SmartCardPKI
PKI is the common way to authenticate a message sender or to encrypt/decrypt messages in a secure way. It is typically used by eMails (S/MIME), data encryption and secure authentication (VPN, SSL/TLS). It is based on public/private keys (typically RSA) and certificates, which bind a user identity to a public key.
PKI is based on the secrecy of the private key, so the private key is often stored on a smart card, where the smart card performs the cryptographic operations to avoid the risk that the private key can become public or copied in any way.
The most common API to access cryptographic smart card functions is the PKCS#11 interface, published by RSA Labs. It is used in Mozilla Firefox, Thunderbird and many other applications, e.g. PGP. Corresponding to the PKCS#11 interface, the PKCS#15 specification defines a file structure and description syntax for keys and certificates on the smart card.
OpenSC is a widely-used Open Source development, which provides a set of libraries and tools for accessing smart cards for management and cryptographic operations. It provides a PKCS#11 interface and already supports smart cards from different vendors. OpenSC provides smart card access according to the PKCS#15 standard. A good overview about OpenSC can be found here
The Muscle Card Applet is an Open Source Java Card applet, originally developed by the M.U.S.C.L.E project
The Muscle Card applet can be loaded on smart cards with Java Card OS and allow to securely store keys and other objects, (e.g. certificates) on the smart card and use them for cryptographic functionality, like signature generation or decryption with RSA keys.
The Muscle Card Applet is supported by OpenSC (http://www.opensc-project.org/opensc/wiki/MuscleApplet)
To provide PKI functionality on the Android OS, we use OpenSC with modifications for the Android platform. To store cryptographic keys on the smart card and perform cryptographic operations, we use the Muscle Card Applet for smart cards with Java Card OS.
- Android 2.3.3 (gingerbread) sources with smart card related patches (see Building the system)
- Secure Element with Java Card OS in microSD format (e.g. G&D Mobile Security Card), for using it on a real hardware device.
- Tool to load a Java Card applet onto the Secure Element (e.g. G&D JLoad for G&D Mobile Security Card)
From the download page get the OpenSC for Android package opensc_android_package_v2.0.1.tgz
This package contains:
- OpenSC 0.11.13: external_opensc_0.11.13.tar.gz
- Patch for OpenSC for Android: opensc_android.patch
- Muscle Card Applet 0.9.12: MCardApplet-0912a.tar.gz
- sample RSA key with certificate: azur1024bit_password_12345678.pfx
The system environment for porting the PKI functionality to the Android 2.3.3 (gingerbread) was an Ubuntu 10.04 with gcc 4.4.3.
As Secure Element a G&D Mobile Security Card and for loading the Java card applet, the G&D JLoad was used, provided within the G&D Mobile Security Developers Kit https://www.cardsolutions-shop.com/shop/gi-de/.
As phone, there was a HTC Magic (Sapphire) used.
To add the support for OpenSC to your Android sources, you need to build your system with smart card support according to the description Building the system and additionally add the patches for OpenSC to your sources.
After you performed the step "Patching the source" as described in Building the system add the patches for OpenSC.
Apply the patches for OpenSC in the root directory of the froyo source then continue to build your system as described in Building the system
$ tar xvzf external_opensc_0.11.13.tar.gz
$ patch -p1 < <path_to_patch>/opensc_android.patch
Once the system was built successfully and flashed to the phone, there will be additional components available:
directory: /system/bin
opensc-tool (command line utility for smart card operations, e.g. sending commands)
pkcs15-init (command line utility to initialise a smart card with the PKCS#15 structure)
pkcs15-tool (command line utility to explore/access PKCS#15 file structure)
pkcs11-tool (command line utlity to access smart cards using a PKCS#11 library, e.g. to perform a signature)
directory: /system/lib
opensc-pkcs11.so (PKCS#11 library)
pkcs11-spy.so (dummy PKCS#11 library, when used, it logs all calls to the PKS#11 library for debugging purposes)
directory: /etc
opensc.conf (OpenSC config file)
pkcs15.profile (.profile files contain information about the file structure to create during initialisation of the smart card)
jcop.profile
muscle.profile
oberthur.profile
cyberflex.profile
Unpack the package containing the Muscle Card Applet.
tar xvzf MCardApplet-0912a.tar.gz
The package contains the Muscle Java Card Applet 0.9.12, which consist of the sources of 0.9.11 and the Ant script from version 0.9.12 for easy compile and convert it.
The original source of the Muscle Applet was slightly modified to accept CLA (Class-Byte) '90' additional to CLA='B0', because CLA='B0' will not be supported in Smartcard-API 2.3 as it is not coded according to Global Platform CardSpec 2.2.
There is already a compiled and converted cap file added to the package, which can be directly loaded onto a smart card with Java Card OS.
It is located in the following directory:
/MCardApplet/GD/com/musclecard/CardEdge/javacard/CardEdge.cap
The Java card applet was converted using the Sun Java Card Development Kit 2.2.1, so
there is no need to perform the compilation and conversion for the Muscle Java Card applet. Nevertheless it is possible to perform this steps, therefore a Sun JDK and the Sun Java Card Development Kit is required.
If you compile and convert the Muscle Java Card Applet, you need to download the Sun Java Card Development Kit 2.2.1 from the internet (due to licensing conditions it is not included) and copy it to the directory /MCardApplet/depends/jc221).
Then you can perform the compile/convert process for the applet by running Ant:
ant <target> (e.g. "ant GD"). The process is also described in the INSTALL file included in the package.
For loading the cap-File CardEdge.cap onto the smart card you need to use an appropriate tool, which is typically provided from the manufacturer of the smart card (e.g. G&D JLoad for the G&D Mobile Security Card).
Once you have flashed your phone with the modified sources and inserted the secure element (e.g. G&D Mobile Security Card) in the device, the first step is to intialise the applet and the PKCS#15 structure on the applet, which sets the initial PIN values and creates all the data structures required.
Additionally there are further examples shown, how to use some of the functionality of the OpenSC Tools (e.g, import keys/certificates, create signature, logging of PKCS#11 calls).
For a description of OpenSC Tools and its parameters refer to the OpenSC project http://www.opensc-project.org/opensc
Calling the commandline tools without a parameter shows the parameters available.
To initialise the Muscle Card Applet there is required to send a proprietary command, setting the initial PIN values.
Therefore you need to connect your Android phone to the computer and open a connection to the device with the Android adb tool.
Then you can use the OpenSC opensc-tool utility to perform the initialisation of the JavaCard Applet.
$ adb shell
# cd /system/bin
# opensc-tool -s 00:A4:04:00:06:A0:00:00:00:01:01 -s B0:2A:00:00:38:08:4D:75:73:63:6C:65:30:30:10:10:08:31:32:33:34:35:36:37:38:08:31:32:33:34:35:36:37:38:10:10:08:31:32:33:34:35:36:37:38:08:31:32:33:34:35:36:37:38:00:00:10:00:00:00:00
The initial values of all PINs/passwords are set to "12345678"
A description of the initialisation command can be found here:
http://www.opensc-project.org/opensc/wiki/MuscleApplet
To create the PKCS#15 structure on the smart card use the pkcs15-tool.
The parameter r adresses the reader, here the value 0 is for the UICC and 1_for the MSC, which we use.
# pkcs15-init -r 1 -C
During initalisation process you will be asked to enter the values for PINs/passwords.
In our sample, we set the value "12345678" for all passwords.
Further information to the pkcs15-init tool can be found here: CardPersonalisation
The pkcs15-tool allows to show the PKCS#15 content stored on the smart card.
The content of the smart card can be listet by using the following command:
# pkcs15-tool --dump
One way to put a key and certificate onto the smart card, is to import it from an encrypted PKCS#12 container.
A sample PKCS#12 container file can be downloaded here: azur1024bit_password_12345678.pfx
It contains a 1024 bit RSA key and a corresponding certificate for a dummy user named "azur".
To import it into the smart card, you need to copy the file to the phone by using the adb push command.
then you can import it with the pkcs15-init utility. The import process requires you to enter the password of the container file,
which is "12345678" and the password of the smartcard you set during intialisation.
$ adb push azur1024bit_password_12345678.pfx /data
$ adb shell
# cd /system/bin
# pkcs15-init -S /data/azur1024bit_password_12345678.pfx -f PKCS12 -a FF -i 10
After successful import of the key and certificate you can see the new objects by dumping the content of the smart card
# pkcs15-tool --dump
For operating with the PKCS#11 interface, it is required to know the PKCS#11 Slot, which contains the Secure Element.
Here, in the slot 4 the Secure Element is available.
# pkcs11-tool -L
With the pkcs11-tool it is possible to perform cryptographic operations with the PKCS#11 library opensc-pkcs11.so.
The PKCS#11 library is the standard interface typically used by applications (e.g. Firefox) to perform PKI functionality.
Here we use the pkcs11-tool to generate a digital signature for a file. The signature is created by the smart card with the private key stored onto it.
Here we compute the digital signature for the file azur1024bit_password_12345678.pfx, but we can use any other file also.
The result is stored in the output file. The output file created has a length of 128 Bytes and contains the digital signature computed by the smart card.
(The signature has the same length as the Private key on the smart card, which is 1024 bit).
As signature algorithm we use the SHA1-RSA-PKCS, which performs both, a SHA-1 hash and signature according to the RSA algorithm in one step.
# pkcs11-tool --sign --slot 4 -m SHA1-RSA-PKCS --input-file /data/azur1024bit_password_12345678.pfx --output-file /data/signature
To see the PKCS#11 calls sent to the PKCS#11 library it is possible to load the pkcs11-spy.so libary and log the calls before forwarding it to the real PKCS#11 library opensc-pkcs11.so.
In this example we call the digital signature operation as described before, but we explicitely load the pkcs11-spy.so library to log the PKCS#11 calls.
With the environment variable PKCS11SPY we advise the pkcs11-spy.so library to forward the calls to the real PKCS#11 library opensc-pkcs11.so.
This will display all the PKCS#11 calls including sensitive information like PIN values entered. This is useful for debugging with applications using the PKCS#11 interface.
# PKCS11SPY=/system/lib/opensc-pkcs11.so ./pkcs11-tool --module /system/lib/pkcs11-spy.so ./pkcs11-tool --sign --slot 4 -m SHA1-RSA-PKCS --input-file /data/azur1024bit_password_12345678.pfx --output-file /data/signature
Standard PKCS#11 interface with smart card access is one step to standard PKI infrastructure on Android.
It requires also standard applications, e.g. Browsers, eMail-Clients supporting this interface on Android.
Other PKI Open Source projects/developments that should be investigated:
- Firefox Browser for Android / "fennec" Project. Is there PKCS#11 Support like in Firefox available ?
- Java Interface/Wrapper for access of PKI functionality from Java Applications (e.g IAIK PKC#11 Wrapper).
opensc_android_package_v2.0.1.tgz
- Muscle Applet was modified to accept CLA (Class-Byte) '90' additional to CLA='B0', because CLA='B0' will no longer accepted in Smartcard-API 2.3 as it is not coded according to Global Platform CardSpec 2.2.
opensc_android_package_v2.0.tgz
- initial version, based on OpenSc 0.11.13