Reputation: 8193
Java Card - Transfering ec public key from offcard to java card Applet
I'm trying to implement two way authentication flow for java card applet. Following is my approach.
- Create EC (Eliptic curve) key pair for offcard applications.
- Store the public key of the offcard application in the java card.
- Sign input data from offcard application private key.
- Verify it using offcard application public key stored in the java card applet.
I'm struggling at step two. All others seems trivial. I need to find a way to encode the public key created outside to card into byte array and then transfer that byte array to java card applet and reconstruct the public key and store it in the persistent memory.
Any hint on this.
Upvotes: 3
Views: 792
Answers (2)
Reputation: 94038
Create an APDU with the following command data:
- a short with the key size (the size of the order N)
- send all the parameters except G (the base point) and W (the public key) and H as statically sized octet string (or byte array, if you are used to Java)
- strip initial byte set to
00if present - left padded with zero's bytes until you get the key size
- strip initial byte set to
- send the G and W as uncompressed points
- one byte
04 - followed by both coordinates, sized using the method above
- length is 2 times key size in bytes, plus one for the
04indicator
- one byte
- optionally send the cofactor H as byte (but it's always
01anyways) - use the
set...methods to set the key
And presto, one EC key for you.
You can of course also parse a PKCS#8 EC key or use length indicators for each and every field, but this method is probably the most compact one.
Upvotes: 2
Reputation: 502
To Achieve this you have to create a Javacard applet which....something like below
class MyApplet extends javacard.framework.Applet
{
// ...
public void process(APDU apdu)
{
// ...
byte[] buffer = apdu.getBuffer();
//Other stuff
}
}
To reach in public void process(APDU apdu) method you should select your applet with its AID after that every command will start reaching to this method.
You can create your own proprietary APDU to send "offcard application private key" and can get that here
byte[] buffer = apdu.getBuffer(); and then you can store it in a persistent array of your applet.
Upvotes: -4
Related Questions
- Computing ECC public key from a private key in JavaCard
- How to sign on a javacard applet and return the signature to the host application
- Encode publicKey on Java Card
- Java Card applet: How to create EFs,DFs in smart card?
- Generating a certificate from the public key in Java Card Applet
- How to transfer RSA public[/private] key outside the card?
- Cross platform Java Applet for Signing with a Smart Card
- Can i upload my java card applet on a non java smart card?
- read certificate from smartcard
- java card ECC encryption cipher support