Skip to content

Commit

Permalink
Make the openpgp app suitable for the YubiKey NEO
Browse files Browse the repository at this point in the history
add documentation for building it with eclipse-jcde
make it compatible with jcop 2.4.2r1
add gpshell script for loading to card
  • Loading branch information
klali committed Dec 18, 2012
1 parent 72f711a commit 050d20b
Show file tree
Hide file tree
Showing 10 changed files with 185 additions and 12 deletions.
6 changes: 6 additions & 0 deletions .classpath
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="con" path="JCDK2.2.2"/>
<classpathentry kind="output" path="bin"/>
</classpath>
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bin/
src/openpgpcard/javacard/
7 changes: 7 additions & 0 deletions .jcproject
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<comment>Java Card project properties</comment>
<entry key="openpgpcard">0xD2:0x76:0x00:0x01:0x24:0x01</entry>
<entry key="openpgpcard.OpenPGPApplet">0xD2:0x76:0x00:0x01:0x24:0x01:0x02:0x00:0x00:0x00:0x00:0x00:0x00:0x01:0x00:0x00</entry>
</properties>
23 changes: 23 additions & 0 deletions .project
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>ykneo-openpgp</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipsejcde.core.javacardBuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipsejcde.core.javacardNature</nature>
</natures>
</projectDescription>
11 changes: 11 additions & 0 deletions .settings/org.eclipse.jdt.core.prefs
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
org.eclipse.jdt.core.compiler.compliance=1.5
org.eclipse.jdt.core.compiler.debug.lineNumber=generate
org.eclipse.jdt.core.compiler.debug.localVariable=generate
org.eclipse.jdt.core.compiler.debug.sourceFile=generate
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.source=1.5
112 changes: 112 additions & 0 deletions README
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
YubiKey NEO App: OpenPGP
========================

This project implement the OpenPGP card functionality used on the
YubiKey NEO device that is sold by Yubico. This project is relatively
unmodified from the upstream project on which this project is based:

http://sourceforge.net/p/javacardopenpgp/
Author: Joeri de Ruiter

The initial modifications we have made compared to the upstream
project are minor, but we reserve the right to make other
changes/improvements that are specific to the YubiKey NEO hardware.

License
-------

The upstream project was released under the GPLv2+ and our fork uses
the same license. All of our changes are released under the same
license. See the file LICENSE for more information.

Building
--------

It is possible to build the project using proprietary NXP Java Card
tools.

Another way to build the project is with Eclipse and eclipse-jcde.

First install Eclipse following instructions on:

http://www.eclipse.org/

On Debian/Ubuntu systems Eclipse is packaged and can be installed from
the command line:

apt-get install eclipse

Start Eclipse once to make sure it creates a $HOME/.eclipse/
directory. Then quit Eclipse.

Download the eclipse-jcde-0.2.zip file from

http://eclipse-jcde.sourceforge.net/

and unpack it like this:

$ cd ~/.eclipse/*/
$ unzip /path/to/eclipse-jcde-0.2.zip

The path to unpack the file into depends on your Eclipse installation,
on my Debien Wheezy system the directory was called
~/.eclipse/org.eclipse.platform_3.8_155965261/

Start Eclipse again and confirm that you have a new top-level menu
called "Java Card".

You then need to install the Java Card Development Kit version 2.2.2,
download it from:

http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javame-419430.html#java_card_kit-2.2.2-oth-JPR

Unpack it into a new directory called for example "jckit" like this:

$ mkdir jckit
$ cd jckit
$ unzip /path/to/java_card_kit-2_2_2-linux.zip
$ cd java_card_kit-2_2_2/
$ unzip java_card_kit-2_2_2-rr-bin-linux-do.zip

Then in Eclipse select the "Preferences" menu under "Java Card" and
point the "Java Card Home" directory to
/path/to/jckit/java_card_kit-2_2_2 replacing /path/to as appropriate.

After that the project can be imported into the workspace.
Right-click in the "Project Explorer" window and select "Import".
Under "General" select "Existing Projects into Workspace". As the
root directory point the directory holding this file. You need to
select "Copy projects into workspace".

To build the .cap file, expand and right click on the "openpgpcard"
sub-directory and select "Java Card Tools" and then "Convert". The
CAP file will be available in your Eclipse workspace as:

javacardopenpgp/bin/openpgpcard/javacard/openpgpcard.cap

For loading the applet onto the card first make sure the YubiKey NEO
is in the HID/CCID or CCID mode, using ykpers from the YubiKey
Personalization tool:

http://code.google.com/p/yubikey-personalization/
https://github.com/Yubico/yubikey-personalization

For example:

sudo ykpersonalize -m82

Then install the gpshell tool from Global Platform:

http://sourceforge.net/projects/globalplatform/

The projects that are needed is the GlobalPlatform Library 6.0.0,
GPShell 1.4.4, and gppcscconnectionplugin which doesn't seem to be
available in any released tarball so you have to get it from
Subversion.

You need to whitelist the device in /etc/libccid_Info.plist.

When the CAP file has been built and is available in the path shown
above, you may use the gpshell tool to load it:

$ gpshell gpinstall.txt
14 changes: 14 additions & 0 deletions gpinstall.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
mode_211
enable_trace

establish_context
card_connect
select -AID a000000003000000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f

delete -AID D2760001240102000000000000010000
delete -AID D27600012401

install -file ./bin/openpgpcard/javacard/openpgpcard.cap -instParam 00 -priv 00
card_disconnect
release_context
14 changes: 6 additions & 8 deletions src/openpgpcard/OpenPGPApplet.java
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@
* 0000 - RFU
*
* @author Joeri de Ruiter ([email protected])
* @version $Revision$ by $Author$
* $LastChangedDate$
* @version $Revision: 12 $ by $Author: joeridr $
* $LastChangedDate: 2012-02-23 15:31:33 +0100 (tor, 23 feb 2012) $
*/
public class OpenPGPApplet extends Applet implements ISO7816 {
private static final short _0 = 0;
Expand All @@ -47,8 +47,8 @@ public class OpenPGPApplet extends Applet implements ISO7816 {
0x00 };

private static final byte[] EXTENDED_CAP = {
(byte) 0xF0, // Support for GET CHALLENGE
// Support for Key Import
(byte) 0xD0, // Support for GET CHALLENGE
// No support for Key Import
// PW1 Status byte changeable
0x00, // Secure messaging using 3DES
0x00, (byte) 0xFF, // Maximum length of challenges
Expand All @@ -61,7 +61,7 @@ public class OpenPGPApplet extends Applet implements ISO7816 {
private static short RESPONSE_SM_MAX_LENGTH = 231;
private static short CHALLENGES_MAX_LENGTH = 255;

private static short BUFFER_MAX_LENGTH = 510;
private static short BUFFER_MAX_LENGTH = 1020;

private static short LOGINDATA_MAX_LENGTH = 254;
private static short URL_MAX_LENGTH = 254;
Expand All @@ -74,7 +74,7 @@ public class OpenPGPApplet extends Applet implements ISO7816 {
// Default PW1 '123456'
private static byte[] PW1_DEFAULT = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 };
private static byte PW1_MODE_NO81 = 0;
private static byte PW1_MODE_NO82 = 0;
private static byte PW1_MODE_NO82 = 1;

private static final byte RC_MIN_LENGTH = 8;
private static final byte RC_MAX_LENGTH = 127;
Expand Down Expand Up @@ -631,13 +631,11 @@ private short genAsymKey(APDU apdu, byte mode) {
if (!pw3.isValidated())
ISOException.throwIt(SW_SECURITY_STATUS_NOT_SATISFIED);

JCSystem.beginTransaction();
key.genKeyPair();

if (buffer[0] == (byte) 0xB6) {
Util.arrayFillNonAtomic(ds_counter, _0, (short) 3, (byte) 0);
}
JCSystem.commitTransaction();
}

// Output requested key
Expand Down
4 changes: 2 additions & 2 deletions src/openpgpcard/OpenPGPSecureMessaging.java
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@
* e-passport Java Card applet from the JMRTD project (http://jmrtd.org/).
*
* @author Pim Vullers
* @version $Revision$ by $Author$
* $LastChangedDate$
* @version $Revision: 12 $ by $Author: joeridr $
* $LastChangedDate: 2012-02-23 15:31:33 +0100 (tor, 23 feb 2012) $
*/
public class OpenPGPSecureMessaging {
private static final short SW_INTERNAL_ERROR = (short) 0x6D66;
Expand Down
4 changes: 2 additions & 2 deletions src/openpgpcard/PGPKey.java
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@

/**
* @author Joeri de Ruiter ([email protected])
* @version $Revision$ by $Author$
* $LastChangedDate$
* @version $Revision: 12 $ by $Author: joeridr $
* $LastChangedDate: 2012-02-23 15:31:33 +0100 (tor, 23 feb 2012) $
*/
public class PGPKey implements ISO7816 {
public static final short KEY_SIZE = 2048;// 2368;
Expand Down

0 comments on commit 050d20b

Please sign in to comment.