Comments (5)
PR updated per feedback from @frankmorgner .
from jcardsim.
BouncyCastle's SecureRandom implementation calls setSeed(System.currentTimeMillis());
in order to make their SecureRandom more random. As the jCardSim ALG_SECURE_RANDOM documentation says that the random numbers should be cryptographically secure, I added a pull request #140 to help make that possible.
This patch only kicks in if ALG_SECURE_RANDOM is present; ALG_PSEUDO_RANDOM should still function the same, if someone wants to have deterministic "randomness" in their test suites.
from jcardsim.
With my patch, behaviour is as expected:
Gradle suite > Gradle test > tests.AppletTest.hello STANDARD_OUT
Connecting to card... Done.
--> [00C00000080000000000000000] 13
<-- D4EEC11B9AA895EF22BCC8782EA5669EBA2BE73E9C7375B2A3C6E3144C89A45C 9000 (32)
ResponseAPDU: 34 bytes, SW=9000
Gradle suite > Gradle test > tests.AppletTest.hello2 STANDARD_OUT
Connecting to card... Done.
--> [00C00000080000000000000000] 13
<-- 4267C24D9E10EEB173148B7706D1B634BFC3BA99734548CD275A585C7EDE37DB 9000 (32)
ResponseAPDU: 34 bytes, SW=9000
Gradle suite > Gradle test > tests.AppletTest.hello3 STANDARD_OUT
Connecting to card... Done.
--> [00C00000080000000000000000] 13
<-- EDDE80F7B2641DADE83FA3B2F547B21A6A4825EACA9EDD9320869EB5FD07476D 9000 (32)
ResponseAPDU: 34 bytes, SW=9000
from jcardsim.
Bouncycastle only provides PRNGs, if you want secure random numbers, you should use java.security.SecureRandom
, which delegates to a platform dependent generator that should have way more entropy.
from jcardsim.
I was trying to keep compatibility with the existing code, and it good enough to test.
I guess it really depends on the likelihood of someone doing something silly, like virtualizing their smart card using jcardsim and using it for web-based applications. From an IT standpoint, I can think of plenty of reasons to do that, and from a security standpoint, I can think of many reasons not to.
from jcardsim.
Related Issues (20)
- macOS build issues HOT 4
- miss object ASN1Primitive
- CAP files simulation & Security domain HOT 2
- AES-GCM (ALG_AES_GCM) is not supported. HOT 1
- Did not invoke my applet's install method
- Does not support store data command separated in 4 parts
- Trying to buy JCardSim?
- Issue while using it for PIV applet HOT 1
- jCardSim Maintenance
- Support of JCSystem.makeGlobalArray() call HOT 1
- java.lang.ClassNotFoundException: com.licel.globalplatform.GpSimulatorRuntime
- Lc = 0x00 is not allowed according to ISO7816-4 and should not work on any card or simulation. Your command is malformed. HOT 2
- Exception when trying to initialise CardSimulator class HOT 2
- Wrong Checksum.ALG_ISO3309_CRC32 implementation
- Exception when loading applet HOT 4
- Exception triggered when initialising the simulator along with JCDK
- Unexpected - Transient memory is bound to threadlocal, thus shared by two simulator instances
- Spordically wrong XY coordinates for secp256r1
- Can not start simulator HOT 2
- Implement KeyBuilder#buildKey(byte,byte,short,boolean) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jcardsim.