Sourcing 3.04 Javacards #17
Comments
|
The ACOS-J does support Java Card 3.0.4 and you can order some from smartcardfocus, they are based in the UK and deliver in France for a reasonable fee. The only thing to keep in mind is to use By the way, I highly recommend you to buy at least 3 of them (just to be sure I bought 4). I killed one while messing with it a little bit too much and you should always have a back-up, so 3 is a reasonable number. I agree this in not the best card, but it's the only working one I have been able to by from France without a prohibitive delivery fee. |
|
Thank you very much. I want to work on OpenSC support and interoperability. |
Yes it is. The README is quite explicit about it. |
|
You can also try NXP J3H145, works pretty okayish with SmartPGP (https://www.javacardos.com/store/products/10029). |
|
Thanks a lot. I could also find the J3H145 here in Europe: Finally, I bought 3 ACOS-J for testing. I also found this information useful: Supported algorithms: Martin Pajak buyer guide |
|
Looks like the ACOS-J cards don't support RSA above 2048 which is disappointing. Would be nice to find something that could support 4096 at the same price point. |
|
I just had some serious issues with the ACOS-J cards. At some point (after 12 and 3 month of use in my case), after a successful decryption, the card suddenly stop working. GnuPG can see all details on the card but cannot have it do any cryptographic operation. Uploading new keys and factory-reset the card does not work. Trying to delete the applet does not work either and may make the card non-responsive. Since this is the second card that have this issue, I think it is save to say this model is defunct and I will stop recommending it. Since SmartPGP has a JavaCard 3.0.1 version, I think that, when my current and last ACOS-J card dies, I will test the J3D081. |
|
Good to to know. Also will be testing J3H145. It can be SIM cut and also found in a few different places. Currently also having an issue with ACOS-J, unusable from factory. |
|
The J3H145 is good - but exercise care with install/uninstall. |
|
I have not been able to get RSA4096 working on the J3H145 card. It advertises support and I requested that support be enabled. On gpg keytocard, I get this error: On suspicion, I loaded JCAlgTest v1.7.1 (last one with GP 2.2.1 support) and ran the test. From the output I have this: TYPE_RSA_PUBLIC LENGTH_RSA_4096;yes;0.042000 I don't know what to make of that. It looks like it's not fully supported. Can anyone with this card confirm if RSA4096 actually works? |
|
Should be ok to load the latest JCAlgTest on a J3H145 - it runs JC3.0.4. I believe RSA4096 support needs to be either ordered from NXP for the J3H145 or enabled during the initalisation (it's not by default - possibly due to ram usage?). |
|
I did attempt to load the GP 2.2.2 cap file and it did not load, but I know for a fact the card only supports GP 2.2.1 so JCAlgTest last supported it in v1.7.1 which loaded just fine. When I ordered the card, I asked it to be initialized with RSA4096 support. I don't know if it was completely done. I need to know if it's a problem with this card in general, or an initialization issue. |
|
from what I can tell you, it's an initialization issue. NXP must give you the commands to upgrade that to 4096 from 2048 default, and it's done during init. If you have the cards and didn't have to initialize them yourself, it's too late to do so. |
|
I had to order them initialized since they don't give the documentation without an NDA with NXP for the proprietary commands to set these things. |
|
Unfortunately, yes. It's why I have to be so vague. NXP NDA's are very strict - it took me months to get basic user manuals for their recent chips. |
|
@bmunger may I ask, where you bought J3H145 RSA4096 initialised? I'm searching for a shop/distributor in Europe :) (MoTechno is quite expensive) |
|
@martinbeier No problem. I got mine from JavaCardOS web store, they had a promotion last month and I got a few for the cost of shipping (https://www.javacardos.com/store/products/10029). It's pretty expensive individually, but I can say the seller is quite responsive and helpful. They can be found cheaper as samples from Alibaba stores (around $5), and much cheaper than that in bulk, with configuration and sim cut services as well. Keep in mind they are direct from factory so they are not like ordering from another store. It's likely where the suppliers in Europe and US get their cards for sale. Also, forgot to add, the issue I had was resolved following the documentation changes made in commit f78db3e so as far as I know, I don't see any issues with J3H145, just be sure to use the 304 SDK, it will not work with 305. |
I can confirm this personally. Mine just died the same way a few hours ago. Managed to brick it completely in the end when I tried to delete the applet and reinstantiate a new one. It won't respond to both NFC and contacted card reader. That card lasted about 9 month. EDIT: LOL just bricked my second card. RIP in Pieces. |
|
FWIW I just ordered J3H145 from Smartcardfocus for ~€11/ea + €7 EU shipping + VAT before encountering this thread. I'll run jcalgtest on it when it arrives and report the result (if I remember). |
|
Smartcardfocus J3H145 arrived in a bit over a week with standard shipping and was initialized. Selected jcalgtest results: and |
|
|
J3H145 will support RSA 4096 just fine. I have tested it and it works. I think the test doesn't show correctly though. You have to make sure they configure it for 4096 since it's not a default enabled option it seems. |
|
I'll e-mail them to ensure they enable 4096bits by default, thanks for
this fast answer !
Le 23/03/2021 à 01:45, Brandon Munger a écrit :
…
J3H145 will support RSA 4096 just fine. I have tested it and it works.
I think the test doesn't show correctly though. You have to make sure
they configure it for 4096 since it's not a default enabled option it
seems.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#17 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJEZAQ3EGSLAJAJZRO2IMHLTE7QD7ANCNFSM4H46JXZA>.
|
|
Additional information and confirmation. Yes, the J3H145 from Smartcardfocus have RSA 4096 activated. I asked the question by e-mail and they replied that they had included this information in the product description to clarify this point. The price of the cards is three times that of the ACOSJ Dual and UPS delivery to France increases the cost drastically (+24€), but I spent as much on very unreliable ACOSJs (4 bricked out of 6). Note that Hitools Access in France sells ACOSJ that are supposedly 95k EEPROM (v2.04), but are actually 40k (v1.02). To be avoided. |
|
I found these J3R150 cards on AliExpress, cheap and apparently original : https://fr.aliexpress.com/item/1005005364667733.html The keys installed are those of the seller. On receipt, we can list the installed packages as follows: I deleted all the Visa and MIFARE applets (Proxmark3 initially detects the card as "MIFARE Plus SL0/SL3 or MIFARE DESFire"), keeping only A0000001515350 because I don't know what it is and I've had problems with a J2A081 deleting A0000000035350, and now have ~150k of EEPROM at my disposal. I don't know where these cards came from or what they were used for. The AliExpress page shows 235 units currently in stock. The card is already listed by jcalgtest. |
|
@0xDRRB I knew these cards existed on the Chinese marketplace for quite some time now. A bit surprised that they are actually pre-personalized. I might order some and give them a try. Just curious: is Mifare emulation available through the standard javacard Memory API or do you need the proprietary applet installed on the card? |
|
@dogtopus I quickly tried a |
|
I live in mainland China and it seems that there are merchants online who sell J3R180 cards for cheap (¥38, roughly 6 USD). If you feel comfortable with that, I could buy some and mail them to you (just saying) |
Have you managed to make it work with SmartPGP/GPG? |
|
I bought here uninitialized j3180 with default keys provided all applets I've tested worked. |
your card has not been initialized it's in OP_READY state, also had issues deleting applets from J3R180 in OP_READY, Had to initialize it with gp to be able to fully uninstall applets, you might have to try gpj with deletedeps option. |
|
"gp -f -delete" (the -f) is equivalent to deletedeps, when applied to a package. |
Please don't close this message, it is a real issue from users. We all have difficulties sourcing 3.04 smartcards, so we cannot participate in the development and testing of SmartPGP.
At the moment the only 3.04 smarcards available online are Chinese.
Therefore could someone (not from the ANSSI) explain us how to buy a 3.04 Javacard online and have it delivered in Europe (France). I understand developers from the ANSSI cannot reply this question.
Please leave this thread open until a solution comes.
Kind regards,
French Fries
The text was updated successfully, but these errors were encountered: