This content has been marked as final. Show 40 replies
I tested EC crypto on JCOP cards. All JC-TCK tests pass. We could comment on performance if you post a code snippet.
I think ECC is quite suitable for Java Card. It is a good alternative to RSA. The next generation ePassports (Extended Access Control) use ECC.
how are you generating EC-keys?
If I use the line:
ECPrivateKey ecPrivKey = (ECPrivateKey)KeyBuilder.buildKey(TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_112, false);
I get a CryptoException: NO_SUCH_ALGORITHM.
Is my assumtion wrong that the JavaCard Framework 2.2.1 does support ECC?
Algorithm support isn't a JC issue but an implementor issue. Just because it's in the API doesn't mean it's implemented. It's up to the implementors to pick which algorithms they want to support.
Remember, that exception is thrown for unsupported key lengths too. Read ur docs that came with the card. If you don't have any, what I've done is written a crypto applet that will traverse thru all key lengths to find the supported one. Not pretty, but it works.
TYPE_EC_FP_PRIVATE and LENGTH_EC_FP_112 is not supported by JCOP. JCOP supports the following EC key pair: ALG_EC_F2M_.. and for key length all specified EC_F2M constants.
Thanks for support.
Actually I was using the JCOP emulator.
Now I also tested the simulator & emulator from sun which both don't seem to support ECC.
I guess I need to purchase an appropriate card to get this sorted. Have you got any recommendations which card I should use?
JCOP supports ECC: TYPE_EC_F2M. You mean you need exactly TYPE_EC_FP?
No, either type would be fine!
But when I call the above statement with parameter: TYPE_EC_F2M_PRIVATE and LENGTH_EC_F2M_113 (or other lengths) it still fails.
I am using the JCOP Tools version 3.1.2.
Well I checked TYPE_EC_F2M with all key lengths on my JCOP card and it works (No CryptoException NO_SUCH_ALGORITHM, but correct calculation). What JCOP version do you have? You might have a Visa config 1 card, which has no PKI at all. Could you post the /identify response?
Ah, missed that you are using the simulator. The simulator reflects all but ECC. This part is not implemented in the JCOP simulator but existent on the real device.
I'd like to implement a simple ECC encryption applet, do you have any advice on how to procede, if you can provide a code sample or you have any suggestion as I am not experienced on this.
Thank you in advance for any help you can provide me.
Find an intro on ECC and read the Java Card API on ECC.
I have some questions to ask you.
Here is what I think is needed in order to implement a draft code:
Is this everything I need or do I need to extends the abstract class KeyAgreement?
byte tmp; /** Temporary buffer in RAM. */ byte state; /** The applet state (INIT or ISSUED). */ ECPublicKey pubKey; /** Key for encryption. */ ECPrivateKey privKey; /** Key for decryption. */ Cipher cipher; /** Cipher for encryption and decryption. */ tmp = JCSystem.makeTransientByteArray((short)256,JCSystem.CLEAR_ON_RESET); pubKey = (ECPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC,KeyBuilder.LENGTH_EC_FP_128,false); privKey = (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE,KeyBuilder.LENGTH_EC_FP_128,false); cipher = Cipher.getInstance(Cipher.ALG_DES_CBC_PKCS5,false); /* Public*/ pubKey.setA(buff,(short)0,lc); pubKey.setB(buff,(short)0,lc); pubKey.setG(buff,(short)0,lc); pubKey.setK((short)0); pubKey.setR(buff,(short)0,lc); pubKey.setW( buff,(short)0,lc); /*private*/ privKey.setA(buff2,(short)0,lc); privKey.setB(buff2,(short)0,lc); privKey.setG(buff2,(short)0,lc); privKey.setK((short)0); privKey.setR(buff2,(short)0,lc); privKey.setS(buff2,(short)0,lc); }
What do you want to do with ECC?
- populate private or public key
- key agreement
I want to do digital signature for an input text (so I need to populate both private and public keys)