Forum Stats

  • 3,816,062 Users
  • 2,259,135 Discussions
  • 7,893,378 Comments

Discussions

Allow only signed applets to be installed on JavaCard managed by GlobalPlatform

8d0225fd-fc1d-4839-af5c-c12af0beb255
edited Apr 10, 2018 8:48AM in Java Card

I'd like to provision a JavaCard so that it only allows the installation of applets that are signed by a certain key. I am not sure whether this signature is part of the cap file format. I can already install a cap file from an Android device via code taken from GlobalPlatformPro. The GlobalPlatformPro README (https://github.com/martinpaljak/GlobalPlatformPro/blob/master/README.md) mentions application signing. But I am not sure this is the way to accomplish what I need to do. I am not even sure this is possible at all.

  1. How do I need to prepare a card to only allow installation of signed cap files?
  2. How do I create such a cap file?

I can already lock a card with a certain key, and then this key is needed to install any cap file. But this would mean that I need to distribute the key with the cap files, so it can be installed. That is not an option as it would compromise the key.

Answers

This discussion has been closed.