The SmartDeck manual includes details of all the tools and options available. Here are some useful example commands.
hterm is a really useful command-line tool and can be used for
- listing the contents of the device (-dir)
- loading applications (both to developer and live chips)
- deleting applications
- selecting applications
- sending APDU commands to the device (command line switch and interactively)
- displaying information about the device
- hterm -serial COM3 -load myapp.hzx -cardtype MI-M5 loads an app from a debug-build file to a developer chip connected on port COM3 using the default test key set for Trust Anchor devices.
- hterm -serial COM3 -alu myapp.alu -alc myapp.alc loads an app from the release-build file using a load certificate (generated by the MULTOS Key Management Authority for live devices)
- hterm -serial COM3 -cardtype MI-M5 -clean removes all applications listed in the chip's directory file using the default test key set for Trust Anchor devices
- hterm -serial COM3 -selectaid F0000001 -interact selected the application with ID (in hex) of F0000001 and starts a prompt for entering APDU commands to send to the application.
The loading and deleting functionality can be used from post-build scripts in Eclipse to automatically load applications to the chip after a build (as shown in the example projects) and issue a command for debugging.
- hterm -serial COM3 -cardtype MI-M5 -clean -load Debug\myapp.hzx -selectaid F0000001 -apdu 7000000000 wipes the previous applications, loads that just built, selects it and sends a command to it.
This tool is useful for generating an application signing key pair for development purposes. It supports up to 2048 bit RSA keys.
- hkeygen -exponent 3 -modsize 1024 -private app_provider.priv -public app_provider.pub
This tool converts a debug build file into a release build Application Load Unit file (ALU). There are three varieties of ALU depending on the security level required:- Plaintext, Protected and Confidential. Some common examples are:-
- halugen myapp.hzx will generate a Plaintext ALU file called myapp.alu
- halugen -cardtype MI-M5 -protected -appk app_provider.priv myapp.hzx will generate a Protected ALU file called myapp.alu
- halugen -cardtype MI-M5 -confidential -appk app_provider.priv -dataonly -autoPad myapp.hzx will generate a Confidential ALU file called myapp.alu when the application data is encrypte
ALUs are required once the application needs to be provisioned to live devices; that is those that have unique identities and unique secret loading keys. In a production environment, application signing and encryption is usually conducted using secure software built around a Hardware Security Module (HSM). These systems can be purchased from MULTOS Consortium members or built in-house if preferred using the information provided in the MULTOS Technical Library.
This tool allows you to generate load and delete certificates for loading application ALU files using hterm or other MULTOS loading tools such as MUtil. The certificate type has to match the application type (Plaintext, Protected or Confidential).
- melcertgen myapp -cardtype MI-M5 myapp.hzx will generate myapp.alc and myapp.adc files for a Plaintext ALU.
- melcertgen myapp -cardtype MI-M5 -protected -appk app_provider.pub myapp.hzx will additionally include the certified app_provider.pub key in the load certificate for a Protected ALU.
- melcertgen myapp -cardtype MI-M5 -confidential -appk app_provider.pub -pad 8 myapp.hzx will additionally pad the application data size to match the encryption block size for a Confidential ALU
- The -adf option will additionally generate a JSON formatted file for registering the application in a MULTOS Key Management Authority (KMA).
For live devices, the certificates have to come from a KMA. For details of how to set up access to and make use of the KMA please see this document.
This tool simply converts a public key file generated by hkeygen into the format needed by the KMA.