Skip to content

Supplementary Security Domains

Jump to bottom Edit New page
Martin Paljak edited this page Sep 5, 2018 · 5 revisions

Creating SSD-s

Supplementary security domains can be created with -domain. Add additional privileges with -privs and installation parameters with -params. The default package and application ID can be changed with -pkg and -app.

To specify extradition right for the newly created SSD, use -allow-to to be able to extradite apps to the SSD and -allow-from to be able to extradite applications from the SSD. If you need to add additional installation parameters to the SSD, also construct the necessary privileges block for within the parameters block.

Installing applications to a SSD

To extradite an application to a different security domain during installation, specify the SSD with -to:

gp -install <applet.cap> -to <AID>

The SSD must accept the extradition, so create

Extraditing applications

gp -move <AID> -to <AID>

Both security domains must allow the extradition or the operation will fail.

Creating a new tree

A new tree is one which has itself as root. Create it with

gp -move <AID> -to <AID>

javacard.pro - custom JavaCard applet development services

Usage

Development

Clone this wiki locally