Thank you, this has clarified a few things. So far I wanted to encrypt an ID and a counter with the private key so that the server can verify that the id is correct and the counter is greater than the last recieved value.I tried the signature option, and it gives me SW_INCORRECT_ALG (9C09).My APDU sequences: generating key:B0 30 02 03 10 01 0800 FF FF FF FF 00 01 00 00 FF FF FF FF 00 export key.. verify pin.. compute crypt, cipher_init:B0 36 02 01 01 01 01 00 00(this gives the error setting cipher_mode to either 00 (RSA) or 01 (RSA_CRT) create input object.. write input object.. compute crypt, cipher final:B0 36 02 03 01 02 Thank you for your help.Best regards, Vincent > Date: Mon, 30 Apr 2012 14:45:48 -0400 > To: [email protected]; [email protected] > From: [email protected] > Subject: Re: [MUSCLE] encryption problems > > At 08:02 AM 4/30/2012, =?iso-8859-2?B?TW9sbuFyIFZpbmNl?= wrote: > >Dear all, > > > >I am trying to use the muscle applet to encrypt a piece of data using a RSA > >key pair. > >So far I have no luck, almost every version of the applet that I tried fails > >at the cipher final step, sometimes with SW_INVALID_PARAMETER when checking > >data size (though I think I figured that one out, it expects a data chunk in > >the input object as well, it is now working if the data is in the apdu). > >If I pass that point, it gives me 6F00, meaning no precise diagnosis. I > >tweaked with the code and figured this means an uncaught exception, > >specifically around the encryption function. I'm not sure if it is connected > >to padding, I know it can generate an exception when the data is not > >aligned. I am a little bit confused by now, but it may be a > >nullpointerexception as well, since if I remember correctly, the was a case > >when I could only catch a Throwable object. > >If I try to use the padding option with cipher init, it gives me > >SW_OPERATION_NOT_ALLOWED. > >All of this led me to the conclusion that either the documentation is > >faulty, the applet has some bugs, they simply not pass together, or (and > >mainly) I am incompetent. > > > > > >My main task is to provide some way to authenticate az Android phone to a > >server, and I have to use a G&D card. Since the service I can use on Android > >to communicate with the card does not allow CLA bytes other than 90, I > >needed to modify the source of every applet I could find and have tested. It > >is sort of a pain, but I am really devastated that it still does not work. > > > I think you want to use Signature rather than Cipher. It sounds like you're > getting a challenge from the server and using your private key to sign the > challenge to prove knowledge of that key. The server can validate you know > the private key by verifying the signature using the associated public key. > > In general, you only want to use RSA encryption if and only if you're > wrapping key material generated by you for the other side to use. You > encrypt using their public key. That doesn't provide any "authentication" > though. > > > > > >I am using the source code, the Smart Card Shell script collection and the > >1.2.1 documentation as references. Would you please give me a hint on how to > >accomplish my task? A fresh applet with the definition of its corresponding > >apdus (maybe a sequence to encrypt with RSA) would come handy, I really only > >need to encrypt 16 bytes of data and that's all (I store and read objects as > >well, but that works). > > > >Thank you advance, > > > >Vincent > >_______________________________________________ > >Muscle mailing list > >[email protected] > >http://lists.drizzle.com/mailman/listinfo/muscle > > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
