2

I used JCOP card to generate ECC key pair. I can create ECPrivateKey, ECPublicKey, KeyPair w/o any problems, but it throws exception CryptoException.ILLEGAL_VALUE when genKeyPair(). What's wrong with my card or my operation? I have no idea. Could you please tell me where I made the mistake? Much appreciated!

BTW, I found that JCAlgTest has encountered the same problem, pls check the test report here.

Here is my code.

public void process(APDU apdu)
 {
   if (selectingApplet())
  {
    return;
  }

byte[] buf = apdu.getBuffer();
switch (buf[ISO7816.OFFSET_INS])
{
case (byte)0x00:
    JCSystem.requestObjectDeletion();
    break;
case (byte)0x01:
    ecPubKey = (ECPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_160, false);
    ecPriKey = (ECPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_160, false);
    break;
case (byte) 0x02:
    kp = new KeyPair(ecPubKey, ecPriKey);
    break;
case (byte) 0x03:
    try {
        kp.genKeyPair();
    } catch (CryptoException e) {
        short reason = e.getReason();
        apdu.setOutgoing();
        apdu.setOutgoingLength((short) 2);
        Util.setShort(buf, (short) 0, reason);
        apdu.sendBytes((short) 0, (short) 2);
        ISOException.throwIt((short) 0x6F00);
    }
    break;
default:
    ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}
}
Sreehari
  • 5,621
  • 2
  • 25
  • 59
Jsine
  • 57
  • 5
  • Based on JC API Spec it means that _The pre-initialized Field, A, B, G and R parameter set in public EC key is invalid._. I afraid that your card simply doesn't support any length of `ALG_EC_FP ` algorithm. Adding your program to the question can be helpful for the viewers. Did you initialized the keys before calling `genKeyPair()` method while constructing the keypair object (using `keypair()` method)? – Ebrahim Ghasemi Mar 14 '16 at 10:56
  • @Abraham, the card I used is JCOP J3D081 242R2. It supports genKeyPair() with KeyPair.ALG_EC_FP and key length 160. And the code works well on [A22CR](http://javacardos.com) card. – Jsine Mar 15 '16 at 02:07
  • @Jsine Your keys are not initialised with curve domain parameters, that might be the problem... – vojta Mar 16 '16 at 07:37
  • See http://stackoverflow.com/questions/24467612/a-sample-code-for-ecdsa-signature-in-javacard – vojta Mar 16 '16 at 07:38
  • Thanks for all the help! I have solved my problem! – Jsine Mar 17 '16 at 03:16

1 Answers1

1

You need to set the ECC domain parameters, otherwise it doesn't know which ones to use (and it's a bit tricky to let a card carry all known named curves, space is at a premium). You need to set them at least for the public key and - in case of NXP cards - probably for the private key as well.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Wow, Thanks Maarten! I have set ECC domain parameters for both the public key and private key. My problem is solved! Much appreciated! – Jsine Mar 17 '16 at 03:19