OK - I think I see one more possibility for the problem. If you're using
padding, then the plain text MUST be shorter than the key length to allow for
the addition of padding. Reduce the cipher text by 20 octets and try again.
Mike
At 08:40 AM 5/1/2009, jose85 wrote:
>Hello,
>
>Thanks for your anwers ,
>
>@ sferey , yes on the card i use pkcs1:
>
> rsa_KeyPair = new KeyPair( KeyPair.ALG_RSA_CRT,
>KeyBuilder.LENGTH_RSA_1024 );
> rsa_KeyPair.genKeyPair();
> rsa_PublicKey = (RSAPublicKey) rsa_KeyPair.getPublic();
> rsa_PrivateCrtKey = (RSAPrivateCrtKey) rsa_KeyPair.getPrivate();
> cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
>
>
>here is th crypt fonction that work well in the card ( like the decrypt
>fonction) :
>private void encryptRSA(APDU apdu)
> {
> byte a[] = apdu.getBuffer();
> short byteRead = (short) (apdu.setIncomingAndReceive());
> cipherRSA.init(rsa_PrivateCrtKey, Cipher.MODE_ENCRYPT);
> short cyphertext = cipherRSA.doFinal(a, (short) dataOffset,
> byteRead, a,
>(short) dataOffset);
>
> // Send results
> apdu.setOutgoing();
> apdu.setOutgoingLength((short) cyphertext);
> apdu.sendBytesLong(a, (short) dataOffset, (short) cyphertext);
>
> }
>Yes the format of the ciphertext is 128 bytes, i have tried with nopaddind
>on the pc and no padding on both , and it doesn't even want to crypt and the
>program stop after setting the modulus and the exponent
>just by changing this 2 lines :
>cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false);
>and on the pc:
>cipher =Cipher.getInstance("RSA/None/NoPadding");
>
>I have some exams this days , so i hadn't time to try your other solutions ,
>but i'll do it next week ...
>
>thanks a lot
>
>
>
>sferey wrote:
>>
>> jose85 a écrit :
>>>
>>> Hello ,
>>
>> Hello,
>>
>>> I have exported the public key of my cyberflex 32k card
>>> by sending the values of the modulus and the exponent to the pc, i put
>>> these
>>> values into 2 arrays of bytes (the card sent a exp which size is 3 bytes
>>> and
>>> a mod of 128 bytes)
>>> i have converted the bytes arrays of the "exp" and the "mod" into
>>> Biginteger
>>> like it suggerated in the java doc
>>> but the the message encrypted is different all the time whereas the
>>> modulus
>>> and the exponent received from the card are all time the same,
>>
>> The ciphertext SHALL be different for each RSA Public Key encryption
>> since you're using a PKCS#1 type 2 padding.
>> The goal of that padding is a) to make plaintext as wide as the key
>> (so 1024 bits here) and b) to insert random text to avoid some attacks.
>>
>> The padding does consist in the following byte stream:
>> 00 02 <random bytes> 00 <text to wrap>
>> so your results are normal.
>>
>>
>>> here is the snippet of the code that make problem:
>>>
>>> BigInteger Exp = new BigInteger(1, exp);
>>> BigInteger Mod = new BigInteger(1, mod);
>>>
>>> RSAPublicKeySpec pubKeySpec;
>>> KeyFactory keyFactory;
>>> PublicKey pubKey;
>>> try {
>>> Cipher cipher =Cipher.getInstance("RSA/ECB/PKCS1Padding");
>>
>> is "ECB" expected here ??
>> 'ECB', 'CBC', ... are relevant for blocks cipher engine only
>> (meaning mainly symmetric keys based engine).
>>
>>> RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(Mod,Exp);
>>> KeyFactory keyFactory = KeyFactory.getInstance("RSA");
>>> PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
>>>
>>> cipher.init(Cipher.ENCRYPT_MODE,pubKey);
>>> byte[] env={0x01,0x02,0x03,0x04};
>>> byte[] encrypted = cipher.doFinal(env);
>>
>> apparently so far, so good.
>>
>>> so of course when i send this encrypted array to the card she isn't able
>>> to
>>> decrypt it : --------> erreur 6F00
>>
>> ("of course" ??)
>> a "good" card application shall never return 6F00 which means
>> unhandled exception, this is the first evidence that the applet
>> code is not clean and possibly buggy.
>>
>>> note that the encryption an decryption work well in the card , but not if
>>> i
>>> crypt on the pc
>>
>> for which algo ? does the card also use RSA-PKCS#1 or the (poor)
>> RSA-X509 (no padding) mode ?
>>
>> what is the format of the ciphertext returned by the card ?
>> is it simply 128 bytes or does some extra padding inserted ?
>>
>>> it's a java problem
>>
>> I don't think so; more likely a JavaCard problem.
>> One possible issue is cryptography of course but there are also
>> dozens of possible errors with sequence error, data field format
>> & content from the card side; you should try more computation
>> with the card (it is able to encrypt (wrap) and decrypt (unwrap)
>> with different mechanisms - basically you can wrap in PKCS1 then
>> unwrap in X509 to check data padding by the card, also you can
>> encrypt (in raw X509 or PKCS#1, type 1) with card private key
>> and decrypt in PC with the public key (in RAW mode) to verify
>> card exponentiation and optional padding.
>>
>> once you are sure which operation are supported by the card
>> and which formats it except you will have no trouble to use it
>> together with PC Java code.
>>
>> Sylvain.
>>
>>
>> _______________________________________________
>> Muscle mailing list
>> [email protected]
>> http://lists.drizzle.com/mailman/listinfo/muscle
>>
>>
>
>--
>View this message in context:
>http://www.nabble.com/Export-RSA-public-key-out-of-the-card-tp23239829p23332505.html
>Sent from the MuscleCard mailing list archive at Nabble.com.
>
>
>_______________________________________________
>Muscle mailing list
>[email protected]
>http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
