Before I started using the muscle/javacard signing API, I used the muscle/javacard RSA encrypt methods to verify an openssl-generated signature, using a public key imported from openssl. Muscle/javacard correctly crypted the incoming signature block to reveal the characteristic hash PDV and padding of the PKCS#1 type 1 oracle.
I coded all the messages by hand, from the specs, rather than building any tools -- i'm afraid. I dont have the code space for all the wrapper APIs. Getting radiation-hardened 8051s with large code space is hard! Obviously, change the last 0x80 ciphertext argument bytes in Decipher.finalize.
Im not sure I ever got this to work with the public muscle source: success only came by studying and building a CVS version of the computecrypt methods, note.
Once you have a openssl tool that can easily build to use musclecard signing, do release, please. Ive often been tempted to simple #ifdef the RSA software implentation in libcrypt(3), and replace with the call to RSAsign with the muscleLib comptecrypt() . Hardly pure, but only an hour's work! 1 hour code hack, or 17 hour config of proper PKCS#11 v2 API...support. if you do this, beware openssl's bignums byte ordering.
//ENCRYPT.init using private key, using RSAenc not RSASig 0xB0 0x36 0x01 0x01 0x05 0x00 0x03 0x01 0x00 0x00; //R-APDU: 0x90 0x00
//Encrypt.final key 1
0xB0 0x36 0x01 0x03 0x83 0x01 0x00 0x80 0x01 0x02 0x03 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00;
//R-APDU: 0x61 0x82
//GetResponse 0x00 0xC0 0x00 0x00 0x82; // ... whatever
// APDU Decrypt.init with key 2 0xb0 0x36 0x02 0x01 0x05 0x00 0x04 0x01 0x00 0x00; // 90 00
// APDU Decrypt.finalize
0xb0 0x36 0x02 0x03 0x83 0x01 0x00 0x80 0x3E 0xA1 0x55 0xCD 0xB6 0x73 0xF8 0xDD 0x93 0xAB 0x86 0xF1 0x62 0xDC 0x45 0x15 0x75 0x74 0xCF 0x17 0xFD 0x80 0x2E 0x28 0xAF 0xCF 0x2B 0x1E 0x05 0x17 0x58 0xA2 0x6F 0xCE 0x09 0x35 0x37 0xFD 0x5B 0x9C 0xA0 0x63 0x11 0xB3 0xC3 0x40 0x85 0xC9 0x81 0x41 0xEF 0x29 0x4E 0xAF 0x17 0x9C 0xE6 0xCB 0x22 0x1C 0x86 0xD6 0xB6 0x9C 0xD2 0x40 0x2C 0x6A 0xF5 0xC1 0xD2 0x4D 0xF1 0x68 0x7E 0xD0 0x32 0x3E 0xD1 0x6A 0xEB 0x42 0xDE 0xC0 0x08 0x2F 0xD0 0xF2 0xF4 0x6F 0x58 0x63 0x5B 0xF2 0x9E 0xBD 0x39 0xB4 0xD3 0xEE 0xC0 0x38 0x6F 0x88 0x9E 0x39 0x38 0x12 0xFF 0xA7 0xBB 0x12 0x30 0x95 0x12 0x5D 0xA0 0xF7 0x6F 0xC6 0xB4 0x9E 0x65 0x66 0x4A 0x49 0x68 0x93;
// 61 82 // Get Response 0x00 0xC0 0x00 0x00 0x82;
From: Carl Youngblood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED], MUSCLE <[EMAIL PROTECTED]>
To: MUSCLE <[EMAIL PROTECTED]>
Subject: [Muscle] Problem trying to encrypt with openssl and decrypt on card
Date: Sun, 8 Aug 2004 07:59:19 -0700
Hello,
I've finally been able to load a PKCS12 keystore onto a card running the Muscle applet (loaded using Identity Alliance's IAC Client middleware). I'm encrypting data with openssl using the certificate that was loaded onto the card and trying to decrypt the data using libmusclepkcs11, but the decrypt seems to be using a different algorithm than the RSA PKCS1 algorithm we are using to encrypt the data, since we are not getting the right data back. I'm sure someone has tried to do something like this (encrypt in software, decrypt on card) with the Musclecard applet. Any ideas or suggestions? Does anybody have some source code that could show me how to do the encrypt using openssl? I'm away from the office right now, but when I get there I can post the source that I am using to encrypt the data.
Thanks,
Carl Youngblood _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
