Shareable Interface in Javacard: use cases and implementation

Question

[Context]

I need to send data from one applet to another. In addition, one of the applets needs to be deleted and reinstalled. After the installation, data exchange between the applets needs to be possible.

Is Shareable Interface useful to realize that?

[Theoretical]

In general, I would like to know the cases where shareable interface is a good idea and What its principal use.

[Practice]

I took example from this answer but it does not work. I think I did not understand how to implement. I tried to create two applets in the same package, one master and one slave. But I got 6F 00 when slave is selected. I did other test with two packages. But I got same error.

Answer 1

Shareable allows you to exchange the data between applets on the card. There are some limitations though, the main being the fact that one cannot freely exchange internal objects. Only objects allowed for sharing can pass via the Shared interface. The example you mention uses some proprietary “SharedArray” interface to implement this.

By default, only standard global objects such as APDU backing array, or various STK objects can be used for this purpose. In addition, it is possible to pass simple value types such as byte and short via the Shared interface methods.

In some cases, especially in STK environments the Shared interface is used to initiate the operations while the data is passed via a separate EF on the card which is used as a “mailslot”.

Regarding, the implementation itself, one needs to remember that Shareable interface is just a marker and as such you need to define a concrete interface that inherits from Shareable to be able to use it in the application.

The above interface constitutes a hard dependency for any application using or implementing this interface.

As a result, the package containing the interface definition cannot be deleted if any of the other applets/libraries use it.

One of the common options is to define the interface in a separate library and install it first. Since it is not likely to change, and if it does you would change the AID,version anyway, all other clients can be freely installed and deleted.

Lastly, please keep in mind Sharable interface should be used with care due to security issues associate with data sharing.

I highly recommend getting a copy of “Java Card Technology for Smart Cards: Architecture and Programmer's Guide” which covers these topics and much more.

Answer 2

Answering your question in order

1. [Context]

Shareable interface is used when one applet(Client Applet) need to access methods from another applet(Server applet) provided both the applets are located in different packages.Applets in different packages are separated by a firewall to prevent access to applet data across package.

Applet instances can be deleted in any order but Applet package should deleted in order. That is, first client package is deleted than server package is deleted.

2. [Theoretical]

Shareable interface is useful for object sharing since firewall restrict object sharing between packages.

For proper uses cases kindly go through this white paper - www.usenix.org/legacy/event/smartcard99/full_papers/montgomery/montgomery.pdf

3. [Practice]

Kindly check solution for shareable interface implementation - https://stackoverflow.com/a/57200926/4752262