Forum Stats

  • 3,816,062 Users
  • 2,259,135 Discussions


Allow only signed applets to be installed on JavaCard managed by GlobalPlatform

edited Apr 10, 2018 8:48AM in Java Card

I'd like to provision a JavaCard so that it only allows the installation of applets that are signed by a certain key. I am not sure whether this signature is part of the cap file format. I can already install a cap file from an Android device via code taken from GlobalPlatformPro. The GlobalPlatformPro README ( mentions application signing. But I am not sure this is the way to accomplish what I need to do. I am not even sure this is possible at all.

  1. How do I need to prepare a card to only allow installation of signed cap files?
  2. How do I create such a cap file?

I can already lock a card with a certain key, and then this key is needed to install any cap file. But this would mean that I need to distribute the key with the cap files, so it can be installed. That is not an option as it would compromise the key.


This discussion has been closed.