encryption problems

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

encryption problems

Molnár Vince
Dear all,

I am trying to use the muscle applet to encrypt a piece of data using a RSA key pair. 
So far I have no luck, almost every version of the applet that I tried fails at the cipher final step, sometimes with SW_INVALID_PARAMETER when checking data size (though I think I figured that one out, it expects a data chunk in the input object as well, it is now working if the data is in the apdu).
If I pass that point, it gives me 6F00, meaning no precise diagnosis. I tweaked with the code and figured this means an uncaught exception, specifically around the encryption function. I'm not sure if it is connected to padding, I know it can generate an exception when the data is not aligned. I am a little bit confused by now, but it may be a nullpointerexception as well, since if I remember correctly, the was a case when I could only catch a Throwable object.
If I try to use the padding option with cipher init, it gives me SW_OPERATION_NOT_ALLOWED.
All of this led me to the conclusion that either the documentation is faulty, the applet has some bugs, they simply not pass together, or (and mainly) I am incompetent.

My main task is to provide some way to authenticate az Android phone to a server, and I have to use a G&D card. Since the service I can use on Android to communicate with the card does not allow CLA bytes other than 90, I needed to modify the source of every applet I could find and have tested. It is sort of a pain, but I am really devastated that it still does not work.

I am using the source code, the Smart Card Shell script collection and the 1.2.1 documentation as references. Would you please give me a hint on how to accomplish my task? A fresh applet with the definition of its corresponding apdus (maybe a sequence to encrypt with RSA) would come handy, I really only need to encrypt 16 bytes of data and that's all (I store and read objects as well, but that works).

Thank you advance,

Vincent

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.drizzle.com/mailman/listinfo/muscle
Reply | Threaded
Open this post in threaded view
|

Re: encryption problems

Michael StJohns-2
At 08:02 AM 4/30/2012, =?iso-8859-2?B?TW9sbuFyIFZpbmNl?= wrote:
>Dear all,
>
>I am trying to use the muscle applet to encrypt a piece of data using a RSA key pair.
>So far I have no luck, almost every version of the applet that I tried fails at the cipher final step, sometimes with SW_INVALID_PARAMETER when checking data size (though I think I figured that one out, it expects a data chunk in the input object as well, it is now working if the data is in the apdu).
>If I pass that point, it gives me 6F00, meaning no precise diagnosis. I tweaked with the code and figured this means an uncaught exception, specifically around the encryption function. I'm not sure if it is connected to padding, I know it can generate an exception when the data is not aligned. I am a little bit confused by now, but it may be a nullpointerexception as well, since if I remember correctly, the was a case when I could only catch a Throwable object.
>If I try to use the padding option with cipher init, it gives me SW_OPERATION_NOT_ALLOWED.
>All of this led me to the conclusion that either the documentation is faulty, the applet has some bugs, they simply not pass together, or (and mainly) I am incompetent.




>My main task is to provide some way to authenticate az Android phone to a server, and I have to use a G&D card. Since the service I can use on Android to communicate with the card does not allow CLA bytes other than 90, I needed to modify the source of every applet I could find and have tested. It is sort of a pain, but I am really devastated that it still does not work.


I think you want to use Signature rather than Cipher.  It sounds like you're getting a challenge from the server and using your private key to sign the challenge to prove knowledge of that key.  The server can validate you know the private key by verifying the signature using the associated public key.

In general, you only want to use RSA encryption if and only if you're wrapping key material generated by you for the other side to use.  You encrypt using their public key.  That doesn't provide any "authentication" though.




>I am using the source code, the Smart Card Shell script collection and the 1.2.1 documentation as references. Would you please give me a hint on how to accomplish my task? A fresh applet with the definition of its corresponding apdus (maybe a sequence to encrypt with RSA) would come handy, I really only need to encrypt 16 bytes of data and that's all (I store and read objects as well, but that works).
>
>Thank you advance,
>
>Vincent
>_______________________________________________
>Muscle mailing list
>[hidden email]
>http://lists.drizzle.com/mailman/listinfo/muscle


_______________________________________________
Muscle mailing list
[hidden email]
http://lists.drizzle.com/mailman/listinfo/muscle
Reply | Threaded
Open this post in threaded view
|

RE: encryption problems

Molnár Vince
Thank you, this has clarified a few things. So far I wanted to encrypt an ID and a counter with the private key so that the server can verify that the id is correct and the counter is greater than the last  recieved value.
I tried the signature option, and it gives me SW_INCORRECT_ALG (9C09).
My APDU sequences:

generating key:
B0 30 02 03 10 01 0800 FF FF FF FF 00 01 00 00 FF FF FF FF 00

export key.. verify pin..

compute crypt, cipher_init:
B0 36 02 01 01 01 01 00 00
(this gives the error setting cipher_mode to either 00 (RSA) or 01 (RSA_CRT)

create input object.. write input object..

compute crypt, cipher final:
B0 36 02 03 01 02

Thank you for your help.
Best regards,

Vincent

> Date: Mon, 30 Apr 2012 14:45:48 -0400

> To: [hidden email]; [hidden email]
> From: [hidden email]
> Subject: Re: [MUSCLE] encryption problems
>
> At 08:02 AM 4/30/2012, =?iso-8859-2?B?TW9sbuFyIFZpbmNl?= wrote:
> >Dear all,
> >
> >I am trying to use the muscle applet to encrypt a piece of data using a RSA key pair.
> >So far I have no luck, almost every version of the applet that I tried fails at the cipher final step, sometimes with SW_INVALID_PARAMETER when checking data size (though I think I figured that one out, it expects a data chunk in the input object as well, it is now working if the data is in the apdu).
> >If I pass that point, it gives me 6F00, meaning no precise diagnosis. I tweaked with the code and figured this means an uncaught exception, specifically around the encryption function. I'm not sure if it is connected to padding, I know it can generate an exception when the data is not aligned. I am a little bit confused by now, but it may be a nullpointerexception as well, since if I remember correctly, the was a case when I could only catch a Throwable object.
> >If I try to use the padding option with cipher init, it gives me SW_OPERATION_NOT_ALLOWED.
> >All of this led me to the conclusion that either the documentation is faulty, the applet has some bugs, they simply not pass together, or (and mainly) I am incompetent.
>
>
>
>
> >My main task is to provide some way to authenticate az Android phone to a server, and I have to use a G&D card. Since the service I can use on Android to communicate with the card does not allow CLA bytes other than 90, I needed to modify the source of every applet I could find and have tested. It is sort of a pain, but I am really devastated that it still does not work.
>
>
> I think you want to use Signature rather than Cipher. It sounds like you're getting a challenge from the server and using your private key to sign the challenge to prove knowledge of that key. The server can validate you know the private key by verifying the signature using the associated public key.
>
> In general, you only want to use RSA encryption if and only if you're wrapping key material generated by you for the other side to use. You encrypt using their public key. That doesn't provide any "authentication" though.
>
>
>
>
> >I am using the source code, the Smart Card Shell script collection and the 1.2.1 documentation as references. Would you please give me a hint on how to accomplish my task? A fresh applet with the definition of its corresponding apdus (maybe a sequence to encrypt with RSA) would come handy, I really only need to encrypt 16 bytes of data and that's all (I store and read objects as well, but that works).
> >
> >Thank you advance,
> >
> >Vincent
> >_______________________________________________
> >Muscle mailing list
> >[hidden email]
> >http://lists.drizzle.com/mailman/listinfo/muscle
>
>
> _______________________________________________
> Muscle mailing list
> [hidden email]
> http://lists.drizzle.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
[hidden email]
http://lists.drizzle.com/mailman/listinfo/muscle
Reply | Threaded
Open this post in threaded view
|

RE: encryption problems

Michael StJohns-2
In RSA you encrypt with the public key, decrypt with the private key, sign with the private key and verify with the public key.  You can't - as you appear to be trying to do - encrypt with the private key.

Unfortunately, what you wrote below gives no useful information to help you as it appears to be completely proprietary CLA/INS combinations.


Assuming the card applet holds the private key and the server the associated public key try (I assume this is a javacard?):

Signature siggy = Signature.getInstance(Signature.ALG_RSA_SHA_PKCS1);
siggy.init(myPrivateRSAKey, Signature.MODE_SIGN);
siggy.sign(counterBuffer, 0, (short)16, signatureBuffer, 0);


- have the card return the value in the signatureBuffer to the server and have the server use the previously emitted public key and the counter value to verify the signature.






At 05:14 PM 4/30/2012, =?iso-8859-2?B?TW9sbuFyIFZpbmNl?= wrote:

>Thank you, this has clarified a few things. So far I wanted to encrypt an ID and a counter with the private key so that the server can verify that the id is correct and the counter is greater than the last  recieved value.
>I tried the signature option, and it gives me SW_INCORRECT_ALG (9C09).
>My APDU sequences:
>
>generating key:
>B0 30 02 03 10 01 0800 FF FF FF FF 00 01 00 00 FF FF FF FF 00
>
>export key.. verify pin..
>
>compute crypt, cipher_init:
>B0 36 02 01 01 01 01 00 00
>(this gives the error setting cipher_mode to either 00 (RSA) or 01 (RSA_CRT)
>
>create input object.. write input object..
>
>compute crypt, cipher final:
>B0 36 02 03 01 02
>
>Thank you for your help.
>Best regards,
>
>Vincent
>
>> Date: Mon, 30 Apr 2012 14:45:48 -0400
>> To: [hidden email]; [hidden email]
>> From: [hidden email]
>> Subject: Re: [MUSCLE] encryption problems
>>
>> At 08:02 AM 4/30/2012, =?iso-8859-2?B?TW9sbuFyIFZpbmNl?= wrote:
>> >Dear all,
>> >
>> >I am trying to use the muscle applet to encrypt a piece of data using a RSA key pair.
>> >So far I have no luck, almost every version of the applet that I tried fails at the cipher final step, sometimes with SW_INVALID_PARAMETER when checking data size (though I think I figured that one out, it expects a data chunk in the input object as well, it is now working if the data is in the apdu).
>> >If I pass that point, it gives me 6F00, meaning no precise diagnosis. I tweaked with the code and figured this means an uncaught exception, specifically around the encryption function. I'm not sure if it is connected to padding, I know it can generate an exception when the data is not aligned. I am a little bit confused by now, but it may be a nullpointerexception as well, since if I remember correctly, the was a case when I could only catch a Throwable object.
>> >If I try to use the padding option with cipher init, it gives me SW_OPERATION_NOT_ALLOWED.
>> >All of this led me to the conclusion that either the documentation is faulty, the applet has some bugs, they simply not pass together, or (and mainly) I am incompetent.
>>
>>
>>
>>
>> >My main task is to provide some way to authenticate az Android phone to a server, and I have to use a G&D card. Since the service I can use on Android to communicate with the card does not allow CLA bytes other than 90, I needed to modify the source of every applet I could find and have tested. It is sort of a pain, but I am really devastated that it still does not work.
>>
>>
>> I think you want to use Signature rather than Cipher. It sounds like you're getting a challenge from the server and using your private key to sign the challenge to prove knowledge of that key. The server can validate you know the private key by verifying the signature using the associated public key.
>>
>> In general, you only want to use RSA encryption if and only if you're wrapping key material generated by you for the other side to use. You encrypt using their public key. That doesn't provide any "authentication" though.
>>
>>
>>
>>
>> >I am using the source code, the Smart Card Shell script collection and the 1.2.1 documentation as references. Would you please give me a hint on how to accomplish my task? A fresh applet with the definition of its corresponding apdus (maybe a sequence to encrypt with RSA) would come handy, I really only need to encrypt 16 bytes of data and that's all (I store and read objects as well, but that works).
>> >
>> >Thank you advance,
>> >
>> >Vincent
>> >_______________________________________________
>> >Muscle mailing list
>> >[hidden email]
>> >http://lists.drizzle.com/mailman/listinfo/muscle
>>
>>
>> _______________________________________________
>> Muscle mailing list
>> [hidden email]
>> http://lists.drizzle.com/mailman/listinfo/muscle
>_______________________________________________
>Muscle mailing list
>[hidden email]
>http://lists.drizzle.com/mailman/listinfo/muscle


_______________________________________________
Muscle mailing list
[hidden email]
http://lists.drizzle.com/mailman/listinfo/muscle