We have done something like that (Cyberflex Access & SSH 1.2.27).
Maybe our course homepage helps.
http://www.citi.umich.edu/eecs598/ssh_sc.html.
Cyberflex pad the data with 0. When your data is smaller than RSA key
size, it will be padded to:
0 0 ... 0 data
and then encrypted.
We have some code to use RSA operation on Cyberflex. I can send it to
you if you want.
--
/--------------------\
| |
| ## |
| ## Naomaru Itoi |
| |
\--------------------/
CITI Smartcard Group
http://www-personal.engin.umich.edu/~itoi
http://www.citi.umich.edu
> Hello everyone,
> I think I'm in a little too deep with something I'm playing around
> with so I was wondering if anyone could help me out.
> I'm playing around with making openssh use my Cyberflex Access for
> authentication. Right now I'm just testing out my understanding of the
> smartcard and openssh so I'm writing a little test that gets the
> smartcard ready then attempts to decrypt a challenge.
> I start by creating the challenge as a BIGNUM.
> Next I call openssh's rsa_public_encrypt just like it would call in
> sshconnect. It expects a BIGNUM to encrypt and the public key. The
> problem here is that inside rsa_public_encrypt they call the openssl
> RSA functions to encrypt with PKCS1 padding which apparently is quite
> popular.
> Now I use the smartcard to decrypt using the ssp-lite call
> CSP_CK_Decrypt. Everything here seems to go alright, however I'm not
> sure if there is any way to specify padding when decrypting with the
> smartcard. I haven't found anything in the Cyberflex Programming
> reference.
> Anyway, so I go along my merry way and attempt to look at the output
> by converting the binary buffer back to a BIGNUM. When I print it out
> in hex I always get similar results. I get a long number that always
> has 02 at the beginning and whatever my initial challenge was at the
> end with a bunch of junk in between.
> So then I started looking at padding and that's where I am now. I was
> wondering if I could check the padding after I decrypt with the
> smartcard with RSA_padding_check_PKCS1_type2 type functions in openssl
> and if I can how do I use them?
>
> Any tips would be appreciated.
>
> Stephen Pellicer
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
