PKCS#11 pin initialization
How to initialize smartcard's pin number using Sun PKCS#11 implementation ?
How to personalize smartcard (generate keys and load certificate) using Sun PKCS#11 implementation ?
String configName = "C:/pkcs11.cfg";
provider = new sun.security.pkcs11.SunPKCS11(configName);
System.out.println("provider name: " +provider.getName());
System.out.println("provider information : " +provider.getInfo());
Security.addProvider(provider);
KeyStore keyStore = null;
keyStore = KeyStore.getInstance("PKCS11",provider);
System.out.println("password from form --> "+tokenPassword.toString());
keyStore.load(null,tokenPassword);
provider = keyStore.getProvider();
//Retrieving certificate chains from E-Token
for(Enumeration e = keyStore.aliases() ; e.hasMoreElements() ;)
alias = e.nextElement().toString();
//Retrieving private key from E-Token
PrivateKey privKey = (PrivateKey)keyStore.getKey(alias, tokenPassword);
System.out.println("private Key ===>\n"+privKey);
java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)keyStore.getCertificate(alias);
java.security.cert.Certificate[] certChain =keyStore.getCertificateChain(alias);
PublicKey pubKey = cert.getPublicKey();
System.out.println("PUBLIC KEY FROM E-TOKEN ==>\n"+pubKey);
//pdf document before digital sign
PdfReader reader = new PdfReader("D:/Reports/Standard/"+downloadpath);
//New pdf document created for digital sign
FileOutputStream fout = new FileOutputStream("D:/Reports/Standard/dig"+downloadpath);
//generating digital signature for sign a pdf document
PdfStamper stp = PdfStamper.createSignature(reader, fout,'\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(privKey, certChain, null,PdfSignatureAppearance.WINCER_SIGNED);
sap.setReason("Certifying Authority");
sap.setLocation("HYD");
//comment next line to have an invisible signature
sap.setVisibleSignature(new Rectangle(100, 150, 200, 200), 1, null);
stp.close();
//unregistering the provider (E-Token).
//Security.removeProvider("SunPKCS11-GNFCeToken");
Security.removeProvider(provider.getName());
System.out.println("provider Info-> "+provider.getProperty("Provider.id info"));
System.out.println("provider pkcs-> "+provider.getProperty("KeyStore.PKCS11"));
System.out.println("provider class->"+provider.getClass());
provider.remove("provider.id info");
provider.remove("Provider.id className");
provider.clear();
Similar Messages
-
Trying to run sample applet 'Wallet'. What is PIN?
Dear
I'm trying to run sample applet 'Wallet' in java card development kit.
I have 2 questions.
1) I successfully upload 'cap file'. but I got an error when I install it.
I don't know why.
Below is the APDU
cm> upload "C:\wallet.cap"
=> 80 E6 02 00 16 09 77 61 6C 6C 65 74 70 6B 67 08 ......walletpkg.
A0 00 00 00 03 00 00 00 00 00 00 00 ............
(114664 usec)
<= 00 90 00 ...
Status: No Error
=> 80 E8 00 00 FF C4 82 02 A8 01 00 13 DE CA FF ED ................
01 02 04 00 01 09 77 61 6C 6C 65 74 70 6B 67 02 ......walletpkg.
00 1F 00 13 00 1F 00 0D 00 0B 00 66 00 12 01 87 ...........f....
00 0A 00 3A 00 00 00 DD 00 00 00 00 00 00 01 01 ...:............
00 04 00 0B 01 00 01 07 A0 00 00 00 62 01 01 03 ............b...
00 0D 01 09 77 61 6C 6C 65 74 61 70 70 00 01 06 ....walletapp...
00 12 00 80 03 02 00 01 04 04 00 00 00 3A FF FF .............:..
00 2D 00 42 07 01 87 00 04 30 8F 00 0A 18 1D 1E .-.B.....0......
8C 00 09 7A 05 40 18 8C 00 16 18 8F 00 10 3D 06 ...z.@........=.
10 08 8C 00 15 87 00 AD 00 19 1E 1F 8B 00 03 18 ................
8B 00 12 7A 01 10 AD 00 8B 00 08 61 04 03 78 04 ...z.......a..x.
78 01 10 AD 00 8B 00 06 7A 02 21 19 8B 00 02 2D x.......z.!....-
18 8B 00 0F 60 03 7A 1A 03 25 10 B0 6A 08 11 6E ....`.z..%..j..n
00 8D 00 0D 1A 04 25 75 00 2D 00 04 00 20 00 27 ......%u.-... .'
00 30 00 21 00 40 00 1B 00 50 00 15 18 19 8C 00 [email protected]......
0E 7A 18 19 8C 00 04 7A 18 19 8C 00 17 7A 18 19 .z.....z.....z..
8C 00 0B 7A 00 ...z.
(551929 usec)
<= 90 00 ..
Status: No Error
=> 80 E8 00 01 FF 11 6D 00 8D 00 0D 7A 03 24 AD 00 ......m....z.$..
8B 00 13 61 08 11 63 01 8D 00 0D 19 8B 00 02 2D ...a..c........-
1A 07 25 32 19 8B 00 07 5B 29 04 1F 04 6B 07 16 ..%2....[)...k..
04 04 6A 08 11 67 00 8D 00 0D 1A 08 25 29 05 16 ..j..g......%)..
05 10 64 6E 06 16 05 63 08 11 6A 83 8D 00 0D AF ..dn...c..j.....
01 16 05 41 11 27 10 6F 08 11 6A 84 8D 00 0D 18 ...A.'.o..j.....
AF 01 16 05 41 89 01 7A 03 24 AD 00 8B 00 13 61 ....A..z.$.....a
08 11 63 01 8D 00 0D 19 8B 00 02 2D 1A 07 25 32 ..c........-..%2
19 8B 00 07 5B 29 04 1F 04 6B 07 16 04 04 6A 08 ....[)...k....j.
11 67 00 8D 00 0D 1A 08 25 29 05 16 05 10 64 6E .g......%)....dn
06 16 05 63 08 11 6A 83 8D 00 0D AF 01 16 05 43 ...c..j........C
63 08 11 6A 85 8D 00 0D 18 AF 01 16 05 43 89 01 c..j.........C..
7A 03 22 19 8B 00 02 2D 19 8B 00 11 32 19 05 8B z."....-....2...
00 0C 1A 03 AF 01 8D 00 18 3B 19 03 05 8B 00 05 .........;......
7A 04 22 19 8B 00 02 2D 19 8B 00 07 5B 32 AD 00 z."....-....[2..
1A 08 1F 8B 00 14 61 08 11 63 00 8D 00 0D 7A 08 ......a..c....z.
00 0A 00 00 00 .....
(405152 usec)
<= 90 00 ..
Status: No Error
=> 80 E8 80 02 AE 00 00 00 00 00 00 00 00 05 00 66 ...............f
00 19 02 00 00 00 02 00 00 01 03 80 0A 01 03 80 ................
09 08 06 00 00 F0 03 80 0A 04 03 80 09 05 03 80 ................
0A 06 03 80 09 02 06 00 00 0D 01 00 00 00 06 00 ................
01 69 03 80 0A 09 06 80 07 01 06 00 01 49 03 80 .i...........I..
03 03 01 80 09 00 03 80 0A 07 03 80 03 01 03 80 ................
09 04 03 80 09 01 06 80 09 00 06 80 03 00 06 00 ................
00 94 06 80 10 06 09 00 3A 00 0E 1F 02 0F 0D 5A ........:......Z
41 11 05 05 41 0E 05 16 1A 00 28 04 06 07 04 07 A...A.....(.....
0A 04 08 0D 07 05 10 1D 06 06 06 07 08 08 04 09 ................
12 15 10 10 08 04 09 12 15 0D 0F 05 06 07 07 07 ................
05 0A 08 00 ....
(658167 usec)
<= 00 90 00 ...
Status: No Error
Load report:
684 bytes loaded in 1.8 seconds
effective code size on card:
+ package AID 9
+ applet AIDs 16
+ classes 21
+ methods 394
+ statics 0
+ exports 0
overall 440 bytes
cm> install -i 77616c6c6574617070 -q C9#() 77616c6c6574706b67 77616c6c6574617070
=> 80 E6 0C 00 24 09 77 61 6C 6C 65 74 70 6B 67 09 ....$.walletpkg.
77 61 6C 6C 65 74 61 70 70 09 77 61 6C 6C 65 74 walletapp.wallet
61 70 70 01 00 02 C9 00 00 00 app.......
(269663 usec)
<= 6A 80 j.
Status: Wrong data
jcshell: Error code: 6a80 (Wrong data)
jcshell: Wrong response APDU: 6A80
Unexpected error; aborting execution
Another question
2) According to the code I have to specify PIN number when I
install it. Is PIN different from PIN in the card?
Is it application dependent?
private WalletApp (byte[] bArray, short bOffset, byte bLength){
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
// bArray contains the PIN initialization value
pin.update(bArray, bOffset, bLength);
// register the applet instance with the JCRE
register();
} // end of the constructor
Anyone can help?
I really appreciate your help2) According to the code I have to specify PIN number when I
install it. Is PIN different from PIN in the the card?
Is it application dependent?Yes, it is an card idependent but application dependent PIN.
Jan -
Verify user pin on a smart card & load a cap file on a card (with eclipse)
I have been able install JCWDE (Java card development Kit) successfully on eclipse.Basically all I need to do is verify user pin on a smart card.As in first set a pin and then verify it.
To begin with I have referred many tutorials (here: http://www.javaworld.com/jw-07-1999/jw-07-javacard.html?page=1) and implemented the wallet code in eclipse.I have the cap file generated and the scripts generated.I am not sure how to load it on the smart card with eclipse.
I tried to deploy the cap file but it keeps saying connected.Also when we initiate the applet I get the same result.
output:
Java Card 2.2.2 APDU Tool, Version 1.3
Copyright 2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.
Opening connection to localhost on port 9032.
Connected.
I have also tried : http://www.cs.ru.nl/E.Poll/hw/practical.html ........ but no luck.
I have the wallet.cap ,wallet.exp ,wallet.jca ,wallet.opt create.script, select,cap-download.scripts files already generated in eclipse.
How does a successfully implemented applet code on a smart card work?How does this wallet code work if it is successfully implemented ? Does it have like some GUI which prompts the user to enter the pin?
Wallet code for reference :
package com.sun.javacard.samples.wallet;
import javacard.framework.*;
public class Wallet extends Applet {
/* constants declaration */
// code of CLA byte in the command APDU header
final static byte Wallet_CLA =(byte)0x80;
// codes of INS byte in the command APDU header
final static byte VERIFY = (byte) 0x20;
final static byte CREDIT = (byte) 0x30;
final static byte DEBIT = (byte) 0x40;
final static byte GET_BALANCE = (byte) 0x50;
// maximum balance
final static short MAX_BALANCE = 0x7FFF;
// maximum transaction amount
final static byte MAX_TRANSACTION_AMOUNT = 127;
// maximum number of incorrect tries before the
// PIN is blockedd
final static byte PIN_TRY_LIMIT =(byte)0x03;
// maximum size PIN
final static byte MAX_PIN_SIZE =(byte)0x08;
// signal that the PIN verification failed
final static short SW_VERIFICATION_FAILED =
0x6300;
// signal the the PIN validation is required
// for a credit or a debit transaction
final static short SW_PIN_VERIFICATION_REQUIRED =
0x6301;
// signal invalid transaction amount
// amount > MAX_TRANSACTION_AMOUNT or amount < 0
final static short SW_INVALID_TRANSACTION_AMOUNT = 0x6A83;
// signal that the balance exceed the maximum
final static short SW_EXCEED_MAXIMUM_BALANCE = 0x6A84;
// signal the the balance becomes negative
final static short SW_NEGATIVE_BALANCE = 0x6A85;
/* instance variables declaration */
OwnerPIN pin;
short balance;
private Wallet (byte[] bArray,short bOffset,byte bLength) {
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
byte iLen = bArray[bOffset]; // aid length
bOffset = (short) (bOffset+iLen+1);
byte cLen = bArray[bOffset]; // info length
bOffset = (short) (bOffset+cLen+1);
byte aLen = bArray[bOffset]; // applet data length
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, (short)(bOffset+1), aLen);
register();
} // end of the constructor
public static void install(byte[] bArray, short bOffset, byte bLength) {
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
} // end of install method
public boolean select() {
// The applet declines to be selected
// if the pin is blocked.
if ( pin.getTriesRemaining() == 0 )
return false;
return true;
}// end of select method
public void deselect() {
// reset the pin value
pin.reset();
public void process(APDU apdu) {
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
// At this point, only the first header bytes
// [CLA, INS, P1, P2, P3] are available in
// the APDU buffer.
// The interface javacard.framework.ISO7816
// declares constants to denote the offset of
// these bytes in the APDU buffer
byte[] buffer = apdu.getBuffer();
// check SELECT APDU command
if (apdu.isISOInterindustryCLA()) {
if (buffer[ISO7816.OFFSET_INS] == (byte)(0xA4)) {
return;
} else {
ISOException.throwIt (ISO7816.SW_CLA_NOT_SUPPORTED);
// verify the reset of commands have the
// correct CLA byte, which specifies the
// command structure
if (buffer[ISO7816.OFFSET_CLA] != Wallet_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case GET_BALANCE:
getBalance(apdu);
return;
case DEBIT:
debit(apdu);
return;
case CREDIT:
credit(apdu);
return;
case VERIFY:
verify(apdu);
return;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
} // end of process method
private void credit(APDU apdu) {
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
// Lc byte denotes the number of bytes in the
// data field of the command APDU
byte numBytes = buffer[ISO7816.OFFSET_LC];
// indicate that this APDU has incoming data
// and receive data starting from the offset
// ISO7816.OFFSET_CDATA following the 5 header
// bytes.
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
// it is an error if the number of data bytes
// read does not match the number in Lc byte
if ( ( numBytes != 1 ) || (byteRead != 1) )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get the credit amount
byte creditAmount = buffer[ISO7816.OFFSET_CDATA];
// check the credit amount
if ( ( creditAmount > MAX_TRANSACTION_AMOUNT)
|| ( creditAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( (short)( balance + creditAmount) > MAX_BALANCE )
ISOException.throwIt(SW_EXCEED_MAXIMUM_BALANCE);
// credit the amount
balance = (short)(balance + creditAmount);
} // end of deposit method
private void debit(APDU apdu) {
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes =
(byte)(buffer[ISO7816.OFFSET_LC]);
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
if ( ( numBytes != 1 ) || (byteRead != 1) )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get debit amount
byte debitAmount = buffer[ISO7816.OFFSET_CDATA];
// check debit amount
if ( ( debitAmount > MAX_TRANSACTION_AMOUNT)
|| ( debitAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( (short)( balance - debitAmount ) < (short)0 )
ISOException.throwIt(SW_NEGATIVE_BALANCE);
balance = (short) (balance - debitAmount);
} // end of debit method
private void getBalance(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// inform system that the applet has finished
// processing the command and the system should
// now prepare to construct a response APDU
// which contains data field
short le = apdu.setOutgoing();
if ( le < 2 )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
//informs the CAD the actual number of bytes
//returned
apdu.setOutgoingLength((byte)2);
// move the balance data into the APDU buffer
// starting at the offset 0
buffer[0] = (byte)(balance >> 8);
buffer[1] = (byte)(balance & 0xFF);
// send the 2-byte balance at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
} // end of getBalance method
private void verify(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// retrieve the PIN data for validation.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// check pin
// the PIN data is read into the APDU buffer
// at the offset ISO7816.OFFSET_CDATA
// the PIN data length = byteRead
if ( pin.check(buffer, ISO7816.OFFSET_CDATA,
byteRead) == false )
ISOException.throwIt(SW_VERIFICATION_FAILED);
} // end of validate method
} // end of class Wallet
Any help on this would highly appreciated !! :)Hi,
Thanks a lot for reply.But I am not sure as to how can I delete the simulator.
All I want to do is write a pin on the smart card and verify it.But I am not being able to deploy the cap file or initiate the applet.
Also for passing the pin correct me if I am wrong........ according to what you said and what I have understood
If the code is like this :
public static void install(byte[] bArray, short bOffset, byte bLength) {
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
} // end of install method
byte aLen = bArray[bOffset]; // applet data length
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, (short)(bOffset+1), aLen);
Lets say my pin is : 1234
then I would pass it here.....
new Wallet(bArray, 1234, bLength); -
Install error -look at the code. plz help
I have the simple applet that I'm able to compile and load on to a JCOP10 cartd. When I try to install the applet so that I can start interacting with it, I get the following error. How do I go beyond this point? I'll appreciate your help.
JCOP shell
Load report:
747 bytes loaded in 0.0 seconds
effective code size on card:
+ package AID 6
+ applet AIDs 13
+ classes 21
+ methods 470
+ statics 0
+ exports 0
overall 510 bytes
end
/set-var J 0
while ${J} < ${PKG_${I}_APP_COUNT}
install -i ${PKG_${I}_APP_${J}_INST_AID} -q C9#(${PKG_${I}_APP_${J}_INST_DATA}) ${PKG_${I}_AID} ${PKG_${I}_APP_${J}_AID}
=> 80 E6 0C 00 24 06 11 11 11 11 11 11 06 22 22 22 ....$........"""
22 22 22 06 22 22 22 22 22 33 01 00 0B C9 09 23 """."""""3.....#
42 38 47 36 74 63 76 73 00 00 B8G6tcvs..
(0 msec)
<= 6A 80 j.
Status: Wrong data
Error code: 6a80 (Wrong data)
Offending APDU: 6A80
Here is the code.
* Package: myWallet
* Filename: MyWallet.java
* Class: MyWallet
* Date: Jan 23, 2004 2:01:58 PM
package myWallet;
import javacard.framework.*;
//import javacardx.framework.*;
public class MyWallet extends Applet
/* constants declaration */
// code of CLA byte in the command APDU header
final static byte Wallet_CLA =(byte)0x80;
// codes of INS byte in the command APDU header
final static byte VERIFY = (byte) 0x20;
final static byte CREDIT = (byte) 0x30;
final static byte DEBIT = (byte) 0x40;
final static byte GET_BALANCE = (byte) 0x50;
// maximum balance
final static short MAX_BALANCE = (byte)0x7FFF;
// maximum transaction amount
final static byte MAX_TRANSACTION_AMOUNT =(byte)0x007F;
// maximum number of incorrect tries before the
// PIN is blocked
final static byte PIN_TRY_LIMIT =(byte)0x03;
// maximum size PIN
final static byte MAX_PIN_SIZE =(byte)0x08;
// signal that the PIN verification failed
final static short SW_VERIFICATION_FAILED = 0x6300;
// signal the the PIN validation is required
// for a credit or a debit transaction
final static short SW_PIN_VERIFICATION_REQUIRED = 0x6301;
// signal invalid transaction amount
// amount > MAX_TRANSACTION_AMOUNT or amount < 0
final static short SW_INVALID_TRANSACTION_AMOUNT = 0x6A83;
// signal that the balance exceed the maximum
final static short SW_EXCEED_MAXIMUM_BALANCE = 0x6A84;
// signal the the balance becomes negative
final static short SW_NEGATIVE_BALANCE = 0x6A85;
/* instance variables declaration */
OwnerPIN pin;
short balance;
private MyWallet (byte[] bArray,short bOffset,byte bLength)
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
byte iLen = bArray[bOffset]; // aid length
bOffset = (short) (bOffset+iLen+1);
byte cLen = bArray[bOffset]; // info length
bOffset = (short) (bOffset+cLen+1);
byte aLen = bArray[bOffset]; // applet data length
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, (short)(bOffset+1), aLen);
register();
} // end of the constructor
public static void install(byte[] bArray, short bOffset, byte bLength){
// create a Wallet applet instance
MyWallet me = new MyWallet(bArray, bOffset, bLength);
me.register(bArray, bOffset, bLength);
} // end of install method
public boolean select()
// The applet declines to be selected
// if the pin is blocked.
if ( pin.getTriesRemaining() == 0 )
return false;
return true;
}// end of select method
public void deselect() {
// reset the pin value
pin.reset();
public void process(APDU apdu) {
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
// At this point, only the first header bytes
// [CLA, INS, P1, P2, P3] are available in
// the APDU buffer.
// The interface javacard.framework.ISO7816
// declares constants to denote the offset of
// these bytes in the APDU buffer
byte[] buffer = apdu.getBuffer();
// check SELECT APDU command
buffer[ISO7816.OFFSET_CLA] = (byte)(buffer[ISO7816.OFFSET_CLA] & (byte)0xFC);
if ((buffer[ISO7816.OFFSET_CLA] == 0) &&
(buffer[ISO7816.OFFSET_INS] == (byte)(0xA4)) )
return;
// verify the reset of commands have the
// correct CLA byte, which specifies the
// command structure
if (buffer[ISO7816.OFFSET_CLA] != Wallet_CLA)
ISOException.throwIt
(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case GET_BALANCE: getBalance(apdu);
return;
case DEBIT: debit(apdu);
return;
case CREDIT: credit(apdu);
return;
case VERIFY: verify(apdu);
return;
default: ISOException.throwIt (ISO7816.SW_INS_NOT_SUPPORTED);
} // end of process method
private void credit(APDU apdu)
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt(
SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
// Lc byte denotes the number of bytes in the
// data field of the command APDU
byte numBytes = buffer[ISO7816.OFFSET_LC];
// indicate that this APDU has incoming data
// and receive data starting from the offset
// ISO7816.OFFSET_CDATA following the 5 header
// bytes.
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
// it is an error if the number of data bytes
// read does not match the number in Lc byte
if ( ( numBytes != 1 ) || (byteRead != 1) )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get the credit amount
byte creditAmount = buffer[ISO7816.OFFSET_CDATA];
// check the credit amount
if ( ( creditAmount > MAX_TRANSACTION_AMOUNT)
|| ( creditAmount < 0 ) )
ISOException.throwIt
(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( (short)( balance + creditAmount) > MAX_BALANCE )
ISOException.throwIt
(SW_EXCEED_MAXIMUM_BALANCE);
// credit the amount
balance = (short)(balance + creditAmount);
} // end of deposit method
private void debit(APDU apdu)
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt
(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes =
(byte)(buffer[ISO7816.OFFSET_LC]);
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
if ( ( numBytes != 1 ) || (byteRead != 1) )
ISOException.throwIt
(ISO7816.SW_WRONG_LENGTH);
// get debit amount
byte debitAmount =
buffer[ISO7816.OFFSET_CDATA];
// check debit amount
if ( ( debitAmount > MAX_TRANSACTION_AMOUNT)
|| ( debitAmount < 0 ) )
ISOException.throwIt
(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( (short)( balance - debitAmount ) < (short)0 )
ISOException.throwIt(SW_NEGATIVE_BALANCE);
balance = (short) (balance - debitAmount);
} // end of debit method
private void getBalance(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// inform system that the applet has finished
// processing the command and the system should
// now prepare to construct a response APDU
// which contains data field
short le = apdu.setOutgoing();
if ( le < 2 )
ISOException.throwIt
(ISO7816.SW_WRONG_LENGTH);
//informs the CAD the actual number of bytes
//returned
apdu.setOutgoingLength((byte)2);
// move the balance data into the APDU buffer
// starting at the offset 0
buffer[0] = (byte)(balance >> 8);
buffer[1] = (byte)(balance & 0xFF);
// send the 2-byte balance at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
} // end of getBalance method
private void verify(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// retrieve the PIN data for validation.
byte byteRead =(byte)(apdu.setIncomingAndReceive());
// check pin
// the PIN data is read into the APDU buffer
// at the offset ISO7816.OFFSET_CDATA
// the PIN data length = byteRead
if ( pin.check(buffer, ISO7816.OFFSET_CDATA,byteRead) == false )
ISOException.throwIt(SW_VERIFICATION_FAILED);
} // end of validate method
} // end of class WalletHow do I set a breakpoint in my install method in order to identify the error?
I've tried changing my install method and making it look exactly like the sample wallet applications accompanying the javacard kit, but I'm still getting the same error? here else could be the possible source of the error?
Thomas -
Starting an SSL instance automatically
Hello,
how is it possible to automatically start the ssl instance, version 7.0.12 ?
# svcadm enable https-webdesk
# svcs -a|grep http
maintenance 8:57:42 svc:/network/http:https-webdesk
+# tail -f network-http:https-webdesk.log+
+.+
+.+
+[ Nov 18 08:57:39 Enabled. ]+
+[ Nov 18 08:57:40 Executing start method (""/opt/webserver7/https-webdesk/bin/startserv"") ]+
Oracle iPlanet Web Server 7.0.12 B07/04/2011 12:06
failure: end-of-file while reading password
failure: end-of-file while reading password
failure: end-of-file while reading password
failure: CORE1227: NSS PKCS #11 initialization failed (SEC_ERROR_BAD_PASSWORD: Security password entered is incorrect.)
failure: server initialization failed
As in v6.1, I modied the start script the same way, but it doesn't work anymore.
# cat /opt/webserver7/https-webdesk/bin/startserv
case $COMMAND in
--start|-start)
+${SERVER_BIN} -d "${SERVER_CONFIG_DIR}" -r "${SERVER_INSTALL_ROOT}" -t "${SERVER_TEMP_DIR}" -u "${SERVER_USER}" -s ${SERVER_BIN} -d "${SERVER_CONFIG_DIR}" -r "${SERVER_INSTALL_ROOT}" -t "${SERVER_TEMP_DIR}" -u "${SERVER_USER}" -s "${SERVER_SVC_START_CMD}" $@ *< /opt/webserver7/https-webdesk/secret/pass*
any ideas?
The password is definitely correct.
I want to start the ssl instance automatically during boot.
-- Nickok I read the docs, but it's still not clear to me.
I edit server.xml
<pkcs11>
<enabled>true</enabled>
<crl-files>???</crl-files>
<token>
<enabled>true</enabled>
<name>???</name>
</token>
</pkcs11>
??? ... not sure
/opt/webserver7/https-webdesk/config/secret/password.conf
whatever I test, I get
# /opt/webserver7/https-webdesk # bin/startserv -configtest
Oracle iPlanet Web Server 7.0.12 B07/04/2011 12:06
[23/Nov/2011:12:15:10] info ( 6824): CORE1116: Oracle iPlanet Web Server 7.0.12 B07/04/2011 12:06
warning: wl-init reports: missing parameter 'Debug', will use default
warning: wl-init reports: missing parameter 'WLLogFile', will use default
warning: wl-init reports: missing parameter 'WLTempDir', will use default
info: wl-init reports: Debug is disabled [(null)]
info: wl-init reports: BEA plugin build date/time: Apr 18 2008 11:33:05. Change Number: 1110533
failure: CORE1227: NSS PKCS #11 initialization failed (SEC_ERROR_BAD_PASSWORD: Security password entered is incorrect.)
thank you.
-- nick -
Install command syntax issue in jcop tool
Hello there, I want to implement pin concept in my applet, as i read about this ,i think i need to Bind the USER_PIN over install command , till now i am using install command like-
install -i a0010203040506070809 -q C9#() a00102030405060708 a0010203040506070809but to pass pin number , i need to update this install command with new one.
Can anybody suggest me the updated install command , with help of that i can pass pin-0102030405 to the install command and use it by below technique
byte iLen = bArray[bOffset]; // aid length
bOffset = (short) (bOffset + iLen + 1);
byte cLen = bArray[bOffset]; // info length
bOffset = (short) (bOffset + cLen + 1);
byte aLen = bArray[bOffset]; // applet data lengthmy package id is -a00102030405060708
my applet id is- a0010203040506070809
regards:-
danieli think install command invoke the applet in the memory or make a instance in memory which will be active in life time. right?
so i want to pass a password like- 0102030405 with help of install command, it will be the default password , or in future if i will be require then i can change this with new one. As i read, after passing this in install command, i need to use below code to get 0102030405.
following code:-
byte iLen = bArray[bOffset]; // aid length
bOffset = (short) (bOffset + iLen + 1);
byte cLen = bArray[bOffset]; // info length
bOffset = (short) (bOffset + cLen + 1);
byte aLen = bArray[bOffset]; // applet data lengthso tell me please what would be the install command?
--- wallet code is like--
public static void install(byte[] bArray, short bOffset, byte bLength){
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
} // end of install method
// constucor code is:-
private Wallet (byte[] bArray,short bOffset,byte bLength){
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
byte iLen = bArray[bOffset]; // aid length
bOffset = (short) (bOffset+iLen+1);
byte cLen = bArray[bOffset]; // info length
bOffset = (short) (bOffset+cLen+1);
byte aLen = bArray[bOffset]; // applet data length
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, (short)(bOffset+1), aLen);
register();
} // end of the constructor
// i want to implement this concept......................Edited by: daniel on Feb 28, 2012 7:17 AM -
Hi,
I am working on a project with smart cards and JCOP 3.1.1. I am trying to run the Wallet sample demo and I am facing a wrong data error during the installation. Here are the APDU traces :
cm> upload -d "D:\Eclipse\Eclipse31\workspace\wallet\bin\com\sun\javacard\samples\wallet\javacard\wallet.cap"
Status: No Error
Load report:
2816 bytes loaded in 0.1 seconds
effective code size on card:
+ package AID 6
+ applet AIDs 17
+ classes 23
+ methods 421
+ statics 0
+ exports 0
overall 467 bytes
cm> install -i 77616c6c65742e617070 -q C9#() 77616c6c6574 77616c6c65742e617070
=> 80 E6 0C 00 23 06 77 61 6C 6C 65 74 0A 77 61 6C ....#.wallet.wal
6C 65 74 2E 61 70 70 0A 77 61 6C 6C 65 74 2E 61 let.app.wallet.a
70 70 01 00 02 C9 00 00 00 pp.......
(76596 msec)
<= 6A 80 j.
Status: Wrong data
jcshell: Error code: 6a80 (Wrong data)
jcshell: Wrong response APDU: 6A80
Unexpected error; aborting execution
As I use debugging, the code line that generates the error is :
pin.update(bArray, bOffset, bLength);
in the wallet() constructor :
private Wallet (byte[] bArray,short bOffset,byte bLength){
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, bOffset, bLength);
register();
} // end of the constructor
public static void install(byte[] bArray, short bOffset, byte bLength){
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
} // end of install method
I've seen in a thread linked to Wallet and JCOP a tip :
SInce JCOP is a GP card, the install() method gets the parameters in GP format. You cannot change that format. So you'll have to do something like this:
private WalletApplet(byte[] bArray, short bOffset, byte bLength) {
// skip instance AID
bOffset += (short) (bArray[bOffset] + 1);
// skip application privileges
bOffset += (short) (bArray[bOffset] + 1);
// set bLength
bLength = (short) (bArray[bOffset++] & 0xff);
// now bOffset and bLength are correct for install data
but It didn't worked, I still have the error...
I can't find out what I'm doing wrong.
Thanks for helping.I have exactly the same problem. After 3.1 upgrade, 75-90% of all incoming calls going straight to VM, even when showing full bars and I'm sitting watching my phone. Outbound calls just "hang", with "calling".
I finally turned off "3G" in settings (reverts to "E" network), and now calls are working again. Apparently 3.1 "broke" 3G connection to ATT network.
Personally, I want a refund for my monthly service that includes 3G. We should all ask for refunds of our monthly service. Don't they even TEST this before the put the new code out there? -
Sample Javacard 2.2.1 Electronic wallet, Loyalty Points & StudentID applet
Hi All,
After nine months of researching and developing a java card applet and terminal side interface for my final year university project I was frustrated with the lack of sample code and tutorials available online.
My applet is aimed at students as an id card containing a student id, all the features of an electronic wallet, loyalty point system protected by a pin number. Pin is changeable.
The terminal interaction or host side application that communicates with this applet can be found in this forum under the heading "Sample Smartcardio (Host side) applet interaction application".
As I have no finished my project I would like to share it with anyone that would like to see it.
While I would love to write a tutorial I simply do not have the time however below is the applet I used in my project, I how for anyone that has read through java sun's tutorials this will be a help:
package account;
import javacard.framework.APDU;
import javacard.framework.APDUException;
import javacard.framework.ISO7816;
import javacard.framework.Applet;
import javacard.framework.ISOException;
import javacard.framework.OwnerPIN;
import javacard.framework.TransactionException;
import javacard.framework.Util;
* @Raymond_Garrett
* DT 354-4
*Applet ID 41 63 63 6F 75 6E 74 41 70 70 6C 65 74
public class AccountApplet extends Applet {
// codes of CLA byte in the command APDUs
final static byte ACCOUNT_CLA = (byte)0xA0;
// codes of INS byte in the command APDUs
final static byte VERIFY_INS = (byte) 0x20;
final static byte CREDIT_INS = (byte) 0x30;
final static byte DEBIT_INS = (byte) 0x40;
final static byte GET_LOYALTYPOINTS_BALANCE_INS = (byte) 0x45;
final static byte CREDIT_LOYALTYPOINTS_INS = (byte) 0x47;
final static byte GET_BALANCE_INS = (byte) 0x50;
final static byte UPDATE_PIN_INS = (byte) 0x60;
final static byte ADMIN_RESET_INS = (byte) 0x70;
final static byte PIN_TRIES_REMAINING_INS = (byte) 0x80;
final static byte STUDENT_NUMBER_INS = (byte) 0x90;
// maximum Account balance
final static short MAX_BALANCE = 10000;
// maximum transaction amount
final static short MAX_TRANSACTION_AMOUNT = 5000;
// maximum number of incorrect tries before the
// PIN is blocked
//Changed to 4, as a safe guard all. All tests, messages and checks will use 3
final static byte PIN_TRY_LIMIT =(byte)0x04;
// maximum size PIN
final static byte MAX_PIN_SIZE =(byte)0x08;
// Applet-specific status words:
final static short SW_NO_ERROR = (short) 0x9000;
final static short SW_VERIFICATION_FAILED = 0x6300;
final static short SW_PIN_VERIFICATION_REQUIRED = 0x6301;
final static short SW_INVALID_TRANSACTION_AMOUNT = 0x6E83;
final static short SW_EXCEED_MAXIMUM_BALANCE = 0x6E84;
final static short SW_NEGATIVE_BALANCE = 0x6E85;
final static short SW_PIN_TO_LONG = 0x6E86;
final static short SW_PIN_TO_SHORT = 0x6E87;
// Student number (Ascii)d05106012 - (Hex)44 30 35 31 30 36 30 31 32
private static byte[] STUDENT_NUMBER_ARRAY = {(byte)0x44, (byte)0x30, (byte)0x35, (byte)0x31, (byte)0x30, (byte)0x36, (byte)0x30, (byte)0x31, (byte)0x32};
// instance variables declaration
OwnerPIN pin;
short balance = 1000; // Starting balance of decimal 1000 is 3E8 in hex
short loyaltyPoints = 0; //Loyalty points
// 1 Loyalty point awarded for every 100 cent spent.
* install method
public static void install(byte[] bArray, short bOffset, byte bLength) {
// GP-compliant JavaCard applet registration
new AccountApplet(bArray, (short) (bOffset + 1), bArray[bOffset]);
* Constructor
* @param bArray
* @param bOffset
* @param bLength
private AccountApplet(byte[] bArray, short bOffset, byte bLength){
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
// bArray contains the default PIN initialization value (12345)
bArray[0] = 01;
bArray[1] = 02;
bArray[2] = 03;
bArray[3] = 04;
bArray[4] = 05;
bOffset = 0;
bLength = 5;
pin.update(bArray, bOffset, bLength);
// register the applet instance with the JCRE
register();
} // end of the constructor
* Boolean is selected
public boolean select() {
// the applet declines to be selected
// if the pin is blocked
if (pin.getTriesRemaining() == 0)
return false;
return true;
} // end of select method
* deselect
public void deselect() {
// reset the pin
pin.reset();
* Key method the gets the APDU reads the INS and calls the appropiate method
* Process APDUs
* @param apdu
public void process(APDU apdu) {
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between the card and the host
// at this point, only the first five bytes
// [CLA, INS, P1, P2, P3] are available in
// the APDU buffer
byte[] buffer = apdu.getBuffer();
// return if the APDU is the applet SELECT command
if (selectingApplet())
return;
// verify the CLA byte
if (buffer[ISO7816.OFFSET_CLA] != ACCOUNT_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
// check the INS byte to decide which service method to call
switch (buffer[ISO7816.OFFSET_INS]) {
case GET_BALANCE_INS: getBalance(apdu); return;
case DEBIT_INS: debit(apdu); return;
case CREDIT_INS: credit(apdu); return;
case VERIFY_INS: verify(apdu); return;
case UPDATE_PIN_INS: updatePin(apdu); return;
case ADMIN_RESET_INS: adminRest(); return;
case PIN_TRIES_REMAINING_INS: getPinTriesRemaining(apdu); return;
case STUDENT_NUMBER_INS: getStudentNumber(apdu); return;
case GET_LOYALTYPOINTS_BALANCE_INS: getLoyaltyPoints(apdu); return;
case CREDIT_LOYALTYPOINTS_INS: creditLoyaltyPoints(apdu); return;
default: ISOException.throwIt
(ISO7816.SW_INS_NOT_SUPPORTED);
} // end of process method
* verify then
* withdraw money from the Account balance
* @param apdu
private void debit(APDU apdu) {
// verify authentication
if (!pin.isValidated()){
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
// get the number of bytes in the
// data field of the command APDU
byte numBytes = buffer[ISO7816.OFFSET_LC];
//receive data
//data is read into apdu buffer
//at offset ISO7816.OFFSET_CDATA
byte byteRead = (byte)(apdu.setIncomingAndReceive());
short shortAmount = 0;
if (numBytes == 2){
shortAmount = (short) Util.getShort(buffer, ISO7816.OFFSET_CDATA);
else if (numBytes == 1) {
shortAmount = (short) buffer[ISO7816.OFFSET_CDATA];
// check the debit amount
if (( shortAmount > MAX_TRANSACTION_AMOUNT) || ( shortAmount < 0 )) {
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ((short)( balance - shortAmount) < 0) {
ISOException.throwIt(SW_NEGATIVE_BALANCE);
// debit the amount
balance = (short)(balance - shortAmount);
//Add loyalty points
loyaltyPoints = (short) (loyaltyPoints + (short)(shortAmount/100));
return;
} // end of debit method
Code continued>>>>>>>>
* Verify then
* add money (credit) to the Account balance
* @param apdu
private void credit(APDU apdu) {
// verify authentication
if (!pin.isValidated()){
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
// get the number of bytes in the
// data field of the command APDU
byte numBytes = buffer[ISO7816.OFFSET_LC];
//receive data
//data is read into apdu buffer
//at offset ISO7816.OFFSET_CDATA
byte byteRead = (byte)(apdu.setIncomingAndReceive());
short shortAmount = 0;
if (numBytes == 2){
shortAmount = (short) Util.getShort(buffer, ISO7816.OFFSET_CDATA);
else if (numBytes == 1) {
shortAmount = (short) buffer[ISO7816.OFFSET_CDATA];
// check the credit amount
if (( shortAmount > MAX_TRANSACTION_AMOUNT) || ( shortAmount < 0 )) {
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ((short)( balance + shortAmount) > MAX_BALANCE) {
ISOException.throwIt(SW_EXCEED_MAXIMUM_BALANCE);
// credit the amount
balance = (short)(balance + shortAmount);
return;
} // end of deposit method
* Verify then
* Update/change pin
* byte[] bArray is the pin
* short bOffset is the position in the array the pin starts in the bArray
* byte bLength is the lenght of the pin
* @param apdu
private void updatePin(APDU apdu) {
// byte[] bArray, short bOffset, byte bLength){
// First check the original pin
// verify authentication
if (! pin.isValidated())
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
// get the number of bytes in the
// data field of the command APDU -- OFFSET_LC = positon 4
byte numBytes = buffer[ISO7816.OFFSET_LC];
// recieve data
// data are read into the apdu buffer
// at the offset ISO7816.OFFSET_CDATA
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// error if the number of data bytes
// read does not match the number in the Lc byte
if (byteRead != numBytes) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
if ( numBytes > 8 )
ISOException.throwIt(SW_PIN_TO_LONG);
if ( numBytes < 4 )
ISOException.throwIt(SW_PIN_TO_SHORT);
short offset_cdata = 05;
pin.update(buffer, offset_cdata, numBytes);
pin.resetAndUnblock();
* Admin method
* Rest the pin attempts and unblock
* @param apdu
private void adminRest() {
try {
pin.resetAndUnblock();
} catch (RuntimeException e) {
// TODO Auto-generated catch block
return;
* Credit loyatly card pints in multiples of 100
* @param apdu
private void creditLoyaltyPoints(APDU apdu) {
short creditAmount = (short) ((loyaltyPoints/ 100) * 100);
balance = (short) (balance + creditAmount);
loyaltyPoints = (short) (loyaltyPoints - creditAmount);
return;
* Get number of remaining pin tries
* @param apdu
private void getPinTriesRemaining(APDU apdu) {
try {
byte[] buffer = apdu.getBuffer();
// inform the JCRE that the applet has data to return
short le = apdu.setOutgoing();
// set the actual number of the outgoing data bytes
apdu.setOutgoingLength((byte)2);
// write the PinTriesRemaining into the APDU buffer at the offset 0
Util.setShort(buffer, (short)0, pin.getTriesRemaining());
// send the 2-byte balance at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
} catch (APDUException e) {
// TODO Auto-generated catch block
} catch (TransactionException e) {
// TODO Auto-generated catch block
} catch (ArrayIndexOutOfBoundsException e) {
// TODO Auto-generated catch block
} catch (NullPointerException e) {
// TODO Auto-generated catch block
} // end of getPinTriesRemaining method
* No verification needed
* the method returns the Accounts balance
* @param apdu
private void getBalance(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// inform the JCRE that the applet has data to return
short le = apdu.setOutgoing();
// set the actual number of the outgoing data bytes
apdu.setOutgoingLength((byte)2);
// write the balance into the APDU buffer at the offset 0
Util.setShort(buffer, (short)0, (balance));
// send the 2-byte balance at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
* No verification needed
* the method returns the Accounts loyaltyPoints balance
* @param apdu
private void getLoyaltyPoints(APDU apdu){
byte[] buffer = apdu.getBuffer();
// inform the JCRE that the applet has data to return
short le = apdu.setOutgoing();
// set the actual number of the outgoing data bytes
apdu.setOutgoingLength((byte)2);
// write the loyaltyPoints balance into the APDU buffer at the offset 0
Util.setShort(buffer, (short)0, (loyaltyPoints));
// send the 2-byte loyaltyPoints balance at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
* No verification needed
* the method returns the student number
* @param apdu
private void getStudentNumber(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// inform the JCRE that the applet has data to return
short le = apdu.setOutgoing();
// set the actual number of the outgoing data bytes
apdu.setOutgoingLength((byte)STUDENT_NUMBER_ARRAY.length);
// write the balance into the APDU buffer at the offset 0
apdu.sendBytesLong(STUDENT_NUMBER_ARRAY, (short)0, (short) STUDENT_NUMBER_ARRAY.length);
// Util.setShort(buffer, (short)0, STUDENT_NUMBER_ARRAY);
// send the 2-byte balance at the offset
// 0 in the apdu buffer
try {
apdu.sendBytes((short)0, (short)STUDENT_NUMBER_ARRAY.length);
} catch (APDUException e) {
// TODO Auto-generated catch block
} // end of getBalance method
* Verification method to verify the PIN
* @param apdu
private void verify(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// receive the PIN data for validation.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// check pin
// the PIN data is read into the APDU buffer
// starting at the offset ISO7816.OFFSET_CDATA
// the PIN data length = byteRead
if (pin.check(buffer, ISO7816.OFFSET_CDATA,byteRead)
== false)
ISOException.throwIt(SW_VERIFICATION_FAILED);
} // end of verify method
} // end of class AccountEdited by: Raymond.garrett-Dublin on Jun 17, 2009 11:30 PM -
Hi! I'm a novice in Java Card and I'm trying to study with the examples that I find in the Internet. I get this code, that I compile with successful. But, now, what I have to do? how can I debbug and test?
Thanks.
package bank;
import javacard.framework.*;
//import javacardx.framework.*;
public class Wallet extends Applet {
/* constants declaration */
// code of CLA byte in the command APDU header
final static byte Wallet_CLA =(byte)0xB0;
// codes of INS byte in the command APDU header
final static byte VERIFY = (byte) 0x20;
final static byte CREDIT = (byte) 0x30;
final static byte DEBIT = (byte) 0x40;
final static byte GET_BALANCE = (byte) 0x50;
// maximum balance
final static short MAX_BALANCE = 0x7FFF;
// maximum transaction amount
final static byte MAX_TRANSACTION_AMOUNT = 127;
// maximum number of incorrect tries before the
// PIN is blocked
final static byte PIN_TRY_LIMIT =(byte)0x03;
// maximum size PIN
final static byte MAX_PIN_SIZE =(byte)0x08;
// signal that the PIN verification failed
final static short SW_VERIFICATION_FAILED = 0x6300;
// signal the PIN validation is required
// for a credit or a debit transaction
final static short SW_PIN_VERIFICATION_REQUIRED = 0x6301;
// signal invalid transaction amount
// amount > MAX_TRANSACTION_MAOUNT or amount < 0
final static short SW_INVALID_TRANSACTION_AMOUNT = 0x6A83;
// signal that the balance exceed the maximum
final static short SW_EXCEED_MAXIMUM_BALANCE = 0x6A84;
// signal the balance becomes negative
final static short SW_NEGATIVE_BALANCE = 0x6A85;
/* instance variables declaration */
OwnerPIN pin;
short balance;
private Wallet(byte[] bArray, short bOffset, byte bLength){
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, bOffset, bLength);
register();
public static void install(byte[] bArray, short bOffset, byte bLength) {
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
public boolean select() {
// The applet declines to be selected
// if the pin is blocked.
if (pin.getTriesRemaining() == 0) return false;
return true;
public void deselect() {
// reset the pin value
pin.reset();
public void process(APDU apdu) {
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
// At this point, only the first header bytes
// [CLA, INS, P1, P2, P3] are available in
// the APDU buffer.
// The interface javacard.framework.ISO7816
// declares constants to denote the offset of
// these bytes in the APDU buffer
byte[] buffer = apdu.getBuffer();
// check SELECT APDU command
if ((buffer[ISO7816.OFFSET_CLA] == 0) &&
(buffer[ISO7816.OFFSET_INS] == (byte)(0xA4))) return;
// verify the reset of commands have the
// correct CLA byte, which specifies the
// command structure
if (buffer[ISO7816.OFFSET_CLA] != Wallet_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case GET_BALANCE: getBalance(apdu);
return;
case DEBIT: debit(apdu);
return;
case CREDIT: credit(apdu);
return;
case VERIFY: verify(apdu);
return;
default: ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
} // end of process method
private void credit(APDU apdu) {
// access authentication
if ( !pin.isValidated()) ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte Lc; //denotes the number of bytes in the
// data field of the command APDU
byte numBytes = buffer[ISO7816.OFFSET_LC];
// indicate that this APDU has incoming data
// and receive data starting at the offset
// ISO7816.OFFSET_CDATA following the 5 header
// bytes.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// it is an error if the number of data bytes
// read does not match the number in Lc byte
if (byteRead != 1) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get the credit amount
byte creditAmount = buffer[ISO7816.OFFSET_CDATA];
// check the credit amount
if ( ( creditAmount > MAX_TRANSACTION_AMOUNT) || ( creditAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( ( balance + creditAmount) > MAX_BALANCE ) ISOException.throwIt(SW_EXCEED_MAXIMUM_BALANCE);
// credit the amount
balance = (short)(balance + creditAmount);
} // end of deposit method
private void debit(APDU apdu) {
// access authentication
if ( ! pin.isValidated()) ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes = (byte)(buffer[ISO7816.OFFSET_LC]);
byte byteRead = (byte)(apdu.setIncomingAndReceive());
if (byteRead != 1) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get debit amount
byte debitAmount = buffer[ISO7816.OFFSET_CDATA];
// check debit amount
if ((debitAmount > MAX_TRANSACTION_AMOUNT) || (debitAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ((balance - debitAmount) < 0) ISOException.throwIt(SW_NEGATIVE_BALANCE);
balance = (short) (balance - debitAmount);
} // end of debit method
private void getBalance(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// inform system that the applet has finished
// processing the command and the system should
// now prepare to construct a response APDU
// which contains data field
short le = apdu.setOutgoing();
if ( le < 2 ) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
//informs the CAD the actual number of bytes
//returned
apdu.setOutgoingLength((byte)2);
// move the balance data into the APDU buffer
// starting at the offset 0
buffer[0] = (byte)(balance >> 8);
buffer[1] = (byte)(balance & 0xFF);
// send the 2-balance byte at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
} // end of getBalance method
private void verify(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// retrieve the PIN data for validation.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// check pin
// the PIN data is read into the APDU buffer
// at the offset ISO7816.OFFSET_CDATA
// the PIN data length = byteRead
if ( pin.check(buffer, ISO7816.OFFSET_CDATA,byteRead) == false )
ISOException.throwIt(SW_VERIFICATION_FAILED);
}Win nt 4 and Win 2000 are the only supported windows platforms at this time.
-
Access Terminal and select applet
Hi people,
I have a question about to run the aplet in a javacard. Is there any code or other useful material about getting terminal and select applet and run the methods of the apllet in a programmable manner? Thanks for your interest...
Edited by: POLAT on Mar 16, 2009 7:41 PMHonestly I haven't figured out how to pass a pin when selecting the applet, however at the minute I have a way around it:
you will see in teh code below, I have hardcoded a default pin and I have a pin update method that can be called via a apdu,
NOTE this example works with the code above:
*Applet ID 41 63 63 6F 75 6E 74 41 70 70 6C
public class AccountApplet extends Applet {
final static byte ACCOUNT_CLA = (byte)0xB0;
final static byte VERIFY = (byte) 0x20;
final static byte CREDIT = (byte) 0x30;
final static byte DEBIT = (byte) 0x40;
final static byte GET_BALANCE = (byte) 0x50;
final static byte UPDATE_PIN = (byte) 0x60;
final static short MAX_BALANCE = 10000;
final static byte MAX_TRANSACTION_AMOUNT = 100;
final static byte PIN_TRY_LIMIT =(byte)0x03;
final static byte MAX_PIN_SIZE =(byte)0x08;
// Applet-specific status words:
OwnerPIN pin;
short balance = 109; // Starting balance of decimal 109 is 6D in hex
public static void install(byte[] bArray, short bOffset, byte bLength) {
new AccountApplet(bArray, (short) (bOffset + 1), bArray[bOffset]);
private AccountApplet(byte[] bArray, short bOffset, byte bLength){
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
// bArray contains the default PIN initialization value (12345)
bArray[0] = 01;
bArray[1] = 02;
bArray[2] = 03;
bArray[3] = 04;
bArray[4] = 05;
bOffset = 0;
bLength = 5;
pin.update(bArray, bOffset, bLength);
register();
public boolean select() {
if (pin.getTriesRemaining() == 0)
return false;
return true;
public void deselect() {
pin.reset();
public void process(APDU apdu) {
byte[] buffer = apdu.getBuffer();
if (selectingApplet())
return;
if (buffer[ISO7816.OFFSET_CLA] != ACCOUNT_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case GET_BALANCE: getBalance(apdu); return;
case DEBIT: debit(apdu); return;
case CREDIT: credit(apdu); return;
case VERIFY: verify(apdu); return;
case UPDATE_PIN: updatePin(apdu); return;
default: ISOException.throwIt
(ISO7816.SW_INS_NOT_SUPPORTED);
private void credit(APDU apdu) {
if (!pin.isValidated())
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes = buffer[ISO7816.OFFSET_LC];
byte byteRead = (byte)(apdu.setIncomingAndReceive());
if (( numBytes != 1 ) || (byteRead != 1))
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
byte creditAmount = buffer[ISO7816.OFFSET_CDATA];
if (( creditAmount > MAX_TRANSACTION_AMOUNT)
|| ( creditAmount < 0 ))
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
if ((short)( balance + creditAmount) > MAX_BALANCE)
ISOException.throwIt(SW_EXCEED_MAXIMUM_BALANCE);
balance = (short)(balance + creditAmount);
return;
private void updatePin(APDU apdu) {
if (! pin.isValidated())
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes = buffer[ISO7816.OFFSET_LC];
byte byteRead = (byte)(apdu.setIncomingAndReceive());
if (byteRead != numBytes) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
if ( numBytes > 8 )
ISOException.throwIt(SW_PIN_TO_LONG);
if ( numBytes < 4 )
ISOException.throwIt(SW_PIN_TO_SHORT);
short offset_cdata = 05;
pin.update(buffer, offset_cdata, numBytes);
pin.resetAndUnblock();
private void debit(APDU apdu) {
if (! pin.isValidated())
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes = (byte)(buffer[ISO7816.OFFSET_LC]);
byte byteRead = (byte)(apdu.setIncomingAndReceive());
if (( numBytes != 1 ) || (byteRead != 1))
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
byte debitAmount = buffer[ISO7816.OFFSET_CDATA];
if (( debitAmount > MAX_TRANSACTION_AMOUNT)
|| ( debitAmount < 0 ))
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
if ((short)( balance - debitAmount ) < (short)0)
ISOException.throwIt(SW_NEGATIVE_BALANCE);
balance = (short) (balance - debitAmount);
} private void getBalance(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short le = apdu.setOutgoing();
apdu.setOutgoingLength((byte)2);
Util.setShort(buffer, (short)0, balance);
apdu.sendBytes((short)0, (short)2);
* verification method to verify the PIN
private void verify(APDU apdu) {
byte[] buffer = apdu.getBuffer();
byte byteRead = (byte)(apdu.setIncomingAndReceive());
if (pin.check(buffer, ISO7816.OFFSET_CDATA,byteRead)
== false)
ISOException.throwIt(SW_VERIFICATION_FAILED);
} // end of verify method
} // end of class Account -
Hello All;
This is a very urgent issue!
I have problem with this code part about the use of an HSM to encrypt some kind of data :
char pin[] = "PASSWORD".toCharArray();
ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
The error generated is :
error 1 java.security.KeyStoreException: pkcs11 not found
Can you help me to debug this problemCross posted all over
http://www.java-forums.org/advanced-java/46390-change-sun-pkcs11-keystore-pin.html
http://www.java.net/forum/topic/jdk/java-se/change-sun-pkcs11-keystore-pin-0
http://www.coderanch.com/t/545173/Security/Change-Sun-Pkcs-PIN
db -
I am a new programmer, I got a question, hope get help from you.
How to initialize Pin I/O of NI 6036E, e.g. set PFI 9 Low or High in DAQmx ANSI C ?
ThanksYou would not use one of the PFI lines generally. What you are describing is Digital I/O functionality. You can find examples of how to do this on your own computer (if you have the DAQ driver installed). It should be located here:
C:\Program Files\National Instruments\NI-DAQ\Examples\DAQmx ANSI C\Digital\Generate Values
Regards,
Anuj D. -
Sun PKCS#11 provider ignores the PIN while loading keystore in Windows JRE
We are using smart card based login in our GUI application. We use active client for Card reader. We are using sun PKCS#11 provider to read certificate from the CARD. In the code we are passing PIN while loading the keystore. It seems the pin is getting ignored and we get active client pin dialog.
PS: In linux JRE the pin passed while loading keystore is working properly.
Below is the code snippet that i used for testing.
public static void main(String arg[]) throws Exception
try
//Create our certificates from our CAC Card
String configName = "card.config";
Provider p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
char[] pin = { '1', '2', '3', '4', '5', '6' };
KeyStore cac = null;
cac = KeyStore.getInstance("PKCS11");
cac.load(null, pin);
showInfoAboutCAC(cac);
catch(Exception ex)
ex.printStackTrace();
System.exit(0);
public static void showInfoAboutCAC(KeyStore ks) throws KeyStoreException, CertificateException, FileNotFoundException, IOException
Enumeration<String> aliases = ks.aliases();
int count = 0;
while (aliases.hasMoreElements())
String alias = aliases.nextElement();
X509Certificate[] cchain = (X509Certificate[]) ks.getCertificateChain(alias);
if (cchain != null){
System.out.println("Certificate Chain for : " + alias);
for (int i = 0; i < cchain.length; i ++)
System.out.println(i + " SubjectDN: " + cchain.getSubjectDN());
System.out.println(i + " IssuerDN: " + cchain[i].getIssuerDN());
content of card.config is
name = myConfig
library = C:\\WINDOWS\\system32\\acpkcs211.dll
Alternative we can see the same behaviour if we run the following command
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg "E:\work1\card.config" -list
This command will ask ping in the command line and again active client PIN diaolog will be prompted.
Please let me know if this a bug in Sun PKCS#11 provider in Windows and is there any work around to fix the issue.
Enviornmnet Details::
OS Win XP sp3
Java version "1.6.0_17"
Active client library version :
P11 Library:
Name: acpkcs211.dll
Version: 4-0-0-12
Thanks in advanced
RuhulThe program is just to simulate the issue. I understand that user have to pass the pin. In our GUI we have our own dialog to get the pin from user and pass it to the PKCS#11 provider that uses the pin while loading the keystore.
cac.load(null, pin); // the pin passed in load method is not used at all
My problem here is even after the proper pin is supplied by the user the active client PIN dialog is prompted. Whereas in LInux JRE this works fine.
We have a command line application where active client dialog popup is not acceptable. We need to get the PIN from user as command argument and load the keystore.
Please let me know if this clarifies the confusion.
Thanks,
Ruhul -
Sun PKCS#11 provider is caching PIN in applets
I am coding an applet which uses Sun PKCS#11 provider to encrypt data. But There I am getting a strange problem of PIN caching.
My Scenario_
1. User login: User enters correct pin and Password is encrypted and sent to server.
2. After log off button click, Login screen is displayed again. Now user enters wrong PIN.
3. STRANGE Behavior: The encryption works well with the wrong key.
1. I have removed the provider and readded it again.
2. Created KeyStore again,
But all this results in same problem.The program is just to simulate the issue. I understand that user have to pass the pin. In our GUI we have our own dialog to get the pin from user and pass it to the PKCS#11 provider that uses the pin while loading the keystore.
cac.load(null, pin); // the pin passed in load method is not used at all
My problem here is even after the proper pin is supplied by the user the active client PIN dialog is prompted. Whereas in LInux JRE this works fine.
We have a command line application where active client dialog popup is not acceptable. We need to get the PIN from user as command argument and load the keystore.
Please let me know if this clarifies the confusion.
Thanks,
Ruhul -
Pin for Sun Software PKCS#11 softtoken
Hello, I am studying the Solaris Security Essential SUN's book for university examination and I have a problem with pktool command in chapter 8. For example when I try to run the follows command:
$pktool list keystore=pkcs11 objtype=both
the command line asks me:
Enter pin for Sun Software PKCS#11 softtoken
end for all chapter exercise is required this pin.
but where i can find this pin?
thanksThanks - the only difference is this cert is a self signed one but its nothing fancy just used standard openssl commands to create it, it imports into ikeyman just fine and makes use of 3des which is supported by pktool.
Julian.
Maybe you are looking for
-
Apple TV flickers, sound cuts out intermittently for short instances
I use airplay to watch internet TV on my Flatscreen (panasonic viera) via Apple TV. From when I can remember it's always having sound cut in and out quite frequently and even somtimes flickers to a scrambled screen. I checked my serial number to s
-
Hi In RSA 3 screen there is an Settings tab in that there is an Update mode in that my screen is given as F in the update mode. Is that the reason When Iam trying to check the datasouce in RSA3 it is saying Errors during extraction. Please let me kno
-
What are the system requirements for Final Cut Pro 7?
I can't find the system requirements for Final Cut Pro 7, I can find the system requirements for X, but like I said not 7. I need to know the system requirements for Final Cut Pro 7, so I can buy the correct Macbook. Is there anyway I can find out th
-
Dynamic partnerlink binding problem
I am trying to create a dynamic partnerlink as in http://www.oracle.com/technology/pub/articles/bpel_cookbook/carey.html . When I am trying to create this with LoanService.wsdl, it works correctly for me but when I try to create it for my own service
-
Need to Verify the Processor and Features on HP Mini 210-3000
Hi, I recently bought an HP mini 210-3000 netbook directly from this HP website. According to what I read here, it's supposed to have GPS capability built into the processor, and come with HP Navigator software. I've looked everywhere on the netbook,