New NFC Sharing Applet

We just rolled out the new NFC Sharing applet to all Apex customers!

This new applet was developed by me for Vivokey, and supersedes the previous implementation by OpenJavaCard. The new applet comes with a few new fancy features:

  • T4TOP 2.0 conformant NDEF implementation
  • Interactive installer via Fidesmo! You can now specify the size of the NDEF data store you want to allocate (or pick one of the presets), an optional URL to load during installation, and even if you want to put the applet into read-only mode.
  • Read-only mode! You can now either lock the applet for writing automatically directly after the installation, or any time when you want by sending a special command (APDU: 00 E1 00 00). This will eventually also be supported in the Apex manager app. There is no way to unlock the applet, you have to re-install it instead.
  • Optional AES128-CMAC signature overlay! During installation, the applet is personalized using a random unique secret key and your Fidesmo ID. This key can then be used to sign the data read on each scan, to ensure the identity of the chip and also prevent re-using already scanned URLs. The template string {AES128_CMAC_SIGNATURE_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX} is automatically replaced with a new salted signature for each scan (format: UID-COUNTER-SIGNATURE). You can then validate this signature by posting it to the Vivokey validation API. For more information, see . This behaves a bit like the previous Spark functionality. The API is still being developed, if you are interested contact @amal .
  • The FlexSecure crowd can of course still continue to use the OpenJavaCard implementation. I will continue to provide CI builds of that applet via GitHub as before. The new Vivokey NDEF applet will be available for Apex users for now (until we figure out how to securely deploy to FlexSecures remotely), because it integrates tightly with the Fidesmo ecosystem and also the Vivokey API platform.

If you have any questions or bugs to report, please feel free to do so in this thread.