Java card key installation

Question

I am new to java card development.i want to know how we can store secure key values in the java card applet.because i want to use PKI (public key infrastructure) for the authentication.is it possible ?? if yes how we can store key in java card applet.

Answer 1

Yes, it is possible because javacard supports asymmetric cryptography i.e. RSA.

You can instantiate your keys during creation of the applet either using predefined arrays, applet specific installation parameter, or proprietary APDUs. Then the private keys shall be stored in RSAPrivateKey.

If your card support Global Platform, please take a look on the card specification. They provide variety ways of keys loading and content loading.

Answer 2

It is certainly possible, and you should do the following things:

1. generate a key pair on card, try to go for the maximum key size (2048 bits), note that this may take a long time, and if the card or reader does not handle connection time-outs gracefully, you may be in trouble;
2. create a PKCS#10 certificate request, on card on on the terminal - this is a data structure, which utilizes ASN.1 DER encoding;
3. sign the PKCS#10 request with the private key of the key pair;
4. send the PKCS#10 request to a Certification Authority (CA);
5. import the returned certificate;

Your Java Card should support RSA or EC key pair generation and signature/verification operations. Most cards nowadays do, but there may be a few that don't have an asymmetric co-processor.

This answer assumes that you create a new key pair, as using an older private key is less safe. If you want to load an existing private key you can simply call all the setters of the RSAPrivateKey, or the faster RSAPrivateCrtKey. Both objects need to be created using a Java Card KeyBuilder instance.

Note that this may require a lot of knowledge. You might be better off using an open source solution like MuscleCard.