WARNING: this is a long post!
The ultimate question that I want answered is: How do you upload an applet onto the smart card?
I have gone through several threads on this forum (and others), though the answers that I have found so far are quite technical and do not explain everything. I am looking for a layman's explanation i.e. step-by-step, of how to upload an applet onto a smart card. I also thinks that the answers to this thread might be helpful for a lot of other people.
To remove an ambiguity that this question may pose, let me describe everything that I have try so far in an effort to refine the responses to this question.
The terminal-side application uses the following API to perform all the necessary communications with the terminal.
import javax.smartcardio.*;
The card-side application uses the following API.
import javacard.framework.*;
After installing "java card kit 2.2.1" and setting the environment variables as specified in the documentation, I was able to write the card-side and to:
-compile it using
%JAVA_HOME%\bin\javac -g -classpath %_classes% JavaCardApplet.java
-convert it using
%JC_HOME%\bin\converter -config JavaCardApplet.opt
-verify it using
%JC_HOME%\bin\verifycap -nobanner %EXPORT_PATH% \javacard\JavaCardApplet.cap
-tested the code using the following commands in separate window (also tested using the "cref" environment)
%JC_HOME%\bin\jcwde Config.app
%JC_HOME%\bin\apdutool -o apdu.out apdu.in
-finally, generated an installation file using
%JC_HOME%\bin\scriptgen -o JavaCardApplet.install -package JavaCardApplet \javacard\JavaCardApplet.cap
This is where the problems began: I followed the instruction in the "java card kit 2.2.1" documentation and pre-pended and appended the following command to the "JavaCardApplet.install" file
powerup;
0x00 0xA4 0x04 0x00 0x09 0xA0 0x00 0x00 0x00 0x62 0x03 0x01 0x08 0x01 0x7F;
...
powerdown;
Once this was done, I was able to successfully install the applet in the "cref" environment using the "apdutool" to send the commands in the "JavaCardApplet.install" file. Thinking that everything is OK, I proceeded and used my terminal-side application to process the "JavaCardApplet.install" and sent the commands to the actually smart card (don't worry my programs strips out the comment, echo, powerup and powerdown commands). This is where I ran into problems as I got the following errors while trying to upload the applet.
ATR ==> 3B F9 18 00 00 81 31 FE 45 4A 43 4F 50 32 31 56 32 32 A9
[SEND] ==> 00 A4 04 00 09 A0 00 00 00 62 03 01 08 01 7F
[RECIEVE] ==> 6A 82 (File not found)
[SEND] ==> 80 B0 00 00 7F
[RECIEVE] ==> 69 85 (Conditions of use not satisfied)
Seeing that the "test install" process went well, I emailed my card supplier these errors and asked how to proceed, I prompted asked where did I get that particular AID (A0 00 00 00 62 03 01 08 01) from, and to read the GlobalPlatform (GP) specifications. P.S. to all smart card programming beginners to save you much hassle AID A0 00 00 00 62 03 01 08 01 = com.sun.javacard.installer.InstallerApplet, and only works in testing using "jcwde" or "cref" unless you somehow install it on the actually smart card (To the professionals: is this a correct assumption?).
Downloaded the GP specifications and trolled around the Internet eventually was able to able to determine that the Card Manager AID = A0 00 00 00 03 00 00 00 and found the following code on this forum:
=> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 00 ..............
(1526 usec)
<= 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 o..............e
01 FF 90 00 ....
Status: No Error
set-key 255/1/DES-ECB/404142434445464748494A4B4C4D4E4F
set-key 255/2/DES-ECB/404142434445464748494A4B4C4D4E4F
set-key 255/3/DES-ECB/404142434445464748494A4B4C4D4E4F
init-update 255
=> 80 50 00 00 08 29 3C C7 B0 85 13 ED AD 00 .P...)<.......
(2366 usec)
<= 00 00 C6 D8 6A 1C B2 02 14 13 FF 02 00 01 26 F7 ....j.........&.
25 4D B0 B9 4B C9 DE CB 24 59 18 3A 90 00 %M..K...$Y.:..
Status: No Error
I copied and pasted the command APDU codes into my program and got the following results:
ATR ==> 3B F9 18 00 00 81 31 FE 45 4A 43 4F 50 32 31 56 32 32 A9
[SEND] ==> 00 A4 04 00 08 A0 00 00 00 03 00 00 00 7F
[RECIEVE] ==> 6F 10 84 08 A0 00 00 00 03 00 00 00 A5 04 9F 65 01 FF 90 00 (Normal Processing)
[SEND] ==> 80 50 00 00 08 29 3C C7 B0 85 13 ED AD 7F
[RECIEVE] ==> 00 00 61 65 00 78 19 90 98 86 FF 02 00 00 93 73 3A B8 2C 0F AB 33 05 97 05 64 F2 B3 90 00 (Normal Processing)
This is as far I have gotten as I do not know how to proceed further. After selecting the Card Manager in the first line, I do not know what I need to do with the response APDU in the second line. According to the GP specifications Appendix E, the third line is a INITIALIZE UPDATE command with a host challenge, and the fourth line is the response data according to Table E-8.
According to what I have read (and been able to understand), to upload an applet onto the smart card, you need to select the Card Manager and perform mutual authentication. Now that I have explained the whole situation and the point that I am stuck on, my questions are:
1) Is there an API that I can use to upload the applet to the smart card, or some place that explains this upload process in a simple fashion, because I cannot make heads or tails of the GP specifications?
2) Idealy, I would wish to upload the applet using the terminal-side application that I have written, and not use a external application like, I presume, JCShell or GPShell? Unless these applications can be easily integrated in to the terminal-side application (similar to an API as suggested in the first question)!
3) Assuming a solution to one of the both questions, is it possible to uses the APDU commands generated by "scriptgen" "as is" to upload the applet, or does the command need to be altered and/or encrypted before it is uploaded?
I really hope that I have made a mountain out of a mole hill, and that someone provides a simple solution to this problem. Thanks in advance to everyone that makes the effort to read this post and that provides useful information.
Alex...