JavaCard OS

JavaCardOS - JavaCardForum
https://javacardos.com/javacardforum/

Export encrypted private key

https://javacardos.com/javacardforum/viewtopic.php?f=15&t=1301

Page 1 of 1

Export encrypted private key

Posted: Thu Sep 07, 2017 10:44 pm
by nikonai
My Java App creates a RSA-keypair. I send the public key to the card. The card generated 1 keypair before, too. Now the card sets another keypairs public key to the sent parameters, so that the card now can encrypt something for the offcard private key.

Now I try to encrypt the parameters of the cards' private key (p, q, mod p,....). And here I get the error. The export of the private key parameters to the offcard application works fine, only when I try to encrypt the parameters on the card before, I get errors. I think it fails when I try to call the encrypt function on the card.

Code: Select all

private void exportPrivateKey(APDU apdu)
     {          
          byte[] baAPDUBuffer = apdu.getBuffer();
          short sLc = (short)(baAPDUBuffer[ISO7816.OFFSET_LC] & 0x00FF);
          byte    P2 = (byte)(baAPDUBuffer[ISO7816.OFFSET_P2] & 0xFF);
              switch (P2)     {
          case 0x00: // Get Prime P
               baAPDUBuffer[0] = (byte)(PrivateRSAKey1024).getP(baAPDUBuffer, (short)1);
               try
               {
                    encrypt(apdu, (short)((baAPDUBuffer[0]& 0xFF) + 1));
               }
               catch (Exception ex)
               {
                    ISOException.throwIt((short) 0xbbb3);
               }



Code: Select all

private void encrypt(APDU apdu, short dataToEncrypt)
     {
          try
     {
               data = new byte[ (short) 0x40];
               cipher.init(publicExportKey, Cipher.MODE_ENCRYPT);
               short outbytes;
               outbytes = cipher.doFinal(bytesValue(dataToEncrypt),(short)2, (short) 0x40, data, (short)0);
               apdu.setOutgoing();
               apdu.setOutgoingLength(outbytes);
               apdu.sendBytesLong(data, (short)ISO7816.OFFSET_CDATA, (short)outbytes);
          }
                    catch (Exception ex)
          {
               ISOException.throwIt((short) 0xbbb7);
          }
     }

Re: Export encrypted private key

Posted: Fri Sep 08, 2017 5:45 am
by mabel
It is probably a CryptoException where can retrieve the reason code.

Re: Export encrypted private key

Posted: Fri Sep 08, 2017 5:53 am
by nikonai
I changed my encrypt method to this:

Code: Select all

private void encrypt(APDU apdu, byte[] dataToEncrypt, short len)
{
  try
  {
    short outbytes;
    byte[] apduBuffer = apdu.getBuffer();
    outbytes = cipher.doFinal(dataToEncrypt,(short)0, len, apduBuffer, (short)0); 
    apdu.setOutgoing();
    apdu.setOutgoingLength(outbytes); 
    apdu.sendBytesLong(apduBuffer, (short)0, (short)outbytes);
  }
  catch(CryptoException ce)
          {
               if (ce.getReason() == CryptoException.UNINITIALIZED_KEY)
                    ISOException.throwIt((short)0xbbb0);
                    else if (ce.getReason() == CryptoException.INVALID_INIT)
                         ISOException.throwIt((short)0xbbb1);
                    else if (ce.getReason() == CryptoException.ILLEGAL_USE)
                         ISOException.throwIt((short)0xbbb2);
                    else if (ce.getReason() == CryptoException.NO_SUCH_ALGORITHM)
                         ISOException.throwIt((short)0xbbb3);
                    //else
                    //     ISOException.throwIt((short)lineNum);
          }}



The error happens in

Code: Select all

 outbytes = cipher.doFinal(dataToEncrypt,(short)0, len, apduBuffer, (short)0);

it says "Invalid_Init". Perhaps something is wrong with my cipher. In my constructor:

Code: Select all

cipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false );

Or do I need to set the second parameter "true" ?
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/