0

I have an Android project that requires me to use an NFC tag for encryption/signing data using an elliptical curve algorithm.

I need the tag to be able to perform the crypto itself using a keypair that I generate externally. It's important that the private key is stored on the tag and not transferred to Android to perform the signing.

I also need to write protect all tags so data can only be written to them if it's signed by me.

I'd like the form factor of the tag to be circular and as small as possible.

From my research so far, it's looking like I have to use Java Cards, but I'm not sure of this.

Can anyone confirm appropriate devices I could use?

user1233983
  • 333
  • 1
  • 4
  • 6

1 Answers1

3

You need some micro-controller card. I have never seen those in any other form than the standard credit card form (ID-1).

A Java Card card is certainly an option, such as a NXP JCOP or Gemalto TOP card. They can be bought on-line in various places. To write an applet for such a card, requires that you have access to the SDK for that card (often available only under NDA). Java Card programming is quite unlike Java programming, furthermore it requires knowledge of such things as ISO 7816-4 and (in your case) crypto.

Another possibility could be ZeitControl BasicCard. The cards are available from various online smart card shops and from ZeitControl themselves (not all cards can do ECC). The SDK is free and available from the ZeitControl website. The programming language for the card takes some getting used to, though, but a lot of communication details are handled automatically. If you need help interfacing a BasicCard applet with an Android app, you can request additional information from ZeitControl (they were very helpful when I contacted them). It is not overly complicated, though.

NFC guy
  • 10,151
  • 3
  • 27
  • 58
  • Using the SDK that comes with a type of Java Card may be the easiest way to develop an applet and get it to run on that card, but I wouldn't say it's a hard requirement. If you have a standard JDK, the free Java Card devkit from Sun/Oracle, some export files, and global platform keys then there are (command line) tools to get the job done. – martijno Aug 16 '12 at 14:34
  • @martijno the problem is that the Oracle Java Card SDK's doesn't include an emulator that uses all crypto primitives. This means that it is tough to debug your application. To do proper debugging you would require vendor specific tools. It also helps that these tools normally setup the environment for you (the right API levels to use etc.). – Maarten Bodewes Aug 17 '12 at 15:33
  • @owlstead, yes, good point about debugging and emulator. Still, wouldn't a well written, tested applet developed in one suite be easily installed on a different vendor's card (if it supports the same set of crypto primitives)? And if not, what's the point in having Java Card as standard? – martijno Aug 17 '12 at 20:30
  • @martijno yes, normally that should be possible. There are however quite a few snags, such as RAM availability, the number and types of crypto that the cards support, the optional integer support, differences in version, other optional API parts, additional vendor specific libraries, unclarities regarding the use of the API and probably a lot more :) – Maarten Bodewes Aug 18 '12 at 01:19
  • Thanks for the information. I'm approaching various Java Card manufacturers/suppliers to see if they can produce them in a durable "tag like" package. As for crypto, I need my public key installed securely on the card so I can control it (from server, through app) to perform a few routines: install EC key pair; and produce and sign a short message with its private key. Also I'll need some other misc bits of data stored permanently on the card. @owlstead: will I have difficulty debugging this with the Oracle's SDK? – user1233983 Aug 18 '12 at 09:30
  • @user1233983 You might want to test the non-crypto functions separately as you should be able to debug those. Futhermore you should be aware of small differences in how cards handle the setX() and getX() functions for keys (the format is not fully specified). Alternatively you can create the keys on card. – Maarten Bodewes Aug 18 '12 at 09:54