
  is it possible to use the JCOP tool to debug or run an applet not on only on the simulation of the JCOP cards, but also on the Java Card Reference Implementation?
  If yes, how can I do it?
  Thanks

  That would be interesting to see. I don't think it would be benefcial, simply because the JCOP uses additional features that aren't found in the JCREF, like Global Platform. Therefore, your applet downloads wouldn't work because of the difference in APDU commands. Also I don't know how the IDE debugging would handle it.
  I'd like to see if JPCSC can work with JCREF for sending APDU commands.

• Java card implimentation....

  hi ....
  I am very new to this java card and I am not sure how this whole stuff works out.
  I have already worked on mifare 1k\4k cards and familiar with its card architecture. Now I want my readers to work with Java Cards.
  I am not at all sure wat are the things I have to do, to make my reader work with java cards. Though I understand that to communicate with java cards I have to impliment a higher level protocol T=CL in the reader firmware side.
  wat are the other tools and changes I have to do to make a java card work with my reader.

  Dear Friend,
  JavaCard is a technology used for smartcard to be able run java applets. Working with a javacard you use the same principles as with smartcards.
  Yours
  Dmitri

• What Java compiler for Java Card development ?

  What Java compiler and options should be used for Java Card development with the goal of generating correct, and (secondarily) small or/and fast code after conversion to Java Card bytecode using converter ?
  In particular
  - Is use of JDK 7 approved by Oracle for Java Card development? That would solve security problems associated with (the web components of the JRE of) some earlier JDK, including the latest JDK6. The JCDK 3.0.4 release notes states "+the commercial version of Java Development Kit (JDK software) version 6 Update 10 (JDK 6 Update 10) or later is required+, but that does not answer that question.
  - Anyone had _bad_ experience (like incorrect or disastrous code) with the Java compiler bundled with Eclipse ? I have seen at least one case where org.eclipse.jdt.core_3.7.3.v20120119-1537.jar produced slightly more compact code than javac.
  - Anyone had _bad_ experience with javac in jdk1.3 ? In an applet involving a "finally" clause, I've seen it generating more compact code than later javac (which in my test triplicated the code for the finally clause).

  What Java compiler and options should be used for Java Card development with the goal of generating correct, and (secondarily) small or/and fast code after conversion to Java Card bytecode using converter ?-target -source may be required to generate compatible byte code. Depending on the CAP file converter being used debug information may also help. Remember that Java Card is a subset of the Java language (also there are short opcodes that Java doesn't have etc) so a lot of the work for optimisation is done by the converter or the JCRE. You can look at the JCA code generated to determine what works best for your applets. There are also some ways of stripping out dead code etc from JCA files (return statements after a throw etc) to reduce your code size. Most of the speed optimisations come from your code (avoiding context switches and unnecessary security/access checks).
  The compactness of your Java Card binary may not be directly related to the size of your compiled Java code. It can depend on the converter you use and any optimisaitons the JCRE might try to do when the code is loaded.
  - Is use of JDK 7 approved by Oracle for Java Card development? That would solve security problems associated with (the web components of the JRE of) some earlier JDK, including the latest JDK6. Java Card does not use any of the libraries from the JDK/JRE. All of the libraries are provided by the JCRE on the smartcard.
  The JCDK 3.0.4 release notes states "+the commercial version of Java Development Kit (JDK software) version 6 Update 10 (JDK 6 Update 10) or later is required+, but that does not answer that question.Anything above JDK6u10 is supported. If you use Java 7 you may need to add a -source and -target flag when compiling.
  - Anyone had _bad_ experience (like incorrect or disastrous code) with the Java compiler bundled with Eclipse ? I have seen at least one case where org.eclipse.jdt.core_3.7.3.v20120119-1537.jar produced slightly more compact code than javac.We generally use the Eclipse compiler as we find that we get more deterministic builds. When CAP files are sent for security review it is helpful to have the reviewer able to generate a CAP file that matches the one you sent to confirm the binary is what you say it is.
  - Anyone had _bad_ experience with javac in jdk1.3 ? In an applet involving a "finally" clause, I've seen it generating more compact code than later javac (which in my test triplicated the code for the finally clause).We do not use anything less than Java 6 for compilation.
  - Shane