Home

Awesome

capfile · Build Status MIT licensed

Release Maven version Maven Central

Handle JavaCard CAP files, from command line or Java project

java -jar capfile.jar <capfile>

Off-card verification

java -jar capfile.jar -v <path to JavaCard SDK> [<targetsdkpath>] <capfile> [<expfiles...>]

(SDK-s usable on Unix machines are conveniently available from https://github.com/martinpaljak/oracle_javacard_sdks/). EXP files can be plain EXP files or JAR files containing EXP files. Please use JavaCard 3.0.5u3 as the SDK and verify target SDK.

DAP signing

Usable with GlobalPlatformPro. At the moment, only PKCS#1 v1.5 SHA1 signature with 1024 bit RSA key is supported.

java -jar capfile.jar -s <keyfile.pem> <capfile>

A sample flow would look along the lines of:

openssl genrsa 1024 > dap.pem                          # generate DAP key
capfile -s dap.pem applet.cap                          # sign CAP with DAP key
gp -domain $SSD_AID -privs DAPVerification --allow-to  # create SSD with DAP
gp -sdaid $SSD_AID -put-key dap.pem -key $SSD_SCP_KEY  # add DAP key to SSD
gp -load applet.cap -to $SSD_AID                       # load signed CAP file to SSD