This key limitation is for GemXpressoRAD kit export restriction and for
development ONLY.
It's beter to use paper and pencil to build your application architecture.
No diversification process is used for development cards. Production cards
are VISA diversified.
For the card manager, IS keys can be found in GemXpresso documentation. It's
not the case for non IS cards.
IS limitation does NOT exist in real secure process. Production cards are
not limited and are using secret motherkey diversification process at
initialization step...
Regards.
Christophe
-----Message d'origine-----
De : Karl Scheibelhofer [mailto:[EMAIL PROTECTED]]
Envoy� : vendredi 22 juin 2001 16:55
� : Christophe Foesser; [EMAIL PROTECTED]
Objet : RE: [OCF] GPK PILOT
is this key limitation a joke?
this would mean that the GemXpresso IS reduces DES keys to 8 bit and
TripleDES keys to 24 bit.
you can break these keys nearly with paper and pencil.
why using such type of cryptography? it's scarcely better than using plain
text. in some cases it is even worse, because some people might think that
it is secure.
Karl
> -----Original Message-----
> From: Christophe Foesser [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 22, 2001 4:04 PM
> To: [EMAIL PROTECTED]
> Subject: TR: [OCF] GPK PILOT
>
>
> Hi,
>
> The good place for your question is Gemplus hotline. Please try to use it
> first for GemXpresso related questions...
>
> You are certainly using an IS version of GemXpresso RAD Kit. If
> it's correct
> all can be explained rapidly.
>
> On IS versions, DES & 3DES is standard, but key are limited with the
> following process.
>
> For each key bytes
> - if the_byte % 2 == 0 -> the_byte = 0xCA
> - if the_byte % 2 == 1 -> the_byte = 0x2D
>
> In your case
>
> DES Key: {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08};
>
> with limitation your key is changed to:
>
> New DES Key: {0x2D,0xCA,0x2D,0xCA,0x2D,0xCA,0x2D,0xCA};
>
> TripleDES key: {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
> 0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,
> 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08};
>
> with limitation your key is changed to:
>
> New TripleDES Key: {0x2D,0xCA,0x2D,0xCA,0x2D,0xCA,0x2D,0xCA,
> 0x2D,0xCA,0x2D,0xCA,0x2D,0xCA,0x2D,0xCA,
> 0x2D,0xCA,0x2D,0xCA,0x2D,0xCA,0x2D,0xCA};
>
> And a TripleDES encryption with a Key value K1=K2=K3 is a DES
> encryption...
> That's why you retreive the same result for DES and TripleDES.
>
> try the new key and your message and you'll certainly found
> "8B7172491C59C4B0".
>
> Try to increment only one byte of K2 and your result will be different
> because it will change limited value.
>
> If you build your keys with only 0x2D & 0xCA bytes values (in order you
> chose) DES and TripleDES results will always be correct with IS
> kit because
> keys are already limited...;-)
>
> regards
> Christophe.
>
> -----Message d'origine-----
> De : Bharavi Gade [mailto:[EMAIL PROTECTED]]
> Envoy� : jeudi 21 juin 2001 07:09
> � : [EMAIL PROTECTED]
> Objet : Re: [OCF] GPK PILOT
>
>
> Hi,
> I am using GemXpressoRAD toolkit which has Non-JCE Cryptix(cryptog.jar).
>
> I am facing strange problems when I am trying to use that library for
> encryption/decryption.
>
> I have a sample plain text: byte
> pt[]={0x0,0x12,0x0,0x0,0x0,0x0,0x0,0x0};
>
> My Keys for DES and TripleDES are
>
> DES Key: byte key[]={0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08};
>
> TripleDES key:
> byte
> key[]={0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x11,0x12,0x13,0x14,0x15,
> 0x16,0x17,0x18,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08};
>
> Now I am getting these results with Cryptog.jar(non-JCE):
>
> DES: EncryptedValue: 8B7172491C59C4B0
> TripleDES : EncryptedValue: 8B7172491C59C4B0
>
> Output is same for both DES and TripleDES
>
> Other JCE compatable Library results(CryptixJCE and SunJCE)
> =======================
> DES : Encrypted Data: 9A9FE27BF0594CE9
> TripleDES: Encrypted Data: 6F1B8F5EF24125FC
>
> And Encrypted text is not same with Cryptog and other Providers.
>
> What could be the problem?
>
> Thank in advance.
>
> regards,
> Bharavi
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ----- Original Message -----
> From: "Mohammed SADIQ" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Wednesday, June 20, 2001 10:30 AM
> Subject: RE: [OCF] GPK PILOT
>
>
> > If the menus are complex, please use the APDU dispatcher and exchange
> APDUs with the cards. The commands are very clearly mentioned in the card
> reference manual.
> >
> > By the way, there is a menu item for 'erase' command. I didn't get what
> you mean by card reset. If you are referring to the session, yes,
> there is a
> menu item for that too.
> >
> > Good Day
> >
> > ----------
> > Be ashamed to die until you have won some victory for humanity.
> > - Horrace Mann(1796-1859)
> >
> >
> > >-----Original Message-----
> > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > >Sent: Monday, April 19, 1999 6:58 PM
> > >To: [EMAIL PROTECTED]
> > >Subject: [OCF] GPK PILOT
> > >
> > >
> > >Hi all,
> > >
> > >We are very interested in developing multiapplication smartcards,
> > >we have tried the GPK and MPCOS cards with the GPK pilot
> > >and we have found the mechanisms very confuse to use there are
> > >menus, windows, keys, codes in excess and many incompatible and not
> > >supported functions for a practical use of the smartcards globally.
> > >
> > >And we have not found simple instructions to reset the card,
> > >erase a file
> > >...
> > >
> > >The security must be in the encryption algorithms not in the
> > >confusion of the conception
> > >
> > >Yones LEBADY
> > >[EMAIL PROTECTED]
> >
> >
> >
> > ---
> > > Visit the OpenCard web site at http://www.opencard.org/ for more
> > > information on OpenCard---binaries, source code, documents.
> > > This list is being archived at
http://www.opencard.org/archive/opencard/
>
> ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
> ! to
> ! [EMAIL PROTECTED]
> ! containing the word
> ! unsubscribe
> ! in the body.
>
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
