Merge pull request #12 from martinpaljak/301

Use ant-javacard for building the applet

README.md

@@ -1,7 +1,7 @@
 # SmartPGP applet
 
 SmartPGP is a free and open source implementation of the [OpenPGP card
-3.x specification](http://www.g10code.com/docs/openpgp-card-3.0.pdf) in JavaCard.
+3.3 specification](https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.3.pdf) in JavaCard.
 
 The main improvement introduced in OpenPGP card 3.x specification from
 previous version is the support of elliptic curve cryptography with
@@ -60,9 +60,9 @@ erased. Also note that hard coded default values will be restored upon
 a factory reset.
 
 
-## Compliance with OpenPGP card 3.x specification 
+## Compliance with OpenPGP card 3.3 specification
 
-The SmartPGP applet implements the complete OpenPGP card 3.x
+The SmartPGP applet implements the complete OpenPGP card 3.3
 specification, except the secure messaging related features:
 
 - Commands and responses protection is not implemented as described in
@@ -89,7 +89,7 @@ specification, except the secure messaging related features:
 
 # Application support
 
-Tokens following the OpenPGP card 3.x specification are not yet fully
+Tokens following the OpenPGP card 3.3 specification are not yet fully
 supported by most PGP applications.
 
 ## GnuPG
@@ -97,15 +97,13 @@ supported by most PGP applications.
 OpenPGP card 3.x is supported by [GnuPG](https://www.gnupg.org/)
 starting from version 2.1.16.
 
-The specific secure messaging of the SmartPGP applet is
+The specific secure messaging of the SmartPGP applet is **not**
-**not** supported at all at is not part of the OpenPGP card 3.x
+supported at is not part of the OpenPGP card specification.
-specification.
 
 ## OpenKeychain
 
 OpenPGP card 3.x is supported by [OpenKeychain](https://www.openkeychain.org/)
-starting from version 4.2 (not yet released, see [git master branch](https://github.com/open-keychain/open-keychain)
+starting from version 4.2.
-project). Only NIST curves are supported.
 
 The secure messaging of the SmartPGP applet is fully supported in
 OpenKeychain. See the section below for more information on the setup process.
@@ -136,9 +134,6 @@ The repository contains several directories:
 - JavaCard Development Kit 3.0.4 (or above) from
   [Oracle website](http://www.oracle.com/technetwork/java/embedded/javacard/downloads/index.html);
 
-- The `ant` tool 1.9.4 (or above) from your Linux distribution or from
-  [Apache Ant project website](http://ant.apache.org/);
-  
 - A device compliant with JavaCard 3.0.4 (or above) with enough
   available resources to hold the code (approximately 23 kB of
   non-volatile memory), persistent data (approximately 10 kB of
@@ -166,18 +161,17 @@ resource consumption by tweaking the following variables:
 
 
 ## Building the CAP file
-- Copy the `javacard.properties.example` file to a file named
-  `javacard.properties`;
 
-- Edit the `javacard.properties` file and set the path of your
+- Set path to the JavaCard Development Kit:
-  JavaCard Development Kit;
+  `export JC_HOME="your/path/to/javacardkit"`
 
 - (Optional) Edit the `build.xml` file and replace the `0xAF:0xAF`
   bytes in the `APPLET_AID` with your own manufacturer identifier (see
-  section 4.2.1 of OpenPGP card specification);
+  section 4.2.1 of OpenPGP card specification). Alternatively, set the
+  right AID instance bytes during applet installation.
 
 - Execute `ant` with no parameter will produce the CAP file in
-  `build/fr/anssi/smartpgp/javacard/smartpgp.cap`.
+  `SmartPGPApplet.cap`.
 
 ## Building the CAP file with Gradle
 
@@ -190,25 +184,25 @@ resource consumption by tweaking the following variables:
 ## Installing the CAP file
 
 The CAP file installation depends on your device, so you have to refer
-to the instructions given by your device manufacturer.
+to the instructions given by your device manufacturer. Most open cards
+relying on Global Platform with default keys are supported by
+[GlobalPlatformPro](https://github.com/martinpaljak/GlobalPlatformPro).
 
 Be careful to use a valid AID according to the OpenPGP card
-specification (see section 4.2.1) for each card.
+specification (see section 4.2.1) for each card (`-create <AID>` with
+GlobalPlatformPro)
 
 
 
 # Setting up secure messaging with OpenKeychain
 
-The patch written for OpenKeychain permits to use the secure
-messaging feature with or without token authentication.
-
 ## Secure messaging without token authentication
 
-Without token authentication, you are not protected against man-in-the
+Without token authentication, you are not protected against
-middle attack as your device cannot ensure it is communicating
+man-in-the-middle attack as your device cannot ensure it is
-directly with a trusted token. Nevertheless, the communications with
+communicating directly with a trusted token. Nevertheless, the
-the token are still protected in confidentiality against passive
+communications with the token are still protected in confidentiality
-attacks (i.e. traffic capture).
+against passive attacks (i.e. trafic capture).
 
 If you want to test secure messaging without token authentication, you
 can use the following command to order the token to generate its

build.xml

@@ -1,39 +1,13 @@
 <?xml version="1.0"?>
 <project name="smartpgp" default="convert" basedir=".">
   <description>Ant build for SmartPGP applet</description>
-  <property name="src" location="src"/>
+  <get src="https://github.com/martinpaljak/ant-javacard/releases/download/18.06.25/ant-javacard.jar" dest="." skipexisting="true"/>
-  <property name="build" location="build"/>
+  <taskdef name="javacard" classname="pro.javacard.ant.JavaCard" classpath="ant-javacard.jar"/>
-  <property file="javacard.properties"/>
+  <target name="convert">
-  <property name="JAVA_PACKAGE" value="fr.anssi.smartpgp"/>
+    <javacard>
-  <property name="JAVA_PACKAGE_DIR" value="fr/anssi/smartpgp/"/>
+      <cap output="SmartPGPApplet.cap" sources="src" aid="d27600012401" version="1.0">
-  <property name="APPLET_NAME" value="SmartPGPApplet"/>
+        <applet class="fr.anssi.smartpgp.SmartPGPApplet" aid="d276000124010303AFAF000000000000"/>
-  <property name="PACKAGE_AID" value="0xd2:0x76:0x00:0x01:0x24:0x01"/>
+      </cap>
-  <property name="APPLET_AID" value="0xd2:0x76:0x00:0x01:0x24:0x01:0x03:0x02:0xAF:0xAF:0x00:0x00:0x00:0x00:0x00:0x00"/>
+    </javacard>
-  <property name="VERSION" value="1.0"/>
-  <target name="init">
-    <mkdir dir="${build}"/>
-  </target>
-  <target name="compile" depends="init" description="compile the source">
-    <javac srcdir="${src}" destdir="${build}" includeantruntime="false" source="1.6" target="1.6">
-      <classpath>
-            <pathelement path="${JAVACARD_HOME}/lib/api_classic.jar"/>
-      </classpath>
-    </javac>
-  </target>
-  <target depends="compile" name="convert" description="convert to .cap">
-      <java classname="com.sun.javacard.converter.Main" fork="true" failonerror="true">
-      <arg line="-classdir ${build}"/>
-      <arg line="-verbose"/>
-      <arg line="-exportpath ${JAVACARD_HOME}/api_export_files"/>
-      <arg line="-out CAP JCA EXP"/>
-      <arg line="-applet ${APPLET_AID} ${APPLET_NAME}"/>
-      <arg line="${JAVA_PACKAGE} ${PACKAGE_AID} ${VERSION}"/>
-      <classpath>
-            <pathelement location="${JAVACARD_HOME}/lib/tools.jar"/>
-      </classpath>
-    </java>
-  </target>
-  <target name="clean" description="clean up">
-    <delete dir="${build}"/>
   </target>
 </project>

javacard.properties.example

@@ -1 +0,0 @@
-JAVACARD_HOME=path_to_your_jdk_3_0_4