Re: [Muscle] Some issues with Aladdin eToken PRO 72K (Athena OS755)

Thu, 05 Mar 2009 04:15:24 -0800

I've been digging through the code and, apparently, the reason why 2048 bit keys don't work is that MCardPlugin doesn't yet support handling APDUs with size > MSC_MAXSIZEOF_APDU_DATALEN.
http://svn.debian.org/wsvn/muscleplugins/trunk/MCardPlugin/src/musclecardApplet.c?op=file&rev=0&sc=0 @PL_MSCComputeCrypt: 
(...)
  if ( (inputDataSize + MSC_SIZEOF_CIPHERMODE + MSC_SIZEOF_CIPHERDIR
        + MSC_SIZEOF_DATALOCATION) > MSC_MAXSIZEOF_APDU_DATALEN ) {

    /*********************************************/
    /* Do the MSC_CIPHER_PROCESS portion of the code */
    /*********************************************/

    /* TODO : I don't want to do this now */

    pBuffer[OFFSET_P2]     = MSC_CIPHER_PROCESS;
    pBuffer[OFFSET_LC]     = 0; /* TODO */

    currentPointer  = 0;

    return MSC_UNSUPPORTED_FEATURE;
(...)
I don't have experience with the smart card APIs and standards, but if someone was willing to give me some general guidelines of what is necessary to implement and modify in the code, I'd be willing to fill in the necessary pieces to add support for 2048 bit keys. 

Thank you.

Best regards,
Joao

Joao Pedro <[email protected]> wrote:


Hello Hendrik,
Thanks for the hint. The thing is that, with a proprietary applet, 2048 bit keys seem to work fine... 

Best regards,
Joao

Hendrik Tews <[email protected]> wrote:



  1. The card generates a 2048 bit RSA keypair, but when trying, for
  example, to encrypt data with the public key the card seems to throw
  and SW_UNSUPPORTED_FEATURE exception - this problem doesn't happen
  with 1024 bit keys.

With NXP JCOP cards I have the following experience: even if it
is printed on the backside that they support RSA up to 2048 bits,
their largest key size is 1952. For bigger key sizes either
RSAPublicKey.setModulus throws CryptoException.ILLEGAL_VALUE or
RSAPublicKey.setExponent throws CryptoException.ILLEGAL_VALUE.

I would try slightly smaller keys.

  2. The random number generator doesn't seem to work... (even though
  the card supports it).

No idea here.

Bye,

Hendrik
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle




_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle




_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to