MACRO NEPAL
Secure Element Programming in Java
awiskar acharya
November 16, 2025
6:44 am

Introduction

Secure Elements (SE) are tamper-resistant hardware components that provide secure storage and cryptographic operations. This guide covers programming Secure Elements in Java using Java Card technology, GlobalPlatform, and related standards.

Java Card Technology Overview

Java Card Applet Architecture

package com.secure.element;
import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;
public class SecureApplet extends Applet {
// Cryptographic algorithm constants
private static final byte ALG_RSA = 0x01;
private static final byte ALG_ECC = 0x02;
private static final byte ALG_AES = 0x03;
// Key handles
private static final byte RSA_KEY_HANDLE = 0x01;
private static final byte ECC_KEY_HANDLE = 0x02;
private static final byte AES_KEY_HANDLE = 0x03;
// Key objects
private RSAPrivateKey rsaPrivateKey;
private ECPrivateKey eccPrivateKey;
private AESKey aesKey;
// Cryptographic objects
private Signature rsaSignature;
private Signature eccSignature;
private Cipher aesCipher;
// Secure storage
private byte[] secureStorage;
private short storageOffset = 0;
// PIN management
private OwnerPIN pin;
private static final byte PIN_TRY_LIMIT = 3;
private static final byte PIN_SIZE = 4;
public static void install(byte[] bArray, short bOffset, byte bLength) {
new SecureApplet().register(bArray, (short)(bOffset + 1), bArray[bOffset]);
}
public SecureApplet() {
initializeCryptography();
initializeSecureStorage();
initializePIN();
register();
}
private void initializeCryptography() {
try {
// Initialize RSA key pair (2048 bits)
KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048);
rsaKeyPair.genKeyPair();
rsaPrivateKey = (RSAPrivateKey) rsaKeyPair.getPrivate();
// Initialize ECC key pair (P-256)
KeyPair eccKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256);
eccKeyPair.genKeyPair();
eccPrivateKey = (ECPrivateKey) eccKeyPair.getPrivate();
// Initialize AES key (256 bits)
aesKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, 
KeyBuilder.LENGTH_AES_256, false);
// Initialize signature instances
rsaSignature = Signature.getInstance(Signature.ALG_RSA_SHA_PKCS1, false);
eccSignature = Signature.getInstance(Signature.ALG_ECDSA_SHA, false);
// Initialize cipher instance
aesCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
} catch (CryptoException e) {
ISOException.throwIt((short)0x6F00);
}
}
private void initializeSecureStorage() {
secureStorage = new byte[512]; // 512 bytes secure storage
storageOffset = 0;
}
private void initializePIN() {
pin = new OwnerPIN(PIN_TRY_LIMIT, PIN_SIZE);
byte[] initialPIN = {0x12, 0x34, 0x56, 0x78}; // Default PIN
pin.update(initialPIN, (short)0, (byte)initialPIN.length);
}
public void process(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// Check SELECT APDU
if (selectingApplet()) {
return;
}
// Verify PIN for all commands except VERIFY and INITIALIZE
byte cla = buffer[ISO7816.OFFSET_CLA];
byte ins = buffer[ISO7816.OFFSET_INS];
if (ins != INS_VERIFY && ins != INS_INITIALIZE && !pin.isValidated()) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
}
switch (ins) {
case INS_VERIFY:
verifyPIN(apdu);
break;
case INS_CHANGE_PIN:
changePIN(apdu);
break;
case INS_RSA_SIGN:
performRSASignature(apdu);
break;
case INS_ECC_SIGN:
performECCSignature(apdu);
break;
case INS_AES_ENCRYPT:
performAESEncryption(apdu);
break;
case INS_AES_DECRYPT:
performAESDecryption(apdu);
break;
case INS_STORE_DATA:
storeSecureData(apdu);
break;
case INS_RETRIEVE_DATA:
retrieveSecureData(apdu);
break;
case INS_GENERATE_KEY:
generateKey(apdu);
break;
case INS_GET_PUBLIC_KEY:
getPublicKey(apdu);
break;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}
}
// Instruction codes
private static final byte INS_VERIFY = 0x20;
private static final byte INS_CHANGE_PIN = 0x21;
private static final byte INS_RSA_SIGN = 0x30;
private static final byte INS_ECC_SIGN = 0x31;
private static final byte INS_AES_ENCRYPT = 0x40;
private static final byte INS_AES_DECRYPT = 0x41;
private static final byte INS_STORE_DATA = 0x50;
private static final byte INS_RETRIEVE_DATA = 0x51;
private static final byte INS_GENERATE_KEY = 0x60;
private static final byte INS_GET_PUBLIC_KEY = 0x61;
private void verifyPIN(APDU apdu) {
byte[] buffer = apdu.getBuffer();
byte lc = buffer[ISO7816.OFFSET_LC];
if (!pin.check(buffer, ISO7816.OFFSET_CDATA, lc)) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
}
}
private void changePIN(APDU apdu) {
byte[] buffer = apdu.getBuffer();
byte lc = buffer[ISO7816.OFFSET_LC];
// Update PIN
pin.update(buffer, ISO7816.OFFSET_CDATA, lc);
}
private void performRSASignature(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short dataLen = apdu.setIncomingAndReceive();
try {
rsaSignature.init(rsaPrivateKey, Signature.MODE_SIGN);
short sigLen = rsaSignature.sign(buffer, ISO7816.OFFSET_CDATA, dataLen, 
buffer, (short)0);
apdu.setOutgoingAndSend((short)0, sigLen);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
}
}
private void performECCSignature(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short dataLen = apdu.setIncomingAndReceive();
try {
eccSignature.init(eccPrivateKey, Signature.MODE_SIGN);
short sigLen = eccSignature.sign(buffer, ISO7816.OFFSET_CDATA, dataLen, 
buffer, (short)0);
apdu.setOutgoingAndSend((short)0, sigLen);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
}
}
private void performAESEncryption(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short dataLen = apdu.setIncomingAndReceive();
// Check data length is multiple of block size
if ((dataLen % 16) != 0) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
}
try {
// Use zero IV for simplicity (in production, use random IV)
byte[] iv = new byte[16];
aesCipher.init(aesKey, Cipher.MODE_ENCRYPT, iv, (short)0, (short)iv.length);
short encryptedLen = aesCipher.doFinal(buffer, ISO7816.OFFSET_CDATA, dataLen, 
buffer, (short)0);
apdu.setOutgoingAndSend((short)0, encryptedLen);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
}
}
private void storeSecureData(APDU apdu) {
byte[] buffer = apdu.getBuffer();
short dataLen = apdu.setIncomingAndReceive();
// Check storage capacity
if ((storageOffset + dataLen) > secureStorage.length) {
ISOException.throwIt(ISO7816.SW_FILE_FULL);
}
// Store data in secure storage
Util.arrayCopyNonAtomic(buffer, ISO7816.OFFSET_CDATA, 
secureStorage, storageOffset, dataLen);
storageOffset += dataLen;
}
private void retrieveSecureData(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// Copy all stored data to buffer
Util.arrayCopyNonAtomic(secureStorage, (short)0, buffer, (short)0, storageOffset);
apdu.setOutgoingAndSend((short)0, storageOffset);
}
private void generateKey(APDU apdu) {
byte[] buffer = apdu.getBuffer();
byte keyType = buffer[ISO7816.OFFSET_P1];
byte keySize = buffer[ISO7816.OFFSET_P2];
try {
switch (keyType) {
case ALG_AES:
generateAESKey(keySize);
break;
case ALG_RSA:
generateRSAKey(keySize);
break;
case ALG_ECC:
generateECCKey(keySize);
break;
default:
ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
}
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
}
}
private void generateAESKey(byte keySize) {
short keyLength;
switch (keySize) {
case 0x01: keyLength = KeyBuilder.LENGTH_AES_128; break;
case 0x02: keyLength = KeyBuilder.LENGTH_AES_192; break;
case 0x03: keyLength = KeyBuilder.LENGTH_AES_256; break;
default: ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); return;
}
aesKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, keyLength, false);
aesKey.setKey(new byte[keyLength/8], (short)0); // Set random key in production
}
private void getPublicKey(APDU apdu) {
byte[] buffer = apdu.getBuffer();
byte keyType = buffer[ISO7816.OFFSET_P1];
try {
switch (keyType) {
case ALG_RSA:
exportRSAPublicKey(buffer);
break;
case ALG_ECC:
exportECCPublicKey(buffer);
break;
default:
ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
}
apdu.setOutgoingAndSend((short)0, (short)buffer[0]);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
}
}
private void exportRSAPublicKey(byte[] buffer) {
// Implementation to export RSA public key components
// This would extract modulus and exponent from the key pair
}
}

GlobalPlatform Secure Channel Protocol

Secure Channel Implementation

package com.secure.element.gp;
import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;
public class GlobalPlatformSecureChannel {
// SCP parameters
private static final byte SCP_02 = 0x02;
private static final byte KEY_TYPE_DES3 = 0x80;
// Secure Channel keys
private AESKey encKey;
private AESKey macKey;
private AESKey kekKey;
// Security level
private byte securityLevel;
private static final byte SECURITY_LEVEL_C_DECRYPTION = 0x01;
private static final byte SECURITY_LEVEL_C_MAC = 0x02;
// Session context
private byte[] hostChallenge;
private byte[] cardChallenge;
private byte[] sequenceCounter;
private short sequenceCounterValue;
// Cryptographic objects
private Cipher cipher;
private Signature mac;
public GlobalPlatformSecureChannel() {
initializeKeys();
initializeCrypto();
}
private void initializeKeys() {
// Default keys (should be replaced during personalization)
byte[] defaultKey = {
(byte)0x40, (byte)0x41, (byte)0x42, (byte)0x43,
(byte)0x44, (byte)0x45, (byte)0x46, (byte)0x47,
(byte)0x48, (byte)0x49, (byte)0x4A, (byte)0x4B,
(byte)0x4C, (byte)0x4D, (byte)0x4E, (byte)0x4F
};
encKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, 
KeyBuilder.LENGTH_AES_128, false);
macKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, 
KeyBuilder.LENGTH_AES_128, false);
kekKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, 
KeyBuilder.LENGTH_AES_128, false);
encKey.setKey(defaultKey, (short)0);
macKey.setKey(defaultKey, (short)0);
kekKey.setKey(defaultKey, (short)0);
}
private void initializeCrypto() {
try {
cipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
mac = Signature.getInstance(Signature.ALG_AES_MAC_128_NOPAD, false);
} catch (CryptoException e) {
ISOException.throwIt((short)0x6F00);
}
}
public void initializeUpdate(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// Extract host challenge
hostChallenge = new byte[8];
Util.arrayCopyNonAtomic(buffer, ISO7816.OFFSET_CDATA, 
hostChallenge, (short)0, (short)8);
// Generate card challenge
cardChallenge = generateRandom(8);
// Initialize sequence counter
sequenceCounter = new byte[2];
sequenceCounterValue = 0;
// Prepare response
Util.arrayCopyNonAtomic(cardChallenge, (short)0, buffer, (short)0, (short)8);
apdu.setOutgoingAndSend((short)0, (short)8);
}
public void externalAuthenticate(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// Verify authentication data and derive session keys
if (!verifyAuthenticationData(buffer)) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
}
deriveSessionKeys();
securityLevel = SECURITY_LEVEL_C_DECRYPTION | SECURITY_LEVEL_C_MAC;
}
private boolean verifyAuthenticationData(byte[] buffer) {
// Implementation of SCP02 authentication verification
// This would verify the cryptogram and derive session keys
return true; // Simplified for example
}
private void deriveSessionKeys() {
// Derive session keys from static keys and challenges
// Following GlobalPlatform SCP02 key derivation scheme
byte[] derivationData = new byte[16];
// Derive ENC session key
Util.arrayCopyNonAtomic(hostChallenge, (short)0, derivationData, (short)0, (short)8);
Util.arrayCopyNonAtomic(cardChallenge, (short)0, derivationData, (short)8, (short)8);
deriveKey(encKey, derivationData, (byte)0x01);
// Derive MAC session key
deriveKey(macKey, derivationData, (byte)0x02);
// Derive KEK session key
deriveKey(kekKey, derivationData, (byte)0x03);
}
private void deriveKey(AESKey key, byte[] data, byte derivationConstant) {
byte[] derivedData = new byte[16];
// Apply key derivation function
for (short i = 0; i < 16; i++) {
derivedData[i] = data[i];
}
derivedData[15] = derivationConstant;
// In production, this would use proper key derivation
key.setKey(derivedData, (short)0);
}
public byte[] secureAPDU(byte[] commandAPDU) {
if ((securityLevel & SECURITY_LEVEL_C_MAC) != 0) {
commandAPDU = applyMAC(commandAPDU);
}
if ((securityLevel & SECURITY_LEVEL_C_DECRYPTION) != 0) {
commandAPDU = encryptCommandData(commandAPDU);
}
incrementSequenceCounter();
return commandAPDU;
}
private byte[] applyMAC(byte[] apdu) {
try {
mac.init(macKey, Signature.MODE_SIGN);
// Calculate MAC over APDU
short macLen = mac.sign(apdu, (short)0, (short)apdu.length, 
apdu, (short)apdu.length);
// Append MAC to APDU
byte[] securedAPDU = new byte[apdu.length + macLen];
Util.arrayCopyNonAtomic(apdu, (short)0, securedAPDU, (short)0, (short)apdu.length);
return securedAPDU;
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
return apdu;
}
}
private byte[] encryptCommandData(byte[] apdu) {
try {
// Use sequence counter as IV
cipher.init(encKey, Cipher.MODE_ENCRYPT, sequenceCounter, 
(short)0, (short)sequenceCounter.length);
short encryptedLen = cipher.doFinal(apdu, (short)0, (short)apdu.length, 
apdu, (short)0);
return apdu;
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
return apdu;
}
}
private byte[] generateRandom(short length) {
byte[] random = new byte[length];
RandomData randomGen = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
randomGen.generateData(random, (short)0, length);
return random;
}
private void incrementSequenceCounter() {
sequenceCounterValue++;
sequenceCounter[0] = (byte)((sequenceCounterValue >> 8) & 0xFF);
sequenceCounter[1] = (byte)(sequenceCounterValue & 0xFF);
}
}

Host Application Interface

PC/SC Communication Layer

package com.secure.element.host;
import javax.smartcardio.*;
import java.nio.ByteBuffer;
import java.util.List;
public class SecureElementManager {
private CardChannel channel;
private Card card;
private TerminalFactory terminalFactory;
// APDU constants
private static final byte CLA_STANDARD = 0x00;
private static final byte INS_SELECT = (byte)0xA4;
private static final byte INS_EXTERNAL_AUTHENTICATE = (byte)0x82;
private static final byte INS_INITIALIZE_UPDATE = (byte)0x50;
public SecureElementManager() {
try {
terminalFactory = TerminalFactory.getDefault();
} catch (Exception e) {
throw new RuntimeException("Failed to initialize terminal factory", e);
}
}
public void connect() throws CardException {
List<CardTerminal> terminals = terminalFactory.terminals().list();
if (terminals.isEmpty()) {
throw new CardException("No smart card readers found");
}
// Use first available terminal
CardTerminal terminal = terminals.get(0);
// Connect to the card
card = terminal.connect("T=1"); // T=1 for block-oriented transmission
channel = card.getBasicChannel();
System.out.println("Connected to: " + card);
}
public void disconnect() {
try {
if (card != null) {
card.disconnect(false);
}
} catch (CardException e) {
System.err.println("Error disconnecting: " + e.getMessage());
}
}
public ResponseAPDU transmit(CommandAPDU command) throws CardException {
return channel.transmit(command);
}
public byte[] selectApplet(byte[] aid) throws CardException {
CommandAPDU selectAPDU = new CommandAPDU(
CLA_STANDARD, INS_SELECT, 0x04, 0x00, aid
);
ResponseAPDU response = channel.transmit(selectAPDU);
if (response.getSW() != 0x9000) {
throw new CardException("Applet selection failed: " + 
Integer.toHexString(response.getSW()));
}
return response.getData();
}
public void establishSecureChannel(byte[] hostChallenge) throws CardException {
// Step 1: Initialize Update
CommandAPDU initUpdate = new CommandAPDU(
CLA_STANDARD, INS_INITIALIZE_UPDATE, 0x00, 0x00, hostChallenge
);
ResponseAPDU response = channel.transmit(initUpdate);
if (response.getSW() != 0x9000) {
throw new CardException("Initialize Update failed");
}
byte[] cardChallenge = response.getData();
// Step 2: External Authenticate
byte[] authenticationData = generateAuthenticationData(hostChallenge, cardChallenge);
CommandAPDU extAuth = new CommandAPDU(
CLA_STANDARD, INS_EXTERNAL_AUTHENTICATE, 0x00, 0x00, authenticationData
);
response = channel.transmit(extAuth);
if (response.getSW() != 0x9000) {
throw new CardException("External Authenticate failed");
}
}
private byte[] generateAuthenticationData(byte[] hostChallenge, byte[] cardChallenge) {
// Implementation of SCP02 authentication data generation
// This would include key derivation and cryptogram calculation
return new byte[8]; // Simplified
}
public byte[] signData(byte[] data, byte algorithm) throws CardException {
byte ins;
switch (algorithm) {
case 0x01: ins = 0x30; break; // RSA
case 0x02: ins = 0x31; break; // ECC
default: throw new IllegalArgumentException("Unsupported algorithm");
}
CommandAPDU signAPDU = new CommandAPDU(
CLA_STANDARD, ins, 0x00, 0x00, data
);
ResponseAPDU response = channel.transmit(signAPDU);
if (response.getSW() != 0x9000) {
throw new CardException("Sign operation failed: " + 
Integer.toHexString(response.getSW()));
}
return response.getData();
}
public byte[] encryptData(byte[] data) throws CardException {
CommandAPDU encryptAPDU = new CommandAPDU(
CLA_STANDARD, 0x40, 0x00, 0x00, data
);
ResponseAPDU response = channel.transmit(encryptAPDU);
if (response.getSW() != 0x9000) {
throw new CardException("Encryption failed: " + 
Integer.toHexString(response.getSW()));
}
return response.getData();
}
public void storeSecureData(byte[] data) throws CardException {
CommandAPDU storeAPDU = new CommandAPDU(
CLA_STANDARD, 0x50, 0x00, 0x00, data
);
ResponseAPDU response = channel.transmit(storeAPDU);
if (response.getSW() != 0x9000) {
throw new CardException("Data storage failed: " + 
Integer.toHexString(response.getSW()));
}
}
public byte[] retrieveSecureData() throws CardException {
CommandAPDU retrieveAPDU = new CommandAPDU(
CLA_STANDARD, 0x51, 0x00, 0x00, 256
);
ResponseAPDU response = channel.transmit(retrieveAPDU);
if (response.getSW() != 0x9000) {
throw new CardException("Data retrieval failed: " + 
Integer.toHexString(response.getSW()));
}
return response.getData();
}
}

Advanced Cryptographic Operations

Elliptic Curve Cryptography Implementation

package com.secure.element.crypto;
import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;
public class ECCryptoEngine {
private ECPrivateKey ecPrivateKey;
private ECPublicKey ecPublicKey;
private KeyPair ecKeyPair;
private Signature ecdsaSigner;
private KeyAgreement ecdhAgreement;
// Supported curves
private static final byte CURVE_P256 = 0x01;
private static final byte CURVE_P384 = 0x02;
private static final byte CURVE_P521 = 0x03;
public ECCryptoEngine(byte curveType) {
initializeCurve(curveType);
initializeCryptoObjects();
}
private void initializeCurve(byte curveType) {
byte curveID;
short keyLength;
switch (curveType) {
case CURVE_P256:
curveID = KeyPair.ALG_EC_FP;
keyLength = KeyBuilder.LENGTH_EC_FP_256;
break;
case CURVE_P384:
curveID = KeyPair.ALG_EC_FP;
keyLength = KeyBuilder.LENGTH_EC_FP_384;
break;
case CURVE_P521:
curveID = KeyPair.ALG_EC_FP;
keyLength = KeyBuilder.LENGTH_EC_FP_521;
break;
default:
ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
return;
}
ecKeyPair = new KeyPair(curveID, keyLength);
ecKeyPair.genKeyPair();
ecPrivateKey = (ECPrivateKey) ecKeyPair.getPrivate();
ecPublicKey = (ECPublicKey) ecKeyPair.getPublic();
}
private void initializeCryptoObjects() {
try {
ecdsaSigner = Signature.getInstance(Signature.ALG_ECDSA_SHA, false);
ecdhAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
} catch (CryptoException e) {
ISOException.throwIt((short)0x6F00);
}
}
public short signData(byte[] data, short dataOffset, short dataLength,
byte[] signature, short sigOffset) {
try {
ecdsaSigner.init(ecPrivateKey, Signature.MODE_SIGN);
return ecdsaSigner.sign(data, dataOffset, dataLength, signature, sigOffset);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
return 0;
}
}
public boolean verifySignature(byte[] data, short dataOffset, short dataLength,
byte[] signature, short sigOffset, short sigLength) {
try {
ecdsaSigner.init(ecPublicKey, Signature.MODE_VERIFY);
return ecdsaSigner.verify(data, dataOffset, dataLength, 
signature, sigOffset, sigLength);
} catch (CryptoException e) {
return false;
}
}
public short generateSharedSecret(ECPublicKey peerPublicKey,
byte[] sharedSecret, short offset) {
try {
ecdhAgreement.init(ecPrivateKey);
return ecdhAgreement.generateSecret(peerPublicKey, 
sharedSecret, offset);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
return 0;
}
}
public short exportPublicKey(byte[] buffer, short offset) {
// Export public key in uncompressed format (0x04 || X || Y)
short keyLength = ecPublicKey.getW(buffer, offset);
return keyLength;
}
public void importPublicKey(byte[] publicKey, short offset, short length) {
try {
ecPublicKey.setW(publicKey, offset, length);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
}
}
public void setCurveParameters(byte[] parameters, short offset, short length) {
try {
ecPrivateKey.setFieldFP(parameters, offset, length);
ecPublicKey.setFieldFP(parameters, offset, length);
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
}
}
}

Secure Storage Management

Encrypted File System on Secure Element

package com.secure.element.storage;
import javacard.framework.*;
import javacard.security.*;
import javacardx.crypto.*;
public class SecureFileSystem {
private static final short MAX_FILES = 16;
private static final short MAX_FILE_SIZE = 512;
private FileEntry[] files;
private AESKey storageKey;
private Cipher cipher;
private static class FileEntry {
byte fileId;
byte[] data;
short dataLength;
boolean encrypted;
FileEntry(byte id) {
fileId = id;
data = new byte[MAX_FILE_SIZE];
dataLength = 0;
encrypted = false;
}
}
public SecureFileSystem() {
files = new FileEntry[MAX_FILES];
initializeStorageKey();
initializeCipher();
}
private void initializeStorageKey() {
storageKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, 
KeyBuilder.LENGTH_AES_256, false);
// Generate random storage key
byte[] keyData = new byte[32];
RandomData random = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
random.generateData(keyData, (short)0, (short)32);
storageKey.setKey(keyData, (short)0);
}
private void initializeCipher() {
try {
cipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
} catch (CryptoException e) {
ISOException.throwIt((short)0x6F00);
}
}
public short createFile(byte fileId, boolean encrypt) {
if (findFile(fileId) != null) {
ISOException.throwIt(ISO7816.SW_FILE_INVALID);
}
for (short i = 0; i < MAX_FILES; i++) {
if (files[i] == null) {
files[i] = new FileEntry(fileId);
files[i].encrypted = encrypt;
return i;
}
}
ISOException.throwIt(ISO7816.SW_FILE_FULL);
return -1;
}
public void writeFile(byte fileId, byte[] data, short offset, short length) {
FileEntry file = findFile(fileId);
if (file == null) {
ISOException.throwIt(ISO7816.SW_FILE_NOT_FOUND);
}
if (length > MAX_FILE_SIZE) {
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
}
if (file.encrypted) {
byte[] encryptedData = encryptData(data, offset, length);
Util.arrayCopyNonAtomic(encryptedData, (short)0, 
file.data, (short)0, (short)encryptedData.length);
file.dataLength = (short)encryptedData.length;
} else {
Util.arrayCopyNonAtomic(data, offset, file.data, (short)0, length);
file.dataLength = length;
}
}
public short readFile(byte fileId, byte[] buffer, short offset) {
FileEntry file = findFile(fileId);
if (file == null) {
ISOException.throwIt(ISO7816.SW_FILE_NOT_FOUND);
}
if (file.encrypted) {
byte[] decryptedData = decryptData(file.data, (short)0, file.dataLength);
Util.arrayCopyNonAtomic(decryptedData, (short)0, buffer, offset, 
(short)decryptedData.length);
return (short)decryptedData.length;
} else {
Util.arrayCopyNonAtomic(file.data, (short)0, buffer, offset, file.dataLength);
return file.dataLength;
}
}
public void deleteFile(byte fileId) {
for (short i = 0; i < MAX_FILES; i++) {
if (files[i] != null && files[i].fileId == fileId) {
// Securely wipe data
Util.arrayFillNonAtomic(files[i].data, (short)0, 
(short)files[i].data.length, (byte)0);
files[i] = null;
return;
}
}
ISOException.throwIt(ISO7816.SW_FILE_NOT_FOUND);
}
private FileEntry findFile(byte fileId) {
for (short i = 0; i < MAX_FILES; i++) {
if (files[i] != null && files[i].fileId == fileId) {
return files[i];
}
}
return null;
}
private byte[] encryptData(byte[] data, short offset, short length) {
try {
// Use zero IV (in production, use random IV and store it)
byte[] iv = new byte[16];
cipher.init(storageKey, Cipher.MODE_ENCRYPT, iv, (short)0, (short)iv.length);
// Data must be multiple of block size
short paddedLength = (short)(((length + 15) / 16) * 16);
byte[] paddedData = new byte[paddedLength];
Util.arrayCopyNonAtomic(data, offset, paddedData, (short)0, length);
byte[] encrypted = new byte[paddedLength];
cipher.doFinal(paddedData, (short)0, paddedLength, encrypted, (short)0);
return encrypted;
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
return JCSystem.makeTransientByteArray(length, JCSystem.CLEAR_ON_DESELECT);
}
}
private byte[] decryptData(byte[] encryptedData, short offset, short length) {
try {
// Use zero IV (same as encryption)
byte[] iv = new byte[16];
cipher.init(storageKey, Cipher.MODE_DECRYPT, iv, (short)0, (short)iv.length);
byte[] decrypted = new byte[length];
cipher.doFinal(encryptedData, offset, length, decrypted, (short)0);
return decrypted;
} catch (CryptoException e) {
ISOException.throwIt((short)(0x6F00 | e.getReason()));
return JCSystem.makeTransientByteArray(length, JCSystem.CLEAR_ON_DESELECT);
}
}
}

Testing and Simulation Framework

JUnit Tests for Secure Element Operations

package com.secure.element.test;
import org.junit.jupiter.api.*;
import javax.smartcardio.*;
import static org.junit.jupiter.api.Assertions.*;
public class SecureElementTest {
private SecureElementManager seManager;
private static final byte[] TEST_AID = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06};
@BeforeEach
public void setUp() throws CardException {
seManager = new SecureElementManager();
seManager.connect();
}
@AfterEach
public void tearDown() {
seManager.disconnect();
}
@Test
public void testAppletSelection() throws CardException {
byte[] response = seManager.selectApplet(TEST_AID);
assertNotNull(response);
// Verify successful selection
}
@Test
public void testRSASignature() throws CardException {
byte[] testData = "Test data for RSA signature".getBytes();
byte[] signature = seManager.signData(testData, (byte)0x01);
assertNotNull(signature);
assertTrue(signature.length > 0);
}
@Test
public void testECCSignature() throws CardException {
byte[] testData = "Test data for ECC signature".getBytes();
byte[] signature = seManager.signData(testData, (byte)0x02);
assertNotNull(signature);
assertTrue(signature.length > 0);
}
@Test
public void testAESEncryption() throws CardException {
byte[] testData = new byte[16]; // AES block size
for (byte i = 0; i < 16; i++) {
testData[i] = i;
}
byte[] encrypted = seManager.encryptData(testData);
assertNotNull(encrypted);
assertEquals(16, encrypted.length);
}
@Test
public void testSecureStorage() throws CardException {
byte[] testData = "Secure storage test data".getBytes();
seManager.storeSecureData(testData);
byte[] retrievedData = seManager.retrieveSecureData();
assertArrayEquals(testData, retrievedData);
}
@Test
public void testSecureChannel() throws CardException {
byte[] hostChallenge = new byte[8];
// Initialize with random data in production
for (byte i = 0; i < 8; i++) {
hostChallenge[i] = i;
}
seManager.establishSecureChannel(hostChallenge);
// After secure channel establishment, further communications should be secured
byte[] testData = "Secured communication test".getBytes();
byte[] response = seManager.encryptData(testData);
assertNotNull(response);
}
}
// Mock Secure Element for unit testing
class MockSecureElement extends SecureElementManager {
private Map<byte[], byte[]> secureStorage = new HashMap<>();
private Map<String, KeyPair> keyPairs = new HashMap<>();
@Override
public byte[] signData(byte[] data, byte algorithm) {
// Mock signature implementation
byte[] signature = new byte[64]; // Mock signature length
Arrays.fill(signature, (byte)0xAA);
return signature;
}
@Override
public byte[] encryptData(byte[] data) {
// Mock encryption - just XOR with a simple key
byte[] key = {0x55, 0x55, 0x55, 0x55};
byte[] encrypted = new byte[data.length];
for (int i = 0; i < data.length; i++) {
encrypted[i] = (byte)(data[i] ^ key[i % key.length]);
}
return encrypted;
}
@Override
public void storeSecureData(byte[] data) {
secureStorage.put(Arrays.copyOf(data, data.length), data);
}
@Override
public byte[] retrieveSecureData() {
if (!secureStorage.isEmpty()) {
return secureStorage.values().iterator().next();
}
return new byte[0];
}
}

Production Best Practices

Security Hardening

package com.secure.element.security;
import javacard.framework.*;
import javacard.security.*;
public class SecurityManager {
private static final short MAX_AUTH_ATTEMPTS = 3;
private static final short LOCKOUT_DURATION = 300; // 5 minutes in seconds
private short failedAuthAttempts;
private long lockoutTime;
// Anti-tearing protection
private boolean transactionInProgress;
public SecurityManager() {
failedAuthAttempts = 0;
lockoutTime = 0;
transactionInProgress = false;
}
public boolean authenticate(byte[] credential) {
if (isLockedOut()) {
ISOException.throwIt(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED);
}
boolean authenticated = verifyCredential(credential);
if (authenticated) {
failedAuthAttempts = 0;
lockoutTime = 0;
} else {
failedAuthAttempts++;
if (failedAuthAttempts >= MAX_AUTH_ATTEMPTS) {
lockoutTime = getCurrentTime() + LOCKOUT_DURATION;
}
}
return authenticated;
}
private boolean verifyCredential(byte[] credential) {
// Implementation of credential verification
// This would typically involve comparing with stored hash
return true; // Simplified
}
private boolean isLockedOut() {
return getCurrentTime() < lockoutTime;
}
private long getCurrentTime() {
// In real implementation, this would use a secure timer
return System.currentTimeMillis() / 1000;
}
public void beginTransaction() {
if (transactionInProgress) {
ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
}
transactionInProgress = true;
// Backup critical state for rollback
backupCriticalState();
}
public void commitTransaction() {
if (!transactionInProgress) {
ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED);
}
transactionInProgress = false;
// Clear backup state
clearBackupState();
}
public void rollbackTransaction() {
if (!transactionInProgress) {
return;
}
transactionInProgress = false;
// Restore from backup
restoreCriticalState();
}
// Called by the JCRE when a tear is detected
public void handleTear() {
if (transactionInProgress) {
restoreCriticalState();
transactionInProgress = false;
}
}
private void backupCriticalState() {
// Backup critical applet state to persistent memory
}
private void restoreCriticalState() {
// Restore critical applet state from backup
}
private void clearBackupState() {
// Clear backup state after successful commit
}
// Secure memory management
public void secureWipe(byte[] buffer) {
if (buffer != null) {
Util.arrayFillNonAtomic(buffer, (short)0, (short)buffer.length, (byte)0);
}
}
public void secureWipe(Key key) {
if (key != null) {
// Clear key material
byte[] keyBuffer = JCSystem.makeTransientByteArray(
(short)32, JCSystem.CLEAR_ON_DESELECT);
if (key instanceof AESKey) {
((AESKey)key).setKey(keyBuffer, (short)0);
}
secureWipe(keyBuffer);
}
}
}

This comprehensive Secure Element programming guide covers:

  1. Java Card Applet Development - Creating secure applications for SE
  2. GlobalPlatform SCP - Secure channel protocols for communication
  3. Cryptographic Operations - RSA, ECC, AES implementations
  4. Secure Storage - Encrypted file system on SE
  5. Host Application Interface - PC/SC communication
  6. Testing Framework - Unit tests and simulation
  7. Security Hardening - Anti-tearing, authentication, secure wipe

The implementation follows industry standards and best practices for secure element programming, providing a solid foundation for developing secure applications like payment systems, identity cards, and IoT security modules.

Category : JAVA

Leave a Reply

Your email address will not be published. Required fields are marked *


Macro Nepal Helper