Category Archives: Tutorial

Another tutorial on Java Card, hopefully with a personal touch about security and a few practical things.

Q&A: How to generate and protect keys in Java Card?

Cryptographic keys are often at the heart of Java Card applications, which often rely on cryptography to protect their data in storage and/or communication. Keys therefore become the most sensitive pieces of data in such applications. All evaluators know that, as getting the values of secret/private keys is the ultimate goal of a security evaluation. […]

Q&A: What do NFC NDEF Signature records bring?

Here is another question related to NFC, this time about what I understand of NDEF signatures (could be incomplete). The NFC Forum has recently added the possibility to include a signature record in tags. Adding such a signature can be used to ensure that the content of the tag (say, a URL) has been written […]

Q&A: NFC attacks

Over the years, I got quite a few questions about Java Card and related technologies. As a diverging extension to the tutorial, and as a way to bring back some technical content here, I will try to write a few Q&A entries on a regular basis. The first one is about NFC attacks, a topic […]

JC301-4: Where are the differences?

[Corrected April 9, 2009: more mentions of Classic, added a conclusion] You have been warned in the previous posts. The Connected Edition of Java Card 3.0 is very different from Java Card 2.x. But, how exactly are these two versions different? Well, there are differences at all levels, from the virtual machine to the application […]

JC101-20C: A secure channel API

Continuing our secure channel example, we will next define a secure channel API, and provide a small example based on this API. Beware! As mentioned before, this is only an example, not intended for real use. In addition, the code has not been actually tested so far …

JC301-3: Connected vs. Classic

After a month of silence, just a quick post to restart the tutorial thing, about the two editions of Java Card 3.0. Two editions As mentioned earlier, Java Card 2.x represents 5 billion cards today, and over a billion are issued each year. This represents a very significant part of the smart card business in […]

JC101-19C: Secure channel protocol

Starting a session Protocol For our session start, we will here use a classical architecture, but with slightly different commands. First, here is a definition of the exchanges between two actors (say, Alice and Bob) to start a secure session: Alice sends a 16-byte random number to a1 … a16 to Bob. Bob replies with […]

JC101-18C: Defining a secure channel from scratch

In the few coming posts, we will define a secure channel protocol from scratch as an example, and provide an implementation for it. This example will also be used as a way to introduce the cryptographic mechanisms that exist in Java Card. Be careful, this is not a tutorial on cryptography. I am not a […]

JC301-2: Why change Java Card?

I have recented commented on the fact that parts of the Multos specification have not evolved since August 1997. Java Card was then at its 1.0 version, and in 10 years, has known 3 major releases: 2.0 introduced the new framework, 2.1 made it mature by defining binary-level interoperability, and 2.2 added a few missing […]

JC301-1: Introducing Java Card 3.0

Foreword: The JC101 tutorial about Java Card 2 is getting closer to the end, now dealing with the subtleties of cryptography, testing, and other difficult tasks. As progress may slow to a crawl, it is time to start discussing the technology that actually started this blog, Java Card 3. – o – Your first program […]