1 2 3 Previous Next 40 Replies Latest reply: Jan 21, 2013 3:03 AM by PhHein RSS

    Elliptic curve cryptography (ECC)

      Hi ,
      Are there anybody that has tested elliptic curve cryptography on javacard ?
      I'am looking for implementation and I've got performance issues. Is it sutable algorithm for javacard?
        • 1. Re: Elliptic curve cryptography (ECC)
          I tested EC crypto on JCOP cards. All JC-TCK tests pass. We could comment on performance if you post a code snippet.

          I think ECC is quite suitable for Java Card. It is a good alternative to RSA. The next generation ePassports (Extended Access Control) use ECC.
          • 2. Re: Elliptic curve cryptography (ECC)

            how are you generating EC-keys?

            If I use the line:

            ECPrivateKey ecPrivKey = (ECPrivateKey)KeyBuilder.buildKey(TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_112, false);

            I get a CryptoException: NO_SUCH_ALGORITHM.

            Is my assumtion wrong that the JavaCard Framework 2.2.1 does support ECC?


            • 3. Re: Elliptic curve cryptography (ECC)
              Algorithm support isn't a JC issue but an implementor issue. Just because it's in the API doesn't mean it's implemented. It's up to the implementors to pick which algorithms they want to support.

              Remember, that exception is thrown for unsupported key lengths too. Read ur docs that came with the card. If you don't have any, what I've done is written a crypto applet that will traverse thru all key lengths to find the supported one. Not pretty, but it works.
              • 4. Re: Elliptic curve cryptography (ECC)
                TYPE_EC_FP_PRIVATE and LENGTH_EC_FP_112 is not supported by JCOP. JCOP supports the following EC key pair: ALG_EC_F2M_.. and for key length all specified EC_F2M constants.
                • 5. Re: Elliptic curve cryptography (ECC)
                  Thanks for support.

                  Actually I was using the JCOP emulator.

                  Now I also tested the simulator & emulator from sun which both don't seem to support ECC.

                  I guess I need to purchase an appropriate card to get this sorted. Have you got any recommendations which card I should use?
                  • 6. Re: Elliptic curve cryptography (ECC)
                    JCOP supports ECC: TYPE_EC_F2M. You mean you need exactly TYPE_EC_FP?
                    • 7. Re: Elliptic curve cryptography (ECC)
                      No, either type would be fine!

                      But when I call the above statement with parameter: TYPE_EC_F2M_PRIVATE and LENGTH_EC_F2M_113 (or other lengths) it still fails.

                      I am using the JCOP Tools version 3.1.2.
                      • 8. Re: Elliptic curve cryptography (ECC)
                        Well I checked TYPE_EC_F2M with all key lengths on my JCOP card and it works (No CryptoException NO_SUCH_ALGORITHM, but correct calculation). What JCOP version do you have? You might have a Visa config 1 card, which has no PKI at all. Could you post the /identify response?
                        • 9. Re: Elliptic curve cryptography (ECC)
                          Ah, missed that you are using the simulator. The simulator reflects all but ECC. This part is not implemented in the JCOP simulator but existent on the real device.
                          • 10. Re: Elliptic curve cryptography (ECC)
                            I'd like to implement a simple ECC encryption applet, do you have any advice on how to procede, if you can provide a code sample or you have any suggestion as I am not experienced on this.

                            Thank you in advance for any help you can provide me.

                            • 11. Re: Elliptic curve cryptography (ECC)
                              Find an intro on ECC and read the Java Card API on ECC.
                              • 12. Re: Elliptic curve cryptography (ECC)
                                hi lexdabear,
                                I have some questions to ask you.
                                Here is what I think is needed in order to implement a draft code:

                                 byte[] tmp; /** Temporary buffer in RAM. */
                                 byte state; /** The applet state (INIT or ISSUED). */
                                 ECPublicKey pubKey; /** Key for encryption. */
                                 ECPrivateKey privKey;  /** Key for decryption. */
                                 Cipher cipher;  /** Cipher for encryption and decryption. */
                                 tmp = JCSystem.makeTransientByteArray((short)256,JCSystem.CLEAR_ON_RESET);
                                 pubKey  = (ECPublicKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC,KeyBuilder.LENGTH_EC_FP_128,false);
                                privKey = (ECPrivateKey)KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE,KeyBuilder.LENGTH_EC_FP_128,false);
                                 cipher = Cipher.getInstance(Cipher.ALG_DES_CBC_PKCS5,false);
                                             /* Public*/
                                           pubKey.setW( buff,(short)0,lc); 
                                Is this everything I need or do I need to extends the abstract class KeyAgreement?

                                • 13. Re: Elliptic curve cryptography (ECC)
                                  What do you want to do with ECC?
                                  - populate private or public key
                                  - encrypt
                                  - key agreement
                                  • 14. Re: Elliptic curve cryptography (ECC)
                                    I want to do digital signature for an input text (so I need to populate both private and public keys)
                                    1 2 3 Previous Next