Mr. Williams, Let me clarify. I did not get confused by the use of key names
In atleast the source code for the applet I have, in ComputeCrypt a key's getType() method's return value 1 KEY_RSA_PUBLIC is TYPE_DES_TRANSIENT_RESET 2 KEY_RSA_PRIVATE is TYPE_DES_TRANSIENT_DESELECT 3 KEY_RSA_PRIVATECRT is TYPE_DES 4 KEY_DSA_PUBLIC is TYPE_RSA_PUBLIC 5 KEY_DSA_PRIVATE is TYPE_RSA_PRIVATE 6 KEY_DES is TYPE_RSA_PRIVATE_CRT 7 KEY_3DES is TYPE_DSA_PUBLIC 8 KEY_3DES3 is TYPE_DSA_PRIVATE I want to sign using TYPE_RSA_PRIVATE_CRT, but the applet throws SW_INCORRECT_ALG So without changing the applet's source code, I won't be able to sign using TYPE_RSA_PRIVATE_CRT key I may be able to sign using TYPE_RSA_PUBLIC, TYPE_RSA_PRIVATE but the siganture's getInstance is initialized to 11 Cipher.ALG_RSA_ISO9796 which is actually Signature. ALG_RSA_MD5_PKCS1, but SW_UNSUPPORTED_FEATURE is thrown also. If I stop there seeing the status word I would not be able to use ALG_RSA_MD5_PKCS1 The cyberflex e-gate 32k card I have supports rsa algorithms ALG_RSA_MD5_PKCS1 ALG_RSA_SHA_PKCS1 so without changing the source code, musclecard does not support signatures with TYPE_RSA_PRIVATE_CRT key thank you --- Peter Williams <[EMAIL PROTECTED]> wrote: > > > > >From: vladimir lenin <[EMAIL PROTECTED]> > >Reply-To: MUSCLE <[EMAIL PROTECTED]> > >To: MUSCLE <[EMAIL PROTECTED]> > >Subject: Re: [Muscle] rsa signature > >Date: Sun, 16 May 2004 09:52:23 -0700 (PDT) > > > >Hello > >After going through the source code, The conclusion > I > >came to is > >1. musclecard does not have signature capability > >(by signature I mean computing both the > messagedigest > >of plain text and encrypting with private key, like > >ALG_RSA_SHA_PKCS1) > > I'd dispute the conclusion. If the basis for > reasoning is observing the > programmer's use of names in the source code, then I > have some sympathy for > the error in the reasoning. There are other bases > however, that go more to > the heart of the issue. > > >2. musclecard supports encryption and decryption, > so I > >have to calculate the message digest off card and > pad > >it and send it to the card to encrypt. > >(It supports something like ALG_RSA_PKCS1) > >thank you > > My own evidence disputes this: I wasted 2 weeks on a > poor-quality UK > javacard product vendor, whose simulator improperly > packed the PKCS1 type 1 > block with the hash, whereas their card did things > correctly. Obviously, > neither device could verify each other's signatures. > > Muscle didnt help itself on this issue: in my > (considerably-modified) source > of muscle applet, I let the CRT key bind to the > particular signing > algorithm. In this way, I got passed the fact that > the current release > forces use of MD5 - which the vendor's card did NOT > support. > > Other cards may have NO support for any hashing > algorithms, vladimir. This > very practical evidence suggest at least one valid > basis which would allow > you to correctly deduce the wrong conclusion. > > Id get proof that (a) your card can hash anything > (b) then, that it even > supports signature algorithms that bind RSA to > hashing schemes. Perhaps the > card only offers RSA PKCS#1 type 2 or OAEP > padding..., even if it supports > and provides implementations of the common hashing > classes. > > Remember, there are NO conformance standards for > javacard crypto support. > Every card build is different. Some to 512 bit, some > do 1024, some do MD5, > some do SHA1. some have fast eeprom, others do not. > Some do key gen , others > do not. > > > > > > > >--- Christian Schneider <[EMAIL PROTECTED]> > wrote: > > > vladimir lenin wrote: > > > > > > >Mr. schneider, > > > >You are not signing on the card itself. you are > > > >getting the certificate and key from the card > and > > > >using them to sign on the host. I want the card > > > applet > > > >to sign the message digest I send. Correct me > if > > > you I > > > >misunderstood aomething > > > >thank you > > > > > > > > > > > I create the digest on the host. > > > > > > But the signing is done on the card. The key is > not > > > extractable. > > > > > > The library lets me find the private key on the > > > card. But I get only > > > a handle of the key that is then given to the > > > signing function. > > > > > > Perhaps the generation of the hash is the > problem in > > > your case. > > > I think muscle can�t do SHA1RSA but only RSA. So > the > > > hash has to be > > > generated outside the > > > card. > > > > > > In the library I used there is a function to > request > > > the card�s > > > capabilities. > > > > > > best regards, > > > > > > Christian > > > > > > _______________________________________________ > > > Muscle mailing list > > > [EMAIL PROTECTED] > > > http://lists.drizzle.com/mailman/listinfo/muscle > > > > > > > > > > > >__________________________________ > >Do you Yahoo!? > >SBC Yahoo! - Internet access at a great low price. > >http://promo.yahoo.com/sbc/ > >_______________________________________________ > >Muscle mailing list > >[EMAIL PROTECTED] > >http://lists.drizzle.com/mailman/listinfo/muscle > > > _______________________________________________ > Muscle mailing list > [EMAIL PROTECTED] > http://lists.drizzle.com/mailman/listinfo/muscle __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
