JCEd25519 is a JavaCard implementation of Ed25519 signature algorithm for smartcards that do not support Named Elliptic Curves and the EdDSA signature algorithm introduced in JavaCard API version 3.1.
The implementation uses (modified) JCMathLib library to perform necessary operations with elliptic curve points and modular arithmetic. In case SHA512 is not supported by a JavaCard, its software re-implementation is used.
This implementation is only suited for proof-of-concept purposes and NOT for production use. The implementation relies on the JCMathLib library, that provides the underlying low-level operations, but not in constant time. An attacker observing signing time with sufficient precision may be able to use this information to extract the private key.
- Clone this repository with submodules
git clone --recursive https://github.com/dufkan/JCEd25519
-
Configure your card type in
JCEd25519.java
file (currently are supported only SIMULATOR, J3R180, J2E145G) -
Build the applet
./gradlew buildJavaCard --info --rerun-tasks
- Send initialize APDU
00DF000000
to the card. For example, using GlobalPlatform Pro
gp --apdu 00A404000C6A6365643235353139617070 --apdu 00DF000000 -d
The optimizations in the implementation require the nonce to be generated randomly to be secure; otherwise, the implementation could be made to reuse nonce for signing of a different challenge. This is a minor deviation from Ed25519 specification, but it cannot be externally observed, unless multiple signatures of the same data are issued.
The implementation was tested on NXP J3R200, NXP J3H145, NXP J2E145G, and Infineon Secora ID S.