SDK command line tools

These are the SDK command line tools that you might want to make use of directly. These are all individually documented in the SmartDeck manual. Each outputs the list of options it supports if  run without any options specified. Some examples are given below.

  • hcl.exe Compiler driver: provides a useful way to get files compiled, assembled and linked. Usually called from the MULTOS Eclipse Toolchain but can be used stand-alone.
  • hsim.exe MULTOS Simulator: used in conjunction with mdb but can also be used stand-alone.
  • hterm.exe Loader: Used to load and delete application from MULTOS cards and send APDUs.
  • har.exe Archiver: Consolidates multiple object files into a single, object code library
  • hls.exe Object file lister: displays useful information held in unlinked files and linked executables.
  • hkeygen.exe RSA key pair generator: creates a private and public RSA key pair, suitable for use with MULTOS cryptography primitives
  • halugen.exe ALU generator: creates a standard MULTOS application load unit.
  • melcertgen.exe ALC/ADC generator: creates load and delete certificates for developer cards.
  • meldump.exe MULTOS file list: outputs contents of standard MULTOS files.

hterm (Terminal Emulator)

hterm is a really useful command-line tool and can be used for

  • listing the contents of the device (-dir)
  • loading applications (both to developer and live chips)
  • deleting applications
  • selecting applications
  • sending APDU commands to the device (command line switch and interactively)
  • displaying information about the device

Some examples:-

  • hterm -serial COM3 -load myapp.hzx -cardtype MI-M5 loads an app from a debug-build file to a developer chip connected on port COM3 using the default test key set for Trust Anchor devices.
  • hterm -serial COM3 -alu myapp.alu -alc myapp.alc loads an app from the release-build file using a load certificate (generated by the MULTOS Key Management Authority for live devices)
  • hterm -serial COM3 -cardtype MI-M5 -clean removes all applications listed in the chip’s directory file using the default test key set for Trust Anchor devices
  • hterm -serial COM3 -selectaid F0000001 -interact selected the application with ID (in hex) of F0000001 and starts a prompt for entering APDU commands to send to the application.

The loading and deleting functionality can be used from post-build scripts in Eclipse to automatically load applications to the chip after a build (as shown in the example projects) and issue a command for debugging.

  • hterm -serial COM3 -cardtype MI-M5 -clean -load Debug\myapp.hzx -selectaid F0000001 -apdu 7000000000 wipes the previous applications, loads that just built, selects it and sends a command to it.

hkeygen (Key Generator)

This tool is useful for generating an application signing key pair for development purposes. It supports up to 2048 bit RSA keys.

  • hkeygen -exponent 3 -modsize 1024 -private app_provider.priv -public app_provider.pub

halugen (ALU Generator)

This tool converts a debug build file into a release build Application Load Unit file (ALU). There are three varieties of ALU depending on the security level required:- Plaintext, Protected and Confidential. Some common examples are:-

  • halugen myapp.hzx will generate a Plaintext ALU file called myapp.alu
  • halugen -cardtype MI-M5 -protected -appk app_provider.priv myapp.hzx will generate a Protected ALU file called myapp.alu
  • halugen -cardtype MI-M5 -confidential -appk app_provider.priv -dataonly -autoPad myapp.hzx will generate a Confidential ALU file called myapp.alu when the application data is encrypte

ALUs are required once the application needs to be provisioned to live devices; that is those that have unique identities and unique secret loading keys. In a production environment, application signing and encryption is usually conducted using secure software built around a Hardware Security Module (HSM). These systems can be purchased from MULTOS Consortium members or built in-house if preferred using the information provided in the MULTOS Technical Library.

melcertgen (ALC and ADC Generator)

This tool allows you to generate load and delete certificates for loading application ALU files using hterm or other MULTOS loading tools such as MUtil. The certificate type has to match the application type (Plaintext, Protected or Confidential).

  • melcertgen myapp -cardtype MI-M5  myapp.hzx will generate myapp.alc and myapp.adc files for a Plaintext ALU.
  • melcertgen myapp -cardtype MI-M5 -protected -appk app_provider.pub myapp.hzx will additionally include the certified app_provider.pub key in the load certificate for a Protected ALU.
  • melcertgen myapp -cardtype MI-M5 -confidential -appk app_provider.pub -pad 8 myapp.hzx will additionally pad the application data size to match the encryption block size for a Confidential ALU
  • The -adf option will additionally generate a JSON formatted file for registering the application in a MULTOS Key Management Authority (KMA).

For live devices, the certificates have to come from a KMA.

pubconvert

This tool simply converts a public key file generated by hkeygen into the format needed by the KMA.