[Pcsclite-muscle] Android Smart Card Emulator

William Roberts bill.c.roberts at gmail.com
Wed Mar 11 22:26:54 UTC 2015 

On Wed, Mar 11, 2015 at 3:18 PM, Frank Morgner <
morgner at informatik.hu-berlin.de> wrote:

> On Wednesday, March 11 at 03:08PM, William Roberts wrote:
> > Ok got it thanks.
> >
> > I was looking at the code for jcardsim and it looks like the crypto
> > operations are backed by bouncycastle. It also appears that their
> > are no Keystore interfaces. On actual smart cards, can an applet call
> > PrivateKey.getEncoded() and actually retreive the raw key bytes?
> >
> > It would be nice to interface this stuff into AndroidKeyStore so private
> > keys cannot be leaked.
>
> A Java Card applet expects the underlying platform to be secure by
> design. This should be handled in the crypto layer (i.e. spongycastle
> which is an Android substitute for bouncycastle).
>

Android ships with a crippled bouncy castle built into the framework jar
(device binary), which is why their is
the spongy castly split FYI. However, in either case, the keys are stored
in your application
folder. So if anyone comprimises the app sandbox, they comprimise your keys
and can offload them.

If you use Android Keystore, it stores and generates keys in TrustZone, or
some other priveleged
component or discrete hardware. The key bytes are never released from the
"secure element", whether
it be trustzone, TPM, etc.

Android has a much larger attack surface than a smartcard so using the
keystore is a nice to have thing.

But this is really cool, I didn't know their was these off the shelf
compoenents, thanks for sharing.



>
> > On Wed, Mar 11, 2015 at 12:11 AM, Frank Morgner <
> > morgner at informatik.hu-berlin.de> wrote:
> >
> > > On Tuesday, March 10 at 05:52PM, William Roberts wrote:
> > > > On Tue, Mar 10, 2015 at 5:19 PM, Frank Morgner <
> > > > morgner at informatik.hu-berlin.de> wrote:
> > > >
> > > > > Hi!
> > > > >
> > > > > I created a simple App which uses Android’s HCE to fetch APDUs
> from a
> > > > > contact-less reader and delegate them to Java Card Applets. The app
> > > > > includes the Java Card simulation runtime of jCardSim [1] as well
> as
> > > the
> > > > > following Java Card applets:
> > > > >
> > > > > - Hello World applet [2]
> > > > > - OpenPGP applet [3]
> > > > > - OATH applet [4]
> > > > > - ISO applet [5]
> > > > >
> > > > > With some more effort I think this could be quite interesting for a
> > > > > variety of use cases. What do you think?
> > > > >
> > > >
> > > > Def tons of use cases. Can you elaborate on jcardsim? Looks like its
> > > just a
> > > > jar file you can load applet byte code into.
> > >
> > > Yes and no. jCardSim essentially provides all the packages of a
> standard
> > > Java Card as well as some simulation glue code (see
> > > http://jcardsim.org/docs/quick-start-guide-simulator-api). You need to
> > > have the applet compiled for the JRE (in my case Dalvik VM) to let the
> > > applet 'use' the java card environment of jCardSim.
> > >
> > > > > Greets, Frank.
> > > > >
> > > > >
> > > > > [0]
> > > https://frankmorgner.github.io/vsmartcard/ACardEmulator/README.html
> > > > > [1] http://www.jcardsim.org/
> > > > > [2]
> > > > >
> > >
> https://github.com/licel/jcardsim/blob/master/src/main/java/com/licel/jcardsim/samples/HelloWorldApplet.java
> > > > > [3] https://developers.yubico.com/ykneo-openpgp/
> > > > > [4] https://developers.yubico.com/ykneo-oath/
> > > > > [5] http://www.pwendland.net/IsoApplet/
> > >
> > > --
> > > Frank Morgner
> > >
> > > Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
> > > OpenPACE                        http://openpace.sourceforge.net
> > > IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc
> > >
> > > _______________________________________________
> > > Pcsclite-muscle mailing list
> > > Pcsclite-muscle at lists.alioth.debian.org
> > >
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
> > >
> >
> >
> >
> > --
> > Respectfully,
> >
> > William C Roberts
>
> > _______________________________________________
> > Pcsclite-muscle mailing list
> > Pcsclite-muscle at lists.alioth.debian.org
> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
>
> --
> Frank Morgner
>
> Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
> OpenPACE                        http://openpace.sourceforge.net
> IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc
>
> _______________________________________________
> Pcsclite-muscle mailing list
> Pcsclite-muscle at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
>



-- 
Respectfully,

William C Roberts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pcsclite-muscle/attachments/20150311/08eb5d42/attachment.html>

More information about the Pcsclite-muscle mailing list