Verifying CAP and Export Files

C H A P T E R 12

Off-card verification provides a means for evaluating CAP and export files in a desktop environment. When applied to the set of CAP files that will reside on a Java Card technology compliant smart card and the set of export files used to construct those CAP files, the Java Card technology-enabled off-card verifier provides the means to assert that the content of the smart card has been verified.

If you have a source release, you can localize locale-specific data associated with the off-card verifier. For more information, see Chapter 14.

The off-card verifier is a combination of three tools, verifycap, verifyexp, and verifyrev. The following sections describe how to use each tool.

verifycap - see Verifying CAP Files.

verifyexp - see Verifying Export Files.

verifyrev - see Verifying Binary Compatibility.

Verifying CAP Files

The verifycap tool is used to verify a CAP file within the context of package's export file (if any) and the export files of imported packages. This verification confirms whether a CAP file is internally consistent, as defined in Chapter 6 of the Virtual Machine Specification, Java Card Platform, Version 3.0.1, Classic Edition, and consistent with a context in which it can reside in a Java Card technology-enabled device.

Each individual export file is verified as a single unit. The scenario is shown in FIGURE 12-9. In the figure, the package p2 CAP file is being verified. Package p2 has a dependency on package p1, so the export file from package p1 is also input. The p2.exp file is only required if p2.cap exports any of its elements.

FIGURE 12-9 Verifying a CAP file

This figure has already been described in text

Running `verifycap`

You invoke verifycap at the command line as follows (see TABLE 12-31 for a description of options):

verifycap.bat [options] export-files CAP-file

Note - The file to invoke verifycap is a batch file (verifycap.bat) that must be run from a working directory of JC_CLASSIC_HOME\bin in order for the code to execute properly.

TABLE 12-31 verifycap Command Line Arguments
Argument	Description
export-files	A list of export files of the packages that this CAP file uses.
CAP-file	Name of the CAP file to be verified.
	For more `verifycap` options, also see Command Line Options for Off-Card Verifier Tools.

Verifying Export Files

The verifyexp tool is used to verify an export file as a single unit. This verification is “shallow,” examining only the content of a single export file, not including export files of packages referenced by the package of the export file. The verification determines whether an export file is internally consistent and viable as defined in Chapter 5 of the Virtual Machine Specification, Java Card Platform, Version 3.0.1, Classic Edition. This scenario is illustrated in FIGURE 12-10.

FIGURE 12-10 Verifying An Export File

This figure has already been described in text.

Running `verifyexp`

You invoke verifyexp at the command line as follows (see TABLE 12-32 for a description of options):

verifyexp [options] export-file

Note - The file to invoke verifyexp is a batch file (verifyexp.bat) that must be run from a working directory of JC_CLASSIC_HOME\bin in order for the code to execute properly.

TABLE 12-32 verifyexp Command Line Argument
Argument	Description
<export file>	Fully qualified path and name of the export file.
	For more `verifyexp` options, also see Command Line Options for Off-Card Verifier Tools.

Verifying Binary Compatibility

The verifyrev tool checks for binary compatibility between revisions of a package by comparing the respective export files. This scenario is illustrated in FIGURE 12-11. The export files from version 1.0 and 1.1 of package p1 are input to verifyrev. The verification examines whether the Java Card platform version rules, including those imposed for binary compatibility as defined in Section 4.4 of the Virtual Machine Specification, Java Card Platform, Version 3.0.1, Classic Edition, have been followed.

FIGURE 12-11 Verifying Binary Compatibility Of Export Files

This figure has already been described in text.

Running `verifyrev`

You invoke verifyrev at the command line as follows (see Command Line Options for Off-Card Verifier Tools for more options in addition to those described in this section):

verifyrev.bat [options] export-file export-file

Note - The file to invoke verifyrev is a batch file (verifyrev.bat) that must be run from a working directory of JC_CLASSIC_HOME\bin in order for the code to execute properly.

The first export-file argument on the command line represents the fully qualified path of the export files to be compared, while the second export file name must be the same as the first one with a different path, for example:

verifyrev d:\testing\old\crypto.exp d:\testing\new\crypto.exp

Command Line Options for Off-Card Verifier Tools

The verifycap, verifyexp, and verifyrev, off-card verifier tools share many of the same command line options. The only exception is the -package option which is available for verifycap only.

These options exhibit the same behavior regardless of the tool that calls them.

TABLE 12-33 `verifycap` , `verifyexp` , `verifyrev` Command Line Options
Option	Description
`-help`	Prints help message.
`-nobanner`	Suppresses banner message.
`-nowarn`	Suppresses warning messages.
`-package` <package name>	(Available for `verifycap` only) Sets the name of the package to be verified.
`-verbose`	Enables verbose mode.
`-version`	Prints version number and exit.
`-C` command-options-file or -`-commandoptionsfile` command-options-file	Optional. Specifies a file containing command-line options.