[英]javacard programming and applet installation
I am new to javacard programming.While working with owner pin in my javacard application, I referred that "PIN interface which is in javacard framework package does not make any assumptions about where the data for the PIN value comparison is stored". 我是javacard编程的新手。在我的javacard应用程序中使用owner pin时,我提到“ javacard framework程序包中的PIN接口不对PIN值比较数据的存储位置做任何假设”。 And I want to know the following,
我想知道以下内容,
Regarding the installation of applets I have a good and bad news for you: 关于小程序的安装对于您我有个好消息和坏消息:
The general process of command for installing is standardized by Global Platform , however that refers only to those commands you send to the Cardmanager-Applet. Global Platform对安装命令的一般过程进行了标准化,但是仅指您发送给Cardmanager-Applet的那些命令。 However AFAIK there is no vendor independent standard of the Cardmanager-AID.
但是AFAIK没有Cardmanager-AID的独立于供应商的标准。 Additionally you have to authenticate yourself to the Cardmanager applet before you can use it.
此外,您必须先向Cardmanager小程序进行身份验证,然后才能使用它。 On developer cards this is usually a simple key like
404142434445464748494a4b4c4d4e4f
(hex) as used for example by JCOP cards for the first DES key. 在开发人员卡上,这通常是一个简单的密钥,例如
404142434445464748494a4b4c4d4e4f
(十六进制),例如JCOP卡将其用作第一个DES密钥。
Additionally this authentication key can be changed by the card owner. 此外,持卡人可以更改此身份验证密钥。 Therefore on non-developer cards you don't have access to the Cardmanager.
因此,在非开发人员卡上,您无权访问Cardmanager。
Sorry, you cannot retrieve the OwnerPIN, probably because of security reasons. 抱歉,您可能由于安全原因而无法检索OwnerPIN。 You will have to implement the PIN interface yourself if you want to do that, but there are about 8 pitfalls in the implementation regarding side channel attacks and such.
如果要这样做,则必须自己实现PIN接口,但是在实现方面有大约8个关于侧通道攻击等的陷阱。 If you can't think of about 8 attacks, don't go there.
如果您无法想到大约8次攻击,请不要去那里。 Generally, retrieving the PIN as data is not what you should want.
通常,检索PIN作为数据不是您所需要的。
Of course there is a procedure to do that: create your own GlobalPlatform API - you might want to look at open source examples though, such as gjp . 当然,有一个过程可以做到这一点:创建自己的GlobalPlatform API-但是您可能想看看开源示例,例如gjp 。
As an extreme hack, you could store the PIN in as the value of a secret key object (which are generally well protected). 作为一种极端的黑客手段,您可以将PIN存储为密钥对象的值(通常受到良好保护)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.