This discussion is archived
9 Replies Latest reply: May 21, 2012 10:00 AM by safarmer RSS

RSA encryption & key management

932586 Newbie
Currently Being Moderated
Hi everybody,

I'm currently developing a SIM card applet which send/receive apdu to/from an Android application.

I'd like to be able to encrypt/decrypt messages in the SIM card. I'd like to encrypt messages using a private key stored in the SIM card and I'd like to decrypt messages using a public key stored in a web server.

I know how to crypt/encrypt messages with RSA with keys that I have created in the applet.

I have 2 issues :
- I have a RSAPrivateKey and a RSAPublicKey that I have created in the applet. How could I get back the public key? I'd like to stored this public key in my server. What is the best way to realize this?
- I have another public key stored on a server which communicates with the Android application. What is the best way to store the public key in the applet? When have I to do this?

Thanks for your answers and I'm really sorry about my english.

Cheers,
M.
  • 1. Re: RSA encryption & key management
    safarmer Expert
    Currently Being Moderated
    Hi,

    You will need create two commands in your applet.

    1) Get Key: this will return the bytes of your key that you can get from key.getModulus() and key.getExponent(). Depending on the size of your keys you may need to have two APDU's for the entire key (use P1 or P2 to indicate which part of the key you are after)
    2) Put Key: this will take the bytes of your key that you want to store and put them into a key object. Depending on the size of your keys you may need to have two APDU's for the entire key (use P1 or P2 to indicate which part of the key you are sending)

    Shane
  • 2. Re: RSA encryption & key management
    932586 Newbie
    Currently Being Moderated
    Hi Shane,

    Thank you for your answer.

    I did a mistake in my first post. I'd like to encrypt with a public key and decrypt with a private key.

    I have a question : is it better to create the key pair in the applet and get back the public key using a command like you said (get key) or is it better to create the key pair offcard and send it to the applet (public + private)?

    M.
  • 3. Re: RSA encryption & key management
    932586 Newbie
    Currently Being Moderated
    I want to add something : when I try to create the key pair in the applet with this code :

    -------------------------------------------------------------------------------------------------------------------
    rsa_KeyPair = new KeyPair( KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_512 );
    rsa_KeyPair.genKeyPair();
    rsa_PublicKey = (RSAPublicKey) rsa_KeyPair.getPublic();
    rsa_PrivateKey = (RSAPrivateKey) rsa_KeyPair.getPrivate();
    ------------------------------------------------------------------------------------------------------------------

    (I don't know how to use the text-coloration)

    And I want to get back the modulus and the exponent of the public key like this :

    --------------------------------------------------------------------------------------------------

    private void getModulusPublicKey(APDU apdu){
         byte a[] = apdu.getBuffer();
         short size = rsa_PublicKey.getModulus(a, (short)0);
    apdu.setOutgoing();
    apdu.setOutgoingLength((short) size);
    apdu.sendBytesLong(a, (short) dataOffset, (short) size );
    }

    public void     getExponentPublicKey(APDU apdu){
         byte a[] = apdu.getBuffer();
         short size = rsa_PublicKey.getExponent(a, (short)0);
    apdu.setOutgoing();
    apdu.setOutgoingLength((short) size);
    apdu.sendBytesLong(a, (short) dataOffset, (short) size );
    }

    --------------------------------------------------------------------------------------------------

    The value of the modulus is always : CLA: 90, INS: 22, P1: 00, P2: 00, Lc: 00, Le: 03, 00, 00, 00, SW1: 90, SW2: 00

    0x00 0x00 0x00 : it doesn't look like a good modulus...

    Do you have explanation?

    Thank you,

    M.
  • 4. Re: RSA encryption & key management
    safarmer Expert
    Currently Being Moderated
    rsa_KeyPair = new KeyPair( KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_512 );
    rsa_KeyPair.genKeyPair();
    rsa_PublicKey = (RSAPublicKey) rsa_KeyPair.getPublic();
    rsa_PrivateKey = (RSAPrivateKey) rsa_KeyPair.getPrivate();
    (I don't know how to use the text-coloration)
    Use {code} tags :)

    And I want to get back the modulus and the exponent of the public key like this :
    private void getModulusPublicKey(APDU apdu){
         byte a[] = apdu.getBuffer();  
         short size = rsa_PublicKey.getModulus(a, (short)0);
    apdu.setOutgoing();
    apdu.setOutgoingLength((short) size);
    apdu.sendBytesLong(a, (short) dataOffset, (short) size );
    } 
    
    public void     getExponentPublicKey(APDU apdu){
         byte a[] = apdu.getBuffer();  
         short size = rsa_PublicKey.getExponent(a, (short)0);
    apdu.setOutgoing();
    apdu.setOutgoingLength((short) size);
    apdu.sendBytesLong(a, (short) dataOffset, (short) size );
    }
    The value of the modulus is always : CLA: 90, INS: 22, P1: 00, P2: 00, Lc: 00, Le: 03, 00, 00, 00, SW1: 90, SW2: 00

    0x00 0x00 0x00 : it doesn't look like a good modulus...

    Do you have explanation?
    The problem is with your offsets. You are copying into the APDU buffer at 0 but sending from dataOffset which could be anything. You are getting the correct length but since the APDU buffer has been zeroed out you are getting that response.

    Since you are copying into the APDU buffer you can use the setOutgoingAndSend convenience method to clean up your code a little (see the following example):
    byte[] buf = apdu.getBuffer();
    short len = rsa_PublicKey.getModulus(buf, (short) 0);
    apdu.setOutgoingAndSend((short) 0, len);
    Shane
  • 5. Re: RSA encryption & key management
    936078 Newbie
    Currently Being Moderated
    Hi,

    I studied for several days and find out that the only way for a Android app to communicate with a SIM card applet is by seek-for-android. Is this your way to do such work? If not, could you please explain how does a SIM card applet to send/receive apdu to/from an Android application?

    Thanks

    cao

    Edited by: 933075 on May 10, 2012 3:28 AM
  • 6. Re: RSA encryption & key management
    932586 Newbie
    Currently Being Moderated
    Hi all,

    Thank you Shane.

    I'm using seek-for-android for the communication between a Android app and a SIM card applet.

    See ya
  • 7. Re: RSA encryption & key management
    safarmer Expert
    Currently Being Moderated
    933075 wrote:
    I studied for several days and find out that the only way for a Android app to communicate with a SIM card applet is by seek-for-android. Is this your way to do such work? If not, could you please explain how does a SIM card applet to send/receive apdu to/from an Android application?
    SEEK is the only way at the moment to send an APDU from Android to SIM. The problem is that this API may not work with all basebands and handsets since it is not standardised in Android (yet?). Currently the connection to the SIM is through the phones baseband modem so the telephony provider needs to be used. SEEK actually patches some of the Android classes for this to work.

    Have you been able to communicate with the SIM? Which handset and version of Android (AOSP?) are you using?

    Shane
  • 8. Re: RSA encryption & key management
    922951 Newbie
    Currently Being Moderated
    I think you will need help of Mobile Phone manufacture ,as i remember that in seek they use microSD from G&D instead of SIM Card.

    You may use Open Mobile API published by SIM Alliance and approved by many company except Google to communicate with different secure element.

    Best Regards
    Nabil
  • 9. Re: RSA encryption & key management
    safarmer Expert
    Currently Being Moderated
    Nabil wrote:
    I think you will need help of Mobile Phone manufacture ,as i remember that in seek they use microSD from G&D instead of SIM Card.

    You may use Open Mobile API published by SIM Alliance and approved by many company except Google to communicate with different secure element.
    From my understanding, SEEK works with microSD, SIM and embedded secure elements in a handset. The problem is that you need manufacturer support for it as it uses the telephony manager of the handset and it uses things like the baseband modem to get to the SIM etc.

    Shane

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points