JavaCard get Data on Card
Question
I want to generate a Certificate on a Linux machine, transfer this to the card and encrypt it there. then store it and get it back later. I wonder how to get something like 4k RSA Data on the Card. Is it working with APDU?
1 answers
solution1
1 ACCPTED 2017-03-02 12:26:17
A certificate generally does not need to be encrypted; it generally contains public information. You can use multiple APDU commands to send data to the card. For this you could use command chaining: one command that is repeated multiple times to send data. You could also use UPDATE BINARY with an offset.
Neither command chaining or UPDATE BINARY is implemented on Java Card out of the box, so you'd have to implement the functionality yourself. The specifications are in ISO/IEC 7816-4: "Identification cards -- Integrated circuit cards -- Part 4: Organization, security and commands for interchange" .
Java Card itself contains support for byte arrays up to 2^15 - 1 bytes in size. That's about 32K, way more than a generic X509v3 certificate. You can store either plaintext or ciphertext in there.
So yes, this kind of functionality is possible "with APDU". As APDU's are the only universal interface for most cards there should be many implementations out there doing this. At least those that I've designed / implemented anyways.
Java Card may also support extended length APDU's (by implementing the ExtendedLength interface by the Applet). However, the maximum APDU buffer is way below 4K for most - if not all - cards. So although you can certainly use extended length APDU's for this, you cannot solve the complete problem with it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.