For the past two weeks, I have been working on a new smart card project. I’m using a low-end card for development and testing; it is certainly not a cryptographically strong card. The card is a ZeitControl Professional BasicCard ZC5.4; it has a processor supporting public key cryptography using elliptic curves over the field GF(2^167) which in theory provides the same cryptographic strength as 1024-bit RSA keys, 128-bit AES for session keys, and SHA-1 as a message digest algorithm. As previously stated, not cryptographically very secure but at 6 USD per card, financially affordable to develop a basic smart card platform. Unfortunately, it uses a modified form of BASIC (called ZC-BASIC) as the card language (which may also be used to develop the terminal aka PC-side application). Fortunately, it includes a Java API to use for terminal applications.
I’ve finished writing 90% of the card software at this point, with only encryption and decryption routines needing to be finished. I also have a terminal driver written in ZC-BASIC done, which merely allows testing of finished card commands.
The current phase of the project is researching some methods for implementing encryption / decryption, and writing the Java terminal software. At this point, I have the card service finished to implement all the card commands currently coded. Unfortunately, my Java skills are weak so I still need some work learning Swing and more Java to finish the terminal.
For those interested, there is a sourceforge page up; the ZeitControl IDE (which is woefully simple) is available from the ZeitControl website.
September 25, 2009, 8:23am
