I've written my applet and installed on my card. what should I do to prevent further modification or installation of applet on my java card?
I have read that I should change default key set. I tried GPShell but I could not change keys!
I tried jcManager but it could not recognize my readers (acs and REINERSCT)!
how can I finalize my card to deliver user. Can any one tell me finalization steps to make my card safe?
Thanks
Change Authentication Keys:
GPShell and JCManager are really old tools that not supported anymore. Try to use newer tools such as GlobalPlatformPro [Its executable file download link].
Command to change default authentication keys using GPPro:
gp -lock <PutTheNewKeyHere>
And to reverse the above operation(Changing the new key to the default value):
gp -key <TheAboveNewKey> -unlock
More commands described here.
Change Life Cycle of your applet and Security Domain:
To change the life cycle of your card, you can use SET STATUS APDU command:
Examples:
_OP_READY_ To INITIALIZED : 80 F0 P1 07 |Lc| AID
INITIALIZED To SECURED : 80 F0 P1 0F |Lc| AID
P1 = 40 : For Applications (Including SSDs)
P1 = 80 : For ISD
Make your applet the Default Selected applet:
To install your applet as the DEFAULT SELECTED applet, use -default option with the installation command in GPPro:
GP -install <PathToYourCapFile> -default
(if you changed the card manager authentication keys, you need -key option in the command too).
You can also change ATR of the card to make it hard to recognize your card type by its ATR. To change the ATR, you can use SetATRHistBytes() method in Global Platform APIs.