Hey,
I try to encrypt my Applet data with an RSA Public Key from my Server.
I use open ssl 3.0.7 and keys are generated like this
openssl genrsa -traditional -out "C:\test\traditional_private.txt" 1024
openssl rsa -traditional -in "C:\test\traditional_private.txt" -pubout -out "C:\test\opublic_traditional.txt"
------
this is my Applet code:
private void setPublicKeyValues(APDU apdu) {
byte[] buf = apdu.getBuffer();
// Check if Parameter P2 Contains supported request for Public Key
byte keyElement = (byte) (buf[ISO7816.OFFSET_P2] & 0xFF);
if ((keyElement != 0x00) && (keyElement != 0x01))
ISOException.throwIt(ISO7816.SW\_INCORRECT\_P1P2);
else {
// keyElement = 0 is set for Modulus
if (keyElement == 0) {
short numBytes = apdu.setIncomingAndReceive();
transientByteBufferModulus = JCSystem.makeTransientByteArray(numBytes, JCSystem.CLEAR\_ON\_DESELECT);
Util.arrayCopy(buf, ISO7816.OFFSET\_CDATA, transientByteBufferModulus, (short) 0, numBytes);
}
// Set for exponent
else if (keyElement == 1) {
short numBytes = apdu.setIncomingAndReceive();
transientByteBufferExponent = JCSystem.makeTransientByteArray(numBytes, JCSystem.CLEAR\_ON\_DESELECT);
Util.arrayCopy(buf, ISO7816.OFFSET\_CDATA, transientByteBufferExponent, (short) 0, numBytes);
}
}
}
private void buildPublicKey(APDU apdu) {
// Create one key instance;
//ALG_RSA_CRT
rsa_PublicKey = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_1024,
false);
// Set key value with key value bytes: rsa public key N;
rsa_PublicKey.setModulus(transientByteBufferModulus, (short) 0, (short) transientByteBufferModulus.length);
// Set key value with key value bytes: rsa public key E;
rsa_PublicKey.setExponent(transientByteBufferExponent, (short) 0, (short) transientByteBufferExponent.length);
// You can use the key now ...
Cipher rsaCipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
rsaCipher.init(rsa\_PublicKey, Cipher.MODE\_ENCRYPT);
byte\[\] buffer = apdu.getBuffer();
short len = apdu.setIncomingAndReceive();
try {
short outlen = rsaCipher.doFinal(pseudonym, (short) 0, (short) pseudonym.length, buffer, (short) 0);
apdu.setOutgoingAndSend((short) 0, outlen);
} catch (CryptoException e) {
switch (e.getReason()) {
case CryptoException.UNINITIALIZED\_KEY:
ISOException.throwIt(SW\_UNINITIALIZED\_KEY);
return;
case CryptoException.INVALID\_INIT:
ISOException.throwIt(SW\_INVALID\_INIT);
return;
case CryptoException.ILLEGAL\_USE:
ISOException.throwIt(SW\_ILLEGAL\_USE);
return;
default:
ISOException.throwIt(ISO7816.SW\_COMMAND\_NOT\_ALLOWED);
}
}
}
The Applet deliveres the data as an RPDU.
I convert the Hex data to Base64 with this online tool
Hex to Base64 | Base64 Encode | Base64 Converter | Base64 (0 Bytes)And decode the base 64 like this
openssl enc -d -base64 -in "C:\test\encrypted_testdata_as_base64.txt" -A -out "C:\test\encrypted_testdata.txt"
If I use this data to decrypt I get this error:
openssl pkeyutl -decrypt -inkey "C:\test\traditional_private.txt" -in "C:\test\encrypted_testdata.txt" -out "C:\test\testdata_encrypted_decrypted.txt"
Public Key operation error
48250000:error:0200009F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error:..\crypto\rsa\rsa_pk1.c:269:
48250000:error:02000072:rsa routines:rsa_ossl_private_decrypt:padding check failed:..\crypto\rsa\rsa_ossl.c:500:
does someone know where the padding is lost? what do I have to do to keep the padding?