According to PKCS1 - section 7.2 and 7.2.1 the recommendation is to generate a
new random padding string for each encryption operation. The java
implementation is following this recommendation while the card probably isn't.
What I'd recommend doing is generating an encryption on the card using the same
key pair and data, but export the private key and try doing the decryption off
the card manually (e.g. using BigInteger math modexp) and following along with
what PKCS1 says you should do. The decrypted value will be prefixed by the
padding applied by the card.
My guess is that the card only implements PKCS1.5 with a padding block type of
0. (See the older 1.5 version of the spec to see a discussion of padding block
types)
You can probably fake this up by doing the padding yourself. Prefix the data
to be encrypted with K -D octets of 0 where K is the length of the modulus in
octets and D is the length of the data in octets. Use the cipher type
RSA/None/NoPadding. On the card, you should be able to decrypt it using
RSA/ECB/PKCS1Padding
Mike
At 03:09 AM 4/26/2009, jose85 wrote:
>Hello ,
>
>I have exported the public key of my cyberflex 32k card
>by sending the values of the modulus and the exponent to the pc, i put these
>values into 2 arrays of bytes (the card sent a exp which size is 3 bytes and
>a mod of 128 bytes)
>i have converted the bytes arrays of the "exp" and the "mod" into Biginteger
>like it suggerated in the java doc
> but the the message encrypted is different all the time whereas the modulus
>and the exponent received from the card are all time the same,
>here is the snippet of the code that make problem:
>
> BigInteger Exp = new BigInteger(1, exp);
> BigInteger Mod = new BigInteger(1, mod);
>
> RSAPublicKeySpec pubKeySpec;
> KeyFactory keyFactory;
> PublicKey pubKey;
> try {
> cipher =Cipher.getInstance("RSA/ECB/PKCS1Padding");
>
> pubKeySpec = new RSAPublicKeySpec(Mod,Exp);
>
> keyFactory = KeyFactory.getInstance("RSA");
>
> pubKey = keyFactory.generatePublic(pubKeySpec);
>
> cipher.init(Cipher.ENCRYPT_MODE,pubKey);
> byte[] env={0x01,0x02,0x03,0x04};
> byte[] encrypted = cipher.doFinal(env);
>
> /* for (int j= 0; j<128; j++)
> System.out.println(encrypted[j]); */
>
>
>
>so of course when i send this encrypted array to the card she isn't able to
>decrypt it : --------> erreur 6F00
>
>note that the encryption an decryption work well in the card , but not if i
>crypt on the pc
>
>it's a java problem , but if you have any other solution in order to use the
>public key of the card i'm interested
>
>thanks
>
>kind regards ,
>
>Franck
>--
>View this message in context:
>http://www.nabble.com/Export-RSA-public-key-out-of-the-card-tp23239829p23239829.html
>Sent from the MuscleCard mailing list archive at Nabble.com.
>
>_______________________________________________
>Muscle mailing list
>[email protected]
>http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
