background image

12

Cryptographic Smart Card Driver Development Guide 

See the 

BlackBerry Integrated Development Environment Help

 for more information about testing a BlackBerry 

Java Application using the BlackBerry Integrated Development Environment.

Test the cryptographic smart card driver

Set up to test signing and decrypting 
email messages with the S/MIME 
Support Package for BlackBerry 
smartphones, on a BlackBerry device 
with S/MIME support.

The following steps require a BlackBerry® Smart Card Reader.

1.

Install the S/MIME Support Package for BlackBerry smartphones. Client access licenses are 
available from wireless service providers. For additional information on how to obtain the client 
access licenses, send an email message to [email protected]. See the 

S/MIME 

Support Package User Guide Supplement

 for more information about installing the S/MIME 

Support package for BlackBerry smartphones on your computer or a BlackBerry device.

2. Connect the BlackBerry device to the computer.

3. At a command prompt, switch to the BlackBerry Java Development Environment bin folder.

4. Type the following command: 

JavaLoader [-usb] [-w

password

] load <file>

password

:

If a password is set, the password for the BlackBerry device

file

:The

 .cod file that the cryptographic smart card driver downloads to the BlackBerry 

device

Task

Steps

Make sure the cryptographic smart 
card driver is installed on a BlackBerry 
device.

1.

On the BlackBerry device, click 

Options

 >

 Security Options

 > 

Smart Card. 

2. Ensure the cryptographic smart card appears in the 

Registered Card Drivers

 section.

Make sure the options display for the 
cryptographic smart card driver. 

If you implemented 

isDisplaySettingsAvailableImpl()

 to return true.

1.

On the BlackBerry device, click 

Options

 >

 Security Options

 > 

Smart Card.

2. In the 

Registered Card Drivers

 section select the cryptographic smart card driver you are 

testing.

3. Click 

Driver Settings

.

Test signing and decrypting email 
messages with the S/MIME Support 
Package for BlackBerry smartphones 
on a BlackBerry device with S/MIME 
support.

1.

On the BlackBerry device, click 

Options

 

>

 

Security Options > Certificates.

2. Click 

Import Smart Card Certs

.

3. If required, type your PIN.

4. Select the certificate you want to import from the smart card.

5. Type the smart card password.

6. Specify S/MIME to sign and decrypt email messages. See 

S/MIME Support Package User Guide 

Supplement

 for more information about signing, sending, and decrypting email messages.

Enable and test two-factor 
authentication on a BlackBerry device.

1.

On the BlackBerry device, click 

Options

 > 

Security Options 

>

 General Settings.

2. Verify that your smart card is inserted in the BlackBerry Smart Card Reader.

3. Change the 

User Authenticator Password

 field to 

Enabled

.

4. Click 

Save

.

5. When prompted, type the smart card password.

6. Click 

Enter

.

Task

Steps

Summary of Contents for JAVA DEVELOPMENT ENVIRONMENT - - CRYPTOGRAPHIC SMART CARD DRIVER - DEVELOPMENT GUIDE

Page 1: ...BlackBerry Java Development Environment Version 4 6 0 Cryptographic Smart Card Driver Development Guide...

Page 2: ...that is contained in this documentation however RIM makes no commitment to provide any such changes updates enhancements or other additions to this documentation to you in a timely manner or at all T...

Page 3: ...LITY ARISING FROM OR RELATED TO THE DOCUMENTATION Prior to subscribing for installing or using any Third Party Products and Services it is your responsibility to ensure that your airtime service provi...

Page 4: ......

Page 5: ...key file 8 2 Testing a cryptographic smart card driver 11 Set up the BlackBerry Device Simulator to test a cryptographic smart card driver 11 Set up a BlackBerry device to test a cryptographic smart c...

Page 6: ......

Page 7: ...ormation on S MIME The smart card API information included with BlackBerry JDE Version 4 2 or later contains some deprecated elements The deprecated elements provide backward compatibility for a crypt...

Page 8: ...he Application tab in the Project type field type Library 4 Select the Auto run on startup check box 5 In the Startup Tier field select the 7 Last 3rd party apps only option 6 Click OK Create a libMai...

Page 9: ...Berry Device Software Version 4 2 or later implement CryptoSmartCardSession getKeyStoreDataArrayImpl as follows RSACryptoToken token new MyRSACryptoToken RSACryptoSystem cryptoSystem new RSACryptoSyst...

Page 10: ...rsistable To create a cryptographic smart card driver that is compatible with BlackBerry Device Software Version 4 1 and Version 4 2 or later and to include the cryptographic smart card driver in two...

Page 11: ...PrivateKeyData privateKeyData Enable decryption of unprocessed data Perform one of the following steps To create a cryptographic smart card driver that is compatible with BlackBerry Device Software Ve...

Page 12: ...ESC SmartCardSession SIGN_OPERATION To create a cryptographic smart card driver that is compatible with BlackBerry Device Software Version 4 1 and Version 4 2 or later and to include the cryptographic...

Page 13: ...a private key file on the smart card on page 28 for more information Retrieve the location of the private key file on the smart card Create a method that returns the location of the private key file...

Page 14: ...10 Cryptographic Smart Card Driver Development Guide...

Page 15: ...Simulator to test a cryptographic smart card driver Set up a BlackBerry device to test a cryptographic smart card driver Test the cryptographic smart card driver Note You do not require the Casira Bl...

Page 16: ...evice Task Steps Make sure the cryptographic smart card driver is installed on a BlackBerry device 1 On the BlackBerry device click Options Security Options Smart Card 2 Ensure the cryptographic smart...

Page 17: ...13 2 Testing a cryptographic smart card driver...

Page 18: ...14 Cryptographic Smart Card Driver Development Guide...

Page 19: ...byte 0x71 byte 0x8e byte 0x64 byte 0x86 byte 0xd6 byte 0x01 byte 0x00 byte 0x81 byte 0x90 byte 0x00 private final static AnswerToReset _myATR new AnswerToReset MY_ATR private static final String LABEL...

Page 20: ...this smart card object to communicate with a physical smart card that has the given AnswerToReset The system invokes this method to ascertain which smart card implementation it should use to communica...

Page 21: ...The driver should not block the event thread for long periods of time param context Reserved for future use protected void displaySettingsImpl Object context Dialog alert DISPLAY_SETTINGS Retrieve the...

Page 22: ...o not hold open sessions when not using them they should be short lived As a security precaution only one open session is allowed to exist per SmartCardReader subsequent openSession requests will bloc...

Page 23: ...wed login attempts The method returns Integer MAX_VALUE if an infinite number of attempts are allowed protected int getMaxLoginAttemptsImpl throws SmartCardException return 5 Retrieve the remaining nu...

Page 24: ...A1Digest digest update uniqueCardData long idLong byteArrayToLong Arrays copy digest getDigest 0 8 Using friendly display name return new SmartCardID idLong ID_STRING getSmartCard Converts code array...

Page 25: ...00 maxBytes ResponseAPDU response new ResponseAPDU sendAPDU command response Check for response codes specific to your smart card if response checkStatusWords byte 0x90 byte 0x00 The appropriate respo...

Page 26: ...ata null ID_CERT privateKey null KeyStore SECURITY_LEVEL_HIGH certificate null null 0 stepProgressDialog 1 privateKey new RSAPrivateKey cryptoSystem new MyCryptoTokenData smartCardID SIGNING_PKI keySt...

Page 27: ...lication Protocol Data Unit ResponseAPDU response new ResponseAPDU Construct the command and set its information Create a CommandAPDU which your smart card will understand CommandAPDU signAPDU new Com...

Page 28: ...s an implmentation of an RSA cryptographic token The RIM Crypto API will use this object to perform a private key RSA operation This object should delegate the operation to the smart card final class...

Page 29: ...oSystem cryptoSystem CryptoTokenPrivateKeyData privateKeyData throws CryptoTokenException return privateKeyData instanceof MyCryptoTokenData Perform RSA decryption of unprocessed data p Notes To revea...

Page 30: ...sed If the RSA Crypto token requires the padding to be removed before signing this method will need to detect and remove the type of padding that is currently used The RSA Crypto token should only re...

Page 31: ...ardFactory getSmartCardSession smartCardID if smartCardSession instanceof MyCryptoSmartCardSession MyCryptoSmartCardSession mySmartCardSession MyCryptoSmartCardSession smartCardSession We must provide...

Page 32: ...api smartcard import net rim device api util This class stores the location of the private key file on the smart card final class MyCryptoTokenData implements CryptoTokenPrivateKeyData Persistable Sma...

Page 33: ...ile containing the private key file return ID of the smart card public SmartCardID getSmartCardID return _id Retrieve the location of the private key file on the smart card return Location of the priv...

Page 34: ...30 Cryptographic Smart Card Driver Development Guide...

Page 35: ......

Page 36: ...2007 Research In Motion Limited Published in Canada...

Reviews: