I generated my keypair successfully.
But now I got stucked about how to go on.
As I assume I should create a certificate from the public key created and load this certificate to the handset.
Am I right with this?
My .cod file is already signed with my private key, but the certificate is still missing, so on handset I get this error when trying to create connection to an applet AID on the sim card:

"JSR177 access for this connection is not permitted"



The part of related source code is:



try {
cardConnection0 = (APDUConnection)Connector.open(CardSlot0);
}catch (Exception u) {
try { //cardConnection0.close();
add(new RichTextField(u.getMessage()));
//u.printStackTrace();

} catch (Throwable t) {
}
}





Can you please help how to go on?









thanks in advance,

liptaka

Sorry, i did not exlpain clearly the problem:

The issue is that I do not know how to create the certificate.
I see that the signing authority tool created the following files:
PrivateKey.dat
PublicKey.dat
1043.key

Can you please explain how I can create certificate from these files?

thank you in advance,
liptaka

Do you have an application installed on the SIM card you are trying to communicate with?

Yes, exactly, I have my javacard applet on the sim card that can receive APDU command.

But now I get the above exception already when trying to open the connection to the applet.

I have already done the same with a samsung handset (s5230n).
That handset also supports JSR177.
In that case I signed my j2me application with a private key, and I created certificate from the public key, which was stored on the sim card via PKCS15# format.
And it worked. The application can communicate successfully with the javacrad applet on the sim.

Now I would like to make the same on BB.
The problem is that this code Signing tool creates the keypair in .dat files, and I have no idea how to create certificate from .dat file.

Maybe I am on totally wrong way, I just try to copy the scenario what works well on samsung.

I found this link as well:
http://supportforums.blackberry.com/t5/tkb/articleprintpage/tkb-id/java_dev@tkb/article-id/439

But I am not sure if this is what I need..

Br,
liptaka

You can follow a similar process to that article.  You'd include the .key file in your application and then sign it with your own key.

I tried it:
-added the .key file under the package in eclipse
-opened the .key file and set to protect all classes and all packages

Then I rebuilt and packaged the project.
After I signed with the PCR and RBB keys.
Finally I signed with my private key.

Then I loaded the application to the handset and run, but still the same problem:

-first it asks: The application is requesting secure element. I allow

And the error comes: java.lang.SecurityException: JSR177 access for this connection is not permitted.

My handset types is: BB Curve 9360.

Do you have any suggestion on what can be wrong?
From the above article I did not use those PersistentObject stuff, but I think it is not needed in my case.

br,
liptaka

Hello

 

the signing requirements for a BlackBerry application are different to those which apply to a MIDlet so I'm assuming you do mean a BlackBerry application i.e one which extends our Application or UiApplication classes and not a MIDlet.

 

It sounds as though your SIM has an ACF installed on it, hence the need for certificate based signing. To sign your application in a way which will be compatible with the SIM and its ACF checking, you need a new tool from RIM called "CodTool". This is available on application to your RIM carrier technical manager. We expect to package it with the Eclipse JDE as standard at some point but I believe that for now you must contact your carrier technical  manager (sometimes called a "CTM").

 

Once you have the CODTool:

 

In order to use the CodTool, you must have JRE 1.6 installed.

 

For example, suppose that myfile.cod contains a JSR177 application. For the SATSA Appendix A (SATA) access control, you must sign this application. Assume you have a Java KeyStore (JKS format) file called

keystore.jks; you've protected this file with the password 'jkspassword', and it contains a key called 'mykeyinjks'. In this case, you would complete the signature using the CodTool with the following command:

 

java -jar CodTool.jar -sign -keyname SATA -keystore keystore.jks -storetype jks -storepass jkspassword \ -alias mykeyinjks myfile.cod

 

You create the certificate itself using a 3rd party tool not with a tool provided by RIM. For testing purposes, the Java KeyTool could be used.

 

Note that if you use any of the APIs from the net.rim.device.api.io.nfc.se package then your will also need to acquire a special code signing key from RIM called NFCR. You'll also need to ask your CTM to arrange this. Once you have it you install it in Eclipse in the normal way and it will be used automatically to sign your cod file if required.

 

I hope this helps.

 

 

Thank you for this precizious answer!

It is already more clear for me.

 

br,

liptaka