[OCF] InitHashedData vs PutCryptoData ?1?

Thu, 16 Oct 2003 05:11:52 -0700 

Hi ,
We still have a number of problems using the Gemplus card GPK8000.
I think usefull to say how we intend to use the card:

1) to generate PVkey (private key) and PBkey (public key) in the card
2) to sign, in the card, the hash generated outside the card (because it is
less time consuming)
3) to verify a signature outside the card

PBkey (module and exponent) is retrieved from the card and stored in an
Oracle data-base.

To check that what we intend to do is viable and the results obtained by the
card are consistent with those obtained by the JCE cryptolibrary of SUN, we
did the following test:

a) we generated hash (SHA-1) of a very short document utilizing the
MessageDigest class of JCE:
   MessageDigest md = MessageDigest.getInstance("SHA1");
   md.update(data.getBytes());
   byte[] hash=md.digest();

b) we set SelectCryptoContext to sign with SHA and RSA:
   command={0x80,0xA6, SFI, 0x12, 0x00}

c) we up-loaded hash to the card by InitHashedData command:
   command={0x80,0xEA, 0x00, 0x00, 0x14, hash[0],.......,hash[19]}

d) and we generated the signature with PK_sign:
   command={0x80, 0x86, 0x00, 0x00, 0x80}

Then to verify we followed this sequence:
a) setting of SelectCryptoContext to verify with SHA and RSA:
   command={0x80,0xA6, SFI, 0x12, 0x00}

b) up-loading of the same hash by means of InitHashedData command:
   command={0x80,0xEA, 0x00, 0x00, 0x14, hash[0],.......,hash[19]}

d) and verification with PK_verify command passing as parameters the
signature generated by the     card previously:
   command={0x80,0x8A, 0x00, 0x00, 0x80,sign[0],......,sign[127],0x00}

The result is: verification failled! WHY?

If we use PutCryptoData command in place of InitHashedData, generating the
hash inside the card, everything goes right, but it is not what we need.
Could you help me to go through this?

Regards
Carlo


---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/

! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
!                           [EMAIL PROTECTED]
! containing the word
!                           unsubscribe 
! in the body.

Reply via email to