Verifying CAP Files

The verifycap tool is used to verify a CAP file within the context of packages' export files (if any) and the export files of imported packages. This verification confirms whether a CAP file is internally consistent, as defined in the Java Card Platform Virtual Machine Specification, Classic Edition, Version 3.2, and consistent with a context in which it can reside in a Java Card technology-enabled device.

To ensure the integrity of the CAP file to be downloaded on a card, the verifier computes and outputs hash values for each of the required CAP file components. To output the hash values in a text file, specify the command line parameter -outfile hash-file-path. If the -outfile parameter is not specified, the verifier outputs the hash values on the console. A CAP file loader should compute the hash values for each of the required CAP components and verify them against the hash values produced by the verifier to assert the integrity of the CAP file being loaded on the card. The scriptgen tool in the Java Card Development kit performs the hash computation and comparison before generating the download script for a CAP file. For more information about the scriptgen tool, see Running scriptgen.

Each individual export file is verified as a single unit. The scenario is shown in Verifying a CAP File. In the figure, the package p2 CAP file is being verified. Package p2 has a dependency on package p1, so the export file from package p1 is also input. The p2.exp file is only required if p2.cap exports any of its elements.

Figure 6-1 Verifying a CAP File