GlobalPlatformPro, Gemalto IDPrime PIV 2.0 card, Gemalto IDBridge CL3000 Dual Interface Smart Card Reader, Ubuntu 14.4

Information on how to load your own applets onto a Gemalto PIV card are hard to come by, so below is a quick write up of how to do it. This also gets you GlobalPlatform access to the card, which is difficult to figure out due to little documentation available on the key diversification used. The spec sheet for the Gemalto IDPrime PIV 2.0 card can be found here.

Make sure your smart card reader is attached. If it isn't you may have to restart pcscd to get it to show up:

rchapman@vagrant-ubuntu-trusty-64:~$ opensc-tool -l
No smart card readers found.

rchapman@vagrant-ubuntu-trusty-64:~$ sudo service pcscd restart
[sudo] password for rchapman:
 * Restarting PCSC Lite resource manager pcscd                                                                                                 [ OK ]

rchapman@vagrant-ubuntu-trusty-64:~$ opensc-tool -l
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    No              Gemalto Prox-DU [Prox-DU HID_15100775] 00 00
1    Yes             Gemalto Prox-DU [Prox-DU HID_15100775] 00 01

Download GlobalPlatformPro

rchapman@vagrant-ubuntu-trusty-64:~$ wget
--2016-02-10 06:06:51--
Resolving (
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 995937 (973K) [application/octet-stream]
Saving to: ‘gp.jar’

100%[============================================================================================================>] 995,937      915KB/s   in 1.1s

2016-02-10 06:06:53 (915 KB/s) - ‘gp.jar’ saved [995937/995937]

Make sure you can list the applets on the card. Be careful, some cards will lock you out if you fail to authenticate to the card a certain number of times. From my experience with the Gemalto card I bought from the Gemalto WEB store, it didn't lock me out even though it took me over a hundred attempts to get the auth working. The key below works with the Gemalto IDPrime PIV 2.0 cards I purchased from the Gemalto WEB store as well as

rchapman@vagrant-ubuntu-trusty-64:~$ java -jar ~/gp.jar -visa2 -key 47454D5850524553534F53414D504C45 -mode clr --list
AID: A000000003000000 (|........|)
     ISD INITIALIZED: Security Domain, Card lock, Card terminate, CVM (PIN) management

AID: A000000308000010000100 (|...........|)
     App SELECTABLE: Default selected, CVM (PIN) management

AID: A000000308000010000200 (|...........|)
     App SELECTABLE: CVM (PIN) management

AID: A0000000620001 (|....b..|)
     ExM LOADED: (none)

AID: A0000000620002 (|....b..|)
     ExM LOADED: (none)

AID: A0000000620003 (|....b..|)
     ExM LOADED: (none)

AID: A0000000620101 (|....b..|)
     ExM LOADED: (none)

AID: A000000062010101 (|....b...|)
     ExM LOADED: (none)

AID: A0000000620102 (|....b..|)
     ExM LOADED: (none)

AID: A0000000620201 (|....b..|)
     ExM LOADED: (none)

AID: A0000000030000 (|.......|)
     ExM LOADED: (none)

AID: A0000000620202 (|....b..|)
     ExM LOADED: (none)

AID: A000000018100106 (|........|)
     ExM LOADED: (none)

AID: A000000018100201 (|........|)
     ExM LOADED: (none)

AID: A000000018100101 (|........|)
     ExM LOADED: (none)
     A000000018534441 (|.....SDA|)

AID: A00000015100 (|....Q.|)
     ExM LOADED: (none)

AID: A000000018100108 (|........|)
     ExM LOADED: (none)

AID: A000000018100109 (|........|)
     ExM LOADED: (none)

AID: A000000018100401 (|........|)
     ExM LOADED: (none)

AID: A000000018100402 (|........|)
     ExM LOADED: (none)

AID: A00000030800001000 (|.........|)
     ExM LOADED: (none)
     A000000308000010000100 (|...........|)
     A000000308000010000200 (|...........|)


Download gpshell to obtain the hello world applet, already compiled into a cap file:

rchapman@vagrant-ubuntu-trusty-64:~$ curl -Lo gpshell.tar.gz ''

rchapman@vagrant-ubuntu-trusty-64:~$ tar zxvf gpshell.tar.gz

Install the hello world applet:

rchapman@vagrant-ubuntu-trusty-64:~$ java -jar ~/gp.jar -visa2 -key 47454D5850524553534F53414D504C45 -mode clr --install gpshell-1.4.4/helloworld.cap
CAP loaded

List applets again to find AID (applet ID) of hello world. It should be D0D1D2D3D4D501.

rchapman@vagrant-ubuntu-trusty-64:~$ java -jar ~/gp.jar -visa2 -key 47454D5850524553534F53414D504C45 -mode clr --list | grep -A 4 'AID: D0D1D2D3D4D501 '
AID: D0D1D2D3D4D501 (|.......|)
     ExM LOADED: (none)
     D0D1D2D3D4D50101 (|........|)

Run the applet on the card by selecting the AID D0D1D2D3D4D501, then send any valid APDU (doesn't matter what it is, the app will always return "Hello World!")

rchapman@vagrant-ubuntu-trusty-64:~$ opensc-tool -s "00 A4 04 00 07 D0 D1 D2 D3 D4 D5 01" -s "00:CB:3F:FF:05:5C:03:5F:C1:02:00"
Using reader with a card: Gemalto Prox-DU [Prox-DU HID_15100775] 00 01
Sending: 00 A4 04 00 07 D0 D1 D2 D3 D4 D5 01
Received (SW1=0x90, SW2=0x00)
Sending: 00 CB 3F FF 05 5C 03 5F C1 02 00
Received (SW1=0x90, SW2=0x00):
48 65 6C 6C 6F 20 57 6F 72 6C 64 21 Hello World!

If you want to uninstall the applet from the card, run:

rchapman@vagrant-ubuntu-trusty-64:~$ java -jar ~/gp.jar -visa2 -key 47454D5850524553534F53414D504C45 -mode clr --delete D0D1D2D3D4D501 --deletedeps