[security-dev 00253]: Re: Handling of APDU output chaining in Channel.transmit()

Sean Mullan Sean.Mullan at Sun.COM
Mon Jul 28 08:14:20 PDT 2008

I have asked someone who worked on this code and they said:

I believe this is a failsafe to prevent the code from going into an
infinite loop when talking to a bad card or driver.


Ming Yung wrote:
>  Hi there,
> This relates to a limitation (bug?) in the implementation of 
> javax.smartcardio.Channel.
> I am looking at doing APDU output chaining using the "SW 61XX and GET 
> RESPONSE" mechanism in order to transfer large datasets out of a 
> JavaCard. As it stands, I am limited to chains of length 31 because of 
> the following condition in 
> sun.security.smartcardio.ChannelImpl.doTransmit(byte[] command):
>  int k=0;
>  while (true) {
>     if (++k >=32) {
>       throw new CardException("Could not obtain response");
>     }
>      ....
> Is there any reason for this condition? I cannot find it in ISO 7816-4 
> (2005 edition).
> Right now, a workaround is to set the undocumented system property 
> "sun.security.smartcardio.t1GetResponse" to "false" (I'm using a T=1 
> card) and handle the chaining outside smartcardio.
> Cheers,
> Ming

More information about the security-dev mailing list