Programmable smartcards are not just a piece of plastic for your headshot or a dumb portable store for cryptographic keys. Instead, they can perform on-card key generation, digital signatures combined with one-time passwords or even run relatively complex applications like web-servers with clients connecting via HTTPS. Those benefit from an environment with a high physically security, which includes built-in cryptographic accelerators, truly random number generators, and protected data storage.

Although the smartcard industry is more secretive than it should be with proprietary APIs and non-disclosure agreements (NDAs) at almost every step, open JavaCard platform that exists from about 1999 offers some opportunity to write own portable and open-source applications.

You can buy JavaCard-enabled smartcards for as little as $3 even in small quantities. No special skills are required, programming is done in plain Java and development toolchain is available for free.

I have recently spent some time sifting through all GitHub repositories for Java smart card projects searching for “import javacard.framework” — a sign of JavaCard applets, or relevant applications.

I used all that information to create a curated list (https://github.com/EnigmaBridge/javacard-curated-list). At the moment (7th June, 2017), there are 130 projects listed in five categories: Applets, Library code, Developer tools, JavaCard simulators, and Learning.

You are encouraged to contribute!

As most of the relevant repositories are on GitHub, I present here some statistics and also wider conclusions about the JavaCard community active on GitHub.

Popular JavaCard repositories

The most popular JavaCard-related repository is Yubico ykneo-openpgp applet (originally from Radboud University Nijmegen) implementing card’s component of the OpenPGP standard with 149 stars. It is followed by Licel’s JCardSim applet simulator (very helpful for automated testing), Martin Paljak’s AppletPlayground (a set of well prepared applets for beginners to fiddle with) and LedgerHQ’s Bitcoin Hardware Wallet. The top five includes another Yubico’s project ykneo-oath, an HOTP/TOTP applet generating one-time passwords. In total, there are 20 repos with at least 10 stars.

Popularity of GitHub repositories according to number of stars awarded.

How frequently are other developers forking the main repo?

JavaCard open-source developers don’t seem bothered with releases. Only 19 made at least one and only 10 made more than two releases.