Geek Answers Handbook

ALG_RSA_NOPAD on the Java map

In order to efficiently calculate the square in the Java map, I want to use the ALG_RSA_NOPAD algorithm with a score of 2 , and the module is larger than the expected result (therefore, modular reduction has no effect).

But I can not use the ALG_RSA_NOPAD algorithm. In fact, when I call the doFinal() method, I get a CryptoException that is equal to ILLEGAL_VALUE . In the Java Card 2.2.2 specification, he said that:

CryptoException.ILLEGAL_USE if one of the following conditions is true:

• This encryption algorithm does not populate the message, and the message is not block aligned.

• This encryption algorithm does not populate the message, and no input was provided by inBuff or using the update () method.

• The length of the input message is not supported.

• Decrypted data is not limited to the corresponding fill bytes.

So, I came to the conclusion that my message is not block aligned. But what does block alignment mean for this algorithm? Does my message have the same length as the module? Index? I tried different things, but I did not find ...

Relevant Code:

  byte[] res_RSA = new byte[(short) 0x0080]; KeyPair rsa_KeyPair = new KeyPair(KeyPair.ALG_RSA,KeyBuilder.LENGTH_RSA_1024); rsa_KeyPair.genKeyPair(); RSAPublicKey rsa_PubKey; rsa_PubKey = (RSAPublicKey) rsa_KeyPair.getPublic(); rsa_PubKey.setExponent(new byte[]{(byte) 0x02}, (short) 0x00000, (short) 0x0001); rsa_PubKey.setModulus(new byte[] { (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, }, (short) 0x0000, (short) 0x0080); cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false); x = new byte[] { (byte) 0x0C, (byte) 0xE2, (byte) 0x65, (byte) 0x92, (byte) 0x98, (byte) 0x84, (byte) 0x4C, (byte) 0x6C, (byte) 0x39, (byte) 0x31, (byte) 0x78, (byte) 0x22, (byte) 0x99, (byte) 0x39, (byte) 0xAD, (byte) 0xAD, (byte) 0x74, (byte) 0x31, (byte) 0x45, (byte) 0xD2, (byte) 0xB9, (byte) 0x37, (byte) 0xB2, (byte) 0x92, (byte) 0x7D, (byte) 0x32, (byte) 0xE9, (byte) 0x70, (byte) 0x91, (byte) 0x7D, (byte) 0x78, (byte) 0x45, (byte) 0xC9, (byte) 0x5C, (byte) 0xF9, (byte) 0xF2, (byte) 0xFD, (byte) 0xB9, (byte) 0xAE, (byte) 0x6C, (byte) 0xC9, (byte) 0x42, (byte) 0x64, (byte) 0xBA, (byte) 0x2A, (byte) 0xCE, (byte) 0x5A, (byte) 0x71, (byte) 0x60, (byte) 0x58, (byte) 0x56, (byte) 0x17, (byte) 0x2E, (byte) 0x25, (byte) 0xDD, (byte) 0x47, (byte) 0x23, (byte) 0x6B, (byte) 0x15, (byte) 0x76, (byte) 0x8F, (byte) 0x2A, (byte) 0x87, (byte) 0xC7 }; cipherRSA.init(rsa_PubKey, Cipher.MODE_ENCRYPT); cipherRSA.doFinal(x, (short) 0x0000, (short) 0x0040, res_RSA, (short) 0x0000);

So, CryptoException raised in the last line, but I really don't understand why.

(Note that in my code, I set the module to the largest value of 128 bytes in length to make sure the square will not be affected.)

+6
source share
2 answers

Well, on my card the message should be the same length as the module . I thought I tested this case, but I did not agree with the biases.

Thus, even my message is no longer than the module (I could not calculate the square), I have to fill the array with zeros.

+3
source

Often, RSA is checked only for working with some public exhibitors for a specific implementation of a Java map. It is very likely that this question will disappear if you use a wider public indicator, such as 65537 ( 0x01, 0x00, 0x01 ). Refer to the user guide for your chip / platform.

Note that such non-populated calculations are not safe for RSA. This means that it may be difficult for them to explain to certification authorities. You may have more luck implementing Diffie-Hellman (if any).

+2
source

More articles:


All Articles