3 Replies Latest reply: May 3, 2012 12:53 AM by safarmer RSS

    RSA : decrypt & ILLEGAL_VALUE exception

    932586
      Hi everybody,

      I'm trying to decrypt a message created by a java application using a private key. The keys have been created in the java application.

      Here is a part of my java card applet :

      private RSAPublicKey rsa_PublicKeyServer;
      private Cipher cipherRSA;

      private final static byte[] _publicKeyExponent = {(byte) 0x01, (byte) 0x00, (byte) 0x01};
      private final static byte[] _publicKeyModulus = {
                (byte)0xbe, (byte)0x94, (byte)0x44, (byte)0x8e, (byte)0x4a,
                (byte)0x5d, (byte)0xc9, (byte)0xc9, (byte)0xee, (byte)0xe9,
                (byte)0xa4, (byte)0x8a, (byte)0xb5, (byte)0x56, (byte)0x8d,
                (byte)0xd2, (byte)0x1e, (byte)0x86, (byte)0x73, (byte)0x1f,
                (byte)0xb9, (byte)0x4c, (byte)0x5b, (byte)0x65, (byte)0x3c,
                (byte)0x7c, (byte)0xed, (byte)0xcd, (byte)0x67, (byte)0x87,
                (byte)0xad, (byte)0x63, (byte)0xdf, (byte)0xc2, (byte)0xae,
                (byte)0x3b, (byte)0x11, (byte)0xb0, (byte)0xf9, (byte)0x0b,
                (byte)0x63, (byte)0x51, (byte)0x57, (byte)0xe4, (byte)0xb1,
                (byte)0x27, (byte)0x23, (byte)0xce, (byte)0xe9, (byte)0xa2,
                (byte)0xeb, (byte)0xcf, (byte)0x7c, (byte)0x77, (byte)0xdd,
                (byte)0x79, (byte)0xbd, (byte)0x8e, (byte)0xd4, (byte)0x5e,
                (byte)0xdd, (byte)0x75, (byte)0xa3, (byte)0x25};

      private TestJC(byte[] aArray, short sOffset, byte bLength) {
      rsa_PublicKeyServer = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_512, false);
      rsa_PublicKeyServer.setExponent(_publicKeyExponent, (short) 0,(short) _publicKeyExponent.length);
      rsa_PublicKeyServer.setModulus(_publicKeyModulus, (short) 0,(short) _publicKeyModulus.length);
           cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
      }

      private void decryptRSA(APDU apdu){
           try{
      byte a[] = apdu.getBuffer();
      short byteRead = (short) (apdu.setIncomingAndReceive());
      cipherRSA.init(rsa_PublicKeyServer, Cipher.MODE_DECRYPT);
      short textlenth = cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);

      apdu.setOutgoing();
      apdu.setOutgoingLength((short) textlenth );
      apdu.sendBytesLong(a, (short) dataOffset, (short) textlenth );

           } catch(CryptoException e){
                ISOException.throwIt((short)e.getReason());
           }
      }


      This part of my applet works fine when I want to crypt and decrypt messages with a keypair generated in the javacard. But if I want to use the public key created in a java application to decrypt messages, I have a ILLEGAL_VALUE error (e.getReason() = 1).

      Thanks for your help,

      M.
        • 1. Re: RSA : decrypt & ILLEGAL_VALUE exception
          893199
          RSA public keys are used when you are "Verifying" or "Encrypting". Private keys are used when you are "Signing" or "Decrypting".

          Make sure your keys match your usage. E.g. your code is not a valid use of an RSA public key.

          Lastly, your attempt to rethrow e.getReason() is probably giving you invalid results.

          You can do something like ISOException.throwIt((short)(0x9F00 | (e.getReason() & 0xFF)) but what you really need to do is find out the class of "e" first and send out a specific code for each of "e"s sub results.
          • 2. Re: RSA : decrypt & ILLEGAL_VALUE exception
            safarmer
            Repost with {code} tags
            929583 wrote:
            Hi everybody,

            I'm trying to decrypt a message created by a java application using a private key. The keys have been created in the java application.

            Here is a part of my java card applet :
            private RSAPublicKey rsa_PublicKeyServer;
            private Cipher cipherRSA;
            
            private final static byte[] _publicKeyExponent = {(byte) 0x01, (byte) 0x00, (byte) 0x01};
            private final static byte[] _publicKeyModulus = {
                      (byte)0xbe, (byte)0x94, (byte)0x44, (byte)0x8e, (byte)0x4a, 
                      (byte)0x5d, (byte)0xc9, (byte)0xc9, (byte)0xee, (byte)0xe9, 
                      (byte)0xa4, (byte)0x8a, (byte)0xb5, (byte)0x56, (byte)0x8d, 
                      (byte)0xd2, (byte)0x1e, (byte)0x86, (byte)0x73, (byte)0x1f, 
                      (byte)0xb9, (byte)0x4c, (byte)0x5b, (byte)0x65, (byte)0x3c, 
                      (byte)0x7c, (byte)0xed, (byte)0xcd, (byte)0x67, (byte)0x87, 
                      (byte)0xad, (byte)0x63, (byte)0xdf, (byte)0xc2, (byte)0xae, 
                      (byte)0x3b, (byte)0x11, (byte)0xb0, (byte)0xf9, (byte)0x0b, 
                      (byte)0x63, (byte)0x51, (byte)0x57, (byte)0xe4, (byte)0xb1, 
                      (byte)0x27, (byte)0x23, (byte)0xce, (byte)0xe9, (byte)0xa2, 
                      (byte)0xeb, (byte)0xcf, (byte)0x7c, (byte)0x77, (byte)0xdd, 
                      (byte)0x79, (byte)0xbd, (byte)0x8e, (byte)0xd4, (byte)0x5e, 
                      (byte)0xdd, (byte)0x75, (byte)0xa3, (byte)0x25};
            
            private TestJC(byte[] aArray, short sOffset, byte bLength) {
            rsa_PublicKeyServer = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_512, false);
            rsa_PublicKeyServer.setExponent(_publicKeyExponent, (short) 0,(short) _publicKeyExponent.length);
            rsa_PublicKeyServer.setModulus(_publicKeyModulus, (short) 0,(short) _publicKeyModulus.length);
                 cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
            }
            
            private void decryptRSA(APDU apdu){
                 try{
            byte a[] = apdu.getBuffer();   
            short byteRead = (short) (apdu.setIncomingAndReceive());
            cipherRSA.init(rsa_PublicKeyServer, Cipher.MODE_DECRYPT);
            short textlenth = cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);
            
            apdu.setOutgoing();
            apdu.setOutgoingLength((short) textlenth );
            apdu.sendBytesLong(a, (short) dataOffset, (short) textlenth );
            
                 } catch(CryptoException e){
                      ISOException.throwIt((short)e.getReason());
                 }
            }
            This part of my applet works fine when I want to crypt and decrypt messages with a keypair generated in the javacard. But if I want to use the public key created in a java application to decrypt messages, I have a ILLEGAL_VALUE error (e.getReason() = 1).

            Thanks for your help,

            M.
            • 3. Re: RSA : decrypt & ILLEGAL_VALUE exception
              safarmer
              As mentioned, you should be using a different key (private key) to decrypt, but it should work. The most likely cause is that the keys used are not from the same pair. Your host application should have the hard coded value for the matching private key. If the server key is not from the same pair your decryption will fail.

              Shane