Our Online Store have the new products: RFID antenna board. Currently it can work with JC10M24R and JCOP4 card chips.
Compared with normal cards, the antenna board module has a smaller size and fixed holes, which is easy to integrate in the IOT(Internet Of Things) project.

AES encryption

JavaCard Applet Development Related Questions and Answers.
irvinmags
Posts: 11
Joined: Mon Apr 11, 2016 9:01 pm
Points :149
Contact:

AES encryption

Post by irvinmags » Tue Apr 19, 2016 2:42 am

Hi everyone. I'm new to javacard development and one of my goals is to learn how to encrypt or at least know how to using AES.

I created a java applet that installs "Hello World" inside a java card and it's already working. Now I would like to encrypt that string for training and learning purposes. Anyone knows a good tutorial or an example applet that I can learn from? Also, from what I've seen from my research, is it possible to hard code a key to encrypt a string for example?

bigWhite
Posts: 35
Joined: Tue Aug 25, 2015 8:21 am
Points :502
Contact:

Re: AES encryption

Post by bigWhite » Tue Apr 19, 2016 4:38 am

You can refer to the following code

Code: Select all

private void doAesCipher(APDU apdu, short len)
 {
        private Cipher aesEcbCipher;
        Key key;
        private byte[] aesKey;
        aesKey = new byte[32];
        key.setKey(aesKey, (short)0);
        if (len <= 0 || len % 16 != 0)
        {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }

        aesEcbCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, false);
        aesEcbCipher.init(key, Cipher.MODE_ENCRYPT);
        cipher.doFinal(inBuffer, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);
        ......
}

irvinmags
Posts: 11
Joined: Mon Apr 11, 2016 9:01 pm
Points :149
Contact:

Re: AES encryption

Post by irvinmags » Tue Apr 19, 2016 8:33 pm

Hello there bigwhite, thanks for replying. I tried to follow your code and somehow I am able to progress on learning.
I'll post my sample code here and is it alright if take a look at it? Here's the method wherein I need to encrypt the data being installed in the card. The byte[] input line is the input that I need to encrypt with AES.

Code: Select all


private void SendData(APDU apdu)
   {
      Cipher aesCipher;
      AESKey aesKeyTrial;
      aesKeyTrial= (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false);
      byte[] aesKey;
      byte[] outBuffer;
      outBuffer = new byte[16];
      aesKey = new byte[16];
      byte[] input = {(byte)0x11,(byte)0x22,(byte)0x33,(byte)0x44,(byte)0x55,(byte)0x66,(byte)0x77,(byte)0x88,(byte)0x99,0x10,(byte)0xA2, 0x35, (byte)0x5E,0x15,0x16,0x14};
      byte[] key = {0x2d, 0x2a, 0x2d, 0x42, 0x55, 0x49, 0x4c, 0x44, 0x41, 0x43, 0x4f, 0x44, 0x45, 0x2d, 0x2a, 0x2d};
      byte[] buffer = apdu.getBuffer();
      short len = (short) input.length;
      aesKeyTrial.setKey(key,(short)0);
      
      if(len<=0||len%16!=0)
      {
         ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
      }
      aesCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, false);
        aesCipher.init(aesKeyTrial, Cipher.MODE_ENCRYPT);
        aesCipher.doFinal(input, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);
      
      Util.arrayCopyNonAtomic(outBuffer, (short)0, buffer, (short)0, (short)len);
      apdu.setOutgoing();
      len = (short) outBuffer.length;
      apdu.setOutgoingLength(len);
      apdu.sendBytes((short) 0, (short)len);
   }


Installing the applet is fine but when I check if I was able to encrypt the message, it returns 6F00

bigWhite
Posts: 35
Joined: Tue Aug 25, 2015 8:21 am
Points :502
Contact:

Re: AES encryption

Post by bigWhite » Tue Apr 19, 2016 11:59 pm

In the function

Code: Select all

public short doFinal(byte[] inBuff, short inOffset,
         short inLength, byte[] outBuff, short outOffset)
         throws CryptoException;


The third param 'inLength' is not the length of key , it's the length of you want to encrypted string.

irvinmags
Posts: 11
Joined: Mon Apr 11, 2016 9:01 pm
Points :149
Contact:

Re: AES encryption

Post by irvinmags » Wed Apr 20, 2016 1:17 am

Yeah, it's in my code that short len = (short) input.length.
doFinal(input, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);

Since I want the byte[] input to be encrypted.

bigWhite
Posts: 35
Joined: Tue Aug 25, 2015 8:21 am
Points :502
Contact:

Re: AES encryption

Post by bigWhite » Wed Apr 20, 2016 1:40 am

irvinmags wrote:Yeah, it's in my code that short len = (short) input.length.
doFinal(input, ISO7816.OFFSET_CDATA, len, outBuffer, (short)0);

Since I want the byte[] input to be encrypted.



You can carefully look at the introduction of doFinal function, These parameters : "byte [] inBuff", "short inOffset" and "short inLength" do not match.

If you want the byte[] input to be encrypted. This function should be like this:

Code: Select all

aesCipher.doFinal(input, (short)0, len, buffer, (short)0);

bigWhite
Posts: 35
Joined: Tue Aug 25, 2015 8:21 am
Points :502
Contact:

Re: AES encryption

Post by bigWhite » Wed Apr 20, 2016 1:42 am

You can write your code as follows:

Code: Select all

private void SendData(APDU apdu) 
   {
      byte[] buffer = apdu.getBuffer();
      Cipher aesCipher;
      AESKey aesKeyTrial;
      aesKeyTrial= (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES_TRANSIENT_DESELECT, KeyBuilder.LENGTH_AES_128, false);
      byte[] aesKey;
      byte[] outBuffer;
      outBuffer = new byte[256];
      aesKey = new byte[16];
      byte[] input = {(byte)0x11,(byte)0x22,(byte)0x33,(byte)0x44,(byte)0x55,(byte)0x66,(byte)0x77,(byte)0x88,(byte)0x99,0x10,(byte)0xA2, 0x35, (byte)0x5E,0x15,0x16,0x14};
      byte[] key = {0x2d, 0x2a, 0x2d, 0x42, 0x55, 0x49, 0x4c, 0x44, 0x41, 0x43, 0x4f, 0x44, 0x45, 0x2d, 0x2a, 0x2d};
     
      short len = (short) input.length;
      if (len <= 0 || len % 16 != 0)
        {
            ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
        }
       
      aesKeyTrial.setKey(key,(short)0);
      aesCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, false);
      aesCipher.init(aesKeyTrial, Cipher.MODE_ENCRYPT);
      aesCipher.doFinal(input, (short)0, len, buffer, (short)0);
      apdu.setOutgoingAndSend((short)0, len);

   }

irvinmags
Posts: 11
Joined: Mon Apr 11, 2016 9:01 pm
Points :149
Contact:

Re: AES encryption

Post by irvinmags » Wed Apr 20, 2016 1:56 am

Thank you very much bigWhite for answering my questions and helping me out. You pointed out my mistake and actually helped me learn why my code is not working. Cheers for you! Thank you very much!

irvinmags
Posts: 11
Joined: Mon Apr 11, 2016 9:01 pm
Points :149
Contact:

Re: AES encryption

Post by irvinmags » Thu Apr 21, 2016 3:22 am

Hello, this time around is there a proper way of doing an AES CMAC encryption? After researching I've hit a roadblock wherein I cannot find any example or samples of Java card that has AES CMAC encryption. Is there any way or at least is it possible to do an AES CMAC encryption on a java card?

User avatar
UNKNwYSHSA
Posts: 630
Joined: Thu May 21, 2015 4:05 am
Points :3053
Contact:

Re: AES encryption

Post by UNKNwYSHSA » Thu Apr 21, 2016 11:31 pm

There's 2 methods for you to calculate CMAC:
1 You can implement it yourself with the Cipher AES algorithm;
2 The javacard API class javacard.security.Signature can calculate MAC, you can use it with algorithm ALG_AES_MAC_128_NOPAD;

Note:
You need to know, that CMAC means MAC of command, the input data is command data bytes.

By the way, which applet you implementing needs this calculation?
sense and simplicity

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 41 guests

JavaCard OS : Disclaimer