Over the past year, I have received a number of comments and messages about development environments. Readers ask me which environment I use, and which one they can use. Sadly, I don’t have a good answer for now. Actually, I hope that this post will be a bit interactive, and that some comments will bring good answers for people who want to develop Java Card applications.
I use IBM’s JCOP tools. They work quite well, they are integrated into Eclipse, and they are even able to manage code on real cards (and not onlny IBM’s cards; I often use them with Trusted Logic’s jTop cards). Sadly, IBM has stopped working on JCOP, and a link on the original Zurich team’s home page indirectly points to a NXP e-mail address:
Please address requests for the JCOP Tools and activation codes to tools.jcop@nxp.com
Now, that does not necessarily mean that you will be able to get the tools from that address, as the way in which NXP distributed the JCOP tools is not all that clear to me.
For basic developers, an alternative is Sun’s Java Card Development Kit 2.2.2. It works, but it is a pure Java Card engine, with no support for things like GlobalPlatform and, of course, no way to load applications on actual cards. You can therefore use it to write your first applications, but frustration is around the corner.
In order to address this problem, there is GPShell, but the version I found seems quite outdated.
Another alternative is to go with the vendors. Here are a few possibilities:
- Gemalto’s Gemxplore developer suite, mostly targeting SIM cards of all kinds. The products is expensive, but there is a free trial.
- Giesecke & Devrient’s Sm@rtCafé Professional Toolkit 2.0 is also available. I haven’t seen it in a while, but it the last demo I saw was quite nice, although not integrated in a standard IDE.
- Axalto’s Cyberflex SDK site is still up, but it does not look much maintained.
There are probably many more, but I haven’t found them, or I haven’t found if they could be bought.
Good luck to all people who are looking for Java Card development environments. And if you know of a good solution, please let me know, and I will spread the news.
So,
It seems like that if you want to load your JavaCard applets on a real smart card, then you need to buy a developer kit that allows that. The only exception seems to be if you use SATSA to access the JSR-177 compliant phones.
However, I’m not sure if its possible or feasible to load JavaCard applets on a SATSA device. Can you shed any light?
The short answer is that, yes, SATSA-enabled devices are able to load applications on the device’s secure elements using an appropriate MIDlet. See this paper for an example.
Now, if you look closely at this example, you will realize that the mobile application simply acts as a proxy between a provisioning server (which actually issues the content management commands) and the card itself (which consumes them).
So, in the end, there is no exception for SATSA-enabled phones. You will still need some software to generate the sequence of commands that will load and install your applications on your card or other secure element.
I have a question regarding the loading of applets on JCOP31 cards. I’m using a contact-less reader/writer on cards, which gives me the ability to send and receive APDUs to the card. Could I use the GPShell to generate the commands that load my CAP file to the card? If so, how could I do that?
Please reply to my email.
Thanks in advance for help.
JCOP tools used to be freely available from IBM website. You just had to mail IBM JCOP team to obtain activation code/process.
Today, NXP owns JCOP / JCOP Tools and it seems very hard to obtain JCOP tools from NXP, even if no change were made by NXP (It is still today the good old 3.1.2 “IBM” release, Eclipse 3.2 + Java 1.4 compatible).
So if you want JCOP Tools :
Bad News : NXP will probably ignore your mail request to obtain the tool and/or activation code. If you manage to pass that stage… you’ll probably receive tons of papers to fill… sign back…
Good News : There is a trick… No need to deal directly with NXP, simply buy a NXP JCOP Card from usasmartcard.com and you’ll receive JCOP Tools and documentation on a bundled CD with your card. The documentation will clearly explain how to activate the JCOP tools witht the NXP card.
Easy.
I thought of buying the following product from usasmartcard.com for my final year project:
NXP (Philips) JCOP 41 V2.2.1/72K
Can you please make sure that I will be able to load the own applet that I’ve designed to this smart card? also will I get JCOP dev tools with this?
Many of these vendors are not responding to our queries.. So seeking some advice from experts.
http://www.usasmartcard.com/component/page,shop.product_details/flypage,shop.flypage/product_id,54/category_id,26/manufacturer_id,0/option,com_virtuemart/Itemid,26/
Sorry, RAM, but I can’t make sure that you will be able to do anything with your applet on a JCOP card (or on any other card, actually).
The oly thing I can tell you is that The USA Smart Card site has been recommended to me by two persons I trust. So, I am sure that they delivered at some point. But things change fast, so I hope that they still do!
Hi
Im having a SETECS 256k java smart card and precise biometric card reader. Need to know how do I load the cap file generated using java card 2.2 kit? I need to load on the real card and not use simulators. Please help
I bought three JCOP cards from usasmartcard and I got no JCOP tool. I tried to contact NXP and as someone said before they ignore your requests.
Just an update about usasmartcard.com…
I used to recommend this website but not anymore. Of course you are still free to buy a JCOP smartcard and hope that they still provide JCOP tools with the sample (i did not retry recently), but this “company” is probably a one-guy only thing : They do not answer to mail very often (nearly never in fact) and their website has been compromised/hacked during at least five months… I informed the owner of the website about the security hole (russian javascript injection) and never had an answer… even if at the end they managed to remove the hacked javascript injection.
So… so do not EVER fill a form on their website with your credit card informations.