Merge pull request #12 from martinpaljak/301
Use ant-javacard for building the applet
This commit is contained in:
commit
7e1e257e9d
50
README.md
50
README.md
@ -1,7 +1,7 @@
|
||||
# SmartPGP applet
|
||||
|
||||
SmartPGP is a free and open source implementation of the [OpenPGP card
|
||||
3.x specification](http://www.g10code.com/docs/openpgp-card-3.0.pdf) in JavaCard.
|
||||
3.3 specification](https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.3.pdf) in JavaCard.
|
||||
|
||||
The main improvement introduced in OpenPGP card 3.x specification from
|
||||
previous version is the support of elliptic curve cryptography with
|
||||
@ -60,9 +60,9 @@ erased. Also note that hard coded default values will be restored upon
|
||||
a factory reset.
|
||||
|
||||
|
||||
## Compliance with OpenPGP card 3.x specification
|
||||
## Compliance with OpenPGP card 3.3 specification
|
||||
|
||||
The SmartPGP applet implements the complete OpenPGP card 3.x
|
||||
The SmartPGP applet implements the complete OpenPGP card 3.3
|
||||
specification, except the secure messaging related features:
|
||||
|
||||
- Commands and responses protection is not implemented as described in
|
||||
@ -89,7 +89,7 @@ specification, except the secure messaging related features:
|
||||
|
||||
# Application support
|
||||
|
||||
Tokens following the OpenPGP card 3.x specification are not yet fully
|
||||
Tokens following the OpenPGP card 3.3 specification are not yet fully
|
||||
supported by most PGP applications.
|
||||
|
||||
## GnuPG
|
||||
@ -97,15 +97,13 @@ supported by most PGP applications.
|
||||
OpenPGP card 3.x is supported by [GnuPG](https://www.gnupg.org/)
|
||||
starting from version 2.1.16.
|
||||
|
||||
The specific secure messaging of the SmartPGP applet is
|
||||
**not** supported at all at is not part of the OpenPGP card 3.x
|
||||
specification.
|
||||
The specific secure messaging of the SmartPGP applet is **not**
|
||||
supported at is not part of the OpenPGP card specification.
|
||||
|
||||
## OpenKeychain
|
||||
|
||||
OpenPGP card 3.x is supported by [OpenKeychain](https://www.openkeychain.org/)
|
||||
starting from version 4.2 (not yet released, see [git master branch](https://github.com/open-keychain/open-keychain)
|
||||
project). Only NIST curves are supported.
|
||||
starting from version 4.2.
|
||||
|
||||
The secure messaging of the SmartPGP applet is fully supported in
|
||||
OpenKeychain. See the section below for more information on the setup process.
|
||||
@ -136,9 +134,6 @@ The repository contains several directories:
|
||||
- JavaCard Development Kit 3.0.4 (or above) from
|
||||
[Oracle website](http://www.oracle.com/technetwork/java/embedded/javacard/downloads/index.html);
|
||||
|
||||
- The `ant` tool 1.9.4 (or above) from your Linux distribution or from
|
||||
[Apache Ant project website](http://ant.apache.org/);
|
||||
|
||||
- A device compliant with JavaCard 3.0.4 (or above) with enough
|
||||
available resources to hold the code (approximately 23 kB of
|
||||
non-volatile memory), persistent data (approximately 10 kB of
|
||||
@ -166,18 +161,17 @@ resource consumption by tweaking the following variables:
|
||||
|
||||
|
||||
## Building the CAP file
|
||||
- Copy the `javacard.properties.example` file to a file named
|
||||
`javacard.properties`;
|
||||
|
||||
- Edit the `javacard.properties` file and set the path of your
|
||||
JavaCard Development Kit;
|
||||
- Set path to the JavaCard Development Kit:
|
||||
`export JC_HOME="your/path/to/javacardkit"`
|
||||
|
||||
- (Optional) Edit the `build.xml` file and replace the `0xAF:0xAF`
|
||||
bytes in the `APPLET_AID` with your own manufacturer identifier (see
|
||||
section 4.2.1 of OpenPGP card specification);
|
||||
section 4.2.1 of OpenPGP card specification). Alternatively, set the
|
||||
right AID instance bytes during applet installation.
|
||||
|
||||
- Execute `ant` with no parameter will produce the CAP file in
|
||||
`build/fr/anssi/smartpgp/javacard/smartpgp.cap`.
|
||||
`SmartPGPApplet.cap`.
|
||||
|
||||
## Building the CAP file with Gradle
|
||||
|
||||
@ -190,25 +184,25 @@ resource consumption by tweaking the following variables:
|
||||
## Installing the CAP file
|
||||
|
||||
The CAP file installation depends on your device, so you have to refer
|
||||
to the instructions given by your device manufacturer.
|
||||
to the instructions given by your device manufacturer. Most open cards
|
||||
relying on Global Platform with default keys are supported by
|
||||
[GlobalPlatformPro](https://github.com/martinpaljak/GlobalPlatformPro).
|
||||
|
||||
Be careful to use a valid AID according to the OpenPGP card
|
||||
specification (see section 4.2.1) for each card.
|
||||
specification (see section 4.2.1) for each card (`-create <AID>` with
|
||||
GlobalPlatformPro)
|
||||
|
||||
|
||||
|
||||
# Setting up secure messaging with OpenKeychain
|
||||
|
||||
The patch written for OpenKeychain permits to use the secure
|
||||
messaging feature with or without token authentication.
|
||||
|
||||
## Secure messaging without token authentication
|
||||
|
||||
Without token authentication, you are not protected against man-in-the
|
||||
middle attack as your device cannot ensure it is communicating
|
||||
directly with a trusted token. Nevertheless, the communications with
|
||||
the token are still protected in confidentiality against passive
|
||||
attacks (i.e. traffic capture).
|
||||
Without token authentication, you are not protected against
|
||||
man-in-the-middle attack as your device cannot ensure it is
|
||||
communicating directly with a trusted token. Nevertheless, the
|
||||
communications with the token are still protected in confidentiality
|
||||
against passive attacks (i.e. trafic capture).
|
||||
|
||||
If you want to test secure messaging without token authentication, you
|
||||
can use the following command to order the token to generate its
|
||||
|
42
build.xml
42
build.xml
@ -1,39 +1,13 @@
|
||||
<?xml version="1.0"?>
|
||||
<project name="smartpgp" default="convert" basedir=".">
|
||||
<description>Ant build for SmartPGP applet</description>
|
||||
<property name="src" location="src"/>
|
||||
<property name="build" location="build"/>
|
||||
<property file="javacard.properties"/>
|
||||
<property name="JAVA_PACKAGE" value="fr.anssi.smartpgp"/>
|
||||
<property name="JAVA_PACKAGE_DIR" value="fr/anssi/smartpgp/"/>
|
||||
<property name="APPLET_NAME" value="SmartPGPApplet"/>
|
||||
<property name="PACKAGE_AID" value="0xd2:0x76:0x00:0x01:0x24:0x01"/>
|
||||
<property name="APPLET_AID" value="0xd2:0x76:0x00:0x01:0x24:0x01:0x03:0x02:0xAF:0xAF:0x00:0x00:0x00:0x00:0x00:0x00"/>
|
||||
<property name="VERSION" value="1.0"/>
|
||||
<target name="init">
|
||||
<mkdir dir="${build}"/>
|
||||
</target>
|
||||
<target name="compile" depends="init" description="compile the source">
|
||||
<javac srcdir="${src}" destdir="${build}" includeantruntime="false" source="1.6" target="1.6">
|
||||
<classpath>
|
||||
<pathelement path="${JAVACARD_HOME}/lib/api_classic.jar"/>
|
||||
</classpath>
|
||||
</javac>
|
||||
</target>
|
||||
<target depends="compile" name="convert" description="convert to .cap">
|
||||
<java classname="com.sun.javacard.converter.Main" fork="true" failonerror="true">
|
||||
<arg line="-classdir ${build}"/>
|
||||
<arg line="-verbose"/>
|
||||
<arg line="-exportpath ${JAVACARD_HOME}/api_export_files"/>
|
||||
<arg line="-out CAP JCA EXP"/>
|
||||
<arg line="-applet ${APPLET_AID} ${APPLET_NAME}"/>
|
||||
<arg line="${JAVA_PACKAGE} ${PACKAGE_AID} ${VERSION}"/>
|
||||
<classpath>
|
||||
<pathelement location="${JAVACARD_HOME}/lib/tools.jar"/>
|
||||
</classpath>
|
||||
</java>
|
||||
</target>
|
||||
<target name="clean" description="clean up">
|
||||
<delete dir="${build}"/>
|
||||
<get src="https://github.com/martinpaljak/ant-javacard/releases/download/18.06.25/ant-javacard.jar" dest="." skipexisting="true"/>
|
||||
<taskdef name="javacard" classname="pro.javacard.ant.JavaCard" classpath="ant-javacard.jar"/>
|
||||
<target name="convert">
|
||||
<javacard>
|
||||
<cap output="SmartPGPApplet.cap" sources="src" aid="d27600012401" version="1.0">
|
||||
<applet class="fr.anssi.smartpgp.SmartPGPApplet" aid="d276000124010303AFAF000000000000"/>
|
||||
</cap>
|
||||
</javacard>
|
||||
</target>
|
||||
</project>
|
||||
|
@ -1 +0,0 @@
|
||||
JAVACARD_HOME=path_to_your_jdk_3_0_4
|
Loading…
Reference in New Issue
Block a user