Hi,
I am writing and compiling a Java card applet. A distributor will be in charge of burning the .cap compiled applet into the cards.
I was able to
- generate an SSD with my public key in it.
- generate the signature of the applet with my private key.
I would like to
- provide the distributor with my public key, the cApplet's signature and the cApplet so they can create the custom SSD and then burn the cApplet it into the card.
- have a way for the customers to verify that the installed applet (by the distributor) is the very same applet we shipped to them.
I was thinking in a built-in verification mechanism inside the cApplet's code but I am not finding a reliable way to do it without tampering the chain of trust, meaning that the distributor could potentially mimic the behavior of the verification mechanism from within the compiled cApplet.
ideas are welcome, thanks!