6 Replies Latest reply: Aug 4, 2012 7:07 AM by 952006 RSS

    RSA Keypair cannot be generated in javacard ?

    952006
      Hello
      I got a problem about how to generate a RSA keypair in JAVACARD, I tried many different parametres, but I cannot install my applet in my emulator.
      public class RSAencry extends Applet {
      
          RSAPrivateKey  rsa_PrivateKey;
          RSAPublicKey rsa_PublicKey;
          KeyPair rsa_KeyPair;
          Cipher cipherRSA;
          //private byte buffer[];
          //byte TheBuffer[];
          final short dataOffset = (short) ISO7816.OFFSET_CDATA;
          
          //constructor
          
          private RSAencry()
          {
              //generate own rsa_keypair
               //rsa_KeyPair = new KeyPair( KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_2048 );
               //super();
               try
               {
               //TheBuffer = new byte[100];
               rsa_KeyPair = new KeyPair( KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_512 );
               //rsa_PublicKey.setExponent (TheBuffer, (short)0, (short)1);
               rsa_KeyPair.genKeyPair();
              rsa_PublicKey = (RSAPublicKey) rsa_KeyPair.getPublic();
              //rsa_PrivateCrtKey = (RSAPrivateCrtKey) rsa_KeyPair.getPrivate();
              rsa_PrivateKey = (RSAPrivateKey) rsa_KeyPair.getPrivate();
              //buffer = new byte[2048];
              cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
               }catch (CryptoException ex){
                    ISOException.throwIt((short) (ex.getReason()));
               }
              //register(bArray, (short) (bOffset), bArray[bOffset]);
          }
      
           public static void install(byte[] bArray, short bOffset, byte bLength) {
                // GP-compliant JavaCard applet registration
                new RSAencry().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
           }
      
           public void process(APDU apdu) {
                // Good practice: Return 9000 on SELECT
                if (selectingApplet()) {
                     return;
                }
      
                byte[] buf = apdu.getBuffer();
                switch (buf[ISO7816.OFFSET_INS]) {
                case (byte) 0x00:
                     break;
                default:
                     // good practice: If you don't know the INStruction, say so:
                     ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                }
           }
      
      }
      The log shows as below:
      (2233 usec)
      <= 00 90 00 ...
      Status: No Error
      Load report:
      1358 bytes loaded in 0.0 seconds
      effective code size on card:
      + package AID 6
      + applet AIDs 15
      + classes 17
      + methods 138
      + statics 0
      + exports 0
      ------------------------------
      overall 176 bytes
      cm> install -i 525341656e637279 -q C9#() 525341656e63 525341656e637279
      => 80 E6 0C 00 1F 06 52 53 41 65 6E 63 08 52 53 41 ......RSAenc.RSA
      65 6E 63 72 79 08 52 53 41 65 6E 63 72 79 01 00 encry.RSAencry..
      02 C9 00 00 00 .....
      (122771 usec)
      <= 6A 80 j.
      Status: Wrong data
      jcshell: Error code: 6a80 (Wrong data)
      jcshell: Wrong response APDU: 6A80
      Unexpected error; aborting execution


      I almost removed all other codes, but it still can not intalled in card emulator.
      Does anyone can tell me that's why?

      Edited by: 949003 on 2012-8-3 上午8:05

      Edited by: 949003 on 2012-8-3 上午8:07
        • 1. Re: RSA Keypair cannot be generated in javacard ?
          safarmer
          I assume by your output that you are using JCOP tools. I am not sure if it supports 512 bit keys. Try using a 2048 but key instead.

          - Shane
          • 2. Re: RSA Keypair cannot be generated in javacard ?
            952006
            I tried 2048bit key instead, Its the same problem.
            and I also used JCSuite3.0 to test my program, Its cannot be installed.
            • 3. Re: RSA Keypair cannot be generated in javacard ?
              safarmer
              You have a class cast exception. You can use either of the following:
              RSAPrivateCrtKey rsa_PrivateKey = (RSAPrivateCrtKey) rsa_KeyPair.getPrivate();
              /* OR */
              PrivateKey rsa_PrivateKey = rsa_KeyPair.getPrivate();
              While both RSAPrivateCrtKey and RSAPrivateKey interfaces extend PrivateKey, they are not castable to each other.

              - Shane
              • 4. Re: RSA Keypair cannot be generated in javacard ?
                952006
                Thanks Shane
                I even removed those senteces.
                public class RSAencry extends Applet {
                
                    private KeyPair rsa_KeyPair; 
                    Cipher cipherRSA;
                    
                    //constructor
                    
                    private RSAencry()
                    {
                
                         try
                         {
                
                         new KeyPair( KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048 );
                         rsa_KeyPair.genKeyPair();
                
                         }catch (CryptoException ex){
                              ISOException.throwIt((short) (ex.getReason()));
                         }
                        //register(bArray, (short) (bOffset), bArray[bOffset]);
                    }
                
                     public static void install(byte[] bArray, short bOffset, byte bLength) {
                          // GP-compliant JavaCard applet registration
                          new RSAencry().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
                     }
                
                     public void process(APDU apdu) {
                          // Good practice: Return 9000 on SELECT
                          if (selectingApplet()) {
                               return;
                          }
                
                          byte[] buf = apdu.getBuffer();
                          switch (buf[ISO7816.OFFSET_INS]) {
                          case (byte) 0x00:
                               break;
                          default:
                               // good practice: If you don't know the INStruction, say so:
                               ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
                          }
                     }
                
                }
                and I still got this log

                Status: No Error
                Load report:
                1089 bytes loaded in 0.0 seconds
                effective code size on card:
                + package AID 6
                + applet AIDs 15
                + classes 17
                + methods 101
                + statics 0
                + exports 0
                ------------------------------
                overall 139 bytes
                cm> install -i 525341656e637279 -q C9#() 525341656e63 525341656e637279
                => 80 E6 0C 00 1F 06 52 53 41 65 6E 63 08 52 53 41 ......RSAenc.RSA
                65 6E 63 72 79 08 52 53 41 65 6E 63 72 79 01 00 encry.RSAencry..
                02 C9 00 00 00 .....
                (7334 usec)
                <= 6A 80 j.
                Status: Wrong data
                jcshell: Error code: 6a80 (Wrong data)
                jcshell: Wrong response APDU: 6A80
                Unexpected error; aborting execution
                • 5. Re: RSA Keypair cannot be generated in javacard ?
                  safarmer
                  Now the problem is you changed from KeyPair.ALG_RSA_CRT to KeyPair.ALG_RSA. Many (if not most) cards only support CRT private keys as the calculation is more efficient (some parts are pre-calculated in the key itself).

                  - Shane
                  • 6. Re: RSA Keypair cannot be generated in javacard ?
                    952006
                    Thanks Sooooooooooooooooooooooooooooooooooo much. This problem makes me want to die.
                    I should check all API spe more carefully and Everytime should change only one parameter.

                    Edited by: 949003 on 2012-8-4 上午5:06