JavaCard OS

Posted: **Wed May 10, 2017 2:06 am**

I want to decrypt a message, which is generated by a java application using public key. But it returned a ILLEGAL_VALUE error (e.getReason() = 1). The keys have been created in the java application. If I want to crypt and decrypt messages with a keypair created in the java card, it works fine. Any ideas on this?

Here is mycode of java card applet :

Code: Select all

private RSAPublicKey rsa_PublicKeyServer;
private Cipher cipherRSA;

private final static byte[] _publicKeyExponent = {(byte) 0x01, (byte) 0x00, (byte) 0x01};
private final static byte[] _publicKeyModulus = {
          (byte)0xbe, (byte)0x94, (byte)0x44, (byte)0x8e, (byte)0x4a, 
          (byte)0x5d, (byte)0xc9, (byte)0xc9, (byte)0xee, (byte)0xe9, 
          (byte)0xa4, (byte)0x8a, (byte)0xb5, (byte)0x56, (byte)0x8d, 
          (byte)0xd2, (byte)0x1e, (byte)0x86, (byte)0x73, (byte)0x1f, 
          (byte)0xb9, (byte)0x4c, (byte)0x5b, (byte)0x65, (byte)0x3c, 
          (byte)0x7c, (byte)0xed, (byte)0xcd, (byte)0x67, (byte)0x87, 
          (byte)0xad, (byte)0x63, (byte)0xdf, (byte)0xc2, (byte)0xae, 
          (byte)0x3b, (byte)0x11, (byte)0xb0, (byte)0xf9, (byte)0x0b, 
          (byte)0x63, (byte)0x51, (byte)0x57, (byte)0xe4, (byte)0xb1, 
          (byte)0x27, (byte)0x23, (byte)0xce, (byte)0xe9, (byte)0xa2, 
          (byte)0xeb, (byte)0xcf, (byte)0x7c, (byte)0x77, (byte)0xdd, 
          (byte)0x79, (byte)0xbd, (byte)0x8e, (byte)0xd4, (byte)0x5e, 
          (byte)0xdd, (byte)0x75, (byte)0xa3, (byte)0x25};

private TestJC(byte[] aArray, short sOffset, byte bLength) {
rsa_PublicKeyServer = (RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_512, false);
rsa_PublicKeyServer.setExponent(_publicKeyExponent, (short) 0,(short) _publicKeyExponent.length);
rsa_PublicKeyServer.setModulus(_publicKeyModulus, (short) 0,(short) _publicKeyModulus.length);
     cipherRSA = Cipher.getInstance(Cipher.ALG_RSA_PKCS1, false);
}

private void decryptRSA(APDU apdu){
     try{
byte a[] = apdu.getBuffer(); 
short byteRead = (short) (apdu.setIncomingAndReceive());
cipherRSA.init(rsa_PublicKeyServer, Cipher.MODE_DECRYPT);
short textlenth = cipherRSA.doFinal(a, (short) dataOffset, byteRead, a, (short) dataOffset);

apdu.setOutgoing();
apdu.setOutgoingLength((short) textlenth );
apdu.sendBytesLong(a, (short) dataOffset, (short) textlenth );

     } catch(CryptoException e){
          ISOException.throwIt((short)e.getReason());
     }
}

Posted: **Wed May 10, 2017 10:09 pm**

From specification JC api:

CryptoException.ILLEGAL_USE if one of the following conditions is met:
This Cipher algorithm does not pad the message and the message is not block aligned.
This Cipher algorithm does not pad the message and no input data has been provided in inBuff or via the update() method.
The input message length is not supported or the message value is greater than or equal to the modulus.
The decrypted data is not bounded by appropriate padding bytes.

The reason most likely is:
"The decrypted data is not bounded by appropriate padding bytes. "

The data you want to decrypt is not the data the private key encrypted, Maybe.

Posted: **Wed May 10, 2017 10:31 pm**

When you are Verifying or Encrypting, RSA public keys are used. When you are Signing or Decrypting, RSA private keys are used.

Please make sure your keys match your usage.

JavaCard OS

Get ILLEGAL_VALUE error when decrypting a message

Get ILLEGAL_VALUE error when decrypting a message

Re: Get ILLEGAL_VALUE error when decrypting a message

Re: Get ILLEGAL_VALUE error when decrypting a message