-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPlay-with-JavaCard.html
More file actions
145 lines (126 loc) · 37.8 KB
/
Play-with-JavaCard.html
File metadata and controls
145 lines (126 loc) · 37.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<!doctype html>
<html lang="zh"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"><meta><title>JavaCard 上手 - ThinkAlone</title><link rel="manifest" href="/manifest.json"><meta name="theme-color" content="#4f7489"><meta name="application-name" content="ThinkAlone"><meta name="msapplication-TileImage" content="/favicon.png"><meta name="msapplication-TileColor" content="#4f7489"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-title" content="ThinkAlone"><meta name="apple-mobile-web-app-status-bar-style" content="default"><meta name="description" content="材料准备Javacard (TB搜 J3R180 ¥20-30 要SECID版,记得问卖家密钥)智能卡读卡器 (TB搜 pcsc读卡器&#x2F;ccid读卡器 ¥30-50,更建议加钱上双界面的,或者买一个便宜的接触式的再买一个好一些的非接触式的日常用) 环境确认操作系统:&emsp;&emsp;Windows 10 LTSB 21H2软件版本:&emsp;&emsp;gpg4win 5."><meta property="og:type" content="blog"><meta property="og:title" content="JavaCard 上手"><meta property="og:url" content="https://thinkalone.win/Play-with-JavaCard.html"><meta property="og:site_name" content="ThinkAlone"><meta property="og:description" content="材料准备Javacard (TB搜 J3R180 ¥20-30 要SECID版,记得问卖家密钥)智能卡读卡器 (TB搜 pcsc读卡器&#x2F;ccid读卡器 ¥30-50,更建议加钱上双界面的,或者买一个便宜的接触式的再买一个好一些的非接触式的日常用) 环境确认操作系统:&emsp;&emsp;Windows 10 LTSB 21H2软件版本:&emsp;&emsp;gpg4win 5."><meta property="og:locale" content="zh_CN"><meta property="og:image" content="https://thinkalone.win/img/og_image.png"><meta property="article:published_time" content="2026-03-01T04:00:00.000Z"><meta property="article:modified_time" content="2026-03-15T04:00:00.000Z"><meta property="article:author" content="Disappear9"><meta property="article:tag" content="教程"><meta property="article:tag" content="折腾那些事"><meta property="twitter:card" content="summary"><meta property="twitter:image:src" content="https://thinkalone.win/img/og_image.png"><script type="application/ld+json">{"@context":"https://schema.org","@type":"BlogPosting","mainEntityOfPage":{"@type":"WebPage","@id":"https://thinkalone.win/Play-with-JavaCard.html"},"headline":"JavaCard 上手","image":["https://thinkalone.win/img/og_image.png"],"datePublished":"2026-03-01T04:00:00.000Z","dateModified":"2026-03-15T04:00:00.000Z","author":{"@type":"Person","name":"Disappear9"},"publisher":{"@type":"Organization","name":"ThinkAlone","logo":{"@type":"ImageObject","url":"https://thinkalone.win/logo.png"}},"description":"材料准备Javacard (TB搜 J3R180 ¥20-30 要SECID版,记得问卖家密钥)智能卡读卡器 (TB搜 pcsc读卡器/ccid读卡器 ¥30-50,更建议加钱上双界面的,或者买一个便宜的接触式的再买一个好一些的非接触式的日常用) 环境确认操作系统:  Windows 10 LTSB 21H2软件版本:  gpg4win 5."}</script><link rel="canonical" href="https://thinkalone.win/Play-with-JavaCard.html"><link rel="alternate" href="/atom.xml" title="ThinkAlone" type="application/atom+xml"><link rel="icon" href="/favicon.png"><link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.0.0/css/all.css"><link data-pjax rel="stylesheet" href="https://cdn.jsdelivr.net/npm/highlight.js@11.7.0/styles/monokai.css"><link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Ubuntu:wght@400;600&family=Source+Code+Pro"><link data-pjax rel="stylesheet" href="/css/default.css"><style>body>.footer,body>.navbar,body>.section{opacity:0}</style><!--!--><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/cookieconsent@3.1.1/build/cookieconsent.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/lightgallery@1.10.0/dist/css/lightgallery.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/justifiedGallery@3.8.1/dist/css/justifiedGallery.min.css"><script src="https://www.googletagmanager.com/gtag/js?id=UA-114968614-1" async></script><script>window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-114968614-1');</script><!--!--><style>.pace{-webkit-pointer-events:none;pointer-events:none;-webkit-user-select:none;-moz-user-select:none;user-select:none}.pace-inactive{display:none}.pace .pace-progress{background:#3273dc;position:fixed;z-index:2000;top:0;right:100%;width:100%;height:2px}</style><script src="https://cdn.jsdelivr.net/npm/pace-js@1.2.4/pace.min.js"></script><!-- hexo injector head_end start --><script>
(function () {
function switchTab() {
if (!location.hash) {
return;
}
const id = '#' + CSS.escape(location.hash.substring(1));
const $tabMenu = document.querySelector(`.tabs a[href="${id}"]`);
if (!$tabMenu) {
return;
}
const $tabMenuContainer = $tabMenu.parentElement.parentElement;
Array.from($tabMenuContainer.children).forEach($menu => $menu.classList.remove('is-active'));
Array.from($tabMenuContainer.querySelectorAll('a'))
.map($menu => document.getElementById($menu.getAttribute("href").substring(1)))
.forEach($content => $content.classList.add('is-hidden'));
if ($tabMenu) {
$tabMenu.parentElement.classList.add('is-active');
}
const $activeTab = document.querySelector(id);
if ($activeTab) {
$activeTab.classList.remove('is-hidden');
}
}
switchTab();
window.addEventListener('hashchange', switchTab, false);
})();
</script><!-- hexo injector head_end end --><meta name="generator" content="Hexo 8.1.1"></head><body class="is-2-column"><nav class="navbar navbar-main"><div class="container navbar-container"><div class="navbar-brand justify-content-center"><a class="navbar-item navbar-logo" href="/"><img src="/logo.png" alt="ThinkAlone" height="28"></a></div><div class="navbar-menu"><div class="navbar-start"><a class="navbar-item" href="/">主页</a><a class="navbar-item" href="/archives">归档</a><a class="navbar-item" href="/categories">分类</a><a class="navbar-item" href="/tags">Tags</a><a class="navbar-item" href="/about">关于</a></div><div class="navbar-end"><a class="navbar-item" target="_blank" rel="noopener" title="博客源码" href="https://github.com/Disappear9/disappear9.github.io"><i class="fab fa-github"></i></a><a class="navbar-item is-hidden-tablet catalogue" title="目录" href="javascript:;"><i class="fas fa-list-ul"></i></a><a class="navbar-item search" title="搜索" href="javascript:;"><i class="fas fa-search"></i></a></div></div></div></nav><section class="section"><div class="container"><div class="columns"><div class="column order-2 column-main is-8-tablet is-8-desktop is-8-widescreen"><div class="card"><article class="card-content article" role="article"><div class="article-meta is-size-7 is-uppercase level is-mobile"><div class="level-left"><span class="level-item"><time dateTime="2026-03-01T04:00:00.000Z" title="3/1/2026, 4:00:00 AM">2026-03-01</time>发表</span><span class="level-item"><time dateTime="2026-03-15T04:00:00.000Z" title="3/15/2026, 4:00:00 AM">2026-03-15</time>更新</span><span class="level-item"><a class="link-muted" href="/categories/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/">折腾那些事</a></span><span class="level-item">10 分钟读完 (大约1549个字)</span></div></div><h1 class="title is-3 is-size-4-mobile">JavaCard 上手</h1><div class="content"><h3 id="材料准备"><a href="#材料准备" class="headerlink" title="材料准备"></a>材料准备</h3><p>Javacard (TB搜 J3R180 ¥20-30 要SECID版,记得问卖家密钥)<br>智能卡读卡器 (TB搜 pcsc读卡器/ccid读卡器 ¥30-50,更建议加钱上双界面的,或者买一个便宜的接触式的再买一个好一些的非接触式的日常用) </p>
<hr>
<h3 id="环境确认"><a href="#环境确认" class="headerlink" title="环境确认"></a>环境确认</h3><p>操作系统:<br>  Windows 10 LTSB 21H2<br>软件版本:<br>  gpg4win 5.0.1 (gpg 2.5.17)<br>  OpenSC 0.26.1<br>  Global Platform Pro v20.08.12<br>  Temurin JDK 21.0.10+7-LTS<br>  Python 3.13 </p>
<span id="more"></span>
<h3 id="准备卡片"><a href="#准备卡片" class="headerlink" title="准备卡片"></a>准备卡片</h3><p>卡片到手后第一件事先改掉默认的密钥 </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl rand <span class="literal">-hex</span> <span class="number">16</span> <span class="comment">#运行3次,生成三组密钥,分别对应enc,mac,dek</span></span><br><span class="line">!!!千万要保存好,丢失了卡就可以扔了!!!</span><br></pre></td></tr></table></figure>
<p>修改密钥:</p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar `</span><br><span class="line"> <span class="literal">--key-enc</span> old<span class="literal">-key</span> ` </span><br><span class="line"> <span class="literal">--key-mac</span> ole<span class="literal">-key</span> ` </span><br><span class="line"> <span class="literal">--key-dek</span> old<span class="literal">-key</span> ` </span><br><span class="line"> <span class="literal">--lock-enc</span> <span class="built_in">new-key</span> <span class="literal">--lock-mac</span> <span class="built_in">new-key</span> <span class="literal">--lock-dek</span> <span class="built_in">new-key</span></span><br></pre></td></tr></table></figure>
<h3 id="JCAlgTest"><a href="#JCAlgTest" class="headerlink" title="JCAlgTest"></a>JCAlgTest</h3><p>先来跑个测试看看到手的卡正不正常、支持哪些算法<br>从<a target="_blank" rel="noopener" href="https://github.com/crocs-muni/JCAlgTest">JCAlgTest</a>最新版本(当前最新版是AlgTest_dist_1.8.3.zip)<br>安装Applet </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> AlgTest_v1.<span class="number">8.2</span>_jc305.cap `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure>
<p>如果jc305的Applet装不进去,依次尝试jc304 -> jc222<br>如果jc304也装不上,那剩下的教程就不用看了,这说明你买到的卡芯片不是J3R180/不支持JavaCard 3.0.4 </p>
<p>运行<code>AlgTestJClient</code></p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> AlgTestJClient.jar</span><br></pre></td></tr></table></figure>
<p>选择 <code>1 -> SUPPORTED ALGORITHMS</code> 测试支持的算法<br>测试需要跑5分钟左右,最后会生成一个csv文件<br>打开csv文件,记下 <code>CPLC.ICSerialNumber</code> 最好写在卡上方便区分<br>搜索 <code>TYPE_RSA_PRIVATE LENGTH_RSA_3072</code> 如果后面显示的是no,则在安装OpenPGP Applet或IsoApplet时只能使用文件名含2048的。 </p>
<h3 id="FIDO2"><a href="#FIDO2" class="headerlink" title="FIDO2"></a>FIDO2</h3><p>从<a target="_blank" rel="noopener" href="https://github.com/BryanJacobs/FIDO2Applet">FIDO2Applet</a>下载工程ZIP包,在从Releases下载Applet(FIDO2.cap)<br>解压工程ZIP包备用,后面要用到工程里的脚本 </p>
<p>注意:当前(2026/3/1)GPP必须使用v20.08.12,在这之后的版本处理TLV有问题会导致后面注入证书的操作报错。 </p>
<p>安装Applet </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> FIDO2.cap `</span><br><span class="line"> <span class="literal">--params</span> a800f50505061820071904000818200918fe0a1904000b190400 `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure>
<p>注入证书<br>注意:当前(2026/3/1)Python必须使用3.12,不然pyscard装不上(或者自己手动改下代码)。 </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">python <span class="literal">-m</span> venv venv</span><br><span class="line">venv\Scripts\Activate.ps1</span><br><span class="line">pip install <span class="literal">-r</span> FIDO2Applet<span class="literal">-main</span>/requirements.txt</span><br><span class="line">python FIDO2Applet<span class="literal">-main</span>/install_attestation_cert.py</span><br></pre></td></tr></table></figure>
<h3 id="OpenPGP"><a href="#OpenPGP" class="headerlink" title="OpenPGP"></a>OpenPGP</h3><p>从<a target="_blank" rel="noopener" href="https://github.com/github-af/SmartPGP">SmartPGP</a>下载Applet<br>建议使用RSA 2048的Applet就够了,最多3072,更推荐用NIST P-384,因为卡上跑RSA的速度实在太慢了 </p>
<p>使用以下脚本生成序列号:</p>
<figure class="highlight python"><figcaption><span>gen_sn.py</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> secrets</span><br><span class="line"><span class="keyword">import</span> subprocess</span><br><span class="line"></span><br><span class="line"><span class="comment"># anything in fff0 to fffe is for unmanaged random assignment of serial numbers</span></span><br><span class="line">_MANUFACTURER = <span class="string">"fff5"</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">def</span> <span class="title function_">_make_card</span>():</span><br><span class="line"> <span class="comment"># SN is 8 digits, so 4 bytes shown as hex</span></span><br><span class="line"> sn = secrets.token_hex(<span class="number">4</span>)</span><br><span class="line"> aid = <span class="string">f"d276000124010304<span class="subst">{_MANUFACTURER}</span><span class="subst">{sn}</span>0000"</span></span><br><span class="line"> <span class="built_in">print</span>(<span class="string">f"Assigning serial number <span class="subst">{sn}</span> for manufacturer <span class="subst">{_MANUFACTURER}</span>"</span>)</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"--create "</span> + aid)</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> _make_card()</span><br></pre></td></tr></table></figure>
<p>安装Applet,将<code>--create</code>后的内容替换为上面脚本生成的 </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> SmartPGPApplet<span class="literal">-rsa_up_to_3072</span>.cap `</span><br><span class="line"> <span class="literal">--create</span> ************************** `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure>
<p>OpenPGP的使用可以参照:<a href="https://thinkalone.win/canokey-canary.html#OpenPGP">Canokey Canary上手#OpenPGP</a></p>
<h3 id="NDEF"><a href="#NDEF" class="headerlink" title="NDEF"></a>NDEF</h3><p>从<a target="_blank" rel="noopener" href="https://github.com/OpenJavaCard/openjavacard-ndef/tree/master/prebuilt">openjavacard-ndef</a>下载预编译的Applet </p>
<p>安装Applet </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> openjavacard<span class="literal">-ndef-full</span>.cap `</span><br><span class="line"> <span class="literal">--params</span> <span class="number">8102000082020800</span> `</span><br><span class="line"> <span class="literal">--create</span> D2760000850101 `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure>
<p>这会创建一个有2K存储空间可重复擦写的tag,详细的参数设置<a target="_blank" rel="noopener" href="https://github.com/OpenJavaCard/openjavacard-ndef/blob/master/doc/install.md">参考这里</a>。</p>
<h3 id="PKCS11-15"><a href="#PKCS11-15" class="headerlink" title="PKCS11/15"></a>PKCS11/15</h3><p>这个Applet需要自己编译<a target="_blank" rel="noopener" href="https://github.com/philipWendland/IsoApplet">IsoApplet</a> </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 为了方便配置环境,换到Debian下操作</span></span><br><span class="line">git <span class="built_in">clone</span> https://github.com/philipWendland/IsoApplet</span><br><span class="line"><span class="built_in">cd</span> IsoApplet</span><br><span class="line">git submodule init</span><br><span class="line">git submodule update</span><br></pre></td></tr></table></figure>
<p>修改 <code>IsoApplet.java</code> 允许导入私钥 </p>
<figure class="highlight java"><figcaption><span>IsoApplet.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> <span class="type">boolean</span> <span class="variable">DEF_PRIVATE_KEY_IMPORT_ALLOWED</span> <span class="operator">=</span> <span class="literal">true</span>;</span><br></pre></td></tr></table></figure>
<p>如果你的卡不支持RSA4096,则需要注释掉 <code>IsoApplet.java</code> 中测试RSA4096的部分 </p>
<figure class="highlight java"><figcaption><span>IsoApplet.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"> <span class="comment">// API features: probe card support for 4096 bit RSA keys</span></span><br><span class="line">api_features &= ~API_FEATURE_RSA_4096;</span><br><span class="line"><span class="comment">/*</span></span><br><span class="line"><span class="comment"> try {</span></span><br><span class="line"><span class="comment"> RSAPrivateCrtKey testKey = (RSAPrivateCrtKey)KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_4096, false);</span></span><br><span class="line"><span class="comment"> api_features |= API_FEATURE_RSA_4096;</span></span><br><span class="line"><span class="comment"> } catch (CryptoException e) {</span></span><br><span class="line"><span class="comment"> if(e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {</span></span><br><span class="line"><span class="comment"> api_features &= ~API_FEATURE_RSA_4096;</span></span><br><span class="line"><span class="comment"> } else {</span></span><br><span class="line"><span class="comment"> throw e;</span></span><br><span class="line"><span class="comment"> }</span></span><br><span class="line"><span class="comment"> }</span></span><br><span class="line"><span class="comment">*/</span></span><br></pre></td></tr></table></figure>
<p>我们启一个Docker防止配置的环境与主机的冲突: </p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">sudo</span> docker run -it -v ./IsoApplet:/workdir --name jc_build ubuntu:22.04</span><br><span class="line"><span class="built_in">sudo</span> apt update</span><br><span class="line"><span class="built_in">sudo</span> apt install openjdk-8-jdk ant</span><br><span class="line"><span class="built_in">sudo</span> update-java-alternatives -s java-1.8.0-openjdk-amd64</span><br><span class="line"><span class="built_in">cd</span> /workdir</span><br><span class="line">ant</span><br></pre></td></tr></table></figure>
<p>编译后得到 <code>IsoApplet.cap</code><br>当然,你也可以<a href="/attachments/Play-with-JavaCard/IsoApplet.7z">直接使用我编译好的cap</a> </p>
<p>安装Applet </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> IsoApplet.cap `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure>
<p>初始化 </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 生成一个32位的随机序列号</span></span><br><span class="line">openssl rand <span class="literal">-hex</span> <span class="number">16</span></span><br><span class="line">pkcs15<span class="literal">-init</span> <span class="literal">--create-pkcs15</span> <span class="literal">--serial</span> <span class="number">48</span>c32f6a878b839a</span><br></pre></td></tr></table></figure>
<p>使用案例参考:<a target="_blank" rel="noopener" href="https://github.com/philipWendland/IsoApplet/wiki/Using-the-IsoApplet-with-OpenSSH">Using-the-IsoApplet-with-OpenSSH</a> </p>
<h3 id="VeraCrypt"><a href="#VeraCrypt" class="headerlink" title="VeraCrypt"></a>VeraCrypt</h3><p>VeraCrypt可以直接使用存储在符合PKCS #11(2.0或更高版本)标准且允许用户在令牌/卡上存储文件(数据对象)的安全令牌或智能卡上的密钥文件。<a target="_blank" rel="noopener" href="https://veracrypt.jp/zh-cn/Keyfiles%20in%20VeraCrypt.html">操作步骤见VeraCrypt文档</a></p>
<p>有两种方式:<br>1.存到 OpenPGP Applet 的 PrivDO3(Private Data Object 3) 中<br>2.存到 IsoApplet 的 PKCS #15 中</p>
<h4 id="PrivDO3"><a href="#PrivDO3" class="headerlink" title="PrivDO3"></a>PrivDO3</h4><p>默认情况下直接按VeraCrypt的文档操作,密钥文件会被存入PrivDO1,直接运行 <code>gpg --card-edit</code> 不需要验证PIN就可以直接读取到: </p>
<figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">PS</span> C:\Temp> gpg <span class="literal">--card-edit</span></span><br><span class="line"></span><br><span class="line">Manufacturer .....: unmanaged S/N range</span><br><span class="line">......</span><br><span class="line">Private <span class="keyword">DO</span> <span class="number">1</span> .....: DO1XXXXXXXXXXXXXXXXX <<<<<<<<<<<<<<</span><br><span class="line">Signature PIN ....: forced</span><br></pre></td></tr></table></figure>
<p>所以更推荐使用这个库:<a target="_blank" rel="noopener" href="https://github.com/czietz/openpgp-privdo3-pkcs11">openpgp-privdo3-pkcs11</a>,把密钥文件存进 DO 3。<br>从Releases下载对应的 dll/so 文件后按工程 README 操作。 </p>
<h4 id="PKCS"><a href="#PKCS" class="headerlink" title="PKCS"></a>PKCS</h4><p>1.点击 VeraCrypt 菜单栏的 工具 > 密钥文件生成器<br>2.密钥文件大小设置在 64-256 字节之间,生成后保存<br>3.点击 VeraCrypt 菜单栏的 工具 > 管理安全口令牌密钥文件<br>4.输入设置的PIN码验证<br>5.点击 “导入密钥文件到令牌”,然后选择刚刚生成的文件 </p>
</div><div class="article-licensing box"><div class="licensing-title"><p>JavaCard 上手</p><p><a href="https://thinkalone.win/Play-with-JavaCard.html">https://thinkalone.win/Play-with-JavaCard.html</a></p></div><div class="licensing-meta level is-mobile"><div class="level-left"><div class="level-item is-narrow"><div><h6>作者</h6><p>Disappear9</p></div></div><div class="level-item is-narrow"><div><h6>发布于</h6><p>2026-03-01</p></div></div><div class="level-item is-narrow"><div><h6>更新于</h6><p>2026-03-15</p></div></div><div class="level-item is-narrow"><div><h6>许可协议</h6><p><a class="icons" rel="noopener" target="_blank" title="Creative Commons" href="https://creativecommons.org/"><i class="icon fab fa-creative-commons"></i></a><a class="icons" rel="noopener" target="_blank" title="Attribution" href="https://creativecommons.org/licenses/by/4.0/"><i class="icon fab fa-creative-commons-by"></i></a><a class="icons" rel="noopener" target="_blank" title="Noncommercial" href="https://creativecommons.org/licenses/by-nc/4.0/"><i class="icon fab fa-creative-commons-nc"></i></a></p></div></div></div></div></div><div class="article-tags is-size-7 mb-4"><span class="mr-2">#</span><a class="link-muted mr-2" rel="tag" href="/tags/%E6%95%99%E7%A8%8B/">教程</a><a class="link-muted mr-2" rel="tag" href="/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/">折腾那些事</a></div><!--!--></article></div><!--!--><nav class="post-navigation mt-4 level is-mobile"><div class="level-end"><a class="article-nav-next level level-item link-muted" href="/Using-step-ca.html"><span class="level-item">灵车!开创! Step-CA 日常使用教程</span><i class="level-item fas fa-chevron-right"></i></a></div></nav><div class="card" id="comments"><div class="card-content"><h3 class="title is-5">评论</h3><script src="https://giscus.app/client.js" repo="Disappear9/disappear9.github.io" data-repo="Disappear9/disappear9.github.io" data-repo-id="MDEwOlJlcG9zaXRvcnkxMTM0MTc3NTc=" data-category-id="DIC_kwDOBsKeHc4CwEsU" data-category="General" data-mapping="url" data-strict="0" data-reactions-enabled="1" data-emit-metadata="0" data-input-position="top" data-theme="preferred_color_scheme" data-lang="zh-CN" data-loading="lazy" crossorigin="anonymous" async></script></div></div></div><div class="column column-left is-4-tablet is-4-desktop is-4-widescreen order-1 is-sticky"><div class="card widget" data-type="profile"><div class="card-content"><nav class="level"><div class="level-item has-text-centered flex-shrink-1"><div><figure class="image is-128x128 mx-auto mb-2"><img class="avatar is-rounded" src="/avatar.png" alt="Disappear9"></figure><p class="title is-size-4 is-block" style="line-height:inherit;">Disappear9</p><p class="is-size-6 is-block">Disappear9@D9Lab</p><p class="is-size-6 is-flex justify-content-center"><i class="fas fa-map-marker-alt mr-1"></i><span>China</span></p></div></div></nav><nav class="level is-mobile"><div class="level-item has-text-centered is-marginless"><div><p class="heading">文章</p><a href="/archives/"><p class="title">33</p></a></div></div><div class="level-item has-text-centered is-marginless"><div><p class="heading">分类</p><a href="/categories/"><p class="title">6</p></a></div></div><div class="level-item has-text-centered is-marginless"><div><p class="heading">标签</p><a href="/tags/"><p class="title">8</p></a></div></div></nav><div class="level is-mobile is-multiline"><a class="level-item button is-transparent is-marginless" target="_blank" rel="me noopener" title="Github" href="https://github.com/Disappear9"><i class="fab fa-github"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="me noopener" title="Twitter" href="https://twitter.com/Disappear9_"><i class="fab fa-twitter"></i></a><a class="level-item button is-transparent is-marginless" target="_blank" rel="me noopener" title="RSS" href="/atom.xml"><i class="fas fa-rss"></i></a></div></div></div><div class="card widget" id="toc" data-type="toc"><div class="card-content"><div class="menu"><h3 class="menu-label">目录</h3><ul class="menu-list"><li><a class="level is-mobile" href="#材料准备"><span class="level-left"><span class="level-item">1</span><span class="level-item">材料准备</span></span></a></li><li><a class="level is-mobile" href="#环境确认"><span class="level-left"><span class="level-item">2</span><span class="level-item">环境确认</span></span></a></li><li><a class="level is-mobile" href="#准备卡片"><span class="level-left"><span class="level-item">3</span><span class="level-item">准备卡片</span></span></a></li><li><a class="level is-mobile" href="#JCAlgTest"><span class="level-left"><span class="level-item">4</span><span class="level-item">JCAlgTest</span></span></a></li><li><a class="level is-mobile" href="#FIDO2"><span class="level-left"><span class="level-item">5</span><span class="level-item">FIDO2</span></span></a></li><li><a class="level is-mobile" href="#OpenPGP"><span class="level-left"><span class="level-item">6</span><span class="level-item">OpenPGP</span></span></a></li><li><a class="level is-mobile" href="#NDEF"><span class="level-left"><span class="level-item">7</span><span class="level-item">NDEF</span></span></a></li><li><a class="level is-mobile" href="#PKCS11-15"><span class="level-left"><span class="level-item">8</span><span class="level-item">PKCS11/15</span></span></a></li><li><a class="level is-mobile" href="#VeraCrypt"><span class="level-left"><span class="level-item">9</span><span class="level-item">VeraCrypt</span></span></a><ul class="menu-list"><li><a class="level is-mobile" href="#PrivDO3"><span class="level-left"><span class="level-item">9.1</span><span class="level-item">PrivDO3</span></span></a></li><li><a class="level is-mobile" href="#PKCS"><span class="level-left"><span class="level-item">9.2</span><span class="level-item">PKCS</span></span></a></li></ul></li></ul></div></div><style>#toc .menu-list > li > a.is-active + .menu-list { display: block; }#toc .menu-list > li > a + .menu-list { display: none; }</style><script src="/js/toc.js" defer></script></div></div><!--!--></div></div></section><footer class="footer"><div class="container"><div class="level"><div class="level-start"><a class="footer-logo is-block mb-2" href="/"><img src="/logo.png" alt="ThinkAlone" height="28"></a><p class="is-size-7"><span>© 2026 Disappear9</span> Powered by <a href="https://hexo.io/" target="_blank" rel="noopener">Hexo</a> & <a href="https://github.com/ppoffice/hexo-theme-icarus" target="_blank" rel="noopener">Icarus</a></p></div><div class="level-end"><div class="field has-addons"><p class="control"><a class="button is-transparent is-large" target="_blank" rel="noopener" title="Creative Commons" href="https://creativecommons.org/"><i class="fab fa-creative-commons"></i></a></p><p class="control"><a class="button is-transparent is-large" target="_blank" rel="noopener" title="Attribution 4.0 International" href="https://creativecommons.org/licenses/by/4.0/"><i class="fab fa-creative-commons-by"></i></a></p></div></div></div></div></footer><script src="https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js"></script><script src="https://cdn.jsdelivr.net/npm/moment@2.22.2/min/moment-with-locales.min.js"></script><script src="https://cdn.jsdelivr.net/npm/clipboard@2.0.4/dist/clipboard.min.js" defer></script><script>moment.locale("zh-cn");</script><script>var IcarusThemeSettings = {
article: {
highlight: {
clipboard: true,
fold: 'unfolded'
}
}
};</script><script data-pjax src="/js/column.js"></script><script src="/js/animation.js"></script><a id="back-to-top" title="回到顶端" href="javascript:;"><i class="fas fa-chevron-up"></i></a><script data-pjax src="/js/back_to_top.js" defer></script><script src="https://cdn.jsdelivr.net/npm/cookieconsent@3.1.1/build/cookieconsent.min.js" defer></script><script>window.addEventListener("load", () => {
window.cookieconsent.initialise({
type: "info",
theme: "edgeless",
static: false,
position: "bottom-left",
content: {
message: "此网站使用Cookie来改善您的体验。",
dismiss: "知道了!",
allow: "允许使用Cookie",
deny: "拒绝",
link: "了解更多",
policy: "Cookie政策",
href: "https://www.cookiesandyou.com/",
},
palette: {
popup: {
background: "#edeff5",
text: "#838391"
},
button: {
background: "#4b81e8"
},
},
});
});</script><script src="https://cdn.jsdelivr.net/npm/lightgallery@1.10.0/dist/js/lightgallery.min.js" defer></script><script src="https://cdn.jsdelivr.net/npm/justifiedGallery@3.8.1/dist/js/jquery.justifiedGallery.min.js" defer></script><script>window.addEventListener("load", () => {
if (typeof $.fn.lightGallery === 'function') {
$('.article').lightGallery({ selector: '.gallery-item' });
}
if (typeof $.fn.justifiedGallery === 'function') {
if ($('.justified-gallery > p > .gallery-item').length) {
$('.justified-gallery > p > .gallery-item').unwrap();
}
$('.justified-gallery').justifiedGallery();
}
});</script><!--!--><script src="https://cdn.jsdelivr.net/npm/pjax@0.2.8/pjax.min.js"></script><script src="/js/pjax.js"></script><!--!--><script data-pjax src="/js/main.js" defer></script><div class="searchbox"><div class="searchbox-container"><div class="searchbox-header"><div class="searchbox-input-container"><input class="searchbox-input" type="text" placeholder="想要查找什么..."></div><a class="searchbox-close" href="javascript:;">×</a></div><div class="searchbox-body"></div></div></div><script data-pjax src="/js/insight.js" defer></script><script data-pjax>document.addEventListener('DOMContentLoaded', function () {
loadInsight({"contentUrl":"/content.json"}, {"hint":"想要查找什么...","untitled":"(无标题)","posts":"文章","pages":"页面","categories":"分类","tags":"标签"});
});</script></body></html>