Supported GlobalPlatform Features
The Issuer Security Domain (ISD) with the default AID defined by (GPCS) is the default selected applet after the start of the Simulator.
The ISD implements the secure channel protocol SCP03 with option
i=’70’ specified in GP Amendment D. This implementation supports initial
AES keys of length 128, 192 or 256 bit length. The initial keyset can be configured with
the Configurator tool, please refer to the Configuring the Java Card Development Kit Simulator section of this document for the configuration of the keyset. The keys
can be updated using STORE DATA or PUT KEY commands.
Supplementary Security Domains (SSDs) can be installed and granted privileges (e.g., AM
and DM). Additional hierarchies can be established if an SSD has the AM privilege and is
extradited to itself. The SSDs are implementing SCP03 with a configurable option ‘i’
(including S16 mode). The Security Domains can allocate up to 250 bytes for the Data
Store.
All the card lifecycle states specified in (GPCS) are supported. The Simulator is in lifecycle state OP_READY after the installation of the Simulator. It is possible to change the lifecycle state according to the rules defined in (GPCS). The ISD is in lifecycle state PERSONALIZED after the installation of the Simulator.
Privileges Supported by the Implementation
| Privilege | Can be assign to | Details |
|---|---|---|
| Security Domain | ISD, SSD | N/A |
| DAP Verification | ISD, SSD | AES scheme, RSA scheme Variant 1 and Variant 2, ECC scheme |
| Delegated Management | SSD | N/A |
| Card Lock | ISD, SSD, Application | N/A |
| Card Terminate | ISD, SSD, Application | N.A |
| Card Reset | ISD, SSD, Application | N.A |
| CVM Management | ISD, SSD, Application | N/A |
| Mandated DAP Verification | ISD, SSD | Same as DAP Verification |
| Trusted Path | ISD, SSD, Application | N/A |
| Authorized Management | ISD, SSD | N/A |
| Token Verification | ISD, SSD | AES scheme, RSA scheme Variant 1 and Variant 2, ECC scheme |
| Global Delete | ISD, SSD | N/A |
| Global Lock | ISD, SSD | N/A |
| Global Registry | ISD, SSD, Application | N/A |
| Final Application | ISD, SSD, Application | N/A |
| Global Service | ISD, SSD, Application | N/A |
| Receipt Generation | ISD, SSD | AES scheme. |
| Ciphered Load File Data Block | ISD, SSD | AES scheme, Initial Chaining Vector (ICV) |
| Contactless Activation | Not supported | N/A |
| Contactless Self Activation | Not supported | N/A |
The SDs supports the following APDU commands. Please refer to the (GPCS) specification for the details of the command.
Supported APDU Commands
DELETE
The DELETE command is used to delete applet instances and
packages.
GET DATA
The GET DATA command is used to retrieve a single or a set of
BER-TLV-coded objects. The ISD supports the following objects identified by their
TAG:
- TAG ‘42’: Issuer Identification Number (IIN)
- TAG ‘45’ Card Image Number (CIN)
- IIN and CIN can be configured with command line options when starting the Simulator.
- TAG ‘66’ Card Data
- TAG ‘E0’ Key Information Template
- TAG ‘67’ Card Capability Information
- TAG ‘C1’ Sequence Counter of the default Key Version Number
- TAG 'D3' Current Security Level
- TAG ‘CF’ Key derivation data tag
- TAG ‘2F00’ List of applications
GET STATUS
The GET STATUS command is used to retrieve ISD, CAP file, package
and applet status information.
INSTALL
The INSTALL command is used to initiate and perform the
various steps of the Card Content management defined in the (GPCS).
GP Command chaining is supported for INSTALL with these limitations:
- chaining is not supported for INSTALL [for personalization]
- The APDU command data is limited to 256 bytes excluding security and token.
The following command data fields are supported, for the details of these command data field please refer to the (GPCS) specification:
INSTALL [for load]- Supports tag ‘EF’ sub tags: ‘C6’, ‘C7’, ‘C8’ and tag 'B6'
INSTALL [for install]- Supports tag 'C9', tag ‘EF’ sub tags: 'C7', 'C8', 'CB', 'CF', 'D7', 'D8' and tag 'B6'
INSTALL [for make selectable]INSTALL [for personalization]INSTALL [install and make selectable]- Supports tag 'C9', tag ‘EF’ sub tags: 'C7', 'C8', 'CB', 'CF', 'D7', 'D8' and tag 'B6'
INSTALL[for extradition]- Supports tag 'B6'
INSTALL[for registry update]- Supports tag ‘EF’ sub tags: ‘CB’, ‘CF’, ‘D9’ and tag 'B6'
LOAD
The LOAD command is used to load a CAP file (compact as
well as extended format) into the Simulator. A CAP file is usually loaded with
multiple LOAD commands with a sequential numbering as described in
(GPCS). Load File Data Block Hash (LFDBH) algorithms that are supported are SHA-1,
SHA-256, SHA-384 and SHA-512.
MANAGE CHANNEL
This command is used to open and close logical channels, the Simulator
supports 4 logical channels. The processing of the MANAGE CHANNEL
command follows the rules described in the JCRE specification and in the (GPCS).
SELECT
The SELECT command is used for selecting an Applet or a
Security Domain (SD). The processing of the SELECT command follows
the rules described in the JCRE specification and in the (GPCS).
SET STATUS
The SET STATUS command can be used to manage the card lifecycle
state or the application life cycle state.
PUT KEY
The PUT KEY command can be used for key loading. GP Command chaining
is supported with a maximum of three consecutive APDUs.
STORE DATA
The STORE DATA command is used to transfer data to an
Applet or the ISD. If an Applet wants to receive these data, it has to use the
mechanism described in the GlobalPlatform API. The implementation of the
Simulator support key loading for the ISD or SSDs with the STORE
DATA command. The command can be used to change the default Secure
Channel Key Set.
GlobalPlatform API
The Simulator implements the GlobalPlatform API v. 1.6
(org.globalplatform). The documentation and the export files
are available on the GlobalPlatform website. Refer to the link at the beginning of
this chapter. The entire package is available in the Simulator but not all services
are enabled. The following interfaces are not implemented:
- HTTPAdministration
- HTTPReportListener
- Authority