洋書 (Video) - Hands-On Cryptography with Java
概要
- 最新かつわかりやすいJavaでCryptographyコーディング
Table of Contents
Chap1. CRYPTOGRAPHIC INTRODUCTION
- The Course Overview
- Goals of Cryptography and Where It Is Used
- History of Cryptography and Why You Shouldn’t Build New Algorithms
- The Architectural Layout of Modern Cryptography
- Concepts That Will Be Important Later
Chap2. BASIC CIPHERS
- Symmetric Ciphers and Where They Are Used
- Basic Encryption with Symmetric Ciphers
- Hashing and MessageDigest For Validations
- Common Security Flaws When Using Symmetric Ciphers
Chap3. ADVANCED CIPHERS, ASYMMETRIC, AND PUBLIC KEY
- Asymmetric Ciphers and Where They Are Used
- Creating A KeyPairGenerator Instance
- Storing the Java KeyStore
- Java KeyTool
- Creating A KeyGenerator Instance
- Basic Encryption with Asymmetric Ciphers
- What to Do When PKIX Validation Fails
- Java Certificate Chains
- The Key Escrow Problem
Chap4. HACKING TECHNIQUES – BREAKING AND BYPASSING
- Using Unique Keys and Certificates
- Certificate Pinning
- Signed JAR Files
- Token Harvesting
- When and How to Upgrade Algorithms
- Standard Decompilation Tools
Chap5. PUTTING IT ALL TOGETHER
- Encrypting and Decrypting Files
- Obtaining Certificates from LetsEncrypt or AWS
- Qualys SSL Labs for Your Servers
- The DeepViolet Security Analyzer
Source files
その他リンク
Java Documentation Link
eSIMのCompliance Testing
概要
- GSMAはeSIMの仕様策定は行うが、eSIMのテスト・認証に関しては、2018/05からGlobalPlatform及びGCF, PTCRBへ委託
- eSIM (Consumer Model)の場合、下記の2種類のテスト・認証が必要になる
- eUICC (eSIM)自体のテスト・認証 : 主管団体 - GlobalPlatform
- eSIMを使っているハンドセット (device)のテスト・認証 : 主管団体 - GCF, PTCRB
Link
Card Reader - ACR39U-U1
概要
- Java Card開発のために実際に試せるリーダー、カード情報。
- まずはCard Reader
ACR39U-U1
- 普通のPCのUSBポートでつないで使えるシンプル・小型Reader
- 接触のみ対応
- Tools / Utilitiesを手配するためにはSDK(SDKを買うとReader、Test Cardもついてくる)を買ったほうが楽かも
- ACR39U SDK
Link
Java Card API全体概要 (3.1ベース)
- Application framework
- Cryptographic framework
- Security framework
- Biometry
- Big numbers operations
- ASN.1 TLV structures handling
- System Time management
- Certificate management
- Pseudo Random Functions and Key Derivation Functions
- Monotonic Counter
- Extended I/O
- Link
Application framework
- 関連Package : java.lang, java.io, javacard.framework
概要
- Application lifecycle
- I/O protocols - ISO 7816 based protocols
- Memory and transaction management, Sharing
Cryptographic framework
- 関連Package : javacard.security, javacardx.crypto
概要
- Random number generation
- Message Digest
- Symmetric & Asymmetric cryptography for Encryption, Decryption, Signature, Verification
- AES, SM4, HMAC, multiple modes (ECB, CBC, CFB, CTR, XTS) and multiple paddings
- RSA, DSA, Elliptic Curves (Brainpool, SECP, curve25519, curve448, FRP256v1, SM2)
- Key Agreement (DH, XDH) and Key Generation (RSA, DSA, ECC)
Security framework
- 関連Package : javacard.security, javacardx.security
概要
- Keys and PIN codes management
- Integrity and CRC
- Security assertions
Biometry
- 関連Package : javacardx.biometry, javacardx.biometry1toN
概要
- Enrollment of biometric templates and verification of biometric data
Big numbers operations
- 関連Package : javacardx.framework.math
概要
- Arithmetic operations on big numbers
ASN.1 TLV structures handling
- 関連Package : javacardx.framework.tlv
概要
- Parsing of BER TLV structures
System Time management
- 関連Package : javacardx.framework.time
概要
- Manage system uptime and perform operations on time durations
Certificate management
- 関連Package : javacardx.security.cert
概要
- Parsing and storage of X.509 certificates
Pseudo Random Functions and Key Derivation Functions
- 関連Package : javacardx.security.derivation
概要
- KDF schemes (NIST SP800-108, ANSI X9.63, ICAO, IEEE1363) and PRF (TLS 1.1 and 1.2)
Monotonic Counter
- 関連Package : javacardx.security.util
概要
- Secure implementation of monotonic counters for anti-replay
Extended I/O
- 関連Package : javacardx.framework.nio, javacardx.framework.event, javacardx.external
概要
- Event framework and I/O buffer management
Link
Java Card サンプルアプリ - Service
開発環境構築
こちらを参照 smartcardguy.hatenablog.jp
Java Card Service
Serviceアプリ
- javacard.framework.service (Class BaseService)の使い方
- BasicServiceにはhelper method (getCLA, get INS等)が多数用意されているので、Codeの書き方が簡単
- 仕様
- INS = 0x10の場合、data "0xAB"とstatus word 6617を返す。
- INS = 0x20の場合、status word 6618を返す。
- INS = 0x30の場合、status word 9000を返す。
File構成
- Main.java
- TestService.java
- PreProcess.java
- PostProcess.java
Source code
Main.java
package com.sun.jcclassic.samples.service; import javacard.framework.APDU; import javacard.framework.ISOException; import javacard.framework.service.Dispatcher; import javacard.framework.service.Service; /** * */ public class Main extends javacard.framework.Applet { private Dispatcher disp; private Service serv; public Main() { disp = new Dispatcher((short) 1); serv = new TestService(); disp.addService(serv, Dispatcher.PROCESS_COMMAND); register(); } public static void install(byte[] aid, short s, byte b) { new Main(); } @Override public void process(APDU apdu) throws ISOException { if(!selectingApplet()){ disp.process(apdu); } } }
TestService.java
/** * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. * */ package com.sun.jcclassic.samples.service; import javacard.framework.APDU; import javacard.framework.service.BasicService; /** * */ public class TestService extends BasicService { @Override public boolean processCommand(APDU command) { if (getINS(command) == (byte) 0x10) { setOutputLength(command, (short) 1); command.getBuffer()[5] = (byte) 0xAB; succeedWithStatusWord(command, (short) 0x6617); return true; } if (getINS(command) == (byte) 0x20) { setOutputLength(command, (short) 0); succeedWithStatusWord(command, (short) 0x6618); return true; } if (getINS(command) == (byte) 0x30) { setOutputLength(command, (short) 0); succeed(command); return true; } return false; } }
PreProcess.java
/** * Copyright (c) 1998, 2019, Oracle and/or its affiliates. All rights reserved. * */ package com.sun.jcclassic.samples.service; /** * */ public class PreProcess { /** Creates new PreProcess */ public PreProcess() { } }
PostProcess.java
package com.sun.jcclassic.samples.service; /** * */ public class PostProcess { /** Creates new PostProcess */ public PostProcess() { } }
service.scr
//Test script for Applet 'Service' output on; //create Service 0x80 0xB8 0x00 0x00 0x0C 0x0A 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x0c 0x09 0x01 0x00 0x7F; // Select Service //aid/A000000062/03010C0901 0x00 0xA4 0x04 0x00 0x0a 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x0c 0x09 0x01 0x7F; //Send the APDU here 0x80 0x10 0x00 0x00 0x00 0x7F; 0x80 0x20 0x00 0x00 0x00 0x7F; 0x80 0x30 0x00 0x00 0x00 0x7F;
実行
- 「Run Configuration」機能を利用した実行の仕方はここを参照。https://docs.oracle.com/en/java/javacard/3.1/guide/running-service-sample-eclipse.html
- ここでは、HelloWorldサンプルと同じく手っ取り早く下記の3つのスクリプトを実行
- cap-com.sun.jcclassic...service.script実行 : service.capをインストール
- create-com.sun.jcclassic...Main.script : Main appletのInstance作成
- service.scr : Service作成、Select, Send APDU
実行結果
CMD>//Test script for Applet 'Service' output on; APDU|OUTPUT ON; //create Service 0x80 0xB8 0x00 0x00 0x0C 0x0A 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x0c 0x09 0x01 0x00 0x7F; APDU|CLA: 80, INS: b8, P1: 00, P2: 00, Lc: 0c, 0a, a0, 00, 00, 00, 62, 03, 01, 0c, 09, 01, 00, Le: 00, SW1: 64, SW2: 44 // Select Service //aid/A000000062/03010C0901 0x00 0xA4 0x04 0x00 0x0a 0xa0 0x00 0x00 0x00 0x62 0x03 0x01 0x0c 0x09 0x01 0x7F; APDU|CLA: 00, INS: a4, P1: 04, P2: 00, Lc: 0a, a0, 00, 00, 00, 62, 03, 01, 0c, 09, 01, Le: 00, SW1: 90, SW2: 00 //Send the APDU here 0x80 0x10 0x00 0x00 0x00 0x7F; APDU|CLA: 80, INS: 10, P1: 00, P2: 00, Lc: 00, Le: 01, ab, SW1: 66, SW2: 17 0x80 0x20 0x00 0x00 0x00 0x7F; APDU|CLA: 80, INS: 20, P1: 00, P2: 00, Lc: 00, Le: 00, SW1: 66, SW2: 18 0x80 0x30 0x00 0x00 0x00 0x7F; APDU|CLA: 80, INS: 30, P1: 00, P2: 00, Lc: 00, Le: 00, SW1: 90, SW2: 00 CMD>
OUTPUTの解析
//Send the APDU here 0x80 0x10 0x00 0x00 0x00 0x7F; <= INS : 10 APDU|CLA: 80, INS: 10, P1: 00, P2: 00, Lc: 00, Le: 01, ab, SW1: 66, SW2: 17 <= Le (Response data length) : 0x01, data : 0xab 0x80 0x20 0x00 0x00 0x00 0x7F; <= INS : 20 APDU|CLA: 80, INS: 20, P1: 00, P2: 00, Lc: 00, Le: 00, SW1: 66, SW2: 18 0x80 0x30 0x00 0x00 0x00 0x7F; <= INS : 30 APDU|CLA: 80, INS: 30, P1: 00, P2: 00, Lc: 00, Le: 00, SW1: 90, SW2: 00