Here's a crazy idea:
The computer talking to the Java card rolls a random session key.
In the first operation transfer a private key into the device, encrypted by the session key.
In the second operation transfer the data to be encrypted and the session key. The Java card can decrypt the private key and use it.
Now, the "insecure state" that occurs between the first and second transfer operation is not a vulnerability, because the adversary would need to know the session key to get the card to actually do anything with the private key?
Erik Norgaard wrote:
Hi,
Sorry, I haven't written to the list before, if you know of sources of information that will answer my question, please just give me a link.
I am programming a JavaCard v2.1, to provide encryption and decryption using either stored private/public keys or keys passed to the input data buffer.
The input data buffer is just 245 bytes, and I want to pass the key and the data to be de/encrypted in one go to avoid problems with transient objects and risk of leaving the card in an insecure state.
So my question is, say I have an RSA 1024 bit key, how much space does it actually ocupy? AFAIK 128bytes+exponent which is?
For signature I need to fit in 20 bytes for a SHA1 digest, leaving some 225bytes for the key - is that possible.
For encryption I need to fit in x bytes for a symmetric key to be encrypted - how long a symmetric key should I use? which algorithm?
I could use a 768 bit key if that would make things possible.
Given a certificate, how do I extract the modulus and exponent? Sorry, I am getting lost in all the different formats and encodings. But so far I only see a blob of data.
Is there a standard way of packing modulus and exponent efficiently into a single blob?
Thanks a lot, Erik
-- "An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
