Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Contributor
liptaka
Posts: 24
Registered: ‎09-19-2011
My Device: 9900

Signing application which communicates with the sim card

Hello everybody,

 

I am a sim card developper and I am going to make a java application on Blackberry which

can communicate with the sim card by sedning APDUs to an applet inside the sim.

 

I have the following problem:

I have set up correctly eclipse with blackberry plugin.

Also I have obtained and installed code signing keys frrom RIM.

during key installation ecloipse created a new random RSA keypair.

 

My problem is that in order to be able to send APDUs successfully to the sim card based on JSR177,

as far as I know, I need to have a certificate either on the handset or on the sim card via pkcs15# format.

 

My problem is that I am not able to create this certificate. I assume that it should be generated from the public part of the keypair that was generated by eclipse during signing key installation.

However I do not know how to export the public key from Eclipse.

 

Does anybody have experience with this?

Thank you in advance for any answers in this topic.

 

Br,

liptaka

 

 

 

 

 

 

 

 

 

BlackBerry Development Advisor
MSohm
Posts: 14,753
Registered: ‎07-09-2008
My Device: BlackBerry Passport

Re: Signing application which communicates with the sim card

The code signing keys you received from RIM to sign your application would not be applicable for this because all applications are signed using the same key, meaning other applications would have access to your data.

 

You can use the BlackBerry Signing Authority to create your own public/private key pair.  It can be downloaded here:  http://us.blackberry.com/developers/javaappdev/signingauthority.jsp

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
Contributor
liptaka
Posts: 24
Registered: ‎09-19-2011
My Device: 9900

Re: Signing application which communicates with the sim card

I generated my keypair successfully.
But now I got stucked about how to go on.
As I assume I should create a certificate from the public key created and load this certificate to the handset.
Am I right with this?
My .cod file is already signed with my private key, but the certificate is still missing, so on handset I get this error when trying to create connection to an applet AID on the sim card:

"JSR177 access for this connection is not permitted"



The part of related source code is:



try {
cardConnection0 = (APDUConnection)Connector.open(CardSlot0);
}catch (Exception u) {
try { //cardConnection0.close();
add(new RichTextField(u.getMessage()));
//u.printStackTrace();

} catch (Throwable t) {
}
}





Can you please help how to go on?









thanks in advance,

liptaka

Contributor
liptaka
Posts: 24
Registered: ‎09-19-2011
My Device: 9900

Re: Signing application which communicates with the sim card

Sorry, i did not exlpain clearly the problem:

The issue is that I do not know how to create the certificate.
I see that the signing authority tool created the following files:
PrivateKey.dat
PublicKey.dat
1043.key

Can you please explain how I can create certificate from these files?

thank you in advance,
liptaka


BlackBerry Development Advisor
MSohm
Posts: 14,753
Registered: ‎07-09-2008
My Device: BlackBerry Passport

Re: Signing application which communicates with the sim card

Do you have an application installed on the SIM card you are trying to communicate with?

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
Contributor
liptaka
Posts: 24
Registered: ‎09-19-2011
My Device: 9900

Re: Signing application which communicates with the sim card

Yes, exactly, I have my javacard applet on the sim card that can receive APDU command.

But now I get the above exception already when trying to open the connection to the applet.

I have already done the same with a samsung handset (s5230n).
That handset also supports JSR177.
In that case I signed my j2me application with a private key, and I created certificate from the public key, which was stored on the sim card via PKCS15# format.
And it worked. The application can communicate successfully with the javacrad applet on the sim.

Now I would like to make the same on BB.
The problem is that this code Signing tool creates the keypair in .dat files, and I have no idea how to create certificate from .dat file.

Maybe I am on totally wrong way, I just try to copy the scenario what works well on samsung.

I found this link as well:
http://supportforums.blackberry.com/t5/tkb/articleprintpage/tkb-id/java_dev@tkb/article-id/439

But I am not sure if this is what I need..

Br,
liptaka



BlackBerry Development Advisor
MSohm
Posts: 14,753
Registered: ‎07-09-2008
My Device: BlackBerry Passport

Re: Signing application which communicates with the sim card

You can follow a similar process to that article.  You'd include the .key file in your application and then sign it with your own key.

Mark Sohm
BlackBerry Development Advisor

Please refrain from posting new questions in solved threads.
Problem solved? Click the Accept As Solution button.
Found a bug? Report it using Issue Tracker
Contributor
liptaka
Posts: 24
Registered: ‎09-19-2011
My Device: 9900

Re: Signing application which communicates with the sim card

I tried it:
-added the .key file under the package in eclipse
-opened the .key file and set to protect all classes and all packages

Then I rebuilt and packaged the project.
After I signed with the PCR and RBB keys.
Finally I signed with my private key.

Then I loaded the application to the handset and run, but still the same problem:

-first it asks: The application is requesting secure element. I allow

And the error comes: java.lang.SecurityException: JSR177 access for this connection is not permitted.

My handset types is: BB Curve 9360.

Do you have any suggestion on what can be wrong?
From the above article I did not use those PersistentObject stuff, but I think it is not needed in my case.

br,
liptaka
Retired
mwoolley
Posts: 571
Registered: ‎06-25-2010
My Device: Z10

Re: Signing application which communicates with the sim card

Hello

 

the signing requirements for a BlackBerry application are different to those which apply to a MIDlet so I'm assuming you do mean a BlackBerry application i.e one which extends our Application or UiApplication classes and not a MIDlet.

 

It sounds as though your SIM has an ACF installed on it, hence the need for certificate based signing. To sign your application in a way which will be compatible with the SIM and its ACF checking, you need a new tool from RIM called "CodTool". This is available on application to your RIM carrier technical manager. We expect to package it with the Eclipse JDE as standard at some point but I believe that for now you must contact your carrier technical  manager (sometimes called a "CTM").

 

Once you have the CODTool:

 

In order to use the CodTool, you must have JRE 1.6 installed.

 

For example, suppose that myfile.cod contains a JSR177 application. For the SATSA Appendix A (SATA) access control, you must sign this application. Assume you have a Java KeyStore (JKS format) file called

keystore.jks; you've protected this file with the password 'jkspassword', and it contains a key called 'mykeyinjks'. In this case, you would complete the signature using the CodTool with the following command:

 

java -jar CodTool.jar -sign -keyname SATA -keystore keystore.jks -storetype jks -storepass jkspassword \ -alias mykeyinjks myfile.cod

 

You create the certificate itself using a 3rd party tool not with a tool provided by RIM. For testing purposes, the Java KeyTool could be used.

 

Note that if you use any of the APIs from the net.rim.device.api.io.nfc.se package then your will also need to acquire a special code signing key from RIM called NFCR. You'll also need to ask your CTM to arrange this. Once you have it you install it in Eclipse in the normal way and it will be used automatically to sign your cod file if required.

 

I hope this helps.

 

 

--------------------------------------------------------------------------------------------
Feel free to press the like button on the right side if you liked my attempts to help :-)
And please mark posts as solved if you think I found the solution or set you on its path. Thanks!
Follow me on Twitter: @mdwrim
Contributor
liptaka
Posts: 24
Registered: ‎09-19-2011
My Device: 9900

Re: Signing application which communicates with the sim card

Thank you for this precizious answer!

It is already more clear for me.

 

br,

liptaka