Re: MUSCLE SSLEAY & GPK4000

Eric Murray Sun, 27 Jun 1999 09:36:54 -0700
On Sat, Jun 26, 1999 at 12:29:36AM +0200, Erwann ABALEA wrote:
> On Sat, 26 Jun 1999, Jason wrote:
> 
> > Hi I am currently working on the SSLEAY crypto libraries and the Gemplus
> > GPK4000 cards. When I sign a message using SSLEAY md5() and
> > rsa_public_encrypt(), I get a signature string. However when I perform
> > the signature using GPK4000 I get a different string. Both return 64
> > bytes.
> 
> First of all, please don't use SSLeay anymore, as the project has been
> renamed to OpenSSL (www.openssl.org). Eric Young is now working for RSA,
> and SSLeay is no longer maintained.
> 
> Then... Are you sure the padding method used by the GPK4k is the same as
> the one used by SSLeay?

> 
> > The keys which are loaded into the card were created by SSLEAY
> > rsageneratekey(). These keys are then stored into file in ASCII format
> > (0-F).These keys are then converted into a binary string and loaded into
> > the card.
> 
> Are you sure the key components are correct for the GPK4k (this card has
> some constraints for the key parameters).

The format required to private load keys into the GPK is pretty bizarre.
This is probably where the problem is.

> > BTW. The plain text message before digest is 6 bytes (012345). I assume
> > padding is done automatically by the SSLeay MD5 functions.
> > RSAprivatencrypt uses PCKS-1 padding.

MD5() should return a 16 byte value.  This is then padded with PKCS#1 padding
(block type, pad bytes, ASN.1 BER, hash) by the GPK before RSA encryption.


The GPK4000 will do PKCS#1 padding for you.  It will do the correct
padding for MD5, SHA1, and SSL (MD5&SHA1) hashing.    However if I
remember right, you must send the correct number of bytes.  That's
how it tells which hash you're feeding it.

Also, are you sure that you're using the same PKCS#1?  The GPK
uses v1.5 but there is a new v2.0 standard out since last summer, which
is very different and is based on the OAEP padding scheme to prevent
adaptive ciphertext attack.  I haven't looked at newer SSLeay
but there is a chance that they put that in.


-- 
Eric Murray          N*Able Technologies                    www.nabletech.com
(email:  ericm  at the sites lne.com or nabletech.com)     PGP keyid:E03F65E5
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
Re: MUSCLE SSLEAY & GPK4000

Reply via email to
