Contents Previous Next Index

Chapter   1


The Security and Trust Services APIs (SATSA) provide smart card access and cryptographic capabilities to applications running on small devices. The SATSA specification defines four distinct APIs:

This book describes the use of SATSA in Mobile Information Device Profile (MIDP) applications, although its use in other J2ME platform environments is also possible. The SATSA Reference Implementation (RI) used in this book is based on a MIDP 2.0 implementation.

Understanding the SATSA RI

The four SATSA APIs are defined by JSR 177, the Security and Trust Services APIs specification. The specification is a document that defines the APIs. The SATSA RI is a piece of software that implements the specification. This book describes how to use the SATSA RI to develop applications.

The SATSA RI is available at It is based on MIDP 2.0 and includes complete implementations of the SATSA APIs.

Note – The SATSA specification doesn’t mandate the use of a smart card. Instead, it uses a more general term security element, which could be a removeable smart card, an embedded SIM card, or even special hardware inside a device. This book uses the term smart card, but bear in mind that it’s ultimately the SATSA implementation that determines what security element is used for secure operations.

Installing Development Tools

To develop and test MIDP applications that use SATSA, you will need the following tools:

At this writing (December 2004), no MIDP development tools support SATSA. The only way to build SATSA applications is using the SATSA RI. This is likely to change in the future. For example, if the J2ME Wireless Toolkit supports SATSA in the future, you can use it to handle most of the details of building and packaging applications. In the meantime, the following section describes the manual steps to follow with the SATSA RI.

Building Applications with the SATSA RI

Building SATSA applications is exactly like building other MIDP applications at the command line. The basic steps are described here:

  1. Edit source files.
  2. Compile source files using javac. You need to tell the compiler where to find the MIDP and SATSA APIs. They are located in {satsa}\classes, where {satsa} is the installation directory of the SATSA RI. Here is an example that compiles source files in the src directory and places the compiled class files in the classes directory. The example is split across multiple lines for clarity.
  3.     javac -classpath \satsa1.0\classes 
              -target 1.1 
              -d classes 
  4. Preverify the compiled class files, using {satsa}\bin\preverify. This example takes class files in the classes directory and places the preverified versions in a directory named preverified. The MIDP Reference Implementation documentation describes compiling classes into a directory named tmpclasses, then placing preverified classes in classes. This document uses the more descriptive directory names classes and preverified.
  5.     \satsa1.0\bin\preverify -classpath \satsa1.0\classes 
                                -d preverified 
  6. Package the application using the J2SE platform’s jar tool. The following example takes classes from the preverifed directory and places them in a Java Archive (JAR) file called bin\Mohair.jar, adding information to the manifest from the file bin\MANIFEST.MF.
  7.     jar cvfm bin\Mohair.jar bin\MANIFEST.MF -C preverified . 
  8. Test on the SATSA RI device emulator, using {satsa}\bin\midp.

To avoid tedious typing, use a tool to automate this process. Ant ( is an excellent choice. For more information on using Ant for MIDP development, try this article:

Managing Wireless Builds with Ant



Contents Previous Next Index SATSA Developer's Guide
SATSA Reference Implementation 1.0