Verifying CAP Files
The verifycap
tool is used to verify a CAP file within the context of packages' export files (if any) and the export files of imported packages. This verification confirms whether a CAP file is internally consistent, as defined in the Java Card Platform Virtual Machine Specification, Classic Edition, Version 3.1, and consistent with a context in which it can reside in a Java Card technology-enabled device.
To ensure the integrity of the CAP file to be downloaded on a card, the verifier computes and outputs hash values for each of the required CAP file components. To output the hash values in a text file, specify the command line parameter -outfile hash-file-path
. If the -outfile
parameter is not specified, the verifier outputs the hash values on the console output. A CAP file loader should compute the hash values for each of the required CAP components and verify them against the hash values produced by the verifier to assert the integrity of the CAP file being loaded on the card. The scriptgen
tool in the Java Card Development kit performs the hash computation and comparison before generating the download script for a CAP file. For more information about the scriptgen
tool, see Running scriptgen.
Each individual export file is verified as a single unit. The scenario is shown in Figure 9-1. In the figure, the package p2
CAP file is being verified. Package p2
has a dependency on package p1
, so the export file from package p1
is also input. The p2.exp
file is only required if p2.cap
exports any of its elements.
Running verifycap
The file to invoke verifycap
is a batch file (verifycap.bat
) that you must run from a working directory of JC_HOME_TOOLS\bin
in order for the code to execute properly.
To run verifycap
:
Table 9-1 verifycap Command Line Arguments
Argument | Description |
---|---|
export-files |
A list of export files of the packages that this CAP file uses could be either one of the following:
Note that, when using this option in conjunction with the For more information, see the |
CAP-files |
Name of the CAP file to be verified. |
|
Specifies the digest algorithm to use for computing hash values for required CAP components. If this option is not specified or an invalid algorithm name is specified, the verifier uses SHA-256 as the default algorithm. |
|
Specifies the path to the text file that the verifier uses to output the computed hash values for the required CAP components. If this option is not specified, hash values are output to the system console. |
Command Line Options for Off-Card Verifier Tools describes additional verifycap
options.