Skip to main content

While APDU is an entrance to Java Card...

Posted by igormedeiros on August 14, 2007 at 10:05 AM PDT

APDU is defined at ISO 7816 and means "Application Protocol Data Units", where two structured string of bytes, a Command APDU (C-APDU) and a Response APDU (R-APDU) controls the communication between the host (like the Desktop computer) and the smart card, where the smart card receives a C-APDU from the host and returns C-APDU.

In the C-APDU, the first four bytes are mandatory, they are:

apdu_command.png

  • CLA - Class of instruction
  • INS - instruction (e.g. debit, credit, verify PIN)
  • P1 (parameter 1)
  • P1 (parameter 2)
  • LC - length of DATA field
  • DATA - String of bytes
  • LE - expected length of the DATA field in R-APDU

If the C-APDU has data, you must specify it in LC field followed by DATA field bytes.

In the R-APDU, the DATA field is optional and it is followed by two bytes that composes a status word SW1 and SW2.

  • DATA - data returned (optional)
  • SW1 - Status Word 1
  • SW1 - Status Word 2

At the end of a successful command, ISO 7816 defines 90 00 (SW1/SW2) as default response.

Thinking in applet development, the first thing that you must to do is to plan the instructions that it will be able to process, each instruction will invoke a method by the INS field in the C-APDU. You can also, define exceptions in JC, only setting 2 bytes constants that will be sent as SW1 and SW1 bytes in R-APDU.

JC API has an APDU class. The method getBuffer() retrieves the DATA filed byte array from C-APDU. To illustrate, lets take a look on how a JC applet handles APDU:

...
// main's method like (in comparing to J2SE)
public void process( APDU apdu ) throws ISOException{

// get the buffer byte array
byte[] apduBuffer = apdu.getBuffer();

// selects the instruction (INS byte)

// ISO7816.OFFSET_INS constant is defined by JC API
switch( apduBuffer[ISO7816.OFFSET_INS] ){
case (byte) 0x01: // method1(); break;
case (byte) 0x02: // method2(); break;
default: ISOException.throwIt( ISO7816.SW_INS_NOT_SUPORTED );

}
}

As a good practice, J2SE applications can encapsulates APDU codes in objects. JC RMI or Opencard Framework are similar solutions to help you on doing it.

As you need plan which instructions your applet will be able to process, without understand APDU, you cannot go ahead with JC (now you can).

With the next generation of Java Card, you will be able to avoid APDU codes, treating data over HTTPS or USB for example, so, while APDU is still an entrance to Java Card development, you need to know it.

See you.

Related Topics >>