Javacard - Signining and verifying

Question

I'm trying to sign a message on-card and verifying it off-card.

The result is always false.

I'm probably getting fetching the modulus and exponent incorrectly. Any ideas?

Java applet code:

protected MainApplet() {

    try {
        // CREATE RSA KEYS AND PAIR       
        m_keyPair = new KeyPair(KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_1024);
        // STARTS ON-CARD KEY GENERATION PROCESS
        m_keyPair.genKeyPair();

        // OBTAIN KEY REFERENCES           
        m_publicKey = (RSAPublicKey) m_keyPair.getPublic();
        m_privateKey = (RSAPrivateCrtKey) m_keyPair.getPrivate();


    } catch (CryptoException c) {
        //this line will give you the reason of problem 
        short reason = c.getReason();
        ISOException.throwIt(reason);       // for check
    }

}

.......

    switch (INS) {
        case 0x00:
            getPublicKeyExp(apdu);
            break;
        case 0x10:
            getPublicKeyMod(apdu);
            break;
        case 0x21:
            signMessage(apdu);
            break;
        default:
            ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
    }
}

private void getExponent(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getExponent(buffer, ISO7816.OFFSET_CDATA);
    apdu.setOutgoingAndSend((short) 0, length);
}

private void getModulus(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getModulus(buffer, ISO7816.OFFSET_CDATA);
    apdu.setOutgoingAndSend((short) 0, length);

}

Java host code:

        /*************** EXECUTE COMMAND *************/
    byte[] get_exponent = {
            (byte) 0x80, // CLA Class
            0x00, // INS Instruction
            0x00, // P1  Parameter 1
            0x00, // P2  Parameter 2
            0x00  // LE  maximal number of bytes expected in result
    };
    byte[] get_modulus = {
            (byte) 0x80, // CLA Class
            0x10, // INS Instruction
            0x00, // P1  Parameter 1
            0x00, // P2  Parameter 2
            0x00  // LE  maximal number of bytes expected in result
    };

    ResponseAPDU resp_modulus = channel.transmit(new CommandAPDU(get_modulus));
    System.out.println(resp_modulus.toString());

    ResponseAPDU resp_exponent = channel.transmit(new CommandAPDU(get_exponent));
    System.out.println(resp_exponent.toString());


    byte[] modulus = resp_modulus.getData();
    byte[] exponent = resp_exponent.getData();

Code to create public key:

    RSAPublicKeySpec keySpec =  new RSAPublicKeySpec(new BigInteger(1, modulus), new BigInteger(1, exponent));

    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    publicKey = keyFactory.generatePublic(keySpec);

Code to verify message:

byte[] get_signed_message = {
    (byte) 0x80, // CLA Class
    0x21, // INS Instruction
    0x00, // P1  Parameter 1
    0x00, // P2  Parameter 2
    0x00  // LE  maximal number of bytes expected in result
};
ResponseAPDU resp = channel.transmit(new CommandAPDU(get_signed_message));
System.out.println(resp.toString());
byte[] sigToVerify = resp.getData();

Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(publicKey);

sig.update(sigToVerify);

boolean verifies = sig.verify(sigToVerify);

UPDATE: Java applet signature method

byte[] testSig = new byte[256];
byte[] test = {0x01, 0x02, 0x04, 0x05, 0x06, 0x07};            
// CREATE SIGNATURE OBJECT
Signature m_sign = Signature.getInstance(Signature.ALG_RSA_SHA_PKCS1, false);
// INIT WITH PRIVATE KEY
m_sign.init(m_privateKey, Signature.MODE_SIGN);

short len = m_sign.sign(test, (short) 0, (short) test.length, testSig, (short) 0);
apdu.setOutgoing();
apdu.setOutgoingLength(len);
apdu.sendBytesLong(testSig, (short) 0, len);

Answer 1

The problem is in these two methods getExponent() and getModulus() . You are storing exponent and modulus into buffer 's index ISO7816.OFFSET_CDATA (index 5) but sent it outside from buffer 's index 0 .

Compare the correct approachs with the wrong approach:

Wrong:

private void getExponent(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getExponent(buffer, ISO7816.OFFSET_CDATA);
    apdu.setOutgoingAndSend((short) 0, length); // not the valid public exp
}

private void getModulus(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getModulus(buffer, ISO7816.OFFSET_CDATA);
    apdu.setOutgoingAndSend((short) 0, length); // not the valid mod
}

Correct 1 (appreciated):

private void getExponent(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getExponent(buffer, (short) 0);
    apdu.setOutgoingAndSend((short) 0, length);
}

private void getModulus(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getModulus(buffer, (short) 0);
    apdu.setOutgoingAndSend((short) 0, length);
}

Correct 2:

private void getExponent(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getExponent(buffer, ISO7816.OFFSET_CDATA);
    apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, length);
}

private void getModulus(APDU apdu) {
    byte[] buffer = apdu.getBuffer();
    short length = m_publicKey.getModulus(buffer, ISO7816.OFFSET_CDATA);
    apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, length);
}

EDIT: In your host application, you need the followings:

byte[] test = {0x01, 0x02, 0x04, 0x05, 0x06, 0x07}; 
sig.update(test);
boolean verifies = sig.verify(sigToVerify);

To verify a Signature , you need

• a Public Key
• a verification mechanism (say SHA1withRSA)
• Plain Text (from which the signature was generated)
• Signature