09-19-2011 05:16 AM
I am a sim card developper and I am going to make a java application on Blackberry which
can communicate with the sim card by sedning APDUs to an applet inside the sim.
I have the following problem:
I have set up correctly eclipse with blackberry plugin.
Also I have obtained and installed code signing keys frrom RIM.
during key installation ecloipse created a new random RSA keypair.
My problem is that in order to be able to send APDUs successfully to the sim card based on JSR177,
as far as I know, I need to have a certificate either on the handset or on the sim card via pkcs15# format.
My problem is that I am not able to create this certificate. I assume that it should be generated from the public part of the keypair that was generated by eclipse during signing key installation.
However I do not know how to export the public key from Eclipse.
Does anybody have experience with this?
Thank you in advance for any answers in this topic.
09-21-2011 10:14 AM
The code signing keys you received from RIM to sign your application would not be applicable for this because all applications are signed using the same key, meaning other applications would have access to your data.
You can use the BlackBerry Signing Authority to create your own public/private key pair. It can be downloaded here: http://us.blackberry.com/developers/javaappdev/sig
09-23-2011 07:34 AM
09-23-2011 07:40 AM
09-23-2011 08:55 AM
Do you have an application installed on the SIM card you are trying to communicate with?
09-23-2011 09:07 AM
09-23-2011 09:09 AM
You can follow a similar process to that article. You'd include the .key file in your application and then sign it with your own key.
09-23-2011 12:19 PM
09-26-2011 07:05 AM
the signing requirements for a BlackBerry application are different to those which apply to a MIDlet so I'm assuming you do mean a BlackBerry application i.e one which extends our Application or UiApplication classes and not a MIDlet.
It sounds as though your SIM has an ACF installed on it, hence the need for certificate based signing. To sign your application in a way which will be compatible with the SIM and its ACF checking, you need a new tool from RIM called "CodTool". This is available on application to your RIM carrier technical manager. We expect to package it with the Eclipse JDE as standard at some point but I believe that for now you must contact your carrier technical manager (sometimes called a "CTM").
Once you have the CODTool:
In order to use the CodTool, you must have JRE 1.6 installed.
For example, suppose that myfile.cod contains a JSR177 application. For the SATSA Appendix A (SATA) access control, you must sign this application. Assume you have a Java KeyStore (JKS format) file called
keystore.jks; you've protected this file with the password 'jkspassword', and it contains a key called 'mykeyinjks'. In this case, you would complete the signature using the CodTool with the following command:
java -jar CodTool.jar -sign -keyname SATA -keystore keystore.jks -storetype jks -storepass jkspassword \ -alias mykeyinjks myfile.cod
You create the certificate itself using a 3rd party tool not with a tool provided by RIM. For testing purposes, the Java KeyTool could be used.
Note that if you use any of the APIs from the net.rim.device.api.io.nfc.se package then your will also need to acquire a special code signing key from RIM called NFCR. You'll also need to ask your CTM to arrange this. Once you have it you install it in Eclipse in the normal way and it will be used automatically to sign your cod file if required.
I hope this helps.