How to get mulitiple certificates from the applet

[Vlidda]

Hey guys ,

I need to store certificate on the card. And I know that I can use the instruction of GET_DATA to get the user certificate.

Code: Select all

public void process(APDU apdu)
{
byte[] buf = apdu.getBuffer();
...
case INS_GET_DATA:
... 
case INS_GET_RESPONSE:
sendCertificate( apdu );

break;
}

Now I want to store multiple certificates on the card. And I still have to retrieve them. How can I do that? Please give me some pieces of guidance.

[mabel]

To solve your problem, you can use tags : 0x0100 for cert1, 0x0101 for cert2, 0x0102 for cert3.

These would be passed in to PUT DATA and GET DATA to indicate which certificate is required.
Then you can retrieve any cert according to your need.

[Vlidda]

Thanks for your suggestion. I will have a try.

[tay00000]

I will try to go to enough details without turning this into a spoon-feeding session.

Create a class object called Certificate. This Certificate class will store a certAlias in byte[] object which you can allocate probably 10 bytes to use as certAlias as well as a certObject in byte[] object with probably about 2500 bytes or as much bytes as needed to store a certificate object in bytes and a short object called certSize which will be the size of the certObject in short representation.

Then in the main applet class, during initialization of card applet, you can store an array of Certificate object in the form of Certificate[] certList = new Certificate[(short) 5]; to indicate capacity to store a maximum of 5 certificate objects within the card.

You will at least need these methods to be able to handle multiple certificate:
- List how many certificate objects are being used.
- List all the certAlias objects.
- Select a particular certificate to read it's binary certificate via it's certAlias handle.
- Ensure certAlias is unique between all the objects.

If this is too complex for you, that means you have to sit down and re-prioritize and re-evaluate the necessity of storing so many certificate objects inside an applet in the first place as most typical use case will only require storing a single certificate that matches the card's private key. It is highly advisable to avoid the complexities of storing and managing more than 1 certificate as the complexity can introduce bugs into your applet codes unless you are very clear on what you are doing and can handle complex scenarios in tight spaces presented during applet development and deployment.

[UNKNwYSHSA]

Hey guys ,

I need to store certificate on the card. And I know that I can use the instruction of GET_DATA to get the user certificate.

Code: Select all

public void process(APDU apdu)
{
byte[] buf = apdu.getBuffer();
...
case INS_GET_DATA:
... 
case INS_GET_RESPONSE:
sendCertificate( apdu );

break;
}

Now I want to store multiple certificates on the card. And I still have to retrieve them. How can I do that? Please give me some pieces of guidance.

Your requirement is like the PKI applet.
You can refer to the opensource PKI applet, and it is used with PKI middleware.