Using smart cards with Java SE - xhanulik/OpenSC GitHub Wiki

Using smart cards with Java SE

JNI wrappers

Access to native PKCS#11 providers. Requires JNI and necessary host-side software.

javax.smartcardio in 1.6+

List of "interesting" applications and libraries that make use of javax.smartcardio

Tips

  • On Mac OS X 10.6 and 10.7 run the JRE with -d32 to force it into 32bit mode, otherwise smart card events won't work or a crash happens:
java(2885,0x104c77000) malloc: *** mmap(size=140454020517888) failed (error code=12)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug
Invalid memory access of location 0x0 rip=0x10c0d766e
Segmentation fault: 11

JVM system properties (-D)

  • pcsc-lite library location. If no PC/SC implementation is found by default (exception) path to the library location might be needed (on Debian for example)
  • sun.security.smartcardio.library = /usr/lib/libpcsclite.so
  • Automatic GET RESPONSE issuing. Cards that behave in a certain way, might need to have the automatic GET RESPONSE issuing turned off (for example see problem description
  • sun.security.smartcardio.t0GetResponse = false
  • sun.security.smartcardio.t1GetResponse = false

PKCS#15 in Java

Similar to the PKCS#15 generation/parsing software in OpenSC, but implemented in Java. Both use Bouncy Castle for actual ASN.1 encoding/decoding. Both use javax.smartcardio instead of the pcsc/openct/ctapi layer of OpenSC.

GlobalPlatform in Java

GlobalPlatform deals with loading and managing JavaCard applets. There are currently two known implementations of GlobalPlatform specific functionality:

  • GPJ (see above) uses javax.smartcardio and does not provide a GUI. Ideal for integrating purposes.
  • jcManager uses jPCSC (see above) and provides a rudimentary GUI.