Normally, when we write an applet containing a feature that our card not support it, the on-card verifier prevents installing its CAP file.
I want to know if is there any way to write an applet that can install on all cards, but returns an already defined error during run-time for those card that not support one of its features on that method invocation.
More clear, assume that we know all cards support DES cryptography algorithm and some cards support AES as a supplementary algorithm also. Now I want to write an applet that encrypts 8 byte data with AES algorithm if this algorithm is available,or with DES algorithm if AES is not available. Can I do that?
The problem is I think I can't install my applet on those cards that not support AES.
I think you are mixing two problems:
1. Algorithm support
You can easily install your applet, which uses AES, on a card without AES. The absence of AES would cause runtime exceptions in the moment you try to create an instance of the cryptographic object:
Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
or
KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128);
and so on... Note that the exception is an instance of CryptoException with CryptoException.NO_SUCH_ALGORITHM as the reason code (output of getReason() method). That is how your applet can easily decide if the card supports AES. You can surround one of the lines above with try-catch during the installation and downgrade to the more basic algorithm if necessary:
Cipher cipher = null;
try {
//trying AES
cipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false);
} catch (CryptoException e) {
if (e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {
//AES missing, so trying DES instead
cipher = Cipher.getInstance(Cipher.ALG_DES_CBC_NOPAD, false);
}
}
You can use a similar approach to hash functions, signatures etc.
2. Libraries
Another problem, which cannot be solved that easily, is the library dependency. If your applet needs to use some proprietary class (as for example com.nxp.id.jcopx.UtilX supported by NXP cards), you will not be able to install it on cards without the particular library. The only way for you is to split the problematic code into two packages and make a decision which package to upload based on packages already present on the card.
Related
I have to encrypt a string within an XML element with "PKCS#7-Standard and Base64 coded" and also decrypt it when I get the XML as a response.
I guess I will receive a public key for encryption.
But the more I read about it the more confused I get.
I've also found a lot of code examples in Java and PHP, but I have to do it in Perl.
For the base64 encoding and decoding I have already found the module to do so
which works fine: MIME::Base64.
What I am curious about is that the paper says the security must follow these prerequisites:
RSA-Algorithm with minimum 2048 Bit
AES – Advanced Encryption Standard [RFC 3565] (256 Bit, CBC-Modus)
SHA-256
X.509 v3-certificate (V1.0.2)
PKCS#7 – electronic signature and encryption
I am totally confused as I thought I just had to encrypt with a public key and sign with private key. I have problems in understanding the prerequisites.
Is the module Crypt::SMIME from CPAN the right one?
How could I simulate the situation by creating certificates/keys by myself for testing?
I need to generate a QR code from a PGP message. The problem is the code is coming out way too big (about 3 x 3 inches).
How can I shorten the length of the PGP message to generate the QR code?
The size of an OpenPGP message depends on:
The message itself (compressability, length)
The symmetric encryption algorithm (mainly because the cipher block needs to be stored)
ASCII armored output is much larger than the binary version, don't armor if it works without
As #Duncan already said, signing needs further space
Try different symmetric algorithms, and try whether forcing GnuPG not to compress actually makes the message smaller (as the compression headers also need a little bit of space).
To look into an OpenPGP message and see what's contained, use gpg --list-packets.
Furthermore, you can try to tweak the QR code (redundancy), or put an URL into the QR code which links to the message itself.
There's not a lot you can do really. Check your PGP message is using compression, assuming your recipients support it. Otherwise, you have very few options:
Shorten the contents of your message
Encrypt to fewer recipients
Encrypt without signing, if that suits your security model
I am implementing a mutual authentication and I was wondering about Random number generation
RandomData rnd = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
rnd.generateData(RP, (short) 0, (short) 16);
This works of course, but according to my specifications
(I am again referring to Cipurse) in order to do a three-way challenge-and-response I
need to have a Random Number Generator on the terminal and on the picc. This is confusing me, since I am only aware of this way to create random data (and would use this way of implementing it twice, once in the install-method, once in the relevant process-method).
The terminal, IFD, inspection system etc. all point to the same thing: the system sending the commands to the card. So if you would run a Java application with javax.smartcardio then you could use the Java Standard Edition SecureRandom class.
as the title says, I just have the very basic question of whether or not a file (let's say a txt file in this case) can be decrypted using a program that it wasn't encrypted with?
For instance if I encrypted a txt files with GPG, could I decrypt it with AES Crypt or openssl?
Thanks for the insight.
I assume you're talking about symmetric encryption since you included AESCrypt, which only supports symmetric encryption.
While there are standard encryption algorithms like AES and DES, and there are standard encryption modes like CBC and CTR, there aren't really any standard data formats for symmetrically encrypted content. (Yes, CMS can encode symmetrically encrypted messages, but I haven't seen a product that uses it this way.)
In short, everyone winds up building their own file format. In particular, OpenSSL and AESCrypt each has its own proprietary format. GnuPG uses something very close to RFC-4880 I believe, which like CMS can encode symmetric messages, but this isn't usually used this way. I made my own format for RNCryptor because I couldn't find a good standard for symmetric encryption.
In short, the answer is almost always, for symmetric encryption, "not unless the product explicitly says its compatible with some other product."
As long as the format of the file and the encryption algorithm are supported by the program you'd like to use for decrytping your file, it will work. That much for theory. In reality, even though I'm not an expert, I'd say OpenSSL is not meant for decryption of GPG encrypted files; also, AES Crypt sounds like it does just AES but GPG is a package and can do various encryption algorithms or ciphers, including AES, and even if the ciphers match, the file formats might still be incompatible and need conversion.
There's a good book you could read to get a pretty good understanding of this sort of stuff (I know, I read it myself): http://www.amazon.com/Cryptography-For-Dummies-Chey-Cobb/dp/0764541889 .
AES is just an encryption algorithm, like ROT13.
How and in which language it is implemented doesn't matter, which makes exchanging encrypted files easy: As long as both email programs support S/MIME they can decrypt files send by a different program.
So yes, you can decrypt files encrypted by a different program. But both must implement the same algorithms, you can't open a PNG file with a program that only understands how to display JPEG files.
How do I disable entropy sources?
Here's a little background on what I'm trying to do. I'm building a little RNG device that talks to my PC via USB. I want it to be the only source of entropy used. I'll use rngd to add my device as a source of entropy.
Quick answer is "you don't".
Don't ever remove sources of entropy. The designers of the random number generator rigged it so any new random bits just get mixed in with the current state.
Having multiple sources of entropy never weaken the random number generator's output, only strengthen it.
The only reason I can think to remove a source of entropy is that it sucks CPU or wall-clock time that you cannot afford. I find this highly unlikely but if this is the case, then your only option is kernel hacking. As far as hacking the kernel goes, this should be fairly simple. Just comment out all the calls to the add_*_randomness() functions throughout the kernel source code (the functions themselves are found in drivers/char/random.c). You could just comment out the contents of the functions but you are trying to save time in this case and the minuscule time the extra function call takes could be too much.
One solution is to to run separate linux instance in a virtual machine.
Additional note, too big for comment:
Depending on its settings, rngd can dominate the kernel's entropy pool,
by feeding it so much data, so often, that other sources of entropy are
mostly ignored or lost. Do not to that unless you trust rngd's source
of random data ultimately.
http://man.he.net/man8/rngd
I suspect you might want a fast random generator.
Edit I should have read the question better
Anyways, frandom comes with a complete tarball for the kernel module so you might be able to learn how to build your own module around your USB device. Perhaps, you can even have it replace/displace /dev/urandom so arbitrary applications would work with it instead of /dev/urandom (of course, given enough permissions, you could just rename the device nodes and 'fool' most applications).
You could look at http://billauer.co.il/frandom.html, which implements that.
Isn't /dev/urandom enough?
Discussions about the necessity of a faster kernel random number generator rise and fall since 1996 (that I know of). My opinion is that /dev/frandom is as necessary as /dev/zero, which merely creates a stream of zeroes. The common opposite opinion usually says: Do it in user space.
What's the difference between /dev/frandom and /dev/erandom?
In the beginning I wrote /dev/frandom. Then it turned out that one of the advantages of this suite is that it saves kernel entropy. But /dev/frandom consumes 256 bytes of kernel random data (which may, in turn, eat some entropy) every time a device file is opened, in order to seed the random generator. So I made /dev/erandom, which uses an internal random generator for seeding. The "F" in frandom stands for "fast", and "E" for "economic": /dev/erandom uses no kernel entropy at all.
How fast is it?
Depends on your computer and kernel version. Tests consistently show 10-50 times faster than /dev/urandom.
Will it work on my kernel?
It most probably will, if it's > 2.6
Is it stable?
Since releasing the initial version in fall 2003, at least 100 people have tried it (probably many more) on i686 and x86_64 systems alike. Successful test reports have arrived, and zero complaints. So yes, it's very stable. As for randomness, there haven't been any complaints either.
How is random data generated?
frandom is based on the RC4 encryption algorithm, which is considered secure, and is used by several applications, including SSL. Let's start with how RC4 works: It takes a key, and generates a stream of pseudo-random bytes. The actual encryption is a XOR operation between this stream of bytes and the cleartext data stream.
Now to frandom: Every time /dev/frandom is opened, a distinct pseudo-random stream is initialized by using a 2048-bit key, which is picked by doing something equivalent to reading the key from /dev/urandom. The pseudo-random stream is what you read from /dev/frandom.
frandom is merely RC4 with a random key, just without the XOR in the end.
Does frandom generate good random numbers?
Due to its origins, the random numbers can't be too bad. If they were, RC4 wouldn't be worth anything.
As for testing: Data directly "copied" from /dev/frandom was tested with the "Diehard" battery of tests, developed by George Marsaglia. All tests passed, which is considered to be a good indication.
Can frandom be used to create one-time pads (cryptology)?
frandom was never intended for crypto purposes, nor was any special thought given to attacks. But there is very little room for attacking the module, and since the module is based upon RC4, we have the following fact: Using data from /dev/frandom as a one-time pad is equivalent to using the RC4 algorithm with a 2048-bit key, read from /dev/urandom.
Bottom line: It's probably OK to use frandom for crypto purposes. But don't. It wasn't the intention.