JavaCard OS

JavaCardOS - JavaCardForum
http://www.javacardos.com/javacardforum/

PIN + Certificate ( Date Expired )

http://www.javacardos.com/javacardforum/viewtopic.php?f=15&t=975

Page 1 of 1

PIN + Certificate ( Date Expired )

Posted: Tue Dec 13, 2016 3:20 pm
by teixeira
Hello everyone !

My project will be divided:
1 - Applet (JavaCard 2.2.1)
2 - Desktop App (JavaFX)

App Desktop, will only be accessed with the card, okay?

My applet will consist of:

1 - PassWord (PIN) maximum 3 attempts.

2 - My applet, need to create certificate, date (expired) (still do not know how to do ...)

I am sending, my source code if it is "safe" with the PIN.

PS: Can I consider that my applet is secure?

Code: Select all


import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.framework.OwnerPIN;
import javacard.framework.PINException;

/*
 * BOSSWARE
 * @date 12-12-2016
 * By: JOSE TEIXEIRA - teixeira.totvs@gmail.com
 * 
 * */
public class SEID extends Applet {
   
   // appletID for selected
   public final static byte TSPIN_CLA = (byte) 0xA0;
    
   // method check PIN
   public final static byte PIN_CHECK = (byte) 0xD0;

   // method change PIN
   public final static byte PIN_CHANGE = (byte) 0xD2;
 
   // properties limit PIN check
   public final static byte PIN_TRY_LIMIT = (byte)5;
   
   // propertis lenght PIN
   public final static byte PIN_LENGTH = (byte) 4;
   
   public byte i = (byte)0x00;
   
   // default PIN! change first connection !
   final static byte[] default_pin = { (byte)0x12, (byte)0x34 };
 
   OwnerPIN pin;
   
   public SEID(){
      
      pin = new OwnerPIN(PIN_TRY_LIMIT, PIN_LENGTH);
 
      
      try
      {
         byte pinLength = (byte)default_pin.length;
         pin.update(default_pin, (short)0, (byte) pinLength);
      } catch (PINException e)
      {
         ISOException.throwIt(e.getReason());
      }
   }

   public static void install(byte[] bArray, short bOffset, byte bLength) {
      // GP-compliant JavaCard applet registration
      new SEID().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
   }

   public void process(APDU apdu) {
      // Good practice: Return 9000 on SELECT
            if (selectingApplet())
            {
               return;
            }
            byte[] buffer = apdu.getBuffer();
       
            if (buffer[ISO7816.OFFSET_CLA] != TSPIN_CLA)
               ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
       
            switch (buffer[ISO7816.OFFSET_INS])
            {
             case (byte) 0x00:
             break;
       
            case PIN_CHECK:
               if (!pin.check(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive()))
                  ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
               break;
       
            case PIN_CHANGE:
               JCSystem.beginTransaction();
               pin.update(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive());
               JCSystem.commitTransaction();
               break;
       
            default:
               // good practice: If you don't know the INStruction, say so:
               ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
            }
         }
}




Thank you all !

Re: PIN + Certificate ( Date Expired )

Posted: Tue Dec 13, 2016 10:05 pm
by UNKNwYSHSA
1 The PIN can be changed after the PIN verified, but your code has no check for this.
This means everyone can change your PIN, the Applet is not secure.
You should code like this:

Code: Select all

            case PIN_CHANGE:
                if (!pin.isVerified()) {
                    ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
                }
               JCSystem.beginTransaction();
               pin.update(buffer, ISO7816.OFFSET_CDATA, (byte)apdu.setIncomingAndReceive());
               JCSystem.commitTransaction();
               break;

2 You should check length for new PIN value. Normally, the length is 6 ~ 8 bytes.

Re: PIN + Certificate ( Date Expired )

Posted: Tue Dec 13, 2016 10:40 pm
by teixeira
Hi, UNKNWYSHSA !

Thank you !

Now, to expire date? card expiring date...

Re: PIN + Certificate ( Date Expired )

Posted: Tue Dec 13, 2016 10:54 pm
by UNKNwYSHSA
You can store the issue date in the card.
And check the card if expired or not with one APDU command with current date.

Re: PIN + Certificate ( Date Expired )

Posted: Tue Dec 13, 2016 11:05 pm
by teixeira
I understand. The current date, I will send to the current date APDU SQL SERVER GETDATE ().

Thank you.

Re: PIN + Certificate ( Date Expired )

Posted: Tue Dec 13, 2016 11:13 pm
by UNKNwYSHSA
Yes, you can send date with your own defined data format.
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/