Introduction

Java Card technology enables secure elements, such as smart cards and other tamper-resistant security chips to host applications called applets, which employ Java technology.

Java Card technology offers a secure and interoperable execution platform that can store and update multiple applications on a single resource constrained device, while retaining the highest certification levels and compatibility with standards. Java Card developers can build, test, and deploy applications and services rapidly and securely. This accelerated process reduces development costs, increases product differentiation, and enhances value to the customers.

The Java Card Development Kit is a suite of tools for designing implementations of Java Card technology and developing applets based on the Java Card Specifications. It is available as two independent downloads:

  • The Java Card Development Kit Tools are used to convert and verify Java Card applications.
  • The Java Card Development Kit Simulator offers a testing and debugging reference for Java Card applications. It includes a Java Card simulation environment and Eclipse plug-in.

Together, these two downloads provide a complete, stand-alone development environment in which applications written for the Java Card platform can be developed and tested.

These release notes describe the Java Card Development Kit Simulator, Version 24.1, which is based on version 3.2 of the Java Card Platform Specifications.

What's New

The complete set of Java Card SDK features is described in the Java Card Development Kit User Guide in the Java Card Documentation web site.

New Features

  • Setup – The Java Card Development Kit Simulator is now delivered with the OpenSSL shared library 3.0 (version 3.0.15 for 32-bit machine architecture) to simplify the setup process prior starting the simulator.
  • Setup – Extended the Configurator tool to be able to set the key version (KVN) for the initial keyset of the Issuer Security Domain.
  • Setup (Linux) – Extended the IFDHandler for PCSC-Lite to support the configuration and the use of up to 6 Simulator instances at the same time.

  • Java Card API – Added the support for named curves and enabled the creation of EC keys initialized with the corresponding domain parameters, and their use for ECDH, ECDSA and EdDSA operations.
    • Added support for NamedParameterSpec.getInstance(…) and KeyBuilder.buildXECKey(…) using the predefined domain parameters for the following named curves:
      • NamedParameterSpec.BRAINPOOLP192R1
      • NamedParameterSpec.BRAINPOOLP192T1
      • NamedParameterSpec.BRAINPOOLP224R1
      • NamedParameterSpec.BRAINPOOLP224T1
      • NamedParameterSpec.BRAINPOOLP256R1
      • NamedParameterSpec.BRAINPOOLP256T1
      • NamedParameterSpec.BRAINPOOLP320R1
      • NamedParameterSpec.BRAINPOOLP320T1
      • NamedParameterSpec.BRAINPOOLP384R1
      • NamedParameterSpec.BRAINPOOLP384T1
      • NamedParameterSpec.BRAINPOOLP512R1
      • NamedParameterSpec.BRAINPOOLP512T1
      • NamedParameterSpec.SECP192R1
      • NamedParameterSpec.SECP224R1
      • NamedParameterSpec.SECP256R1
      • NamedParameterSpec.SECP384R1
      • NamedParameterSpec.SECP521R1
      • NamedParameterSpec.ED448
      • NamedParameterSpec.ED25519
      • NamedParameterSpec.X448
      • NamedParameterSpec.X25519
    • Added support for KeyAgreement.ALG_XDH to use the curve25519 and curve448 (RFC 7748) for ECDH key agreement operations.
    • Added support for Signature.SIG_CIPHER_EDDSA to use the named curves edwards25519 and edwards448 (RFC 8032) for Pure EdDSA signature operations without context.
  • GlobalPlatform – The simulator has been upgraded to be compliant with the GlobalPlatform Common Implementation Configuration v2.1, with support for Supplementary Security Domains and support for the following list of Privileges:
    • Security Domain (SSD support)
    • DAP verification
    • Delegated Management
    • Card Lock
    • Card Terminate
    • Card Reset
    • CVM Management
    • Mandated DAP Verification
    • Trusted Path
    • Authorized Management
    • Token Verification
    • Global Delete
    • Global Lock
    • Global Registry
    • Final Application
    • Global Service
    • Receipt Generation
    • Ciphered Load File Data Block

  • GlobalPlatform - Added support for AES (128,192,256 bit keys), RSA (1024 and 2048 bit keys) and ECC (256,384,512,521 bit keys) cryptographic schemes. This includes the ability to create and store such keys and use them during DAP and token verification operations. It also supports Receipt Generation with AES keys.
  • GlobalPlatform - Added support for general data store (Data Store) to any Security Domain with the default length of 250 bytes.
  • GlobalPlatform - Added support for key loading and update using either the STORE DATA or PUT KEY commands.
  • GlobalPlatform - Implemented the following interfaces for GP API:
    • org.globalplatform.GlobalService
    • org.globalplatform.SecureChannelx
    • org.globalplatform.SecureChannelx2
  • GlobalPlatform – Extended the Secure Channel Protocol ‘03’ implementation with the S16 mode, in addition to the already existing S8 mode, to support 16-byte challenges and cryptograms and 16-byte C-MAC and R-MAC.
  • GlobalPlatform - Added Default Secure Channel Key Set DGI in STORE DATA command.
  • GlobalPlatform – Added chaining mechanism for PUT KEY, INSTALL and DELETE commands.

Bug Fixes

  • Java Card API – Fix issues in HMACKey.setKey(…) and GenericSecretKey.setKey() incorrectly interpreting key length when using KeyEncryption
  • Java Card API – Fix issues for ECDSA in Signature.verify(…) and Signature.sign(…) failing with incorrect signature length
  • Java Card API – Fix issues in ECKey.setK(…) not throwing expected exception for invalid values.
  • Java Card API – Fix issue in Key.clearKey(…) when executed on ECKey with shared domain parameters

System Requirements

This product is targeted for use on a PC running on the following systems:

  • Microsoft Windows for versions 10 or 11
  • Ubuntu Linux 20.04 LTS or Oracle 9

The following software must be installed for the Java Card Development Kit Simulator to work:

  • Java Development Kit (JDK): This release has been verified and tested with Oracle JDK 17 (64 bit version) and OpenJDK 17 (64 bit version). Download the JDK software from:

    http://www.oracle.com/technetwork/java/javase/downloads

    Install it according to the instructions on the website.

  • Eclipse IDE: Eclipse IDE is optional and is required only for using Eclipse plug-in. The Java Card Eclipse Plug-in was tested with Eclipse 2023-03 (4.27) and JDK 17. Download the Windows Eclipse IDE from the following URL, and install it according to instructions on the website:

    https://www.eclipse.org/

Installation

The Java Card Specifications, Development Kit Simulator, and Development Kit Tools must be downloaded and installed individually.

  • See the Downloading the Specification Documents topic of the Java Card Platform Specification Release Notes, Version 3.2 for more details on how to download the Java Card Specification bundle.

  • See the Installation topic of the Java Card Development Kit User Guide for more details on how to install the Java Card Development Kit Simulator and Java Card Development Kit Tools.

Contents of the Development Kit Simulator

This release of the Java Card Development Kit Simulator contains Java Card simulation environment and Eclipse plug-in.

The following table describes the files and directories that are installed in the root installation directory (JC_HOME_SIMULATOR).

Directory/File Description
client Contains client components: an application management service API (AMService.jar file and javadoc documentation), a communication smartcardio API (socketprovider.jar file) and a debugger proxy (jc-debug-proxy.jar file) to manage, communicate, and debug Java Card applications.
drivers It is only for the Linux version. It contains the IFD Handler (libjcsdkifdh.so) for PCSCLite allowing an application to communicate with the Java Card Development Kit Simulator based on PC/SC.
runtime Contains the Java Card Development Kit Simulator binary executable as well as the OpenSSL shared library 3.0 (32-bit).
samples Contains sample applets and the corresponding client applications.
tools Contains a tool to configure the Java Card Development Kit Simulator (Configurator.jar) with a secure channel protocol key set and a Global PIN.

Known Issues

There are no known issues.

Documentation

The Java Card Documentation web site provides online product documentation for the Java Card Platform.

Document Description
Java Card Platform Specifications. The following specification documents are available for the Java Card Platform, Version 3.2:
  • Java Card Platform Runtime Environment Specification, Classic Edition, Version 3.2 (PDF format)

  • Java Card Platform Virtual Machine Specification, Classic Edition, Version 3.2 (PDF format)

  • Java Card Platform Application Programming Interface, Classic Edition, Version 3.2 (HTML format)

  • Java Card Platform Specification Release Notes, Version 3.2 (HTML and PDF formats)

Java Card Options List This document describes the list of options available to implement a Java Card platform, based on the Java Card Specifications.
Java Card Development Kit Simulator - User Guide This document describes how to use the Java Card Development Kit Simulator and Eclipse plugin to develop, test and debug applications for Java Card Platform. It is available in HTML and PDF formats.
Java Card Development Kit Tools - User Guide This document describes how to use the Java Card Development Kit Tools to convert and verify applications for Java Card Platform. It is available in HTML and PDF formats.

Product Information

The Java Card Technology website provides useful information about the Java Card product.

Visit the Java Card Technology website to access the most up-to-date information on the following:

  • Product news and reviews
  • Release notes and product documentation

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at https://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit https://www.oracle.com/pls/ topic/lookup?ctx=acc&id=info or visit https://www.oracle.com/pls/topic/lookup?ctx=acc&id=trsif you are hearing impaired.

Documentation Accessibility

Access to Oracle Support