Skip to content

Tested Smart Cards

Jump to bottom
Philip Wendland edited this page Aug 25, 2020 · 3 revisions

This post is a compilation of hardware that is knwon to be working with the IsoApplet. There is, however, no guarantee that your card works flawlessly even if it is listed here. In order to be able to compare the performance of the different smart cards, I signed a small file with pkcs11-tool and SHA256-RSA-PKCS (2048 bit CRT RSA key) multiple times and took the average value.

You might want to ensure that your card is verified according to FIPS 140-2 and/or Common Criteria EAL. Also, for the IsoApplet it must be compatible with Java Card 2.2.2 or newer. The JavaCard Buyer's Guide of 2015 and the JavaCard algorithms support test site might be a good reference for choosing your preferred card. Choose open Java Cards, i.e. cards that allow you to install applets yourself!

Smart cards known to be working

  • Giesecke & Devrient SmartCafe Expert 6.0 80K Dual
    ATR: 3B FE 18 00 00 80 31 FE 45 53 43 45 36 30 2D 43 44 30 38 31 2D 6E 46 A9
    RSA Performance: ~1.2 seconds.

  • J3A080 80K (JCOP)
    ATR: 3B F8 13 00 00 81 31 FE 45 4A 43 4F 50 76 32 34 31 B7
    RSA Performance: ~2.2 seconds

  • J3A081 80K (JCOP)
    ATR: 3B F8 13 00 00 81 31 FE 45 4A 43 4F 50 76 32 34 31 B7
    RSA Performance: ~1.8 seconds

  • Feitian JavaCOS A40 (new firmware) ATR: 3B FC 18 00 00 81 31 80 45 90 67 46 4A 01 00 11 06 00 00 00 00 7C RSA Performance: ~0.8 seconds Note: No ECC support. Also, OpenSC will try to match the entersafe driver by default. You need to add the following to opensc.conf in order to use the card with IsoApplet:

    card_atr 3b:fc:18:00:00:81:31:80:45:90:67:46:4a:01:00:11:06:00:00:00:00:7c {
    driver = "isoApplet";
    }

User reported smart cards

If you are using a smart card that is not listed here: Please report to me ([email protected]) and it can be added to this section. Keep in mind that I can not personally verify the results of user reported smart cards.

  • Gemalto IDTop 3010
    ATR: 3B 8F 80 01 80 91 E1 31 80 65 B0 85 02 00 CF 83 00 90 00 C1
    RSA Performance: ~1.2 seconds
    Issues: ECC key generation will fail due to Key.getK() throwing an CryptoException with UNITIALIZED_KEY even though the key is initialized.

  • NXP J3A081
    ATR: 3B 8A 80 01 4A 33 41 30 38 31 56 32 34 31 6B
    RSA Performance: ~1.0 seconds

  • NXP J3D081
    ATR: 3B 89 80 01 4A 43 4F 50 32 34 32 52 32 4A
    RSA Performance: ~1.2 seconds

  • Yubico neo (Attention: Only early versions allow the installation of applets!)
    ATR: 3B 8C 80 01 59 75 62 69 6B 65 79 4E 45 4F 72 33 58
    RSA Performance: ~1.2 seconds

  • Giesecke & Devrient SmartCafe 6.0
    ATR: 3B 8E 80 01 53 43 45 36 30 2D 43 44 30 38 31 2D 6E 46 4A
    RSA Performance: ~1.1 seconds

Smart cards with problems

  • Feitian JavaCOS A40
    ATR: 3B FC 18 00 00 81 31 80 45 90 67 46 4A 00 68 08 06 00 00 00 00 0C
    My card seems to have a bug with the ALG_RSA_PKCS1 algorithm, using the public key padding scheme on private key operations. This renders it unusable with the IsoApplet. Feitian acknowledged this bug and sent me test cards with a newer firmware and a different ATR (see above: Feitian JavaCos A40 (new firmware)).

  • ACOSJ 40K Dual
    ATR: 3B 69 00 02 41 43 4F 53 4A 76 31 30 31?
    This card has reportedly an issue with getOffsetCData(). Workaround is possible, but card-specific fixes for firmware issues won't be part of upstream IsoApplet.

Clone this wiki locally