Java Card applets, secure data transmission and Secure Channel
I want to write my applet in a way that its APDU commands and status words wasn't be clear in the transmission channel between my card and my reader. I mean I don't want to send APDU commands and responses to be plain text for third parties.
I think I have two option :
- After selecting my applet on the card, for all the other commands, do an encryption function on the data section of APDU commands and decrypt them on the card and after that analyze them. Note that I can't encrypt whole the command using this methodology because the result may have conflict with another
SELECTAPDU command and the SD of card recognize it as aSELECTcommand wrongly. is that right?
Its Diagram :
- Using SD Secure Channel : As far as I know secure channel means : Whole of the APDU commands and responses transmit in an encrypted form (i.e. they encrypt in the source(Security Domain/Card reader) and decrypt in the destination(Secutity Domain/Card Reader). is that right? As far as I know the SD perform the cryptography method role in this mechanism and the communication between my applet and the SD is in plain (Below diagram), right?
Its Diagram :
Is there any other way?
It seems that the first solution is not good enough, because :
- I must implement it myself! :)
- We can't hide all parts of the command and response from third-parties.(We can hide data only)
Am I right?
Now, let assume that I want to be sure that my applet works only with APDU commands that transmitted using secure channel . I think I have two option again :
Put the card in
SECUREDstate. As the user can't communicate with the card with plain text APDU commands in this state (right?) therefore he must send the commands to my applet using secure channel. right? if it is not correct, is there any way to force the SD to work with Secure Channel only?Keep the card in any life cycle that it is (for example OP_READY), But instead, on reception of any APDU command, check the CLA section to see if it is a secure transmitted or not! (Is it possible? Is there any difference between
CLApart of APDU commands that come from secure channel and the other ones? Am I right?)
Is there any other way?
And finally the main question :
How can I use SD to have a secure communication with my applet? As I thought I must use GlobalPlatform classes(Am I?), I took a look at its API-s. I found a method named getSecureChannel in a package named org.globalplatform.GPSystem. Am I in a right way? Am I must use this method?
I know that this may be too long to answer, but I'm sure that it clarify a lot of questions not only for me, but also for other future viewers.
I appreciate any body shed any light in this issue for me.
And a sample applet is more appreciable.
I'll answer in order:
- Yes, for ISO/IEC 7816-4 only the data section is encrypted. The header is just protected by the authentication tag.
- No, the Global Platform secure channel also just (optionally) encrypts the data. The integrity is over header and command data though.
- No, the secured state is for Global Platform only, you'll have to program this for yourself using the on card GP API. The GP API has access methods to perform authentication, request the secure channel and to retrieve the current state.
- Correct, the CLA byte determines if the APDU is encrypted (not how it is encrypted though). If the first bit of the CLA is zero then your secure channel must however be compliant to ISO/IEC 7816-4.
- Point addition using Elliptic Curve calculations on Java Card
- Recovering an ECPublicKey from Java to JavaCard
- Problem Loading Signed CAP file directly to Supplementary Security Domain
- Why Java SIM card secure channel returns "do not match"?
- What are the correct steps to have a supplementary security domain with DAP verification?
- How to do a DAP verification in .cap files loading?
- How to get started with Javacard?
- Install for Personalization failure with error code as 0x6F00
- Which objects are persistent in Java Card, and when?
- How can I tell which reason code an exception has thrown in JavaCard?
- Why is my ACOSJ Javacard applet failing to install?
- Is that possible to calculate power function of two BigNumbers in Javacard?
- What does the SCARD_W_UNRESPONSIVE_CARD error on GlobalPlatform Pro indicate about the state of the card?
- Does GIDS applet support Secure Channel Protocol?
- Do I (and how do I) need to write my own ACOSJ Javacard garbage collection, or is it automatic?
- JavaCard applet works on simulator but not on card
- Do smartcard chips (not cards) come prepackaged with card OS
- What is the use case of DAP Verification/Mandated DAP Verification in Global Platform card specification?
- Installing segmented profile package unto an ISD-P on eUICC through SCP03t
- How to make an EMV card from a Javacard?
- How does the Smart card distinguish Case 2 and Case 3 APDU headers form eachother in T0?
- About Get Response command in javacard
- NFC smartcard that is impossible to clone
- How to get the value of the carry bit when adding two shorts in Java
- SIMPLE-TLV vs BER-TLV
- Why SIMToolkit does not trigger registerred EVENTs for my Applet?
- Difference between GlobalPlatform and EMV
- Kotlin for Java Card?
- Does Oracle's JavaCard SDK allow one to develop simtoolkit
- How can I make a javacard appet which is not possible to be multi instance