Am using javacard 3.0.4 development kit to build the cap file. The class files are generated using 'javac -g -classpath %JC_HOME%\lib\api.jar;%JC_HOME%\lib\installer.jar PATH_TO_THE_JAVA_FILES_OF_THE_PROJECT' command.
Am using converter to convert the class files to CAP file by providing a config file. The Config file contents :
-out EXP JCA CAP
-classdir PATH_TO_CLASS_FILES
-exportpath PATH_TO_EXPORT_API_FILES
-applet 0xa0:0x00:0x00:0x00:0x62:0x12:0x34 MyWallet.Wallet
MyWallet 0xa0:0x00:0x00:0x00:0x62:0x12:0x34 1.0
The cap is generated successfully. But when i see the ascii format of the cap(using capdump.bat) i see it contains all the applet class files info which is a security issue.
When i generate cap file using eclipse (which has the JCOP plugin installed), the CAP file doesn't contain any class file info.
So please someone help me to get rid of class file info in CAP file when generated using CONVERTER.bat on command line.
Decompilation can always take place, in the end Java is targeting the JVM after all, using a subset of Java byte code. So I would not put too much trust on measures such as hiding the class / methods name.
However, if you don't want to have such information generated then simply remove the EXP options, which is required to link against your applet and the JCA option, which according to the Oracle documentation is
... a text representation of the contents of a CAP file. To mask a Java Card applet into a smart card, you need to convert the applet class and all the classes in its package to a JCA file. You then specify the JCA file and the JCA files for any other packages to be included in the mask as input to the mask generator.
So you only need to use this file when ROM masking is required. If you just want to upload it yourself, then the JCA file is not required.