2
votes

From what I've heard, it is common for bigger smart card applets to personalize with global platform. I also found some PDF about personalization with Global Platform, as well as the Javacard API for GP. But I'm somehow missing some information relating both and I haven't found a good documentation on it. How should I organize my Applet to perform GP compatible personalization?

Edit:

I've read into the documents and have some specific questions, which I hope you can answer shortly.
Q1: Guide to Common Personalization describes the following process: Reset, Atr, Select AID to personalize, initiate Secure Channel, multiple Store-data commands. The Secure Channel is established with the Security Domain and Store-data commands holding DGIs are forwarded to the Applet. The Applet has the Application and the Personalization interface from org.globalplatform package and inherits processData methods to make use of the Store-data commands. The question now is if I have to implement the init-update and external-authenticate command in my applet myself as the Security Domain is not selected anymore and my applet does not know these INS? Does not JCRE automatically detec these GlobalPlatform APDUs and forward them to the SecurityDomain?

1
Have you checked the card specifications on the global platform site (free, but registration required)? As it is currently stated your question cannot be answered.Maarten Bodewes
I've read the Global Platform specification and I think I understood the general concept of using the secure channel of the security domain and through that sending several store data commands. I am looking for the jc side, how to implement.documentation seems spare and I havent found any examplesPaul Bastian
I've changed the question to be compatible with the SO guidelines, if you just ask for a reference then it is off topic. Unfortunately it would take quite a bit of time to go through all the steps from my side.Maarten Bodewes
Ok. Is there any source code using GP Javacard packages that I can look into to figure it out?Paul Bastian

1 Answers

4
votes

The JCRE does not automatically detect INIT UPDATE and EXTERNAL AUTHENTICATE commands when your applet is currently selected. You have to "partially" implement these commands in your applet. However, you can still let the security domain handle these commands by calling SecureChannel.processSecurity() method. You can call this method whenever you receive an INITIALIZE UPDATE or EXTERNAL AUTHENTICATE command. Take note that you must not receive data (APDU.setIncomingAndReceive()) when calling these methods.

See documentation for more details regarding the use of this method: processSecurity