Smart Card/TEE Key Store and Credential Provisioning System
Java C# JavaScript HTML Python CSS Other
Latest commit dd4975c Feb 24, 2017 @cyberphone Classpath update


Smart Card/TEE Key Store and Credential Provisioning System

This project defines SKS (Secure Key Store) which can hold X.509 certificates and symmetric keys as well as associated attributes such as logotypes, key ACLs and URLs:

The project also defines KeyGen2 which is a credential provisioning and management system for SKS:

The JSON library supports a clear text signature system called JCS:
as well as a "matching" encryption scheme coined JEF:


  • Java SDK Version 8
  • Ant 1.9.4 or later
  • The projects are being developed using Eclipse but there's no dependence on Eclipse.

Currently only the "library" and "resources" projects are suitable public use. To create the openkeystore library, perform the following steps:

$ cd library
$ ant
$ ant testsks
$ ant testkeygen2
$ ant testjson


Now you should have a file library/dist/ which implements the API described in

Proof of Concept Implementation

There also is an Android proof-of-concept implementation which allows you to test provisioning and then using provisioned keys for authentication: