hi all,
Now i can able to export private key through muscletool, for that i change muscletool.c..
The following modifications are done in genkeys method:
keyParams.algoType = MSC_GEN_ALG_RSA_CRT;
keyParams.keySize = 1024;
keyParams.privateKeyACL.readPermission = MSC_AUT_ALL; <---------
keyParams.privateKeyACL.writePermission = MSC_AUT_ALL; <---------
keyParams.privateKeyACL.usePermission = MSC_AUT_ALL; <---------
Only a dirty solution. Because now anybody can read the key. You could protect it with some PIN instead of MSC_AUT_ALL
<--------- here i changed private key permission.
and in export key method i did the follwoing changes.
rv = MSCExportKey(pConnection, keyNumber, keyData, &keySize, 0, 0);
now i want to know, whether there is any program which convert my private key format to base64(standard format).
Please kindly help me so that i can go futher.
Well base64 would not be the problem. There are also console programs, which can do this. What you want is to have a format in PEM format e.g. PKCS#8. For this you could use OpenSLL or the included Crypto Provider Java or .NET or any other and combinations of this. You can give all this possibilities the raw key, i.e. the modulus and the exponent in RSA and then you have a private key structure in this frameworks which can be saved in some format.
For Java you can start reading this:
http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html
Somewhere you will find something.
For OpenSSL I have advise no documentation (OpenSLL has not deserved it's name). But I have a code example of my own for reading a key. Writing can be similar:
/**
* A keySetVersion value of 0x00 adds a new key.
* Any other value between 0x01 and 0x7f must match an existing key set version.
* The new key set version defines the key set version a new key belongs to.
* This can be the same key version or a new not existing key set version.
* \param cardHandle IN The reference OPSP_CARDHANDLE obtained by get_card_status().
* \param *secInfo INOUT The pointer to the OPSP_SECURITY_INFO structure returned by mutual_authentication().
* \param cardInfo IN The OPSP_CARD_INFO structure returned by card_connect().
* \param keySetVersion IN An existing key set version.
* \param keyIndex IN The position of the key in the key set version.
* \param newKeySetVersion IN The new key set version.
* \param PEMKeyFileName IN A PEM file name with the public RSA key.
* \param *passPhrase IN The passphrase. Must be an ASCII string.
* \return OPSP_ERROR_SUCCESS if no error, error code else.
*/
LONG put_rsa_key(OPSP_CARDHANDLE cardHandle, OPSP_SECURITY_INFO *secInfo, OPSP_CARD_INFO cardInfo,
BYTE keySetVersion, BYTE keyIndex, BYTE newKeySetVersion,
OPSP_STRING PEMKeyFileName, char *passPhrase) {
LONG result;
BYTE sendBuffer[261];
DWORD sendBufferLength=261;
DWORD recvBufferLength=256;
BYTE recvBuffer[256];
DWORD i=0;
EVP_PKEY *key;
FILE *PEMKeyFile;
BYTE rsa_modulus[128];
unsigned long rsa_exponent;
if (passPhrase == NULL)
return OPSP_ERROR_INVALID_PASSWORD;
if ((PEMKeyFileName == NULL) || (_tcslen(PEMKeyFileName) == 0))
return OPSP_ERROR_INVALID_FILENAME;
PEMKeyFile = _tfopen(PEMKeyFileName, _T("rb"));
if (PEMKeyFile == NULL) {
return OPSP_ERROR_FILE_NOT_FOUND;
}
key = EVP_PKEY_new();
if (!PEM_read_PUBKEY(PEMKeyFile, &key, NULL, passPhrase)) {
fclose(PEMKeyFile);
EVP_PKEY_free(key);
return OPSP_OPENSSL_ERROR;
};
fclose(PEMKeyFile);
rsa_exponent = key->pkey.rsa->e->d[0];
memcpy(rsa_modulus, key->pkey.rsa->n->d, sizeof(unsigned long)*key->pkey.rsa->n->top);
EVP_PKEY_free(key);
if (keySetVersion > 0x7f)
return OPSP_ERROR_WRONG_KEY_VERSION;
if ((newKeySetVersion > 0x7f) || (newKeySetVersion < 0x01))
return OPSP_ERROR_WRONG_KEY_VERSION;
if (keyIndex > 0x7f)
return OPSP_ERROR_WRONG_KEY_INDEX;
sendBuffer[i++] = 0x80;
sendBuffer[i++] = 0xD8;
sendBuffer[i++] = keySetVersion;
sendBuffer[i++] = keyIndex;
sendBuffer[i++] = 0; // Lc later calculated
sendBuffer[i++] = newKeySetVersion;
sendBuffer[i++] = 0xA1; // alghoritm RSA
sendBuffer[i++] = 0x80; // length of RSA modulus
memcpy(sendBuffer+i, rsa_modulus, 128); // modulus
i+=128;
if (rsa_exponent == 3) {
sendBuffer[i++] = 1; // length of public exponent
sendBuffer[i++] = 3;
}
else if (rsa_exponent == 65537) {
sendBuffer[i++] = 3; // length of public exponent
sendBuffer[i++] = 0x01;
sendBuffer[i++] = 0x00;
sendBuffer[i++] = 0x01;
}
else {
return OPSP_ERROR_WRONG_EXPONENT;
}
sendBuffer[4] = (BYTE)i-5;
sendBuffer[i++] = 0x00; // Le
sendBufferLength = i;
#ifdef DEBUG
_tprintf(_T("put_rsa_key: Data to send: \n"));
for (i=0; i<sendBufferLength; i++) {
_tprintf(_T(" 0x%02x"), sendBuffer[i]);
}
_tprintf(_T("\n"));
#endif
result = send_APDU(cardHandle, sendBuffer, sendBufferLength, recvBuffer, &recvBufferLength, cardInfo, secInfo);
if ( OPSP_ERROR_SUCCESS != result) {
return result;
}
#ifdef DEBUG
_tprintf(_T("put_rsa_key: Data: \n"));
for (i=0; i<recvBufferLength; i++) {
_tprintf(_T(" 0x%02x"), recvBuffer[i]);
}
_tprintf(_T("\n"));
#endif
return OPSP_ERROR_SUCCESS;
}
Bye, Karsten
Thanks in advance
B.Jyostna
-------------------------------------------- Email in Indian languages. This mail has been sent to you from http://webmail.idrbt.ac.in <
DISCLAIMER:
This message is intended solely for the individual or entity to which it is addressed.This communication may contain information that is proprietary, privileged or confidential and otherwise legally exempt from disclosure. If you are not the named addressee,or have been inadvertently referenced in the address line, you are not authorized to read, print, retain, copy or disseminate this message or any part of it.If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.Visit us at http://www.idrbt.ac.in./BODY>
------------------------------------------------------------------------
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
