[Muscle] Impossible to crypt using MuscleTool
Karsten Ohme
widerstand at t-online.de
Tue Mar 11 15:55:33 PDT 2008
Amanda Ortega schrieb:
> I have entered with 128 bytes, but the ending result is not equal to the
> beginning yet:
>
> muscleTool [MuscleCard Applet] > crypt 3
>
> Would you like to:
> 0. Abort this selection.
> 1. Verify
> 2. Encrypt
>
> Choose (0-2): 2
>
> Please enter text to encrypt in hexadecimal ASCII (at most 1023 characters)
> Example: 30313233 for 0123
>
> 'a' aborts this query.
> Enter text :
> 3030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030
>
> Select the algorithm:
> 0. Abort this selection.
> 1. RSA with no padding
> 2. RSA with PKCS#1 padding
>
> Choose (0-2): 1
> Result :
> 50E10165723ADF21485AC80E0924590CFB13A5799DBF60329B1ED7DDF3DAB4DFF002BB9AB4B709B064629E679ED165A89D61B2CD8F8125CFAC884F7366220F5C92AFE442804F39D39EA59706A445D68B9737653C2E2E5CE2B0BCF61B75F6D1AF0D9A44C3A26127D89F96F86043D08E79B45DFAF800C96DFBF655F76863EA31E1
> Crypt Successful.
> muscleTool [MuscleCard Applet] > muscleTool [MuscleCard Applet] > crypt 1
>
> Would you like to:
> 0. Abort this selection.
> 1. Sign
> 2. Decrypt
>
> Choose (0-2): 2
>
> Please enter text to decrypt in hexadecimal ASCII (at most 1023 characters)
> Example: 30313233 for 0123
>
> 'a' aborts this query.
> Enter text :
> 50E10165723ADF21485AC80E0924590CFB13A5799DBF60329B1ED7DDF3DAB4DFF002BB9AB4B709B064629E679ED165A89D61B2CD8F8125CFAC884F7366220F5C92AFE442804F39D39EA59706A445D68B9737653C2E2E5CE2B0BCF61B75F6D1AF0D9A44C3A26127D89F96F86043D08E79B45DFAF800C96DFBF655F76863EA31E1
>
> Select the algorithm:
> 0. Abort this selection.
> 1. RSA with no padding
> 2. RSA with PKCS#1 padding
>
> Choose (0-2): 1
> Result :
> 37030122C135C7BDF9B43DA916B8B59933E5741D38FE9E9C878416C26A14B3811D8A5442128FAB0D4D1D3172560B521AF095C8D731FAFA8F7E02D74A35C9F69F5790942AE8BEBA4E461740027924A8F8D6C4978AC394C95AE691771D922883A7F6F6A9F3913F7F4E329973F97DB29A74B91DB2F244FB2A0378F92C22FC1892BF
> Crypt Successful.
>
> I can't do operation with padding, because I suppose my card doesn't
> support it:
>
> muscleTool [MuscleCard Applet] > crypt 3
>
> Would you like to:
> 0. Abort this selection.
> 1. Verify
> 2. Encrypt
>
> Choose (0-2): 2
>
> Please enter text to encrypt in hexadecimal ASCII (at most 1023 characters)
> Example: 30313233 for 0123
>
> 'a' aborts this query.
> Enter text :
> 3030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030
>
> Select the algorithm:
> 0. Abort this selection.
> 1. RSA with no padding
> 2. RSA with PKCS#1 padding
>
> Choose (0-2): 2
> ERR: Crypt Failed ! (0x9C03 Operation not allowed)
>
> How can I generate a log with the APDUs?
If you are under Linux run pcscd -f -d -a (The PC/SC Lite daemon). Shut
down pcscd before (The PC/SC Lite daemon).
Regards,
Karsten
> What are the components of the keys?
public key: exponent & modulus
private key: exponent, the primes p,q (for the CRT version this is more
difficult, the exponent is dp and dq)
Search in the Card Edge protocol on the MuscleCard web site.
Regards,
Karsten
>
> Regards,
> Amanda
>
> 2008/3/8, Sylvain Ferey <s.ferey at wanadoo.fr <mailto:s.ferey at wanadoo.fr>>:
>
> At 12:28 08/03/2008 -0300, you wrote:
> >I have created two pairs of keys:
> >- Putting 0x0000 for all the ACLs (private key 0 and public key 2);
> >- Putting the ACLs recommended by muscleTools when creating the keys
> >(private key 1 and public key 3).
> >
> >When I try to crypt using the first pair, I can't do anything. But
> when I
> >try to crypt using the second pair, I can crypt and decrypt, but the
> >result at the end isn't equal to the beginning.
>
>
>
> all replies assume that you are using applet 0.9.8 and the code
> available at
> <http://www.linuxnet.com/musclecard/files/mcardapplet-0.9.8-GXPRAD.tgz>
>
>
> and btw, I hope I will no hurt someone but who manages that applet ?
> is that code packaged in "com.sun.javacard.samples.CardEdge"
> the right one? (sun & samples look both strange!)
> the tarball also contains some classes with same package name under a
> GemXpressoRADIII directory but these files have null length, does it
> mean
> G+ provided a not redistributive implementation ?
> my concern is that the found code looks like 2.0 sources, has lack
> of tests
> and quite poor implementation (slow and EEPROM destructive).
>
>
>
>
> >I created the keys using the scheme that the public key number is
> always 2
> >units greater then the private key, is it OK?
>
>
> both ids shall be unique (not used twice) and in range 0 .. 7
> no relationship exists between them.
>
>
>
> >Where can I obtain a documentation about the meaning of the ACLs?
>
>
> apparently nowhere.
> the ACL array define a set of conditions to be fulfilled for various
> operations,
> one byte per operation.
>
> an operation is possible (or, an ACL is granted) if all bits of that ACL
> set to '1'
> are also equal to '1' in a global security status.
>
> the "global security status" placeholder is the variable logged_ids
> defined
> as a short (int16) while only the lower 8 bits are used.
> the way to define specific conditions for ACL is to verify PIN(s),
> the verification of a PIN with Id /i/ turns to '1' the bit /i/ of the
> security status.
>
> so, if you define that the signature condition for your private key
> (meaning the 3rd int16 given as ACL during key generation) is '0004'
> you must verify the PIN Id 2 before using that key.
> (PIN Id 0 sets bit 0, Id 1 sets bit 1 and so on).
>
> you can also define something like ACL(use) = '0003' to enforce
> verification of PINs Id 0 AND 1 to be done to allow use of a key.
>
>
>
>
> >1)
> >$ muscleTool
> >MuscleCard shell - type "help" for help.
> >muscleTool > tokens
> > 1. MuscleCard Applet
> >
> >ListTokens Success.
> >muscleTool > connect 1
> >Connect Success.
> >
> >2)
> >muscleTool [MuscleCard Applet] > listkeys
> >
>
> > Key Type Key Num SIZE READ WRT USE
> > --------------- ------- ----
> > RSA PRIVATE CRT 0 1024 ALW ALW ALW
> > RSA PRIVATE CRT 1 1024 NEV Pin1 Pin1
> > RSA PUBLIC 2 1024 ALW ALW ALW
> > RSA PUBLIC 3 1024 Pin1 Pin1 ALW
>
> >
> >3)
> >muscleTool [MuscleCard Applet] > verify 1
>
>
> so you can write/use priv key 1, read/write pub key 3
>
>
> >muscleTool [MuscleCard Applet] > crypt 3
>
>
> I guess this should mean: use the key Id 3 for what is supposed to
> (ie data encipherment or signature verification)
>
> >0. Abort this selection.
>
> >1. Verify
> >2. Encrypt
> >Choose (0-2): 2
>
>
> inputted data will be encrypted.
>
> >Please enter text to encrypt in hexadecimal ASCII (at most 1023
> characters)
>
> statement is invalid.
> the key's length is 1024 bits, 128 bytes.
> for verification, the input shall be 128 bytes.
> for encryption, longest input text is 128 characters if RAW mode
> (no padding) is used. it's only 117 bytes if PKCS#1 padding is used.
>
>
> >Enter text : 3031
>
> >
> >Select the algorithm:
> >0. Abort this selection.
>
> >1. RSA with no padding
>
> >2. RSA with PKCS#1 padding
> >Choose (0-2): 1
>
> ok, so wrap the data with "no padding".
>
> the application should (shall!) throw an error since you provide
> 2 bytes where 128 are expected.
>
> instead some hazardous and hard to read things happen.
> my understanding is that a modular exponentiation (encryption)
> is done over either 3031 00....(x126)....00 or a buffer fully
> filled-in with 00s (or noise).
>
> at that point an APDU reference of the CardEdge applet will
> definitively help I didn't find it, at least in the applet tarball.
>
>
>
> >Result :
> >77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7
>
> it will be usefull to check that ciphertext.
> a log with a dump of the key is required.
>
>
> >Crypt Successful.
>
> >muscleTool [MuscleCard Applet] > crypt 1
> >
>
> >1. Sign
> >2. Decrypt
> >Choose (0-2): 2
>
> it's the right option
>
>
> >Please enter text to decrypt in hexadecimal ASCII (at most 1023
> characters)
>
> same as above
> longest input length for signature generation is 128 (X509, ie RAW mode)
> 117 bytes for PKCS#1, and it should not be longer than 56 bytes for
> a safe system.
>
>
>
> >Enter text :
> >77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7
> >
> >Select the algorithm:
>
> >1. RSA with no padding
>
> >2. RSA with PKCS#1 padding
> >Choose (0-2): 1
> >Result :
> >7BAE4A30262F2110522759135CF5581BB818F8A44080ABCA4DEF7398535C13213F8668AB442D6FDC18B270C7881F23DCAC1F78415C455441F114A36F12C59F0411A2054E06FB393585B5214160CC7EA2DAED3CD4DCA93634C1D402B0AC22206B06BAA82036539489D79194B81C37EC7496D5AC68B984DEF5ED0FFC2FFBB1D8C8
>
> private key components are required to check if the exponentiation
> is correct
> (we may think it is correct since no misalignment of data occurs
> (only useless
> EEPROM copies))
>
>
> can you generate a new log with:
> a) the transmitted APDU (don't know if the tool does that)
> b) the reading of the components of the keys
>
>
> Sylvain.
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
More information about the Muscle
mailing list