Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
OpenSC (including initialization) works with JavaCards if you have a supported applet on the card.
JavaCards can come in different flavors: empty (preferred), pre-loaded with an applet in EEPROM, with an applet in ROM, with a pre-loaded applet in a finalized state (applets can't be deleted or added). Some cards, for example older IBM JCOP or older Cyberflex, come pre-loaded with a filesystem (PKCS#15) applet, which are of no interest in the broader context of JavaCards.
The core of OpenSC is a bunch of card drivers, both read-only drivers as well as PKCS#15 initialization drivers. It is important to realize, that all of the initialization drivers target a single card (usually proprietary) which is closely tied to the card vendor. Open source is all about providing options and being tied to a card vendor (even if the card comes with good documentation) has the same advantages and disadvantages as some popular binary-only display drivers provided by the vendor: it is not possible to change the way the card behaves. Therefore it is admirable to have open source code both inside the card and on the host computer and use JavaCards.
The main difference between "native" cards and JavaCards is the requirement to install the proper application to the card before continuing with OpenSC, which has historically been a somewhat complicated procedure and what this page tried to demystify.
List of applets OpenSC supports (can be read-only and locked cards):
- MuscleApplet (deprecated)
Things to consider when buying JavaCards, please have a look at JavaCard Buyer's Guide
Loading the applet
After you have fetched a suitable applet for your card (pay attention to JavaCard version and card peculiarities like Cyberflex cards), you need to load the software to the card. Here's how to do it.
A GlobalPlatform compliant software is needed for loading the applet to the card. Card vendors also provide tools for loading applets but also open source alternatives exist.
- GlobalPlatformPro - https://github.com/martinpaljak/GlobalPlatformPro - requires Java 1.8+
Interesting JavaCard applets
Open source applets possibly usable (with some work) with OpenSC:
- CoolKey Applet (MuscleApplet fork): "http://directory.fedoraproject.org/wiki/CoolKey#CoolKey_Java_Applet":http://directory.fedoraproject.org/wiki/CoolKey#CoolKey_Java_Applet
- JavaCardSign PKCS#15 applet: "http://sourceforge.net/projects/javacardsign/":http://sourceforge.net/projects/javacardsign/
- OpenPGP applet: "http://sourceforge.net/projects/jopenpgpcard/":http://sourceforge.net/projects/jopenpgpcard/ (and a somewhat matching javax.smartcardio GUI "http://sourceforge.net/projects/javaopenpgpcard/)":http://sourceforge.net/projects/javaopenpgpcard/) Other interesting applets:
- MRTD (biometric passport) applet, from JMRTD: "http://sourceforge.net/projects/jmrtd/":http://sourceforge.net/projects/jmrtd/
- "Trusted Execution Module prototype":http://github.com/costan/tem_fw ("related paper":http://people.csail.mit.edu/devadas/pubs/cardis08tem.pdf)
- "PLAID":http://www.govdex.gov.au/confluence/display/PLAID/Home ("explanation":http://www.centrelink.gov.au/internet/internet.nsf/filestores/press_kits_5_a/$file/PLAID_backgrounder_0409en.pdf)
- "ISO18013 driving license applet":http://sourceforge.net/projects/isodl/
- "Wiki in JavaCard":http://github.com/joelhockey/javacard
- ".be eID emulation":http://code.google.com/p/eid-quick-key-toolset/source/browse/trunk/eid-quick-key-toolset/eid-applet/src/main/java/be/cosic/eidapplet/
- "Web server in Java Card":http://www.citi.umich.edu/techreports/reports/citi-tr-99-3.pdf
- "State of JavaCards in 2006":http://www.cs.ru.nl/~erikpoll/papers/evaluationBasis.pdf
- "JavaCard programming tutorial":https://www.msec.be/jan/JavaCardTutorial.pdf