VivoKey Apex update

I just added this as you posted

But this maybe be closer

( From the same thread )

also this

Ummm…OKAY…Oops to slow :wink:

1 Like

What happens with customs / blinkies? Would each colour need to be certed, or what happens without blinkies or with custom mixes?

1 Like

Thi. is. future! XD

1 Like

Ah Rosco, on the prowl for ever increasing memory sizes

2 Likes

And also, would it be any limitation to user-custom applets to be deployed?
(I can imagine the sandboxing might cause issues with access to some of the chips features, or a higher level abstract app-redirection layer to be overridden by proprietary features/applets.)

1 Like

From looking at https://developer.fidesmo.com/javacard it seems that the maximum converted applet file size is 64kb

1 Like

Ooooh, good question!

I can step in here.

Kind of.

User-custom apps go through the Fidesmo process, but as a developer. They’re pretty easy to get for debug loading, you sign up with Fidesmo, get an applet ID from them and target that - you can then push and use manual servicing to install those.

You don’t really need approval or anything from Fidesmo to load via manual servicing or the FDSM tool. To publish the app to the “store” as such, though, they are likely to need a copy of your source code and some testing. They may also object to the publishing of an app if it goes against their TOS or even their alignments in the industry (it took us getting an email from a senior Tesla tech saying they weren’t going to target, challenge or have anything to do with third-party versions of the keycard applet for us to get approval on this front).

2 Likes

It takes a lot to get to here, and it’s not actually required. That’s a compatibility thing. If you’re targeting P71, you can simply say so.

Using the FDSM/manual service method, that is not an issue.

PIVApplet is the only one i can think of that goes above that size, and even then it’s not really that big - v3 CAP files are way different to v2 - they include different linking methods iirc (someone far smarter than me explained it to me).

1 Like

Nice, thanks for the info! Any recommendations on tutorials / resources for those of us looking to potentially get involved in development of applets?

1 Like

Our public Github repo has some good code examples - look for Javacard applets specifically, we’ve got a few things there (plus more you can’t see publicly :wink: )

Otherwise it’s java, but memory constrained. You don’t get ints, your IO is through a main-style function that’s called on the receiving of data, from there you determine which command is requested, if you handle that, if the data’s right etc, and send a response apdu

2 Likes

In case you’re working on the PGP applet, I look forward to 4096 bit PGP key support :wink:

5 Likes

Thanks!!
that is kinda relieving to read!

Although I assume they would, even through that process, still prevent my custom app to be the first instance to respond to a reader, right?
(I kinda can’t see any issue with that on my first thoughts, but can imagine that could be exploited)

1 Like

If anyone else has a bunq account:
I guess if we get enough upvotes on a feature proposal, they’ll at least have a serious look at it.

Here’s my Feature Proposal on bunq:

3 Likes

Yes, hello to you too. Welcome to the community.

Or do you just want to drop your clickbait here?

Jesus I hate online marketing…

EDIT: looks like it’s not advertisement after all, just a rude poster.

3 Likes

Welcome to the Community

Have you voted?

did you actually click it?

2 Likes

Ah! Hehe, actually I didn’t. it looked so damn much like advertisement: guys pops in, doesn’t introduce himself and posts a link to something within minutes. I didn’t feel it was worth giving him the pleasure of swallowing the clickbait.

I stand corrected.

5 Likes

I read the “my proposal” part and hovered my mouse over the link and saw it mentioned VivoKey so I clicked… but yeah I thought it was sus too at first.

Unfortunately the banks are not the issue with contactless payment. Even if they wanted to (we’ve had many banks approach us), it’s still not possible because of MasterCard and Visa blocking it. They own their payment networks and they get to say what happens on their own networks… including what types of devices can participate.

2 Likes

You’d think the US government would have pulled the Sherman act on that cartel decades ago. Amazing… They would have in the past.

2 Likes