I'm currently developing an Android Host Card Emulation (HCE) app targeting API level 34. My application handles the server-side implementation of PACE (Password Authenticated Connection Establishment) authentication and responds to APDU commands in secure messaging. This app manages two Applets:
The main Applet, with AID registered statically in "apduservice.xml." It triggers the application and executes PACE => this part works perfectly.
A second Applet intended to be selected within the PACE secure channel. The registration of this AID will occur after PACE takes place using "registerAidsForService."
The PACE authentication part is working as expected. However, I face an issue with the encrypted SELECT AID command that follows the PACE process. Specifically, I receive an SW 6E00 (invalid class) response. I suspect this is related to the CLA=0C in the SELECT command.
My question: Does Android HCE support AID selection with secure messaging? If so, could someone guide me on the correct approach to achieve this?
I understand that resolving the select issue is crucial, and once done, I'll need to explore how to dynamically register the encrypted AID of my second applet...
During my tests, I observed that when sending a READ BINARY in Secure Messaging, it consistently falls into the processCommandApdu. It means that only the SELECT command always returns 6E00.
When troubleshooting, I attempted to retrieve the entry point of the SELECT AID in Android API. My goal was to understand how this part is managed and gain insights into error handling. Unfortunately, I didn't find nothing.
I haven't made much progress, but I believe I've found the answer to my question so I'll share the result so it helps someone in the future.
I came across a code snippet from the Android Host Emulation Manager class com.android.nfc.cardemulation.HostEmulationManager.java
.
In the findSelectAid
method, there's a comment stating that secure messaging isn't supported.
Therefore, it seems impossible to achieve this using Android, now I'm exploring alternatives to Android HCE for my use case.