-
-
Notifications
You must be signed in to change notification settings - Fork 212
Supplementary Security Domains
Supplementary security domains can be created with -domain. Add additional privileges with -privs and installation parameters with -params. The default package and application ID used to instantiate security domains can be changed with -pkg and -app, if required.
To specify extradition right for the newly created SSD, use -allow-to to be able to extradite apps to the SSD and -allow-from to be able to extradite applications from the SSD. If you need to add additional installation parameters to the SSD, also construct the necessary privileges block within the parameters block manually.
To extradite an application to a different security domain during installation, specify the SSD with -to:
gp -install <applet.cap> -to <AID>
The SSD must accept the extradition, so be sure to create it with --allow-to
gp -move <AID> -to <AID>
Both security domains must allow the extradition or the operation will fail.
A new tree is one which has itself as root. Create it with
gp -move <AID> -to <AID>
DAP requires CAP files to be signed. To automatically sign CAP files, use --dap-key. The default hash is still 'SHA1', use --sha256 to use SHA-256 instead. Create the SSD with DAPVerification privilege and load the public key to the SSD with -put-key. Keep in mind that removing a SSD with MandatedDAPVerification is usually not possible, nor is changing/updating the DAP key.
javacard.pro - custom JavaCard applet development services · Editing locked due to malicious SPAM, sorry :(
Basic usage
- Getting Started
- Support GlobalPlatformPro development
- Glossary
- Environment variables
- Keys
- Secure Channel Establishment
- Application management
- Frequently Asked Questions
- Support & Questions
Advanced topics
- Lifecycle management
- Supplementary security domains
- DAP Verification
- Delegated management & receipts
- PACE
Development
JavaCard ecosystem