Skip to Main Content

Java Card

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Java Card Decryption/OpenSSL Encryption

User_Q97K6Dec 12 2022 — edited Dec 12 2022

Hey,
I try to encrypt my Applet data with an RSA Public Key from my Server.
I use open ssl 3.0.7 and keys are generated like this
openssl genrsa -traditional -out "C:\test\traditional_private.txt" 1024
openssl rsa -traditional -in "C:\test\traditional_private.txt" -pubout -out "C:\test\opublic_traditional.txt"
------
this is my Applet code:
private void setPublicKeyValues(APDU apdu) {
byte[] buf = apdu.getBuffer();
// Check if Parameter P2 Contains supported request for Public Key
byte keyElement = (byte) (buf[ISO7816.OFFSET_P2] & 0xFF);

  if ((keyElement != 0x00) && (keyElement != 0x01))  
     ISOException.throwIt(ISO7816.SW\_INCORRECT\_P1P2);  
  else {  
     // keyElement = 0 is set for Modulus  
     if (keyElement == 0) {     
        short numBytes = apdu.setIncomingAndReceive();  

        transientByteBufferModulus = JCSystem.makeTransientByteArray(numBytes, JCSystem.CLEAR\_ON\_DESELECT);  

        Util.arrayCopy(buf, ISO7816.OFFSET\_CDATA, transientByteBufferModulus, (short) 0, numBytes);  
     }  
     // Set for exponent  
     else if (keyElement == 1) {  
        short numBytes = apdu.setIncomingAndReceive();  

        transientByteBufferExponent = JCSystem.makeTransientByteArray(numBytes, JCSystem.CLEAR\_ON\_DESELECT);  

        Util.arrayCopy(buf, ISO7816.OFFSET\_CDATA, transientByteBufferExponent, (short) 0, numBytes);  
     }  
  }  

}

private void buildPublicKey(APDU apdu) {
// Create one key instance;
//ALG_RSA_CRT
rsa_PublicKey = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_1024,
false);
// Set key value with key value bytes: rsa public key N;
rsa_PublicKey.setModulus(transientByteBufferModulus, (short) 0, (short) transientByteBufferModulus.length);
// Set key value with key value bytes: rsa public key E;
rsa_PublicKey.setExponent(transientByteBufferExponent, (short) 0, (short) transientByteBufferExponent.length);
// You can use the key now ...

Cipher rsaCipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);

  rsaCipher.init(rsa\_PublicKey, Cipher.MODE\_ENCRYPT);  


  byte\[\] buffer = apdu.getBuffer();  

  short len = apdu.setIncomingAndReceive();  

  try {  
     short outlen = rsaCipher.doFinal(pseudonym, (short) 0, (short) pseudonym.length, buffer, (short) 0);  
     apdu.setOutgoingAndSend((short) 0, outlen);  
  } catch (CryptoException e) {  
     switch (e.getReason()) {  
     case CryptoException.UNINITIALIZED\_KEY:  
        ISOException.throwIt(SW\_UNINITIALIZED\_KEY);  
        return;  
     case CryptoException.INVALID\_INIT:  
        ISOException.throwIt(SW\_INVALID\_INIT);  
        return;  
     case CryptoException.ILLEGAL\_USE:  
        ISOException.throwIt(SW\_ILLEGAL\_USE);  
        return;  
     default:  
        ISOException.throwIt(ISO7816.SW\_COMMAND\_NOT\_ALLOWED);  
     }  
  }  

}
The Applet deliveres the data as an RPDU.
I convert the Hex data to Base64 with this online tool
Hex to Base64 | Base64 Encode | Base64 Converter | Base64 (0 Bytes)And decode the base 64 like this
openssl enc -d -base64 -in "C:\test\encrypted_testdata_as_base64.txt" -A -out "C:\test\encrypted_testdata.txt"
If I use this data to decrypt I get this error:

openssl pkeyutl -decrypt -inkey "C:\test\traditional_private.txt" -in "C:\test\encrypted_testdata.txt" -out "C:\test\testdata_encrypted_decrypted.txt"
Public Key operation error
48250000:error:0200009F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error:..\crypto\rsa\rsa_pk1.c:269:
48250000:error:02000072:rsa routines:rsa_ossl_private_decrypt:padding check failed:..\crypto\rsa\rsa_ossl.c:500:

does someone know where the padding is lost? what do I have to do to keep the padding?

Comments

Post Details

Added on Dec 12 2022
0 comments
488 views