Hi, Mohammed. Hi, folks.
I think this is the final example of how I got to create a key pair inside
my card, sign some data and verify it, besides erasing the card and showing
a directory listing.
1) As I have reported, and Cristophe Muller confirmed, one must use
gemplus-terminals-4.1.jar instead of the one that ships with OCF 1.2. This
was one of the problems.
2) The code attached issues some System.out.println's that don't appear
even in Mohammed's output (below). I first noticed this in my runs and
suspected it was some exception that wasn't caught (or might be silently
caught). Then I noticed that Mohammed's output was not showing the messages
either. If you inspect the example revised below and compare it with the
original Test.java that Mohammed posted, you will see a minor difference.
While Test,java caught java.lang.Exception's, I am catching
java.lang.Throwable's, which are the roots of everything that can be thrown
and caught. From that on, the program started throwing a
NoClassDefFoundError:
<output>
Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
Did not find Gempluscardterminal.properties file
Uses OCF Polling list techniques
Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
Did not find Gempluscardterminal.properties file
Uses OCF Polling list techniques
Waiting for card...
Card detected
getInfoResult = A2 08 01 01 52 00 FF 00 10 05 FF 86 86
com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@bcbc275a
Erasing Card...
com.gemplus.opencard.service.gpk.file.GPKFileSystemService@19042755
com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationService@25b82755
com.gemplus.opencard.service.gpk.signature.GPKSignatureService@4cf82755
com.gemplus.opencard.service.gpk.signature.GPKKeyManagementService@6b702755
java.lang.NoClassDefFoundError: javax/crypto/spec/SecretKeySpec
at
com.gemplus.opencard.service.gpk.security.GPKCredential.<init>(GPKCredential.java:124)
at
com.gemplus.opencard.service.gpk.security.GPKCredential.<init>(GPKCredential.java:106)
at
com.gemplus.opencard.service.gpk.security.GPKAdministrativeCredential.<init>(GPKAdministrativeCredential.java:103)
at Tutorial.<init>(Tutorial.java, Compiled Code)
at Tutorial.main(Tutorial.java:189)
</output>
After installing JCE-1.2.1, I got this (quite nice) output:
<output>
Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
Did not find Gempluscardterminal.properties file
Uses OCF Polling list techniques
Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
Did not find Gempluscardterminal.properties file
Uses OCF Polling list techniques
Waiting for card...
Card detected
getInfoResult = A2 08 01 01 52 00 FF 00 10 05 FF 86 86
com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@9ac838be
Erasing Card...
com.gemplus.opencard.service.gpk.file.GPKFileSystemService@b6d438b1
com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationService@c13838b1
com.gemplus.opencard.service.gpk.signature.GPKSignatureService@da8c38b1
com.gemplus.opencard.service.gpk.signature.GPKKeyManagementService@e43c38b1
Create DF :3F00:0200
Generating Key Pair in :3F00:0200:0201...
Signing data with EF PK :3F00:0200:0201
Data to sign: 49 27 4D 20 53 49 47 4E 49 4E 47 20 49 4E 20 54
48 45 20 52 41 49 4E 20
Signature: B0 45 60 70 1A AA 14 CC DD D4 1C E8 D9 CD F2 0B
25 6E 49 6B 23 1F B2 B4 D2 62 1B EF C1 F8 0B 97
9A 93 50 48 41 58 34 69 7F 23 C9 92 80 B7 0A CD
14 35 AD FF 52 6C 51 04 A0 69 5F 2E 2C D7 2E 08
5C 1F 42 81 7F 60 E7 C1 22 65 38 D1 D3 9A 70 B8
A2 1A 90 F1 AF A6 88 17 C1 26 5F 6D 30 45 AF 65
B8 86 97 02 43 AF F9 EA C4 53 F3 61 13 23 EB 16
20 F2 7C E9 29 16 2C 08 79 C5 4B C6 35 FC BC 4B
Verify Signed data with EF PK :3F00:0200:0201
Verification Result : true
:3F00
:3F00:0100
:3F00:0100:0101
:3F00:0100:0102
:3F00:0200
:3F00:0200:0201
:3F00:3F01
</output>
Mohammed, perhaps you could confirm if you have JCE installed and if you
can observe this difference.
Now my card works fine with this example and I consider this step finished
successfully. I would like to thank everyone in this list for helping me
achieve such results.
My next step will be to understand ASN.1 and PKCS#10 and try to make a
certificate signing request with my own hands. :-)
Regards,
Douglas
(See attached file: Tutorial.java)
[EMAIL PROTECTED]
18/10/2000 05:46
To: Douglas Atique/BR/ABNAMRO/NL@ABNAMRO
cc: [EMAIL PROTECTED]
Subject: RE: Gemplus CardServices(was: RE: [OCF] Certificate requests)
The same program(with the exception of one System.out.println) gave me the following
output:
---------
com.gemplus.opencard.service.gpk.file.GPKFileSystemService@6fd1f490
com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@64c5f4ee
com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationService@7525f4ee
com.gemplus.opencard.service.gpk.signature.GPKSignatureService@98cdf4ef
com.gemplus.opencard.service.gpk.signature.GPKKeyManagementService@ac0df4ef
:3F00
:3F00:0100
:3F00:0100:0101
:3F00:0100:0102
:3F00:3F01
Erasing Card...DONE
--------
I think the problem may be in the status of your card. It looks like the status of
your card is set to 'personalisation completed', in which case you
will not be able to erase the card. To check whether the status is set or not, please
add the following lines of code to your program
-------------------- cut here --------------------
// import section
import com.gemplus.opencard.service.gpk.admin.GPKAdministrativeService;
import com.gemplus.opencard.service.gpk.admin.AdministrativeCardService;
// instantiate the service
acs = (GPKAdministrativeService) card.getCardService(AdministrativeCardService.class,
true);
// get card status
byte[] getInfoResult = acs.getInfo((byte)0xA4);
Util.printBytes("\ngetInfoResult = ", getInfoResult);
--------------------------------------------------
getInfoResult should be A20801015200FF001005FFC6C6 or A20801015200FF001005FF8686. If
it is A20801015200FF001005FFCECE or A20801015200FF001005FF8E8E,
then the card status is 'personalisation completed, and hence you cannot use erase()
command.
By the way, could you please let me know what is the exact status code(6B00 or 6B90)?
----------
You can get more with a kind word and a gun,
than you can with a kind word alone.
- Al Capone (1899-1947)
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, October 17, 2000 11:03 PM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Gemplus CardServices(was: RE: [OCF] Certificate requests)
>
>
>
>
>Hello, Mohammed.
>I would like to ask you about the gemplus GPK8000 card services (a.k.a.
>card drivers).
>I have downloaded them (v.0.2) and tried to run your example (I have
>changed it a little).
>
>(See attached file: Tutorial.java)
>
>Here is the output of the program:
>
>Waiting for card...
>
>Card detected
>
>com.gemplus.opencard.service.gpk.file.GPKFileSystemService@1f92d7d3
>com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@26fad7d3
>com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationServ
>ice@4bf6d7d3
>com.gemplus.opencard.service.gpk.signature.GPKSignatureService@4496d7d3
>com.gemplus.opencard.service.gpk.signature.GPKKeyManagementServ
>ice@54a2d7d3
>com.gemplus.opencard.service.gpk.GPKException: Status code: 6B90
> at
>com.gemplus.opencard.service.gpk.GPKResponseAPDU.validate(GPKRe
>sponseAPDU.java:104)
> at
>com.gemplus.opencard.service.gpk.access.GPKCardAccessor.selectF
>ile(GPKCardAccessor.java, Compiled Code)
> at
>com.gemplus.opencard.service.gpk.file.GPKFileAccessService.exis
>ts(GPKFileAccessService.java:164)
> at
>com.gemplus.opencard.service.gpk.file.GPKFileUtilityService.dir
>(GPKFileUtilityService.java, Compiled Code)
> at Tutorial.<init>(Tutorial.java, Compiled Code)
> at Tutorial.main(Tutorial.java:169)
>
>Any idea what this error code is? I have found in the
>Reference Manual the
>code 6B00 which means illegal address. Some errors like 6Cnn can span a
>range, but 6B doesn't. Any idea what is going on?
>Thanks in advance,
>Douglas
>
>
>
>
>
>
>"Mohammed SADIQ" <[EMAIL PROTECTED]>
>13/10/2000 09:16
>
>
>
>To: Douglas Atique@BAND
>cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>, Mauricio
> Fujisawa@BAND, Marcelo Gulfier/BR/ABNAMRO/NL@BAND
>Subject: RE: [OCF] Certificate requests
>
>
>>I would like to confirm: I must download the card drivers from Gemplus
>>site, right? Or does OCF 1.2 come with them? I have downloaded
>>them anyway.
>
>I think they are available at both OCF & Gemplus Developers
>site. But make
>sure that you get the latest.
>
>Warm Regards
>
>----------
>Don't anthropomorphize computers -- they hate it.
>- Anonymous
>
>
>>-----Original Message-----
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>Sent: Friday, October 13, 2000 6:36 PM
>>To: [EMAIL PROTECTED]
>>Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
>>[EMAIL PROTECTED]
>>Subject: RE: [OCF] Certificate requests
>>
>>
>>
>>
>>Thanks, Mohammed.
>>You have been very helpful. And your example will help me a lot.
>>I would like to confirm: I must download the card drivers from Gemplus
>>site, right? Or does OCF 1.2 come with them? I have downloaded
>>them anyway.
>>Now that you have clarified some crucial points I am ready to
>>go through
>>the GPK manuals again.
>>Regards,
>>Douglas
>>
>>
>>
>>
>>
>>
>>[EMAIL PROTECTED]
>>12/10/2000 03:24
>>
>>
>>
>>To: Douglas Atique/BR/ABNAMRO/NL@ABNAMRO
>>cc: [EMAIL PROTECTED]
>>Subject: RE: [OCF] Certificate requests
>>
>>My comments below...
>>
>>----------
>>Trust, but verify.
>>- Anonymous
>>
>>
>>>-----Original Message-----
>>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>>Sent: Wednesday, October 11, 2000 11:24 PM
>>>To: [EMAIL PROTECTED]
>>>Cc: [EMAIL PROTECTED]
>>>Subject: RE: [OCF] Certificate requests
>>>
>>>
>>>
>>>
>>>Thanks for your answer, Mohammed. I am doing my tests with
>>GPK 4000 and GPK
>>>8000 cards. GPK 4000 has 6 manuals full of instructions, but
>>this looks
>>>much like assembly programming.
>>
>>>Do I have to assemble APDUs to send to the card myself
>>>or are there any ready calls in OCF that I can use to generate
>>>keys, get public key out of the card, store certificates
>>inside the card
>>>and sign data.
>>
>>OCF provides you API for
>>(1)generation of key pairs
>>(2)signing
>>(3)store certificates(just store the DER encoded stuff in some
>>transparent/binary file)
>>(4)fetch public key - I don't know whether OCF provides this a
>>one step process. But a simple work around will be reading 'a'
>>record(to be precise 2
>>records, for N and E) from the PK file.
>>
>>The attached program generates a key pair, signs some data and
>>verifies the signature.
>>
>>>Also, I am a little confused by the file naming scheme. Are
>>>there any well-known file names under which I should store my
>>certificate
>>>or is it just a matter of conventioning some file for my application?
>>
>>Its upto the application. There is no restriction as such.
>>There is just a 'recommendation' that the DF should be named
>>as XY00 and all its EFs should
>> be christened as XYab.
>>
>>>I have read the manuals for GPK and they talk about master
>>file, dedicated
>>>files and elementary files, and these can be of various types.
>>>Could you clarify this some more to me?
>>
>>The file types are explained very elaborately in the reference
>>manuals. Please go thru them, and if you have any specific
>>query, please let me know.
>>
>>
>>
>
>
>
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
Tutorial.java
