3 Replies Latest reply: Mar 12, 2012 8:18 AM by 801926 RSS

    ECPrivateKey.setS throws CryptoException

    917095
      Hi,

      I'm trying to initialize keys over fields GF(2n) using a JCOP41 on which I installed my applet.

      The problem is simple. I had a look at Elliptic curve cryptography (ECC) to see how to enter the parameters of the key (here, for 113-bit keys).

      I successfully put e (trinomial), a, b, G and R, but I have some difficulties with S.

      According to "Standards for Efficient Cryptography (SEC)" version 1 (September 20, 2000), S is 20-byte long in this case. However, when I look at the code below, I only see the 15 first bytes for S.
      byte[] valS={(byte)0x10,(byte)0xE7,(byte)0x23,(byte)0xAB,(byte)0x14,(byte)0xD6,(byte)0x96,
          (byte)0xE6,(byte)0x76,(byte)0x87,(byte)0x56,(byte)0x15,(byte)0x17,(byte)0x56,
          (byte)0xFE};
      . . .
      ecPrivateKey.setS(valS,(short)0,(short)valS.length);
      . . .
      ecPrivateKey.setS(buf, ISO7816.OFFSET_CDATA, ISO7816.OFFSET_LC);
      Later in the code I see this:
      /*
       * expected parameters for keylength = 113
       a = 00 30 88 25 0C A6 E7 C7 FE 64 9C E8 58 20 F7
       b = 00 E8 BE E4 D3 E2 26 07 44 18 8B E0 E9 C7 23
       G = 04 00 9D 73 61 6F 35 F4 AB 14 07 D7 35 62 C1 
             0F 00 A5 28 30 27 79 58 EE 84 D1 31 5E D3 18 86
       S = 10E723AB 14D696E6 76875615 1756FEBF 8FCB49A9
       n = 010000 00000000 00D9CCEC 8A39E56F
       */
      So it seems S is 20-byte long after all. Where are the last 5 bytes, in the second call to "setS"?

      And why does this work while when I put the 20 bytes (see below) it doesn't (exception is thrown)?
      byte[] valS = { (byte) 0x10, (byte) 0xE7, (byte) 0x23,
          (byte) 0xAB, (byte) 0x14, (byte) 0xD6, (byte) 0x96,
          (byte) 0xE6, (byte) 0x76, (byte) 0x87, (byte) 0x56,
          (byte) 0x15, (byte) 0x17, (byte) 0x56, (byte) 0xFE,
          (byte) 0xBF, (byte) 0x8F, (byte) 0xCB, (byte) 0x49,
          (byte) 0xA9 };
      try {
          ecPrivateKey.setS(valS, (short) 0,
              (short) valS.length);
      } catch (CryptoException e) {
          ISOException.throwIt((short) 0x2222);
      }
      Thanks
      Guillaume
        • 1. Re: ECPrivateKey.setS throws CryptoException
          safarmer
          Hi,
          According to "Standards for Efficient Cryptography (SEC)" version 1 (September 20, 2000), S is 20-byte long in this case. However, when I look at the code below, I only see the 15 first bytes for S.
          byte[] valS={(byte)0x10,(byte)0xE7,(byte)0x23,(byte)0xAB,(byte)0x14,(byte)0xD6,(byte)0x96,
          (byte)0xE6,(byte)0x76,(byte)0x87,(byte)0x56,(byte)0x15,(byte)0x17,(byte)0x56,
          (byte)0xFE};
          . . .
          ecPrivateKey.setS(valS,(short)0,(short)valS.length);
          . . .
          ecPrivateKey.setS(buf, ISO7816.OFFSET_CDATA, ISO7816.OFFSET_LC);
          So it seems S is 20-byte long after all. Where are the last 5 bytes, in the second call to "setS"?
          What makes you say the second call has 15 bytes? The second call extracts the value from the command APDU and as such places as many bytes as you have in the command in S.

          Cheers,
          Shane
          • 2. Re: ECPrivateKey.setS throws CryptoException
            917095
            Ok, but is it supposed to work whatever the length of S? In my case it only works with S of length 15 bytes. Is there any particular reason?

            Cheers
            Guillaume
            • 3. Re: ECPrivateKey.setS throws CryptoException
              801926
              Be careful with the naming. S in SEC is not the secret key S in Java Card. Same holds for many other parameters. 113/8 = 14.125 --> 15 byte.