Hello Lim,
Are you aware that the crypto provider embedded in the GemXpresso RAD and in
the GemXpresso 211 (PK/v2) IS is limited (due to the export rules for
international markets) ?
The key management may be limited on the GemXPresso cards.
This limitation works as follows: each time a key is stored in the card
(whatever its state is transient or not), its contents is modified through a
dedicated algorithm.
This algorithm changes the behaviour of DESKey.setKey(byte[] keyData, short
kOff) method.
Each byte of keyData array is analysed; if this byte is odd, the
corresponding byte of the key is set to the value 2Dh. If this byte is even,
the corresponding byte of the key is set to the value CAh.
Remarks:
This limitation applies to static (mother keys) and dynamic (session keys)
keys.
The DES crypto engines remain fully functional.
The granularity of the key set limitation is the PACKAGE level.
Example:
/../
byte [] myDESKeyBuffer = new byte [8];
Key myDESKey;
/../
for (loop=0;loop<8;loop++) {
myDESKeyBuffer[loop]=loop;
}
/../
myDESKey=KeyBuilder.buildKey(TYPE_DES, LENGTH_DES, true);
myDESKey.setKey(myDESKeyBuffer, (short)0);
myDESKeyBuffer=myDESKey.getKey(myDESKeyBuffer, (short)0);
/../
If the DES crypto is not limited, the content of myDESKeyBuffer is:
myDESKeyBuffer=[0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
If the DES crypto is limited, the content of myDESKeyBuffer is:
myDESKeyBuffer=[0xCA, 0x2D, 0xCA, 0x2D, 0xCA, 0x2D, 0xCA, 0x2D]
Regards.
Laurent
-----Original Message-----
From: Lim Kelvin [mailto:[EMAIL PROTECTED]]
Sent: mardi 3 juillet 2001 11:12
To: [EMAIL PROTECTED]
Subject: [OCF] HELP!!! GemXpresso SINGLE DES encryption
Hi,
I need help on the single des encryption. I am
currently using the below configuration.
- GemXpresso
- GSE Simulation
- JDK 1.2.2
I have created a single DES function. However, I am
unable to get the right encryption out from it. Below
are the data:
- key : 0 0 0 0 0 0 0 0
- data : 0 0 0 0 0 0 0 0
- encryted data return by the GSE
57 87 D1 5F 28 6C 3A 3B (wrong)
- expected data needed
8C A6 4D E9 C1 B1 23 A7
The function is added into the OPPurse example
supplied by Gemplus. Was there something that I have
missed out?
Below is part of function I have added :
// this will set the DES3 key , supply the des3
key using APDU command
private void setDesKey( APDU apdu ){
byte[] apduBuffer = apdu.getBuffer() ;
if( apduBuffer[4] !=(short) 8 ||
apdu.setIncomingAndReceive()!=(short)8 ){
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
}
Util.arrayCopyNonAtomic(apduBuffer,(short)5,desKeyBuffer,(short)0,(short)8);
}
//this will encrypt the apdu data using the des3
key
private void encrypt(APDU apdu ){
byte[] apduBuffer = apdu.getBuffer() ;
short len = apdu.setIncomingAndReceive();
DESKey singleDESKey = returnDESKey();
byte [] result =
encryptData(apduBuffer,len,apdu,singleDESKey);
returnByteArray(apdu,result);
}
private byte[] encryptData(byte[] datain ,short
length,APDU apdu,DESKey key){
byte [] result = JCSystem.makeTransientByteArray
(length,JCSystem.CLEAR_ON_DESELECT);
Cipher c =
Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD ,true);
c.init(key , Cipher.MODE_ENCRYPT);
c.dofinal(datain,(short)5,length,result,(short)0);
return result;
}
private DESKey returnDESKey(){
DESKey deskey ;
deskey =(DESKey)KeyBuilder.buildKey
(KeyBuilder.TYPE_DES_TRANSIENT_RESET
,KeyBuilder.LENGTH_DES ,false);
deskey.setKey(desKeyBuffer ,(short)0);
return deskey;
}
private void returnByteArray(APDU apdu, byte[]
outData){
Util.arrayCopyNonAtomic(outData,(short)0,apdu.getBuffer(),
(short)5,(short)outData.length);
apdu.setOutgoing() ; // Switches to output mode
apdu.setOutgoingLength((short)outData.length ) ;
// bytes to return
apdu.sendBytes( (short)5, (short)outData.length
);//
}
With Regards,
Kelvin Lim
____________________________________________________________________________
_
http://messenger.yahoo.com.au - Yahoo! Messenger
- Voice chat, mail alerts, stock quotes and favourite news and lots more!
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
