verifycap tool is used to verify a CAP file within the context of package's export file (if any) and the export files of imported packages. This verification confirms whether a CAP file is internally consistent, as defined in the Virtual Machine Specification, Java Card Platform, Version 3.0.5, Classic Edition, and consistent with a context in which it can reside in a Java Card technology-enabled device.
To ensure the integrity of the CAP file to be downloaded on a card, the verifier computes and outputs hash values for each of the required CAP file components. To output the hash values in a text file, specify the command line parameter
-outfile hash-file-path. If the
-outfile parameter is not specified, the verifier outputs the hash values on the console output. A CAP file loader should compute the hash values for each of the required CAP components and verify them against the hash values produced by the verifier to assert the integrity of the CAP file being loaded on the card. The
scriptgen tool in the Java Card Development kit performs the hash computation and comparison before generating the download script for a CAP file. For more information about the
scriptgen tool, see Running scriptgen.
Each individual export file is verified as a single unit. The scenario is shown in Figure 13-1. In the figure, the package
p2 CAP file is being verified. Package
p2 has a dependency on package
p1, so the export file from package
p1 is also input. The
p2.exp file is only required if
p2.cap exports any of its elements.
Figure 13-1 Verifying a CAP file
The file to invoke
verifycap is a batch file (
verifycap.bat) that you must run from a working directory of JC_CLASSIC_HOME
\bin in order for the code to execute properly.
verifycap.bat [options] export-files CAP-file
Table 13-1 verifycap Command Line Arguments
A list of export files of the packages that this CAP file uses.
Name of the CAP file to be verified.
Specifies the digest algorithm to use for computing hash values for required CAP components. If this option is not specified or an invalid algorithm name is specified, the verifier uses SHA-256 as the default algorithm.
Specifies the path to the text file that the verifier uses to output the computed hash values for the required CAP components. If this option is not specified, hash values are output to the system console.
Command Line Options for Off-Card Verifier Tools describes additional