Congrats Douglas! So finally you did it ;-)
Regarding ASN.1 and PKCS#10, I recommend you to start with
(1) A Layman's Guide to a Subset of ASN.1, BER, and DER
(2) Some Examples of the PKCS Standards
which can be found at http://www.rsa.com
For the encoding & decoding part, I guess the JCEs provide some support but it is
better to go for a package from Forge(an Australian company I guess) or our own
SNACC(IBM has one for Java at http://alphaworks.ibm.com). NOTE: I hope you will be
respecting the license issues...
By the way, if you want to have a kick start, I can send you some of my code which I
wrote to do the same thing. But note that it will require a lot of facelift from you
;-)
Warm Regards
----------
You can get more with a kind word and a gun,
than you can with a kind word alone.
- Al Capone (1899-1947)
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]
>Sent: Monday, October 23, 2000 11:54 PM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
>[EMAIL PROTECTED];
>[EMAIL PROTECTED]
>Subject: RE: Gemplus CardServices(was: RE: [OCF] Certificate requests)
>
>
>
>
>Hi, Mohammed. Hi, folks.
>I think this is the final example of how I got to create a key
>pair inside
>my card, sign some data and verify it, besides erasing the
>card and showing
>a directory listing.
>1) As I have reported, and Cristophe Muller confirmed, one must use
>gemplus-terminals-4.1.jar instead of the one that ships with
>OCF 1.2. This
>was one of the problems.
>2) The code attached issues some System.out.println's that don't appear
>even in Mohammed's output (below). I first noticed this in my runs and
>suspected it was some exception that wasn't caught (or might
>be silently
>caught). Then I noticed that Mohammed's output was not showing
>the messages
>either. If you inspect the example revised below and compare
>it with the
>original Test.java that Mohammed posted, you will see a minor
>difference.
>While Test,java caught java.lang.Exception's, I am catching
>java.lang.Throwable's, which are the roots of everything that
>can be thrown
>and caught. From that on, the program started throwing a
>NoClassDefFoundError:
><output>
> Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
> Did not find Gempluscardterminal.properties file
> Uses OCF Polling list techniques
> Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
> Did not find Gempluscardterminal.properties file
> Uses OCF Polling list techniques
>
>Waiting for card...
>
>Card detected
>
>
>getInfoResult = A2 08 01 01 52 00 FF 00 10 05 FF 86 86
>com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@bcbc275a
>Erasing Card...
>com.gemplus.opencard.service.gpk.file.GPKFileSystemService@19042755
>com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationServ
>ice@25b82755
>com.gemplus.opencard.service.gpk.signature.GPKSignatureService@4cf82755
>com.gemplus.opencard.service.gpk.signature.GPKKeyManagementServ
>ice@6b702755
>java.lang.NoClassDefFoundError: javax/crypto/spec/SecretKeySpec
> at
>com.gemplus.opencard.service.gpk.security.GPKCredential.<init>(
>GPKCredential.java:124)
> at
>com.gemplus.opencard.service.gpk.security.GPKCredential.<init>(
>GPKCredential.java:106)
> at
>com.gemplus.opencard.service.gpk.security.GPKAdministrativeCred
>ential.<init>(GPKAdministrativeCredential.java:103)
> at Tutorial.<init>(Tutorial.java, Compiled Code)
> at Tutorial.main(Tutorial.java:189)
></output>
>
>After installing JCE-1.2.1, I got this (quite nice) output:
>
><output>
> Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
> Did not find Gempluscardterminal.properties file
> Uses OCF Polling list techniques
> Gemplus Card Terminal Version: 4.01.003 Date: December 10, 1999
> Did not find Gempluscardterminal.properties file
> Uses OCF Polling list techniques
>
>Waiting for card...
>
>Card detected
>
>
>getInfoResult = A2 08 01 01 52 00 FF 00 10 05 FF 86 86
>com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@9ac838be
>Erasing Card...
>com.gemplus.opencard.service.gpk.file.GPKFileSystemService@b6d438b1
>com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationServ
>ice@c13838b1
>com.gemplus.opencard.service.gpk.signature.GPKSignatureService@da8c38b1
>com.gemplus.opencard.service.gpk.signature.GPKKeyManagementServ
>ice@e43c38b1
>
>Create DF :3F00:0200
>
>Generating Key Pair in :3F00:0200:0201...
>
>Signing data with EF PK :3F00:0200:0201
>Data to sign: 49 27 4D 20 53 49 47 4E 49 4E 47 20 49 4E 20 54
>48 45 20 52 41 49 4E 20
>Signature: B0 45 60 70 1A AA 14 CC DD D4 1C E8 D9 CD F2 0B
>25 6E 49 6B 23 1F B2 B4 D2 62 1B EF C1 F8 0B 97
>9A 93 50 48 41 58 34 69 7F 23 C9 92 80 B7 0A CD
>14 35 AD FF 52 6C 51 04 A0 69 5F 2E 2C D7 2E 08
>5C 1F 42 81 7F 60 E7 C1 22 65 38 D1 D3 9A 70 B8
>A2 1A 90 F1 AF A6 88 17 C1 26 5F 6D 30 45 AF 65
>B8 86 97 02 43 AF F9 EA C4 53 F3 61 13 23 EB 16
>20 F2 7C E9 29 16 2C 08 79 C5 4B C6 35 FC BC 4B
>
>
>Verify Signed data with EF PK :3F00:0200:0201
>
>Verification Result : true
>:3F00
>:3F00:0100
>:3F00:0100:0101
>:3F00:0100:0102
>:3F00:0200
>:3F00:0200:0201
>:3F00:3F01
></output>
>Mohammed, perhaps you could confirm if you have JCE installed
>and if you
>can observe this difference.
>Now my card works fine with this example and I consider this
>step finished
>successfully. I would like to thank everyone in this list for
>helping me
>achieve such results.
>My next step will be to understand ASN.1 and PKCS#10 and try to make a
>certificate signing request with my own hands. :-)
>
>Regards,
>Douglas
>
>
>(See attached file: Tutorial.java)
>
>
>
>
>
>
>[EMAIL PROTECTED]
>18/10/2000 05:46
>
>
>
>To: Douglas Atique/BR/ABNAMRO/NL@ABNAMRO
>cc: [EMAIL PROTECTED]
>Subject: RE: Gemplus CardServices(was: RE: [OCF] Certificate requests)
>
>The same program(with the exception of one System.out.println)
>gave me the following output:
>
>---------
>com.gemplus.opencard.service.gpk.file.GPKFileSystemService@6fd1f490
>com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@64c5f4ee
>com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationServ
>ice@7525f4ee
>com.gemplus.opencard.service.gpk.signature.GPKSignatureService@98cdf4ef
>com.gemplus.opencard.service.gpk.signature.GPKKeyManagementServ
>ice@ac0df4ef
>:3F00
>:3F00:0100
>:3F00:0100:0101
>:3F00:0100:0102
>:3F00:3F01
>Erasing Card...DONE
>--------
>
>I think the problem may be in the status of your card. It
>looks like the status of your card is set to 'personalisation
>completed', in which case you
>will not be able to erase the card. To check whether the
>status is set or not, please add the following lines of code
>to your program
>
>-------------------- cut here --------------------
>// import section
>import com.gemplus.opencard.service.gpk.admin.GPKAdministrativeService;
>import
>com.gemplus.opencard.service.gpk.admin.AdministrativeCardService;
>
>// instantiate the service
>acs = (GPKAdministrativeService)
>card.getCardService(AdministrativeCardService.class, true);
>
>// get card status
>byte[] getInfoResult = acs.getInfo((byte)0xA4);
>Util.printBytes("\ngetInfoResult = ", getInfoResult);
>--------------------------------------------------
>
>getInfoResult should be A20801015200FF001005FFC6C6 or
>A20801015200FF001005FF8686. If it is
>A20801015200FF001005FFCECE or A20801015200FF001005FF8E8E,
>then the card status is 'personalisation completed, and hence
>you cannot use erase() command.
>
>By the way, could you please let me know what is the exact
>status code(6B00 or 6B90)?
>
>----------
>You can get more with a kind word and a gun,
>than you can with a kind word alone.
>- Al Capone (1899-1947)
>
>
>>-----Original Message-----
>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>Sent: Tuesday, October 17, 2000 11:03 PM
>>To: [EMAIL PROTECTED]
>>Cc: [EMAIL PROTECTED]
>>Subject: Gemplus CardServices(was: RE: [OCF] Certificate requests)
>>
>>
>>
>>
>>Hello, Mohammed.
>>I would like to ask you about the gemplus GPK8000 card
>services (a.k.a.
>>card drivers).
>>I have downloaded them (v.0.2) and tried to run your example (I have
>>changed it a little).
>>
>>(See attached file: Tutorial.java)
>>
>>Here is the output of the program:
>>
>>Waiting for card...
>>
>>Card detected
>>
>>com.gemplus.opencard.service.gpk.file.GPKFileSystemService@1f92d7d3
>>com.gemplus.opencard.service.gpk.file.GPKFileUtilityService@26fad7d3
>>com.gemplus.opencard.service.gpk.signature.GPKKeyGenerationServ
>>ice@4bf6d7d3
>>com.gemplus.opencard.service.gpk.signature.GPKSignatureService
>@4496d7d3
>>com.gemplus.opencard.service.gpk.signature.GPKKeyManagementServ
>>ice@54a2d7d3
>>com.gemplus.opencard.service.gpk.GPKException: Status code: 6B90
>> at
>>com.gemplus.opencard.service.gpk.GPKResponseAPDU.validate(GPKRe
>>sponseAPDU.java:104)
>> at
>>com.gemplus.opencard.service.gpk.access.GPKCardAccessor.selectF
>>ile(GPKCardAccessor.java, Compiled Code)
>> at
>>com.gemplus.opencard.service.gpk.file.GPKFileAccessService.exis
>>ts(GPKFileAccessService.java:164)
>> at
>>com.gemplus.opencard.service.gpk.file.GPKFileUtilityService.dir
>>(GPKFileUtilityService.java, Compiled Code)
>> at Tutorial.<init>(Tutorial.java, Compiled Code)
>> at Tutorial.main(Tutorial.java:169)
>>
>>Any idea what this error code is? I have found in the
>>Reference Manual the
>>code 6B00 which means illegal address. Some errors like 6Cnn
>can span a
>>range, but 6B doesn't. Any idea what is going on?
>>Thanks in advance,
>>Douglas
>>
>>
>>
>>
>>
>>
>>"Mohammed SADIQ" <[EMAIL PROTECTED]>
>>13/10/2000 09:16
>>
>>
>>
>>To: Douglas Atique@BAND
>>cc: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>, Mauricio
>> Fujisawa@BAND, Marcelo Gulfier/BR/ABNAMRO/NL@BAND
>>Subject: RE: [OCF] Certificate requests
>>
>>
>>>I would like to confirm: I must download the card drivers
>from Gemplus
>>>site, right? Or does OCF 1.2 come with them? I have downloaded
>>>them anyway.
>>
>>I think they are available at both OCF & Gemplus Developers
>>site. But make
>>sure that you get the latest.
>>
>>Warm Regards
>>
>>----------
>>Don't anthropomorphize computers -- they hate it.
>>- Anonymous
>>
>>
>>>-----Original Message-----
>>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>>Sent: Friday, October 13, 2000 6:36 PM
>>>To: [EMAIL PROTECTED]
>>>Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
>>>[EMAIL PROTECTED]
>>>Subject: RE: [OCF] Certificate requests
>>>
>>>
>>>
>>>
>>>Thanks, Mohammed.
>>>You have been very helpful. And your example will help me a lot.
>>>I would like to confirm: I must download the card drivers
>from Gemplus
>>>site, right? Or does OCF 1.2 come with them? I have downloaded
>>>them anyway.
>>>Now that you have clarified some crucial points I am ready to
>>>go through
>>>the GPK manuals again.
>>>Regards,
>>>Douglas
>>>
>>>
>>>
>>>
>>>
>>>
>>>[EMAIL PROTECTED]
>>>12/10/2000 03:24
>>>
>>>
>>>
>>>To: Douglas Atique/BR/ABNAMRO/NL@ABNAMRO
>>>cc: [EMAIL PROTECTED]
>>>Subject: RE: [OCF] Certificate requests
>>>
>>>My comments below...
>>>
>>>----------
>>>Trust, but verify.
>>>- Anonymous
>>>
>>>
>>>>-----Original Message-----
>>>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>>>>Sent: Wednesday, October 11, 2000 11:24 PM
>>>>To: [EMAIL PROTECTED]
>>>>Cc: [EMAIL PROTECTED]
>>>>Subject: RE: [OCF] Certificate requests
>>>>
>>>>
>>>>
>>>>
>>>>Thanks for your answer, Mohammed. I am doing my tests with
>>>GPK 4000 and GPK
>>>>8000 cards. GPK 4000 has 6 manuals full of instructions, but
>>>this looks
>>>>much like assembly programming.
>>>
>>>>Do I have to assemble APDUs to send to the card myself
>>>>or are there any ready calls in OCF that I can use to generate
>>>>keys, get public key out of the card, store certificates
>>>inside the card
>>>>and sign data.
>>>
>>>OCF provides you API for
>>>(1)generation of key pairs
>>>(2)signing
>>>(3)store certificates(just store the DER encoded stuff in some
>>>transparent/binary file)
>>>(4)fetch public key - I don't know whether OCF provides this a
>>>one step process. But a simple work around will be reading 'a'
>>>record(to be precise 2
>>>records, for N and E) from the PK file.
>>>
>>>The attached program generates a key pair, signs some data and
>>>verifies the signature.
>>>
>>>>Also, I am a little confused by the file naming scheme. Are
>>>>there any well-known file names under which I should store my
>>>certificate
>>>>or is it just a matter of conventioning some file for my
>application?
>>>
>>>Its upto the application. There is no restriction as such.
>>>There is just a 'recommendation' that the DF should be named
>>>as XY00 and all its EFs should
>>> be christened as XYab.
>>>
>>>>I have read the manuals for GPK and they talk about master
>>>file, dedicated
>>>>files and elementary files, and these can be of various types.
>>>>Could you clarify this some more to me?
>>>
>>>The file types are explained very elaborately in the reference
>>>manuals. Please go thru them, and if you have any specific
>>>query, please let me know.
>>>
>>>
>>>
>>
>>
>>
>
>
>---
>> Visit the OpenCard web site at http://www.opencard.org/ for more
>> information on OpenCard---binaries, source code, documents.
>> This list is being archived at
http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
