如何RSA登录java卡? [英] How to RSA Sign in java card?

问题描述

我大概花了一周时间为我的 java 卡写了一个 2048 RSA 签名算法.

I have roughly spent about a week to write a 2048 RSA Sign algorithm for my java card.

发送和接收大量字节等问题太多了...

There are too many problems like sending and receiving large amounts of bytes and so forth...

有人可以帮忙吗:

1) 向卡发送和接收大于 256 字节的数量

1) send and receive amounts of larger than 256 bytes to card

2) 如何使用java卡正确Sign和Verify?

2) how to correctly Sign and Verify using java card?

提前致谢，

推荐答案

对于签名，您可以简单地使用 Signature 类 的update 方法.只要您使用包含散列算法的签名算法，例如 ALG_RSA_SHA_256_PKCS1_PSS.对于较旧的卡实现，请使用 ALG_RSA_SHA_256_PKCS1.要发送数据，您可以只使用多个命令而不是一个命令，或者您可以使用 IS 7816-4 中指定的命令链.

For signatures you can simply use the update method of the Signature class. You should be able to send as much data as you want as long as you use a signature algorithm that contains a hash algorithm, such as ALG_RSA_SHA_256_PKCS1_PSS. For older card implementations use ALG_RSA_SHA_256_PKCS1. To send the data you can just use multiple commands instead of one or you could use command chaining as specified in IS 7816-4.

或者，您应该能够离线计算(部分)哈希值并使用 这个方法，如果它存在并实现了(它相对较新，从 3.0.4 开始).

Alternatively you should be able to calculate (part of) a hash value offline and use this method, if it is present and implemented (it's relatively new, from 3.0.4 onwards).

对于 99% 的实现，256 字节的输出大小应该正好适合一个响应 APDU，因此发送响应应该没有任何问题.

The output size of 256 bytes should fit precisely in one response APDU for 99% of the implementations, so you should not have any issue with sending the response.

这篇关于如何RSA登录java卡?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！