[Muscle] Re: Problem generating Muscle Card Applet 0.9.11

Sylvain Ferey s.ferey at wanadoo.fr
Mon Feb 25 18:20:31 PST 2008 

At 21:39 25/02/2008 -0300, you wrote:
>It continues to give the same error, even when I enabled only RSA and 
>-DWITH_RSA -DWITH_ENCRYPT...

it RSA / RSA Ciphers were required by the applet BUT not provided by the 
platform, the install for install will probably fail [1], NOT the load process.

[1]: if the applet instantiates such cipher (outside an exception handler) 
in the applet constructor and a Cipher.getInstance() throws an error, you 
won't be able to instantiate the applet (during the *install for install*)
if the applet instantiate ciphers when they are needed, the applet 
instantiation can sucess and a crypto operation (performed later) will fail.

whatever the case, the *loading* has NO reason to fail because of a lack of 
RSA support; what the applet needs at this stage regarding RSA is only the 
presence of the javacard.security package; this package shall be present 
(whatever the mechanisms actually provided by the card) OR the card is not 
JavaCard 2.1+ compliant.


 > install -file CardEdge.cap -sdAID A000000018434D00 -nvCodeLimit 4000
>> > file name CardEdge.cap
>> > --> 80E602001906A0000003230108A000000018434D000006EF04C6020FB00000
>> > <-- 009000

so no such package with given AID exists.

you're loading your package under control of the security domain 
"A000000018434D00"
make sure it is what you want (meaning not using the global card domain: 
A000000003000000).
your load parameter field is "EF04C6020FB0" (don't know what that means, 
may be a check control required by your security domain, make sure it does 
not enforce some rules regarding the library to be loaded)


>> > 80E80000EF C4822F6D 
>> 010010DECAFFED010204090006A0000003230102001F0010001F000B00
>> > 
>> 290256006C21AE000A03F30000067F00060000000004010004002904020107A00000006201010201
>> > 
>> 07A0000000620102020107A0000000620201000107A000000062000103000B0107A0000003230101
>> > 
>> 009006006C00800313000C0404000500D1FFFF00B400ED05E9060706270647067100830002000101
>> > 
>> 1100001CE41D5C1D831E3C1E491E6C1EA71EB11EB91EC21EC91ED61EE11EEC1EF51F061F17008300
>> > 
>> 030001010D00001F331F8B1FAD1FF620062016203720EB20FF21112120212E21920721AE00064018
>> > 8C002C180388
>> > <-- 6985

CAP file structure & content are fully documented by public doc. from SUN, 
according chapter 6 "CAP File format" this stream shall read:

header_component [1] (size: 16) {
         2.1
         ACC_APPLET
         A00000032301 0.9
}

meaning:
- package contains applet,
- library AID is A00000032301, it's fine you used the same value in install 
for load
- its version 0.9
- it requires JVC API rel. 2.1

your card is 2.1, since 2.0 library used proprietary format and your 
platform likely failed to process previous GP install for load.


directory_component [2] (size: 31) {
         header_component        : 16
         directory_component     : 31
         applet_component        : 11
         import_component        : 41
         constant_pool_component : 598
         class_component : 108
         method_component        : 8622
         static_field_component  : 10
         reference_location_component    : 1011
         export_component        : 0
         descriptor_component    : 1663
         library_size    :12111
         image_size:       6
         array_init_count: 0
         array_init_size:  0
         import_count    :4
         applet_count    :1
         custom_count    :0
}

- this component lists the size of all components, you can estimate that 
on-card size of the CAP file is about 8894 bytes.
make sure the available free space is about or bigger than that figure (G+ 
tool can be required)
if the left EEPROM is less (far less) than that figure, the 6985h is quite 
normal.


applet_component [3] (size: 11) {
         1 applet(s)
         A0000003230101
}

- the package contains a single applet whose module AID is A0000003230101


import_component [4] (size: 41) {
         4 imported packages
         A0000000620101 1.2
         A0000000620102 1.2
         A0000000620201 1.2
         A0000000620001 1.0
}

- this component lists the packages imported by the applet (whose to which 
your applet is linked).

A0000000620101 is "javacard.framework", rel. 1.2 means API 2.2.1
A0000000620102 is "javacard.security", rel. 1.2 means API 2.2
A0000000620201 is "javacardx.crypto", rel. 1.2 means API 2.2
A0000000620001 is "java.lang", rel. 1.0 means API 2.1

so the applet requires the platform to be at least compliant with JavaCard 
2.2.1
if the card is only 2.2, 6985h is also normal.

if you compile / convert the applet yourself and if you are sure it does 
not need 2.2.1 (but only 2.2 or 2.1) reconvert it with the 2.2 (or 2.1) 
export files; each JVC-SDK comes with a set of EXP files that does contain 
theses versions that are stored into the generated CAP file, if you use a 
too recent definition, you won't be able to load CAP files onto card built 
with a previous version.

Sylvain.

More information about the Muscle mailing list