2

i am trying to figure out how the javacard derivation functions work, and i must admit i am lost as to how to set up the functions.

I figured that the DerivationFunction can be used to derive key, and using ALG_KDF_HKDF i could specify the desired HMAC based key derivation. However, i do not understand how do i set the secret and salt. The KDFHmacSpec interface only specifies getters. It does not specify how to set the values. So far i fail to figure out how i get to set these.

I want to use it to generate XOR key (of preferably specified length), based on a secret and some random public value.

This is for javacard 3+.

Zerg Overmind
  • 955
  • 2
  • 14
  • 28

1 Answers1

0

The one thing that I can come up with is that it is indeed an interface. Interfaces you can implement in a class that you define yourself.

This has the drawback that you may have to copy arrays such as the salt (which is not used all that much for key derivation functions) into a transient memory array.

The advantage is that other key derivation parameters can simply be part of the class definition if they don't need to be changed.

I'd advice you to create a single, reusable, mutable class for your HKDF function.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Beware that this is part of the 3.1 specifications. Java Cards will have to support 3.1 or higher *and provide an implementation of the algorithm* for the functionality to be available. So please check availability of compatible products and / or the spec sheets. – Maarten Bodewes Apr 24 '20 at 12:15
  • Hi Zerg. Did you try my suggestion? Any updates? This may be very useful for others, but currently I cannot validate if my answer is correct. If you've solved it differently then please post an answer, happy to upvote the answer (as well). – Maarten Bodewes May 29 '20 at 16:25