Java Card & X 509 certificates

Similar Messages

• Java Crypto - X.509 Certificate - DER encoded to Base64

  How to convert DER encoded X.509 Certificate to Base64 encoded X.509 Certificate?

  One way is to use the keytool utility supplied with the jdk. My keystore is already set up so you may have some additional steps beyond what I show below.
  First import the DER encoded certificate
  keytool -import -alias tempaliasname -file file.der(you will be prompted for the keystore password)
  Then export to Base64
  keytool -export -alias tempaliasname -file file.cer -rfc(you will be prompted for the keystore password)
  That will give you the Base64 version of your certificate.
  You can use the keytool -delete command to delete the key from your keystore if you want.
  Bruce

• X.509 Certificates on Java Card

  Hi,
  I'm a newbie on this and am looking for any help I can get.
  I am wanting to store or generate an X.509 certificate securely on a Java Card for an application which either requsests the certificate or gets details from the certificate to the application.
  I am currently using keytool to generate certs to get an idea of things. I have no hardware (card/reader) and am currently reliant on SUN's jcwde .
  I have looked for proprietary javacard api's on X.509 and found nothing on this. So I guess I will have to write my own code to do the job using the standards involved.
  What I guess I'm looking for is anyone out there to tell me wether it is feasable to do what I wish and any pointers on how to go about it.
  Thanks in advance ...

  You can't generate a cert on the card because of the technology of certs. Of course, you can store them on the card. It's up to your design how to store it. For example, you might want to store it in PKCS#15 format, or just raw data format, or actually importing the private key using the JC API. Keep in mind you can generate keys on card using the JC API.
  What you are describing is very common with PKI solutions that need a secure token. The smart card is that token.

• Plz Help! How to Store digital certificate on to java card?

  We are working on java cards.......
  But i don't know how to store digital certificate on to java card?
  Any "step-by-step procedure" to follow after getting the certificate will be appriciated.....
  Plz any relative information if u have do reply...............
  Its urgent..............
  Thanks in advance..........

  I'm not understanding the confusion. Instead of storing a picture you are storing a certificate. Treat it as a blob of data. You will send data, approx 250 bytes in length, then send the next blob beginning from previous offset, etc. On the card, you store data into a large byte array beginning at the offsets. Read the picture sample again.
  You would generate the key pair using the KeyPair class. Send that public key to the CA and store the cert returned from the CA.
  If you are attempting PKCS#15, I wouldn't go that route until you understand Java Cards and the PKCS specification.

• Verify a X.509 Certificate with Bouncy Castle and Java ME

  Hi,
  Can anybody point me to an example of verifying a X.509 certificate with Bouncy Castle under Java ME?
  I can see how to easily do it in Java SE code with java.security.cert.Certificate.verify(), but I could not find an equivalent method in the lightweight API.
  Any help is much appreciated.
  Best regards,
  iobytrap

  That's a shame. I'm afraid I don't have any solutions, but I'm am interested if you find one. If you solve your problem, please post back here. In the mean time I'll keep looking around. Have you considered non-free software? IAIK has some fairly complete Java libraries for $$$, though I'm not sure what they have for JME.
  EDIT:
  Yes, they have a library for JME and it has an X509Certificate class. Here are the javadocs .
  Edited by: ghstark on Apr 17, 2010 2:14 PM

• Java Card, Web Start and 2 certificates

  I have a WebStart application that is required to use client certificates. These certificates come from a user's Smart Card that gets put into Internet Explorer. WebStart will automatically grab the certificate and send it to the server.
  My problem comes when there are 2 certificates that fit the profile. In that case, a dialog pops up asking the user to pick 1. It comes up with just about every new connection made back to the server.
  The way I see it, my options are:
  1) Try to reuse connections, extend keep-alive so not too many connections are made.
  2) Try to get the certificates from Internet Explorer manually and pass one of them with the connection
  or
  3) Read the certificate directly from the Card and pass it along.
  I've been trying #1 for a while now, and it doesn't get too much better.
  Any ideas?

  I'll have to check. I'm not running the system, so I don't have any control over this.
  If it is, should I grab it out of there?
  I'm sorry, Java Card and certificate programming is new to me, so...
  The code required to grab the certificate out of the Microsoft Certificate Store would be OS-dependent? If I grab the certificate directly off the card, would that be OS-independent?
  Is this true?

• Java card certificate

  How do i store certificate certificate on a java card 2.1.1 comapatible.
  I do not know how to do i without RMI what is there in 2.2.2
  Please advice

  How do i store certificate certificate on a java card 2.1.1 comapatible.
  I do not know how to do i without RMI what is there in 2.2.2
  Please advice

• How to pass x.509 certificate in my request...

  Hi all,
  Can any one of you tell me how to create a x.509 certificate?? and how to pass it in my request???
  Thanks in advance
  Manoj Nair....

  Thanks a lot abhishek but I couldn't make out any thing.
  What I have seen in one the ppts is that no coding is required for sending the certificate in the request.
  Can you help me how would I go about it regarding the above??
  The thing is like I have created a java keystore and it fetched me a self-signed certificate.
  The thing is like How would I send this certificate in my request... and you know that there is a policy step like "verfify certificate" where in it asks for the keystore.
  I have given my keystore location.
  When I tried to test the page, it should an error like " verification of certificate failed"
  When I saw my gateway logs, it spoke something like;
  'certificate is not presented in the request'
  'no matching certificate is found in the keystore'
  'verification of certificate failed'
  It is evident from the first two statements of the gateway log that there is no certificate coming in the request. Had there been certificate, it would have tried to match the certificate with the certificate that is in the keystore and would have verified it. But here it is not the case... I am not able to send in the certificate in my request...
  Can you tell me out how to go about this...
  one more question.......
  is the self-signed certificate that is created by the keytool utility written in x.509 certificate standard or not?

• APDU for X.509 Certificate

  Would like to understand APDU commands necessary to read X.509 Certificate from CAC card. Have ActivCard document describing "PKI Applet Specification", and believe I must first perform "Install" (CLA:84, INS:E6) then "PIN Verify" (CLA:80, INS:20) then presumably can read EF 02FE, which is the certificate.
  My implementation of "Install", only using "make selectable", returns 6985, "conditions of use not satisfied".
  And my implementation of "PIN Verify" returns 6D00, "unknown instruction given in the command".
  Any sample APDU code for getting the X.509? Thanks.

  I have the ActivCard SDK, and I have run their acbsi_sample.exe program, which reasonably interacts with a Navy issued CAC card, for which I know the PIN.
  Even with the SDK, which implements BSI, I remain ignorant of how to verify PIN and then read the X.509 Certificate. The demo program has no option to do either.
  I am quite aware of the GSCISV2-0.pdf document. It identifies the CAC RID as A000000079 and the "PKI Certificate Container" as FID 02FE.
  Using the ActivCard BSI demo program, I can interrogate that AID but cannot access any tag, all attempts to "read data value" returning "data value length: 0". Furthermore, as stated above, I see no way to verify PIN, and the GSCISV2-0.pdf clearly states that access to the "PKI Certificate Container" is "PIN always".
  Would be most grateful for any assistance you can provide.

• Java Card headache

  Hi,I am doing my final year project on java card and I have the software installed(java_card_kit-2_2_1, OCF 1.2, j2sdk1.4.1).I'm using Schlumberger Cyberflex Access Toolkit 4.4 and I already have the e-gate USB token.The problem is that I'm not sure how i shld start developing my application.I planned to do online cash withdrawal which can download cash from the bank account directly to the smart card. Anybody can help me with this?Where should i start from?I really need help and plz feel free 2 mail me.my email is [email protected] u very much.

  You are trying to run before you learn to walk. Learn the Java Card architecture. If you don't learn these things first, you'll be asking, how to write the applet, how to generate key pairs, how to create memory in EEPROM, how to send commands to the applet to store large data sizes over 256, etc. Take one step at a time !
  To answer you question: Depends on your solution. If you are using certs for digital signing, you should generate the signing keys on the card and send a CSR with the public key. Store the signing cert on the card. PKCS#15 is the standard, but time consuming to implement on a Java Card, so I recommend just a buffer and handle it off card. For encryption certs, you can generate the key pair off card and store the certificates on the card.
  CA questions should be directed to the Security Forum.
  HTH !

• Help about running Java Card developement Kit Demo

  I am following the Java Card development kit step by step. I have set all environments but I could not run the demo at all. D:\JAVACARD\SAMPLES\SRC\DEMO>
  if I type "jcwde jcwde.app" at the demo directory, it tells me that, jcwde is not an intenal or batch file command. when I copied the jcwde.bat from bin directory to demo directory, it run but a lot of erros.
  I will be glad if somebody can help to overcome this initial and very important steps in my adventure to smart card.
  Thanks

  Thanks everybody for their contribution and suggestion. I have been able to make the demo works apart from demo1 which still give problems.
  if I type jcwde jcwde.app, it gives me the following errors.
  Java Card 2.2 Workstation Development Environment (version 0.18).
  Copyright 2002 Sun Microsystems, Inc. All rights reserved.
  jcwde is listening for T=0 Apdu's on TCP/IP port 9,025.
  Exception in thread "main" java.lang.IllegalAccessError: class javacard.framewor
  k.JCWDEDispatcher cannot access its superclass javacard.framework.Dispatcher
  at java.lang.ClassLoader.defineClass0(Native Method)
  at java.lang.ClassLoader.defineClass(ClassLoader.java:509)
  at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:12
  3)
  at java.net.URLClassLoader.defineClass(URLClassLoader.java:246)
  at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
  at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
  at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
  at com.sun.javacard.jcwde.Main.run(Main.java:77)
  at com.sun.javacard.jcwde.Main.main(Main.java:141)

• Does Java Card 2 API support all the smart card?

  Does Java Card 2 API support all the smart card? I guess all the java cards are smart card but all the smart card are not java card. so Java card 2 API supports only java card. It does not support all the smart card. Please somebody let me know wheather I am correct or not. Because I want to make an application which supports all the smart card. I am confuse wheather I have to use JavaCard API or OCF or any other framework/API. Please help me. Thanks

  I am clear with java card.
  But I want to make an application which can verify the PIN inside card and read logon certificate, which is saved inside card. Is there any framework which I can use to full fill my simple requiremnt. I dont want to deal with any applet inside card.

• Load file to java card?

  Hi
  Is there any way to load jks file to javacard?
  Please helpme

  How to send a certificate file(.p12 file) into the java card?
  I am trying to send a p12 - certificate file to the smart card using javacard. Is it possible to send a file directly to java card or not? Thanks....

• Need suggestion regarding simulation of Java Card using a floppy

  Hi All,
  I am working on a project wherein I have to simulate a Java Card application using a floppy. I am writing my own Card Terminal and CardTerminalFactory. Thats what I have started working on. Will that serve the purpose or do I have to think about some other approach like just overriding the cardInserted method of CTListener class? I want to achieve communication between the host application and the floppy(which is my java card) Please advise.
  I would like to thank DurangoVa and Nilesh for helping me out sorting out the error in running the converter.
  Thanks in advance

  Are you referring to a Floppy diskette drive ?

• Step by step installation for java card kit 2.2.2

  can anyone help me with a complete step by step installation information for java card kit 2.2.2, i already tried to follow the instruction given in the software i download n still stuck in setting the java path. any recommendation
  thanks for the help

  The javacard API is for developing applets on card. Java 6 is for developing clients off-card.
  yes u can use any java IDEs like netbeans or jcreator. But you will have to select the libraries within the downloaded java card kit folder for ur IDE in order to compile successfully.
  try reading up the documentation and run the samples in the java card kit. thats a good place to start.