JavaCard support test

Last update: 6.12.2014

THIS IS BACKUP OF RESULTS FOR VERSION 1.3.0 (Github release here: https://github.com/crocs-muni/JCAlgTest/releases/tag/v.1.3.0)
For the most recent version please visit http://www.fi.muni.cz/~xsvenda/jcsupport.html

JavaCard's algorithms support test

What it does:

Provides list of supported algorithms from JavaCard API including supported lengths of keys
Provides information about available RAM and EEPROM memory and garbage collection capabilities
Provides basic speed tests for selected operations
Test possibility for using raw RSA for fast modular multiplication (usable to implement Diffie-Hellman for example)

The set of cryptographic algorithms supported by the particular Java smart card is sometimes hard obtain from vendor's specifications. Moreover, supported algorithms may change in more recent revisions of given type of card (typically, basic primitives like block cipher or asymmetric cryptography algorithm remains same as they are often implemented in hardware, but cryptographic constructions like particular MAC algorithm or supported key sizes may be added later). AlgTest application allows you to enumerate the support of cryptographic algorithms specified in JavaCard 2.2.2 and earlier. If you will find your favorite algorithm missing, try crypto algorithms re-implementation page for software implementation of several algorithms (AES, SHA2, OAEP) that can be compiled for JavaCard platform.

The basic idea is simple - if the particular algorithm/key size is supported, then instance creation will succeed. Otherwise, CryptoException.NO_SUCH_ALGORITHM is thrown. This can be employed for fast test of supported algorithms. AlgTest applet tries to create instance of algorithms for all possible constants defined in JavaCard specification and eventually catch the exception (example for ALG_DES_CBC_NOPAD algorithm):


    try {
      m_cipher = Cipher.getInstance(ALG_DES_CBC_NOPAD, false);
      // If this line is reached, than DES in CBC mode with no padding (ALG_DES_CBC_NOPAD) is supported.
      supported = true;
    }
    catch (CryptoException e) {
      if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM)) {
        // algorithm is not supported
        supported = false;
      }
      else {
        // other error occured
      }
    }

The results for almost all possible constants defined in JavaCard specification JC2.1 and later are transmitted to PC (AlgTestPC application) and saved into csv file.

Download packed binaries and source codes here : AlgTest GitHub repository (contains source codes, compiled versions, Java and C++ client)

Download older version here : AlgTestSuite 1.2.zip, AlgTestSuite 1.0.zip.

If you have results for smart card not listed below, consider to send me the resulting csv - I will be happy to publish it here and give you the credit.

Please, report any bugs or suggestions to my mail (see footer of the page). Thank you!

Usage:

Download prepared version or compile your own modification of AlgTest applet - Download and try compiled and converted applet *.cap from prepared AlgTest suite. If you are unable to upload the package to card or install it, then see Caveats, comment out unsupported classes and compile your own limited version of AlgTest applet (see for step-by-step JavaCard compile & convert instructions).

Upload AlgTest package to your smart card and install it - Use uploader supplied by your card vendor (e.g., GPShell, Martin Paljak's GlobalPlatform tool, Gemplus RADIII, IBM JCOP or Cyberflex Access Toolkit). Package AID: 6D 79 70 61 63 6B 61 67 31, Applet AID: 6D 79 70 61 63 30 30 30 31. No special installation parameters are given/required.

Run application AlgTestJClient.jar - Choose the target reader for card with uploaded AlgTest applet and let it run. CSV file with values separated by the semicolon is created (AlgTest_ATR.csv).

Examined classes:

javacard.security.Signature - all types
javacard.security.KeyBuilder - all key types and key lengths
javacard.security.KeyPair - on-card generation test for all key types and key lengths. Note, that generation of key pair may is time expensive operation (up to minute or more), so be patient. A time necessary for generation is measured, but this may differe significantly between repeated runs, so do your own multiple tests, if you are interested in average time (we are generating only ones).
javacard.security.MessageDigest - all types
javacard.security.RandomData - all types
javacard.security.KeyAgreement - all types
javacard.security.Checksum - all types
javacard.framework.JCSystem - selected methods
javacardx.apdu.ExtendedLength - manual compilation of source codes required at the moment

Caveats:

Missing support for the whole class (e.g., javacard.security.KeyAgreement) - The test is examining all defined constants of algorithm type and possible key length for given class and return wheter is given algorithm or key length supported or not. Your card must be able to create instance of particular class for this to work. If your card do not support particular JavaCard class as a whole, you will probably not be able to upload and install pre-prepared converted packages as the on-card verifier will detects wrong reference. Then comment out test code in TestSupportedModes() for particular class and then compile and convert new version of AlgTest applet (converter should warn you about all unsupported classes you are linking from code). Commonly, following classes may not be supported: javacard.security.KeyAgreement, javacard.security.Checksum
Limited memory/garbage collection of particular smart card - An allocation of objects during the test may lead to memory exhaustion, if the smart card do not support automatic garbage collection (often). Further allocation then fail even when the particular algorithm is supported. Try to re-install AlgTest applet if the test execution fail, allocated objects are often freed when applet is removed and installed again.
Smart card must support exception handling - Not an issue on newer cards, but may be missing on older ones (e.g., Gemplus GXP211_PK). The exception handling (try/catch construct) is necessary to correctly process allocation of instance of unsupported algorithms. If you have card without exception handling, you must try to create instance inside your code one by one and check whether it is possible.
Smart card should have reasonable memory size or garbage collector - We are allocating several instances of algorithm one by one and memory can be exhausted before the last object is allocated. Typical behaviour resulting from missing garbage collection is failed allocation of supported algorithms in second run of AlgTestClient.exe application, even when previous run successfully allocated algorithm object. Gemalto (Gemplus) cards work usually without any problem, but separate compilation of selected parts of AlgTest applet are necessary for cards like NXP JCOP4.1 or Cyberflex Palmera V5 (typically in KeyBuilder part - card is not able to support 20+ key objects without memory deallocation). If you encounter this issue, comment out most of the testing code, run only for small uncommented part, then comment it again and uncomment other part - inconvenient, but working.

Tested cards abbreviations:
c0 Athena IDprotect , ATR=3B D5 18 FF 80 91 FE 1F C3 80 73 C8 21 13 08 (provided by Cosmo)
c1 Axalto Cyberflex32 , ATR=3B 75 94 00 00 62 02 02 02 01 (provided by PetrS)
c2 Axalto Cyberflex PalmeraV5 , ATR=3B E6 00 00 81 21 45 32 4B 01 01 01 01 7A (provided by PetrS)
c3 G+D SmartCafe Expert 144k Dual , ATR=3b fd 18 00 00 80 31 fe 45 73 66 74 65 20 63 64 31 34 34 2d 6e 66 d8 (provided by Diego NdK)
c4 G+D SmartCafe Expert 3.2 72K , ATR=3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4 (provided by Cosmo)
c5 Gemalto IDCore 10 , ATR=3b 7d 96 00 00 80 31 80 65 b0 83 11 d0 a9 83 00 90 00 (provided by Martin Paljak)
c6 Gemalto IDCore 3010 CC , ATR=3b 7d 96 00 00 80 31 80 65 b0 85 02 00 cf 83 01 90 00 (provided by Martin Paljak)
c7 Gemalto TOP IM GXP4 , ATR=3b 7d 94 00 00 80 31 80 65 b0 83 11 d0 a9 83 00 90 00 (provided by PetrS)
c8 Gemalto TwinGCX4 72k PK , ATR=3B 7A 94 00 00 80 65 A2 01 01 01 3D 72 D6 43 (provided by PetrS)
c9 Gemplus GXPE64PK , ATR=3B 7E 94 00 00 80 25 A0 00 00 00 28 56 80 10 21 00 01 08 (provided by PetrS)
c10 Gemplus GXPLiteGeneric , ATR=3B 7D 94 00 00 80 31 80 65 B0 83 01 02 90 83 00 90 00 (provided by PetrS)
c11 Gemplus GXPR3r32 , ATR=3B 7D 94 00 00 80 31 80 65 B0 83 01 02 90 83 00 90 00 (provided by PetrS)
c12 Gemplus GXPR3 , ATR=3B 7B 94 00 00 80 65 B0 83 01 01 74 83 00 90 00 (provided by PetrS)
c13 Infineon JTOPV2 16K , ATR=3B 6D 00 00 80 31 80 65 40 90 86 01 51 83 07 90 00 (provided by PetrS)
c14 Nokia 6131 , ATR=3B 88 80 01 00 73 C8 40 13 00 90 00 71 (provided by Hakan Karahan)
c15 NXP JCOP10 (DES only version) , ATR=3b e9 00 00 81 31 fe 45 4a 43 4f 50 31 30 56 32 32 a3 (provided by Henrik)
c16 NXP JCOP31 , ATR=3B EB 00 00 81 31 20 45 4A 43 4F 50 33 31 33 36 47 44 54 78 (provided by PetrS)
c17 NXP JCOP41 v221 , ATR=3b fa 18 00 00 81 31 fe 45 4a 43 4f 50 34 31 56 32 32 31 9d (provided by PetrS)
c18 NXP JCOP CJ2A081 JC222 , ATR=3b f8 18 00 ff 81 31 fe 45 4a 43 4f 50 76 32 34 31 43 (provided by PetrS)
c19 NXP JCOP CJ3A080v241 , ATR=3B F8 13 00 00 81 31 FE 45 4A 43 4F 50 76 32 34 31 B7 (provided by Lazuardi Nasution)
c20 NXP JCOP CJ3A081 JC222 , ATR=3b fa 18 00 00 81 31 fe 45 4a 33 41 30 38 31 56 32 34 31 89 (provided by PetrS)
c21 NXP JCOP J2A080 , ATR=3b f6 18 00 ff 81 31 fe 45 4a 32 41 30 38 30 1b (provided by Pierre-d)
c22 NXP JCOP J2D081 AlgTest , ATR=3b f9 18 00 00 81 31 fe 45 4a 32 44 30 38 31 5f 50 56 b6 (provided by Paul Crocker)
c23 NXP JCOP J3D081 v242 , ATR=3b f9 13 00 00 81 31 fe 45 4a 43 4f 50 32 34 32 52 32 a3 (provided by Martin Paljak)
c24 Oberthur CosmoDual72K , ATR=3B 7B 18 00 00 00 31 C0 64 77 E3 03 00 82 90 00 (provided by PetrS)
c25 Oberthur Cosmo V7 64K Dual 128K , ATR=3B DB 18 00 80 B1 FE 45 1F 83 00 31 C0 64 C7 FC 10 00 01 90 00 FA (provided by Cosmo)
c26 Yubikey Neo , ATR=3b fa 13 00 00 81 31 fe 15 59 75 62 69 6b 65 79 4e 45 4f a6 (provided by Pierre-d and Cosmo)
c27 [undisclosed1] , ATR=3b xx xx xx xx xx xx xx xx xx xx xx xx xx xx (provided by Cosmo)
c28 [undisclosed2] , ATR=3b xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx (provided by Cosmo)
c29 [undisclosed3] , ATR=3b xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx (provided by Cosmo)
c30 [undisclosed4] , ATR=3b xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx (provided by Cosmo)

Note: Some cards in the table come without full identification and ATR ('undisclosed') as submitters prefered not to disclose it at the momment. I'm publishing it anyway as the information that some card supporting particular algorithm exists is still interesting. Full identification might be added in future.

Note: If you have card of unknown type, try to obtain ATR and take a look at smartcard list available here: http://smartcard-atr.appspot.com/

Symbol	Meaning
yes	This particular algorithm was tested and is supported by given card.
no	This particular algorithm was tested and is NOT supported by given card.
suspicious yes	This particular algorithm was tested and is REPORTED as supported by given card. However, given algorithm was introduced in later version of JavaCard specification than version declared by the card as supported one. Mostly, algorithm is really supported. But it might be possible, that given algorithm is NOT actually supported by card as some cards may create object for requested algorithm and fail only later when object is actually used. Future version of the JCAlgTest will make more thorough tests regarding this behaviour.
error(ERROR_CODE)	Card returned specific error other then raising CryptoException.NO_SUCH_ALGORITHM. Most probably, algorithm is NOT supported by given card.
?	Card returned unspecific error. Most probably, algorithm is NOT supported by given card.
-	This particular algorithm was NOT tested. Usually, this equals to unsupported algorithm. Typical example is the addition of new constants introduced by the newer version of JavaCard standard, which are not supported by cards tested before apperance of of new version of specification. The exceptions to this rule are classes that have to be tested manually (at the moment, following information: JavaCard support version, javacardx.apdu.ExtendedLength Extended APDU) where not tested doesn't automatically means not supported. Automated upload and testing of these features will solve this in future.

Basic info

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

AlgTest applet version

1.2

0.1

1.2

1.1

0.1

1.1

0.1

1.1

1.2

1.1

1.2

1.1

1.2

1.1

1.2

1.1

1.2

JavaCard support version

2.2.2

2.1.2

2.2.1

???

2.2.1

2.2.2

2.2.1

2.1.2

2.2.0

2.2.1

2.2.2

2.2.1

2.2.2

2.2.0

???

javacard.framework.JCSystem

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

JCSystem.getVersion()[Major.Minor]

<=2.1

2.2

2. 2

2.2

3.0

2.2

3.0

2.2

3.0

2.2

JCSystem.isObjectDeletionSupported

2.2.0

yes

JCSystem.MEMORY_TYPE_PERSISTENT

2.2.1

>32767B

5752B

>32767B

JCSystem.MEMORY_TYPE_TRANSIENT_RESET

2.2.1

4878B

2040B

5098B

1799B

1087B

1975B

3480B

2208B

3477B

2336B

3279B

2559B

1458B

2915B

1454B

1903B

1724B

3480B

JCSystem.MEMORY_TYPE_TRANSIENT_DESELECT

2.2.1

4878B

2335B

5098B

2023B

1087B

1975B

3480B

2208B

3477B

2336B

3279B

2559B

1458B

2915B

1750B

1903B

1724B

3480B

javacardx.apdu.ExtendedLength

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

Extended APDU

2.2.2

yes

javacardx.crypto.Cipher

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_DES_CBC_NOPAD

<=2.1

yes

ALG_DES_CBC_ISO9797_M1

<=2.1

yes

ALG_DES_CBC_ISO9797_M2

<=2.1

yes

ALG_DES_CBC_PKCS5

<=2.1

yes

ALG_DES_ECB_NOPAD

<=2.1

yes

ALG_DES_ECB_ISO9797_M1

<=2.1

yes

ALG_DES_ECB_ISO9797_M2

<=2.1

yes

ALG_DES_ECB_PKCS5

<=2.1

yes

ALG_RSA_ISO14888

<=2.1

yes

ALG_RSA_PKCS1

<=2.1

yes

ALG_RSA_ISO9796

<=2.1

yes

ALG_RSA_NOPAD

2.1.1

yes

ALG_AES_BLOCK_128_CBC_NOPAD

2.2.0

yes

suspicious yes

yes

ALG_AES_BLOCK_128_ECB_NOPAD

2.2.0

yes

suspicious yes

yes

ALG_RSA_PKCS1_OAEP

2.2.0

yes

ALG_KOREAN_SEED_ECB_NOPAD

2.2.2

yes

suspicious yes

yes

ALG_KOREAN_SEED_CBC_NOPAD

2.2.2

yes

suspicious yes

yes

ALG_AES_BLOCK_192_CBC_NOPAD

3.0.1

ALG_AES_BLOCK_192_ECB_NOPAD

3.0.1

ALG_AES_BLOCK_256_CBC_NOPAD

3.0.1

ALG_AES_BLOCK_256_ECB_NOPAD

3.0.1

ALG_AES_CBC_ISO9797_M1

3.0.1

ALG_AES_CBC_ISO9797_M2

3.0.1

ALG_AES_CBC_PKCS5

3.0.1

ALG_AES_ECB_ISO9797_M1

3.0.1

ALG_AES_ECB_ISO9797_M2

3.0.1

ALG_AES_ECB_PKCS5

3.0.1

javacard.crypto.Signature

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_DES_MAC4_NOPAD

<=2.1

yes

ALG_DES_MAC8_NOPAD

<=2.1

yes

ALG_DES_MAC4_ISO9797_M1

<=2.1

yes

ALG_DES_MAC8_ISO9797_M1

<=2.1

yes

ALG_DES_MAC4_ISO9797_M2

<=2.1

yes

ALG_DES_MAC8_ISO9797_M2

<=2.1

yes

ALG_DES_MAC4_PKCS5

<=2.1

yes

ALG_DES_MAC8_PKCS5

<=2.1

yes

ALG_RSA_SHA_ISO9796

<=2.1

yes

ALG_RSA_SHA_PKCS1

<=2.1

yes

ALG_RSA_MD5_PKCS1

<=2.1

yes

ALG_RSA_RIPEMD160_ISO9796

<=2.1

yes

ALG_RSA_RIPEMD160_PKCS1

<=2.1

yes

ALG_DSA_SHA

<=2.1

yes

ALG_RSA_SHA_RFC2409

<=2.1

yes

ALG_RSA_MD5_RFC2409

<=2.1

yes

ALG_ECDSA_SHA

2.2.0

yes

ALG_AES_MAC_128_NOPAD

2.2.0

yes

suspicious yes

yes

ALG_DES_MAC4_ISO9797_1_M2_ALG3

2.2.0

yes

ALG_DES_MAC8_ISO9797_1_M2_ALG3

2.2.0

yes

ALG_RSA_SHA_PKCS1_PSS

2.2.0

yes

ALG_RSA_MD5_PKCS1_PSS

2.2.0

yes

ALG_RSA_RIPEMD160_PKCS1_PSS

2.2.0

ALG_HMAC_SHA1

2.2.2

ALG_HMAC_SHA_256

2.2.2

ALG_HMAC_SHA_384

2.2.2

ALG_HMAC_SHA_512

2.2.2

ALG_HMAC_MD5

2.2.2

ALG_HMAC_RIPEMD160

2.2.2

ALG_RSA_SHA_ISO9796_MR

2.2.2

ALG_RSA_RIPEMD160_ISO9796_MR

2.2.2

ALG_SEED_MAC_NOPAD

2.2.2

yes

suspicious yes

yes

ALG_ECDSA_SHA_256

3.0.1

suspicious yes

yes

ALG_ECDSA_SHA_384

3.0.1

suspicious yes

yes

ALG_AES_MAC_192_NOPAD

3.0.1

suspicious yes

ALG_AES_MAC_256_NOPAD

3.0.1

suspicious yes

ALG_ECDSA_SHA_224

3.0.1

yes

ALG_ECDSA_SHA_512

3.0.1

suspicious yes

yes

ALG_RSA_SHA_224_PKCS1

3.0.1

ALG_RSA_SHA_256_PKCS1

3.0.1

yes

ALG_RSA_SHA_384_PKCS1

3.0.1

ALG_RSA_SHA_512_PKCS1

3.0.1

ALG_RSA_SHA_224_PKCS1_PSS

3.0.1

yes

ALG_RSA_SHA_256_PKCS1_PSS

3.0.1

yes

ALG_RSA_SHA_384_PKCS1_PSS

3.0.1

ALG_RSA_SHA_512_PKCS1_PSS

3.0.1

ALG_DES_MAC4_ISO9797_1_M1_ALG3

3.0.4

ALG_DES_MAC8_ISO9797_1_M1_ALG3

3.0.4

javacard.security.MessageDigest

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_SHA

<=2.1

yes

ALG_MD5

<=2.1

yes

ALG_RIPEMD160

<=2.1

yes

ALG_SHA_256

2.2.2

yes

suspicious yes

yes

suspicious yes

yes

ALG_SHA_384

2.2.2

yes

ALG_SHA_512

2.2.2

yes

ALG_SHA_224

3.0.1

yes

javacard.security.RandomData

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_PSEUDO_RANDOM

<=2.1

yes

ALG_SECURE_RANDOM

<=2.1

yes

javacard.security.KeyBuilder

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

TYPE_DES_TRANSIENT_RESET

<=2.1

yes

TYPE_DES_TRANSIENT_DESELECT

<=2.1

yes

TYPE_DES LENGTH_DES

<=2.1

yes

TYPE_DES LENGTH_DES3_2KEY

<=2.1

yes

TYPE_DES LENGTH_DES3_3KEY

<=2.1

yes

TYPE_AES_TRANSIENT_RESET

2.2.0

yes

suspicious yes

yes

TYPE_AES_TRANSIENT_DESELECT

2.2.0

yes

suspicious yes

yes

TYPE_AES LENGTH_AES_128

2.2.0

yes

suspicious yes

yes

TYPE_AES LENGTH_AES_192

2.2.0

yes

TYPE_AES LENGTH_AES_256

2.2.0

yes

TYPE_RSA_PUBLIC LENGTH_RSA_512

<=2.1

yes

TYPE_RSA_PUBLIC LENGTH_RSA_736

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PUBLIC LENGTH_RSA_768

2.2.0

yes

suspicious yes

yes

suspicious yes

yes

TYPE_RSA_PUBLIC LENGTH_RSA_896

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PUBLIC LENGTH_RSA_1024

<=2.1

yes

TYPE_RSA_PUBLIC LENGTH_RSA_1280

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PUBLIC LENGTH_RSA_1536

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PUBLIC LENGTH_RSA_1984

2.2.0

yes

TYPE_RSA_PUBLIC LENGTH_RSA_2048

<=2.1

yes

TYPE_RSA_PUBLIC LENGTH_RSA_4096

3.0.1

TYPE_RSA_PRIVATE LENGTH_RSA_512

<=2.1

yes

TYPE_RSA_PRIVATE LENGTH_RSA_736

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PRIVATE LENGTH_RSA_768

2.2.0

yes

suspicious yes

yes

suspicious yes

yes

TYPE_RSA_PRIVATE LENGTH_RSA_896

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PRIVATE LENGTH_RSA_1024

<=2.1

yes

TYPE_RSA_PRIVATE LENGTH_RSA_1280

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PRIVATE LENGTH_RSA_1536

2.2.0

yes

suspicious yes

yes

TYPE_RSA_PRIVATE LENGTH_RSA_1984

2.2.0

yes

TYPE_RSA_PRIVATE LENGTH_RSA_2048

<=2.1

yes

TYPE_RSA_PRIVATE LENGTH_RSA_4096

3.0.1

TYPE_RSA_PRIVATE_TRANSIENT_RESET

3.0.1

yes

TYPE_RSA_PRIVATE_TRANSIENT_DESELECT

3.0.1

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_512

<=2.1

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_736

2.2.0

yes

suspicious yes

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_768

2.2.0

yes

suspicious yes

yes

suspicious yes

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_896

2.2.0

yes

suspicious yes

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_1024

<=2.1

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_1280

2.2.0

yes

suspicious yes

yes

suspicious yes

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_1536

2.2.0

yes

suspicious yes

yes

suspicious yes

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_1984

2.2.0

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_2048

<=2.1

yes

TYPE_RSA_CRT_PRIVATE LENGTH_RSA_4096

3.0.1

TYPE_RSA_CRT_PRIVATE_TRANSIENT_RESET

3.0.1

yes

TYPE_RSA_CRT_PRIVATE_TRANSIENT_DESELECT

3.0.1

yes

TYPE_DSA_PRIVATE LENGTH_DSA_512

<=2.1

yes

TYPE_DSA_PRIVATE LENGTH_DSA_768

<=2.1

yes

TYPE_DSA_PRIVATE LENGTH_DSA_1024

<=2.1

yes

TYPE_DSA_PRIVATE_TRANSIENT_RESET

3.0.1

TYPE_DSA_PRIVATE_TRANSIENT_DESELECT

3.0.1

TYPE_DSA_PUBLIC LENGTH_DSA_512

<=2.1

yes

TYPE_DSA_PUBLIC LENGTH_DSA_768

<=2.1

yes

TYPE_DSA_PUBLIC LENGTH_DSA_1024

<=2.1

yes

TYPE_EC_F2M_PRIVATE LENGTH_EC_F2M_113

2.2.0

yes

TYPE_EC_F2M_PRIVATE LENGTH_EC_F2M_131

2.2.0

yes

TYPE_EC_F2M_PRIVATE LENGTH_EC_F2M_163

2.2.0

yes

TYPE_EC_F2M_PRIVATE LENGTH_EC_F2M_193

2.2.0

yes

TYPE_EC_F2M_PRIVATE_TRANSIENT_RESET

3.0.1

TYPE_EC_F2M_PRIVATE_TRANSIENT_DESELECT

3.0.1

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_112

2.2.0

yes

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_128

2.2.0

yes

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_160

2.2.0

yes

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_192

2.2.0

yes

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_224

3.0.1

suspicious yes

yes

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_256

3.0.1

suspicious yes

yes

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_384

3.0.1

suspicious yes

yes

TYPE_EC_FP_PRIVATE LENGTH_EC_FP_521

3.0.4

suspicious yes

yes

TYPE_EC_FP_PRIVATE_TRANSIENT_RESET

3.0.1

TYPE_EC_FP_PRIVATE_TRANSIENT_DESELECT

3.0.1

TYPE_KOREAN_SEED_TRANSIENT_RESET

2.2.2

yes

suspicious yes

yes

TYPE_KOREAN_SEED_TRANSIENT_DESELECT

2.2.2

yes

suspicious yes

yes

TYPE_KOREAN_SEED LENGTH_KOREAN_SEED_128

2.2.2

yes

suspicious yes

yes

TYPE_HMAC_TRANSIENT_RESET

2.2.2

TYPE_HMAC_TRANSIENT_DESELECT

2.2.2

TYPE_HMAC LENGTH_HMAC_SHA_1_BLOCK_64

2.2.2

TYPE_HMAC LENGTH_HMAC_SHA_256_BLOCK_64

2.2.2

TYPE_HMAC LENGTH_HMAC_SHA_384_BLOCK_64

2.2.2

TYPE_HMAC LENGTH_HMAC_SHA_512_BLOCK_64

2.2.2

javacard.security.KeyPair ALG_RSA on-card generation

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_RSA LENGTH_RSA_512

2.1.1

yes

ALG_RSA LENGTH_RSA_736

2.2.0

yes

suspicious yes

yes

ALG_RSA LENGTH_RSA_768

2.1.1

yes

ALG_RSA LENGTH_RSA_896

2.2.0

yes

suspicious yes

yes

ALG_RSA LENGTH_RSA_1024

2.1.1

yes

ALG_RSA LENGTH_RSA_1280

2.2.0

yes

suspicious yes

yes

suspicious yes

yes

ALG_RSA LENGTH_RSA_1536

2.2.0

yes

suspicious yes

yes

ALG_RSA LENGTH_RSA_1984

2.2.0

yes

ALG_RSA LENGTH_RSA_2048

2.1.1

yes

ALG_RSA LENGTH_RSA_4096

3.0.1

javacard.security.KeyPair ALG_RSA_CRT on-card generation

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_RSA_CRT LENGTH_RSA_512

2.1.1

yes

ALG_RSA_CRT LENGTH_RSA_736

2.2.0

yes

error

yes

ALG_RSA_CRT LENGTH_RSA_768

2.1.1

yes

ALG_RSA_CRT LENGTH_RSA_896

2.2.0

yes

error

yes

ALG_RSA_CRT LENGTH_RSA_1024

2.1.1

yes

ALG_RSA_CRT LENGTH_RSA_1280

2.2.0

yes

suspicious yes

yes

ALG_RSA_CRT LENGTH_RSA_1536

2.2.0

yes

suspicious yes

yes

ALG_RSA_CRT LENGTH_RSA_1984

2.2.0

yes

ALG_RSA_CRT LENGTH_RSA_2048

2.1.1

yes

ALG_RSA_CRT LENGTH_RSA_4096

3.0.1

javacard.security.KeyPair ALG_DSA on-card generation

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_DSA LENGTH_DSA_512

2.1.1

yes

ALG_DSA LENGTH_DSA_768

2.1.1

yes

ALG_DSA LENGTH_DSA_1024

2.1.1

yes

javacard.security.KeyPair ALG_EC_F2M on-card generation

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_EC_F2M LENGTH_EC_F2M_113

2.2.1

yes

ALG_EC_F2M LENGTH_EC_F2M_131

2.2.1

yes

ALG_EC_F2M LENGTH_EC_F2M_163

2.2.1

yes

ALG_EC_F2M LENGTH_EC_F2M_193

2.2.1

yes

javacard.security.KeyPair ALG_EC_FP on-card generation

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_EC_FP LENGTH_EC_FP_112

2.2.1

error(ILLEGAL_VALUE)

ALG_EC_FP LENGTH_EC_FP_128

2.2.1

yes

error(ILLEGAL_VALUE)

yes

error(ILLEGAL_VALUE)

yes

ALG_EC_FP LENGTH_EC_FP_160

2.2.1

error(ILLEGAL_VALUE)

yes

error(ILLEGAL_VALUE)

yes

error(ILLEGAL_VALUE)

yes

ALG_EC_FP LENGTH_EC_FP_192

2.2.1

error(ILLEGAL_VALUE)

yes

error(ILLEGAL_VALUE)

yes

error(ILLEGAL_VALUE)

yes

ALG_EC_FP LENGTH_EC_FP_224

3.0.1

error(ILLEGAL_VALUE)

yes

error(ILLEGAL_VALUE)

ALG_EC_FP LENGTH_EC_FP_256

3.0.1

error(ILLEGAL_VALUE)

yes

error(ILLEGAL_VALUE)

ALG_EC_FP LENGTH_EC_FP_384

3.0.1

error(ILLEGAL_VALUE)

yes

ALG_EC_FP LENGTH_EC_FP_521

3.0.4

error(ILLEGAL_VALUE)

javacard.security.KeyAgreement

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_EC_SVDP_DH

2.2.1

yes

ALG_EC_SVDP_DHC

2.2.1

yes

ALG_EC_SVDP_DH_KDF

3.0.1

suspicious yes

yes

ALG_EC_SVDP_DH_PLAIN

3.0.1

yes

ALG_EC_SVDP_DHC_KDF

3.0.1

suspicious yes

yes

ALG_EC_SVDP_DHC_PLAIN

3.0.1

yes

javacard.security.Checksum

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

ALG_ISO3309_CRC16

2.2.1

yes

ALG_ISO3309_CRC32

2.2.1

yes

Variable RSA 1024 - support for variable public exponent. If supported, user-defined fast modular exponentiation can be executed on the smart card via cryptographic coprocessor. This is very specific feature and you will probably not need it

introduced in JavaCard version

c10

c11

c12

c13

c14

c15

c16

c17

c18

c19

c20

c21

c22

c23

c24

c25

c26

c27

c28

c29

c30

Allocate RSA 1024 objects

yes

Set random modulus

yes

Set random public exponent

yes

Initialize cipher with public key with random exponent

yes

Use random public exponent

yes

TODO list:

Tests for system related objects support (RMI, BigInteger)
Tests for OpenPlatform functionality (GPSystem)
Performance testing of cryptographic coprocessors (DES, AES, RSA, ...)
Performance testing of bytecode execution
Performance testing of memory management speed (RAM/EEPROM write/read)
Automatic upload of applets
See or open Github issues for more

OpenPGP key : 0x89CEB31C