Hi all,
I'm validating a JavaCard applet on SIM hardware with no carrier involved,
across both the eUICC and physical-UICC paths, and would value a steer from
anyone who has done either end to end.
Planned eUICC setup (from the eUICC manual + mode51 RSP series):
- osmo-smdpp as a self-hosted SM-DP+ (test keys)
- pySim / lpac as the LPA
- a test-CI eUICC in plastic form factor (sysmoEUICC1-C2T, since a
production-CI card rejects a test-signed SM-DP+)
Planned physical-SIM setup:
- a developer UICC where I hold the GP/ADM keys (looking at sysmoUSIM-SJA2
or a Thales/G+D dev kit)
- applet load via pySim / GlobalPlatform
Question 1 — loading a custom applet, both paths
eUICC: the manual covers profile transport and the auth/download handshake
well, but not how to author a profile package that carries a custom
JavaCard applet (load file, GP install params, signing it so osmo-smdpp
serves it). Is bundling the applet in the eUICC Profile Package the right
carrier-free route, or is post-issuance GP load over a profile-supplied SD
more practical for dev/test? Physical: for a dev UICC where I hold the
keys, is pySim/GlobalPlatform load the expected route? A working reference
for the profile-authoring step with a non-trivial applet is the one gap I
can't close from the docs.
Question 2 — crypto API exposed to the applet
Independently of provisioning: does the JavaCard runtime on sysmoEUICC1,
and on the physical sysmoUSIM line (or any dev/test card people here have
actually probed), expose secp256k1 as a custom EC Fp curve with arbitrary
domain parameters (via ECPrivateKey/ECPublicKey setters) AND plain ECDSA
over an externally supplied 32-byte digest — ALG_ECDSA_PLAIN-style, no
on-card hashing? The digest is Keccak-256 computed off-card, so
hash-then-sign or P-256-only builds won't work. Two things would be
especially useful: a reliable way to probe a card's crypto API empirically
over APDU (instantiate the keypair, see what throws), and whether this
capability is known to differ between the eUICC and physical product lines.
I've gone through the eUICC manual, the osmo-smdpp wiki, and the mode51
walkthroughs before posting. Pointers, partial answers, or a hard "no,
because X" are all welcome.
Thanks,
Francis Abuga
