C H A P T E R  7

Verifying CAP and Export Files

Off-card verification provides a means for evaluating CAP and export files in a desktop environment. When applied to the set of CAP files that will reside on a Java Card technology compliant smart card and the set of export files used to construct those CAP files, the Java Card technology-enabled off-card verifier ("Java Card off-card verifier") provides the means to assert that the content of the smart card has been verified.

The off-card verifier is a combination of three tools, verifycap, verifyexp, and verifyrev. The following sections describe how to use each tool.


Verifying CAP Files

The verifycap tool is used to verify a CAP file within the context of package's export file (if any) and the export files of imported packages. This verification confirms whether a CAP file is internally consistent, as defined in Chapter 6 of the Virtual Machine Specification for the Java Card Platform, Version 2.2.2, and consistent with a context in which it can reside in a Java Card technology-enabled device.

Each individual export file is verified as a single unit. The scenario is shown in FIGURE 7-1. In the figure, the package p2 CAP file is being verified. Package p2 has a dependency on package p1, so the export file from package p1 is also input. The p2.exp file is only required if p2.cap exports any of its elements.

FIGURE 7-1 Verifying a CAP file


This figure has already been described in text

Running verifycap

Command line usage is:

verifycap [options] <export files> <CAP file>

The file to invoke verifycap is a shell script (verifycap) on the Solaris or Linux platform and a batch file (verifycap.bat) on the Microsoft Windows platform.

verifycap Command Line Arguments

The arguments to this command line are:


TABLE
7-1 verifycap Command Line Arguments

Argument

Description

<export files>

A list of export files of the packages that this CAP file uses.

<CAP file>

Name of the CAP file to be verified.


verifycap Command Line Options

For a description of the command line options available for verifycap, see Command Line Options for Off-Card Verifier Tools.


Verifying Export Files

The verifyexp tool is used to verify an export file as a single unit. This verification is "shallow," examining only the content of a single export file, not including export files of packages referenced by the package of the export file. The verification determines whether an export file is internally consistent and viable as defined in Chapter 5 of the Virtual Machine Specification for the Java Card Platform, Version 2.2.2. This scenario is illustrated in FIGURE 7-2.

FIGURE 7-2 Verifying An Export File

This figure has already been described in text.

Running verifyexp

Command line usage is:

verifyexp [options] <export file> 

The file to invoke verifyexp is a shell script (verifyexp) on the Solaris or Linux platform and a batch file (verifyexp.bat) on the Microsoft Windows platform.

verifyexp Command Line Arguments

The argument to this command line is:


TABLE
7-2 verifyexp Command Line Argument

Argument

Description

<export file>

Fully qualified path and name of the export file.


verifyexp Command Line Options

For a description of the command line options available for verifyexp, see Command Line Options for Off-Card Verifier Tools.


Verifying Binary Compatibility

The verifyrev tool checks for binary compatibility between revisions of a package by comparing the respective export files. This scenario is illustrated in FIGURE 7-3. The export files from version 1.0 and 1.1 of package p1 are input to verifyrev. The verification examines whether the Java Card platform version rules, including those imposed for binary compatibility as defined in Section 4.4 of the Virtual Machine Specification for the Java Card Platform, Version 2.2.2, have been followed.

FIGURE 7-3 Verifying Binary Compatibility Of Export Files

This figure has already been described in text.

Running verifyrev

Command line usage is:

verifyrev [options] <export file> <export file> 

The file to invoke verifyrev is a shell script (verifyrev) on the Solaris or Linux platform and a batch file (verifyrev.bat) on the Microsoft Windows platform.

verifyrev Command Line Arguments

The arguments to this command line are:

<export file> <export file> 

Where <export file> represents the fully qualified path of the export files to be compared.

The second export file name must be the same as the first one with a different path. For example,

verifyrev d:\testing\old\crypto.exp d:\testing\new\crypto.exp

verifyrev Command Line Options

For a description of the command line options available for verifyrev, see Command Line Options for Off-Card Verifier Tools.


Command Line Options for Off-Card Verifier Tools

The verifycap, verifyexp, and verifyrev, off-card verifier tools share many of the same command line options. The only exception is the -package option which is available for verifycap only.

These options exhibit the same behavior regardless of the tool that calls them.


TABLE
7-3 verifycap, verifyexp, verifyrev Command Line Options

Option

Description

-help

Prints help message.

-nobanner

Suppresses banner message.

-nowarn

Suppresses warning messages.

-package <package name>

(Available for verifycap only) Sets the name of the package to be verified.

-verbose

Enables verbose mode.

-version

Prints version number and exit.