Using the On-card Installer for Deletion

The on-card installer in the reference implementation provides the ability to delete package and applet instances from the card's memory. Once the on-card installer is selected, it can receive deletion requests from the terminal in the form of ADPU commands. Requests to delete an applet or package cannot be sent from an applet on the card. For more information on package and applet deletion, see the Runtime Environment Specification, Java Card Platform, Version 3.0.5, Classic Edition.

How to Send a Deletion Request

  1. Select the on-card installer applet on the card.

  2. Send the ADPU for the appropriate deletion request to the installer. The requests that you can send are described in the following sections:

    1. Delete Package

    2. Delete Package and Applets

    3. Delete Applets

    For information on the responses that the ADPU requests can return, see APDU Responses to Deletion Requests.

APDU Requests to Delete Packages and Applets

You can send requests to delete a package, a package and its applets, and individual applets.

Note:

In the following APDU commands, the x in the second nibble of the class byte indicates that the installer can be invoked on channels 0, 1, or 2. For example, 0x8x.

Delete Package

In this request, the Data field contains the size of the package AID and the AID of the package to be deleted. Table 9-15 shows the format of the Delete Package request and the expected response.

Table 9-15 Delete Package Command

Command Lc data Le

0x8x, 0xc0, 0x, 0xXXXX

Lc field

Data field

Le field

The value of 0xXX can be any value for the P1 and P2 parameters. The installer ignores the 0xXX values. An example of a delete package request on channel 1 would be:

//Delete Package Request:
 0x81 0xC0 0x00 0x00 0x08 0x07 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 0x7F;

In this example, 0x07 is the AID length and 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 is the package AID.

Delete Package and Applets

This request is similar to the Delete Package command. In this case the package and applets are removed simultaneously. The data field contains the size of the package AID and the AID of the package to be deleted. Table 9-16 shows the format of the Delete Packages and Applets request and the expected response.

Table 9-16 Delete Package and Applets Command

Command Lc data Le

0x8x, 0xc2, 0xXX, 0xXX

Lc field

Data field

Le field

The value of 0xXX can be any value for the P1 and P2 parameters. The installer ignores the 0xXX values. An example of a package and applets deletion request on channel 1 would be:

//Delete Package And Applets request
0x81 0xC2 0x00 0x00 0x08 0x07 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 0x7F;

In this example, 0x07 is the AID length and 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 is the package AID.

Delete Applets

In this request, the "#" symbol in the P1 byte indicates the number of applets to be deleted, which can have a maximum value of eight. The Lc field contains the size of the data field. Data field contains a list of AID size and AID pairs. Table 9-17 shows the format of the Delete Applet request and the expected response.

Table 9-17 Delete Applet Command

Command Lc data Le

0x8x, 0xc4, 0x0#, 0xXX

Lc field

Data field

Le field

The value of 0xXX can be any value for the P2 parameter. The installer ignores the 0xXX values. An example of a applet deletion request on channel 1 would be:

//Delete the applet's request for two applets
0x81 0xC4 0x02 0x00 0x12 0x08 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 0x12 0x08 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 0x13 0x7F;

In this example, the "#" symbol is replaced with "2" (0x02) indicating that there are two applets to be deleted. The first applet is 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 0x12 and the second applet is 0xa0 0x00 0x00 0x00 0x62 0x12 0x34 0x13.

APDU Responses to Deletion Requests

When the on-card installer receives the request from the terminal, it can return any of the responses shown in Table 9-18.

Table 9-18 APDU Responses to Deletion Requests

Response Code Description

0x6a86

Invalid value for P1 or P2 parameter.

  • Cause: Value for P1 is less than 1 or greater than 8.

  • Solution: Ensure that the value for P1 is between 1 and 8.

0x6443

Applet not found for deletion.

  • Cause: The applet with the specified AID does not exist.

  • Solution: Check and correct the AID.

0x644b

Package not found.

  • Cause: The package with the specified AID does not exist.

  • Solution: Check and correct the AID.

0x644c

Dependencies on package.

  • Cause: Package has other packages dependent on it, or there are some object instances of classes belonging to this package residing in memory.

  • Solution: Determine which packages are dependent and remove them. If there are object instances of classes belonging to this package residing in memory, try the package and applet deletion combination command to remove the package from card memory.

0x644d

One or more applet instances of this package are present.

  • Cause: One or more applet instances of this package are present

  • Solution: Remove the applets first and then try package deletion, or try the package and applet deletion combination command.

0x644e

Package is ROM package.

  • Cause: An attempt was made to delete a package in ROM.

  • Solution: There is no solution to this problem since packages in ROM cannot be deleted.

0x6448

Dependencies on applet.

  • Cause: Other applets are using objects owned by this applet.

  • Solution: Remove references from other applets to this applet's objects, or try to delete the dependent applets along with this applet.

0x6449

Internal memory constraints.

  • Cause: There is not enough memory available for the intermediate structures required by applet deletion.

  • Solution: It may not be possible to recover from this error. One possible thing that can be tried in case of multiple applet deletion is to try to delete applets individually.

0x6451

Cannot delete applet; the applet is currently active on one of the logical channels.

  • Cause: An attempt was made to delete an applet which is currently active on one of the logical channels.

  • Solution: Make sure that the applet is not selected on any of the logical channels. Then, re-attempt to delete the applet.

0x6700

Invalid value for Lc parameter.

  • Cause: In case of package deletion, the value for Lc is less than 6 or greater than 17. In case of applet deletion, the value for Lc is less than 7 or greater than 136.

  • Solution: Value of Lc in both of these cases depends on the AIDs being passed in the APDU. Make sure the AIDs are correct and value for Lc is between 6 and 16 in case of package deletion and between 7 and 135 in case of applet deletion.

The response has the format shown in Table 9-19.

Table 9-19 APDU Response Format

data Response

[optional response data]

SW1SW2

On-Card Installer Limits

The limits for the on-card installer are as follows.

  • The maximum length of the parameter in the applet creation APDU command is 110.

  • The maximum number of packages to be downloaded is 32, including up to 16 applet packages.

  • The maximum number of applet instances to be created is 16.

  • The maximum length of data in the installer APDU commands is 128.

  • No on-card CAP file verification is supported.

  • All subsequent APDU commands enclosed in a CAP Begin, CAP End APDU pair continue to fail after an error occurs.

  • The maximum number of applets that can be deleted using one command is eight.