Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.

New Developer
Posts: 3
Registered: ‎03-31-2009
My Device: Not Specified
Accepted Solution

Smart Card user authentication - Authentication Certificate

I'm currently developing an authentication solution for BlackBerry based on cryptographic SIM cards. I've successfully created a smartcard reader driver and a smartcard driver using RIM Crypto APIs. Using these two, I'm able to import a
certificate stored on the SIM card, turn on two-phase user authentication that checks the device password and PIN to the certificate. I can also establish a TLS session using private keys and certificates stored on the card.

However, when trying to turn on the "Authentication Certificate" option in the Password options panel, I encounter a problem. Upon selecting the certificate and clicking Save, the device asks me to enter the device password and smart card PIN, which I do. Debugging tells me, that the PIN is correctly checked with the card. Afterwards, a popup "Smart Card Access" appears with information that "Options" application from RIM is trying to access the card with information "The private key will be used to initialize the authentication certificate". When I enter the correct PIN, I am told: "Unable to initialize the authentication certificate. Verify that the certificate is present on the smart card being used for two factor authentication".

Can someone tell me why that is? Does the certificate have to be special in some way (contents, key usage restrictions etc.)? The certificate is obviously present on the card, as it's available e.g. as a client certificate for establishing TLS sessions. Also, what does this whole "initialization" of the certificate mean?

New Developer
Posts: 3
Registered: ‎03-31-2009
My Device: Not Specified

Re: Smart Card user authentication - Authentication Certificate

Well, I think I'll reply to myself as I managed to fix this Smiley Happy


After some debugging I figured out that:

  • after the second PIN prompt is shown,the signRSA(net.rim.device.api.crypto.RSACryptoSystem, net.rim.device.api.crypto.CryptoTokenPrivateKeyData, byte[], int, byte[], int, java.lang.Object) method in our extension of RSACryptoToken is invoked
  • this method is given a context object (last parameter), which is a SmartCardSession
  • when processing the sign request (cf. the smart card / smart card reader examples from RIM) we must not create another smart card session, but instead reuse the one provided in the context.

Trying to establish another smart card session caused the request to block, as the sessions are exclusive, i.e. only one can be open simultaneously.
New Developer
Posts: 6
Registered: ‎11-15-2009
My Device: Not Specified

Re: Smart Card user authentication - Authentication Certificate



Are you using an external smart card reader or the smart card of thephone that contain your sim provided by your telco operator.


Thsnks in advance.

New Contributor
Posts: 3
Registered: ‎05-31-2010
My Device: Bold 800
My Carrier: Ninguno

Re: Smart Card user authentication - Authentication Certificate

Do you know a way for write/ read data on SIM card with SmartCard APIs?


how you differentiate from others?


With the openSession() method of SmartCardReader class is possible connect to SIM card?


Thanks in advance..

Posts: 10
Registered: ‎05-31-2010
My Device: Bold
My Carrier: vodafone

Re: Smart Card user authentication - Authentication Certificate

[ Edited ]

Hi Adamwos,


I am doing same, for one of my requirement. My requirement is to read RAND number generated on the SIM. I have couple of doubts on this.


1) How to create customAPDU Command?

is below the right way to create it?


CommandAPDU command = new CommandAPDU( (byte)0xA0, (byte)0x88, (byte)0x00, (byte)0x00 );                
 ResponseAPDU responseAPDU = new ResponseAPDU();

smartCardSessionEx.sendAPDUImpl(command, responseAPDU);


2) Is this approach requires any SIM application,  which will return us these values?


Basically i am implementing without cryptio and not able to establish a session (it is giving me SmartCardSessionClosedException )


Could you plz give me some thoughts on this?