Re: [Muscle] Impossible to crypt using MuscleTool

[Karsten Ohme]

Amanda Ortega schrieb:
I have entered with 128 bytes, but the ending result is not equal to the 
beginning yet:

muscleTool [MuscleCard Applet] > crypt 3

Are you sure that the public key and the private key match you have 
chosen for encryption/decryption? Try 0/1, 2/3.

Regards,
Karsten

Would you like to:
0. Abort this selection.
1. Verify
2. Encrypt

Choose (0-2): 2

Please enter text to encrypt in hexadecimal ASCII (at most 1023 characters)
Example: 30313233 for 0123

'a' aborts this query.
Enter text : 
3030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030

Select the algorithm:
0. Abort this selection.
1. RSA with no padding
2. RSA with PKCS#1 padding

Choose (0-2): 1
Result    : 
50E10165723ADF21485AC80E0924590CFB13A5799DBF60329B1ED7DDF3DAB4DFF002BB9AB4B709B064629E679ED165A89D61B2CD8F8125CFAC884F7366220F5C92AFE442804F39D39EA59706A445D68B9737653C2E2E5CE2B0BCF61B75F6D1AF0D9A44C3A26127D89F96F86043D08E79B45DFAF800C96DFBF655F76863EA31E1
Crypt Successful.
muscleTool [MuscleCard Applet] > muscleTool [MuscleCard Applet] > crypt 1

Would you like to:
0. Abort this selection.
1. Sign
2. Decrypt

Choose (0-2): 2

Please enter text to decrypt in hexadecimal ASCII (at most 1023 characters)
Example: 30313233 for 0123

'a' aborts this query.
Enter text : 
50E10165723ADF21485AC80E0924590CFB13A5799DBF60329B1ED7DDF3DAB4DFF002BB9AB4B709B064629E679ED165A89D61B2CD8F8125CFAC884F7366220F5C92AFE442804F39D39EA59706A445D68B9737653C2E2E5CE2B0BCF61B75F6D1AF0D9A44C3A26127D89F96F86043D08E79B45DFAF800C96DFBF655F76863EA31E1

Select the algorithm:
0. Abort this selection.
1. RSA with no padding
2. RSA with PKCS#1 padding

Choose (0-2): 1
Result    : 
37030122C135C7BDF9B43DA916B8B59933E5741D38FE9E9C878416C26A14B3811D8A5442128FAB0D4D1D3172560B521AF095C8D731FAFA8F7E02D74A35C9F69F5790942AE8BEBA4E461740027924A8F8D6C4978AC394C95AE691771D922883A7F6F6A9F3913F7F4E329973F97DB29A74B91DB2F244FB2A0378F92C22FC1892BF
Crypt Successful.

I can't do operation with padding, because I suppose my card doesn't 
support it:

muscleTool [MuscleCard Applet] > crypt 3

Would you like to:
0. Abort this selection.
1. Verify
2. Encrypt

Choose (0-2): 2

Please enter text to encrypt in hexadecimal ASCII (at most 1023 characters)
Example: 30313233 for 0123

'a' aborts this query.
Enter text : 
3030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030

Select the algorithm:
0. Abort this selection.
1. RSA with no padding
2. RSA with PKCS#1 padding

Choose (0-2): 2
ERR: Crypt Failed ! (0x9C03 Operation not allowed)

How can I generate a log with the APDUs?
What are the components of the keys?

Regards,
Amanda

2008/3/8, Sylvain Ferey <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>:

    At 12:28 08/03/2008 -0300, you wrote:
     >I have created two pairs of keys:
     >- Putting 0x0000 for all the ACLs (private key 0 and public key 2);
     >- Putting the ACLs recommended by muscleTools when creating the keys
     >(private key 1 and public key 3).
     >
     >When I try to crypt using the first pair, I can't do anything. But
    when I
     >try to crypt using the second pair, I can crypt and decrypt, but the
     >result at the end isn't equal to the beginning.



    all replies assume that you are using applet 0.9.8 and the code
    available at
    <http://www.linuxnet.com/musclecard/files/mcardapplet-0.9.8-GXPRAD.tgz>


    and btw, I hope I will no hurt someone but who manages that applet ?
    is that code packaged in "com.sun.javacard.samples.CardEdge"
    the right one? (sun & samples look both strange!)
    the tarball also contains some classes with same package name under a
    GemXpressoRADIII directory but these files have null length, does it
    mean
    G+ provided a not redistributive implementation ?
    my concern is that the found code looks like 2.0 sources, has lack
    of tests
    and quite poor implementation (slow and EEPROM destructive).




     >I created the keys using the scheme that the public key number is
    always 2
     >units greater then the private key, is it OK?


    both ids shall be unique (not used twice) and in range 0 .. 7
    no relationship exists between them.



     >Where can I obtain a documentation about the meaning of the ACLs?


    apparently nowhere.
    the ACL array define a set of conditions to be fulfilled for various
    operations,
    one byte per operation.

    an operation is possible (or, an ACL is granted) if all bits of that ACL
    set to '1'
    are also equal to '1' in a global security status.

    the "global security status" placeholder is the variable logged_ids
    defined
    as a short (int16) while only the lower 8 bits are used.
    the way to define specific conditions for ACL is to verify PIN(s),
    the verification of a PIN with Id /i/ turns to '1' the bit /i/ of the
    security status.

    so, if you define that the signature condition for your private key
    (meaning the 3rd int16 given as ACL during key generation) is '0004'
    you must verify the PIN Id 2 before using that key.
    (PIN Id 0 sets bit 0, Id 1 sets bit 1 and so on).

    you can also define something like ACL(use) = '0003' to enforce
    verification of PINs Id 0 AND 1 to be done to allow use of a key.




     >1)
     >$ muscleTool
     >MuscleCard shell - type "help" for help.
     >muscleTool > tokens
     >    1.    MuscleCard Applet
     >
     >ListTokens Success.
     >muscleTool > connect 1
     >Connect Success.
     >
     >2)
     >muscleTool [MuscleCard Applet] > listkeys
     >

     >         Key Type  Key Num  SIZE  READ WRT USE
     >  ---------------  -------  ----
     >  RSA PRIVATE CRT        0  1024  ALW ALW ALW
     >  RSA PRIVATE CRT        1  1024  NEV  Pin1  Pin1
     >  RSA PUBLIC                2  1024  ALW  ALW ALW
     >  RSA PUBLIC                3  1024  Pin1   Pin1 ALW

     >
     >3)
     >muscleTool [MuscleCard Applet] > verify 1


    so you can write/use priv key 1, read/write pub key 3


     >muscleTool [MuscleCard Applet] > crypt  3


    I guess this should mean: use the key Id 3 for what is supposed to
    (ie data encipherment or signature verification)

     >0. Abort this selection.

     >1. Verify
     >2. Encrypt
     >Choose (0-2): 2


    inputted data will be encrypted.

     >Please enter text to encrypt in hexadecimal ASCII (at most 1023
    characters)

    statement is invalid.
    the key's length is 1024 bits, 128 bytes.
    for verification, the input shall be 128 bytes.
    for encryption, longest input text is 128 characters if RAW mode
    (no padding) is used. it's only 117 bytes if PKCS#1 padding is used.


     >Enter text : 3031

     >
     >Select the algorithm:
     >0. Abort this selection.

     >1. RSA with no padding

     >2. RSA with PKCS#1 padding
     >Choose (0-2): 1

    ok, so wrap the data with "no padding".

    the application should (shall!) throw an error since you provide
    2 bytes where 128 are expected.

    instead some hazardous and hard to read things happen.
    my understanding is that a modular exponentiation (encryption)
    is done over either 3031 00....(x126)....00 or a buffer fully
    filled-in with 00s (or noise).

    at that point an APDU reference of the CardEdge applet will
    definitively help I didn't find it, at least in the applet tarball.



     >Result    :
     
>77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7

    it will be usefull to check that ciphertext.
    a log with a dump of the key is required.


     >Crypt Successful.

     >muscleTool [MuscleCard Applet] > crypt 1
     >

     >1. Sign
     >2. Decrypt
     >Choose (0-2): 2

    it's the right option


     >Please enter text to decrypt in hexadecimal ASCII (at most 1023
    characters)

    same as above
    longest input length for signature generation is 128 (X509, ie RAW mode)
    117 bytes for PKCS#1, and it should not be longer than 56 bytes for
    a safe system.



     >Enter text :
     
>77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7
     >
     >Select the algorithm:

     >1. RSA with no padding

     >2. RSA with PKCS#1 padding
     >Choose (0-2): 1
     >Result    :
     
>7BAE4A30262F2110522759135CF5581BB818F8A44080ABCA4DEF7398535C13213F8668AB442D6FDC18B270C7881F23DCAC1F78415C455441F114A36F12C59F0411A2054E06FB393585B5214160CC7EA2DAED3CD4DCA93634C1D402B0AC22206B06BAA82036539489D79194B81C37EC7496D5AC68B984DEF5ED0FFC2FFBB1D8C8

    private key components are required to check if the exponentiation
    is correct
    (we may think it is correct since no misalignment of data occurs
    (only useless
    EEPROM copies))


    can you generate a new log with:
    a) the transmitted APDU (don't know if the tool does that)
    b) the reading of the components of the keys


    Sylvain.





------------------------------------------------------------------------

_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle