Ooops! Laurent beat me by 30sec:-)
----- Original Message -----
From: "Laurent Jutard" <[EMAIL PROTECTED]>
To: "'Lim Kelvin'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 03, 2001 6:25 PM
Subject: RE: [OCF] HELP!!! GemXpresso SINGLE DES encryption
> Hello Lim,
>
> Are you aware that the crypto provider embedded in the GemXpresso RAD and
in
> the GemXpresso 211 (PK/v2) IS is limited (due to the export rules for
> international markets) ?
>
> The key management may be limited on the GemXPresso cards.
> This limitation works as follows: each time a key is stored in the card
> (whatever its state is transient or not), its contents is modified through
a
> dedicated algorithm.
> This algorithm changes the behaviour of DESKey.setKey(byte[] keyData,
short
> kOff) method.
> Each byte of keyData array is analysed; if this byte is odd, the
> corresponding byte of the key is set to the value 2Dh. If this byte is
even,
> the corresponding byte of the key is set to the value CAh.
>
> Remarks:
> This limitation applies to static (mother keys) and dynamic (session keys)
> keys.
> The DES crypto engines remain fully functional.
> The granularity of the key set limitation is the PACKAGE level.
>
> Example:
> /../
> byte [] myDESKeyBuffer = new byte [8];
> Key myDESKey;
> /../
> for (loop=0;loop<8;loop++) {
> myDESKeyBuffer[loop]=loop;
> }
>
> /../
> myDESKey=KeyBuilder.buildKey(TYPE_DES, LENGTH_DES, true);
> myDESKey.setKey(myDESKeyBuffer, (short)0);
> myDESKeyBuffer=myDESKey.getKey(myDESKeyBuffer, (short)0);
> /../
>
> If the DES crypto is not limited, the content of myDESKeyBuffer is:
> myDESKeyBuffer=[0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
>
> If the DES crypto is limited, the content of myDESKeyBuffer is:
> myDESKeyBuffer=[0xCA, 0x2D, 0xCA, 0x2D, 0xCA, 0x2D, 0xCA, 0x2D]
>
>
> Regards.
> Laurent
>
> -----Original Message-----
> From: Lim Kelvin [mailto:[EMAIL PROTECTED]]
> Sent: mardi 3 juillet 2001 11:12
> To: [EMAIL PROTECTED]
> Subject: [OCF] HELP!!! GemXpresso SINGLE DES encryption
>
>
>
> Hi,
>
> I need help on the single des encryption. I am
> currently using the below configuration.
>
> - GemXpresso
> - GSE Simulation
> - JDK 1.2.2
>
> I have created a single DES function. However, I am
> unable to get the right encryption out from it. Below
> are the data:
>
> - key : 0 0 0 0 0 0 0 0
> - data : 0 0 0 0 0 0 0 0
>
> - encryted data return by the GSE
> 57 87 D1 5F 28 6C 3A 3B (wrong)
>
> - expected data needed
> 8C A6 4D E9 C1 B1 23 A7
>
> The function is added into the OPPurse example
> supplied by Gemplus. Was there something that I have
> missed out?
>
> Below is part of function I have added :
>
> // this will set the DES3 key , supply the des3
> key using APDU command
>
> private void setDesKey( APDU apdu ){
>
> byte[] apduBuffer = apdu.getBuffer() ;
>
> if( apduBuffer[4] !=(short) 8 ||
> apdu.setIncomingAndReceive()!=(short)8 ){
> ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
> }
>
>
>
Util.arrayCopyNonAtomic(apduBuffer,(short)5,desKeyBuffer,(short)0,(short)8);
>
> }
>
> //this will encrypt the apdu data using the des3
> key
> private void encrypt(APDU apdu ){
> byte[] apduBuffer = apdu.getBuffer() ;
>
> short len = apdu.setIncomingAndReceive();
>
> DESKey singleDESKey = returnDESKey();
>
> byte [] result =
> encryptData(apduBuffer,len,apdu,singleDESKey);
>
> returnByteArray(apdu,result);
>
> }
>
> private byte[] encryptData(byte[] datain ,short
> length,APDU apdu,DESKey key){
>
> byte [] result = JCSystem.makeTransientByteArray
> (length,JCSystem.CLEAR_ON_DESELECT);
> Cipher c =
> Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD ,true);
> c.init(key , Cipher.MODE_ENCRYPT);
> c.dofinal(datain,(short)5,length,result,(short)0);
>
> return result;
> }
>
> private DESKey returnDESKey(){
> DESKey deskey ;
> deskey =(DESKey)KeyBuilder.buildKey
> (KeyBuilder.TYPE_DES_TRANSIENT_RESET
> ,KeyBuilder.LENGTH_DES ,false);
> deskey.setKey(desKeyBuffer ,(short)0);
> return deskey;
> }
>
> private void returnByteArray(APDU apdu, byte[]
> outData){
>
> Util.arrayCopyNonAtomic(outData,(short)0,apdu.getBuffer(),
> (short)5,(short)outData.length);
> apdu.setOutgoing() ; // Switches to output mode
> apdu.setOutgoingLength((short)outData.length ) ;
> // bytes to return
> apdu.sendBytes( (short)5, (short)outData.length
> );//
> }
>
> With Regards,
> Kelvin Lim
>
>
____________________________________________________________________________
> _
> http://messenger.yahoo.com.au - Yahoo! Messenger
> - Voice chat, mail alerts, stock quotes and favourite news and lots more!
>
>
> ---
> > Visit the OpenCard web site at http://www.opencard.org/ for more
> > information on OpenCard---binaries, source code, documents.
> > This list is being archived at http://www.opencard.org/archive/opencard/
>
> ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
> ! to
> ! [EMAIL PROTECTED]
> ! containing the word
> ! unsubscribe
> ! in the body.
>
>
>
>
> ---
> > Visit the OpenCard web site at http://www.opencard.org/ for more
> > information on OpenCard---binaries, source code, documents.
> > This list is being archived at http://www.opencard.org/archive/opencard/
>
> ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
> ! to
> ! [EMAIL PROTECTED]
> ! containing the word
> ! unsubscribe
> ! in the body.
>
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
