This discussion is archived
1 2 3 Previous Next 40 Replies Latest reply: Jan 21, 2013 1:03 AM by PhHein RSS

Elliptic curve cryptography (ECC)

843851 Newbie
Currently Being Moderated
Hi ,
Are there anybody that has tested elliptic curve cryptography on javacard ?
I'am looking for implementation and I've got performance issues. Is it sutable algorithm for javacard?
  • 1. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    I tested EC crypto on JCOP cards. All JC-TCK tests pass. We could comment on performance if you post a code snippet.

    I think ECC is quite suitable for Java Card. It is a good alternative to RSA. The next generation ePassports (Extended Access Control) use ECC.
  • 2. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    Hi,

    how are you generating EC-keys?

    If I use the line:

    ECPrivateKey ecPrivKey = (ECPrivateKey)KeyBuilder.buildKey(TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_112, false);

    I get a CryptoException: NO_SUCH_ALGORITHM.

    Is my assumtion wrong that the JavaCard Framework 2.2.1 does support ECC?

    Thanks,

    Phil
  • 3. Re: Elliptic curve cryptography (ECC)
    803060 Newbie
    Currently Being Moderated
    Algorithm support isn't a JC issue but an implementor issue. Just because it's in the API doesn't mean it's implemented. It's up to the implementors to pick which algorithms they want to support.

    Remember, that exception is thrown for unsupported key lengths too. Read ur docs that came with the card. If you don't have any, what I've done is written a crypto applet that will traverse thru all key lengths to find the supported one. Not pretty, but it works.
  • 4. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    TYPE_EC_FP_PRIVATE and LENGTH_EC_FP_112 is not supported by JCOP. JCOP supports the following EC key pair: ALG_EC_F2M_.. and for key length all specified EC_F2M constants.
  • 5. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    Thanks for support.

    Actually I was using the JCOP emulator.

    Now I also tested the simulator & emulator from sun which both don't seem to support ECC.

    I guess I need to purchase an appropriate card to get this sorted. Have you got any recommendations which card I should use?
  • 6. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    JCOP supports ECC: TYPE_EC_F2M. You mean you need exactly TYPE_EC_FP?
  • 7. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    No, either type would be fine!

    But when I call the above statement with parameter: TYPE_EC_F2M_PRIVATE and LENGTH_EC_F2M_113 (or other lengths) it still fails.

    I am using the JCOP Tools version 3.1.2.
  • 8. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    Well I checked TYPE_EC_F2M with all key lengths on my JCOP card and it works (No CryptoException NO_SUCH_ALGORITHM, but correct calculation). What JCOP version do you have? You might have a Visa config 1 card, which has no PKI at all. Could you post the /identify response?
  • 9. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    Ah, missed that you are using the simulator. The simulator reflects all but ECC. This part is not implemented in the JCOP simulator but existent on the real device.
  • 10. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    hi,
    I'd like to implement a simple ECC encryption applet, do you have any advice on how to procede, if you can provide a code sample or you have any suggestion as I am not experienced on this.

    Thank you in advance for any help you can provide me.

    Marco
  • 11. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    Find an intro on ECC and read the Java Card API on ECC.
  • 12. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    hi lexdabear,
    I have some questions to ask you.
    Here is what I think is needed in order to implement a draft code:

     byte[] tmp; /** Temporary buffer in RAM. */
     byte state; /** The applet state (INIT or ISSUED). */
     ECPublicKey pubKey; /** Key for encryption. */
     ECPrivateKey privKey;  /** Key for decryption. */
     Cipher cipher;  /** Cipher for encryption and decryption. */
     tmp = JCSystem.makeTransientByteArray((short)256,JCSystem.CLEAR_ON_RESET);
     pubKey  = (ECPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC,KeyBuilder.LENGTH_EC_FP_128,false);
    privKey = (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE,KeyBuilder.LENGTH_EC_FP_128,false);
     cipher = Cipher.getInstance(Cipher.ALG_DES_CBC_PKCS5,false);
                         
                 /* Public*/
            pubKey.setA(buff,(short)0,lc); 
                 pubKey.setB(buff,(short)0,lc);
                 pubKey.setG(buff,(short)0,lc);
               pubKey.setK((short)0);       
               pubKey.setR(buff,(short)0,lc); 
               pubKey.setW( buff,(short)0,lc); 
               
               /*private*/
               privKey.setA(buff2,(short)0,lc);
               privKey.setB(buff2,(short)0,lc);
                 privKey.setG(buff2,(short)0,lc);
                 privKey.setK((short)0);     
               privKey.setR(buff2,(short)0,lc);
               privKey.setS(buff2,(short)0,lc);
               }
    Is this everything I need or do I need to extends the abstract class KeyAgreement?

    marco
  • 13. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    What do you want to do with ECC?
    - populate private or public key
    - encrypt
    - key agreement
  • 14. Re: Elliptic curve cryptography (ECC)
    843851 Newbie
    Currently Being Moderated
    I want to do digital signature for an input text (so I need to populate both private and public keys)
1 2 3 Previous Next