Encryption using secure element/domain keys
Posted: Tue Apr 24, 2018 2:45 pm
I was under, the perhaps mistaken, impression, that I could ask the system to encrypt something for me using the system's pre-set keys.
with globalplatformpro tool I can set the --key-dec --key-enc etc. I'm interested in symmetric encryption, so card generated keys are kindof out.
I was thinking I could use --key-enc (DEK key) and have the card encrypt stuff for me. on the back end I would have the key I originally specified to do the decryption. I thought I had found a sample code for this, but now my google-fu has failed me.
If this doesn't work, I assume I have to implement my own set-key method, and persistently store the key object. Any other pointers on this?
with globalplatformpro tool I can set the --key-dec --key-enc etc. I'm interested in symmetric encryption, so card generated keys are kindof out.
I was thinking I could use --key-enc (DEK key) and have the card encrypt stuff for me. on the back end I would have the key I originally specified to do the decryption. I thought I had found a sample code for this, but now my google-fu has failed me.
If this doesn't work, I assume I have to implement my own set-key method, and persistently store the key object. Any other pointers on this?