ISO 9797 padding method 2 and MAC generation in java
I'm hoping that some of you may be able to help me on this issue.
I've used the SmartCardShell program to run a javascript code that extracts the data off a British e-Passport.
I'm trying to replicate the code in java for my dissertation. However I am stumped on the MAC generation.
The javascript code for the data encryption and MAC generation is:
var cryptogram = crypto.encrypt(kenc, Crypto.DES_CBC, plain, new ByteString("0000000000000000", HEX));
print("Cryptogram : " + cryptogram);'
var mac = crypto.sign(kmac, Crypto.DES_MAC_EMV, cryptogram.pad(Crypto.ISO9797_METHOD_2));
print("MAC : " + mac);
I've managed to correctly verify that my encryption key (Kenc) is generated correctly.
Going off the script code, the MAC key (Kmac) is also a triple DES key which is done via:
byte[] kmackey = new byte[24];
System.arraycopy(kmac, 0, kmackey, 0, kmac.length);
System.arraycopy(kmac, 0, kmackey, kmac.length, 8);
System.out.println("kmackey = " + ConvertToHex.convertToHex(kmackey));
DESedeKeySpec desedekey = new DESedeKeySpec(kmackey);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
Key KMac = keyFactory.generateSecret(desedekey);
As seen above, the javascript code "signs" the data with the Kmac key, the DES_MAC_EMV mechanism and pads the cryptogram data with the ISO 9797 padding method 2 - which I believe is called "bit padding".
Can anyone assist me in creating/explaining to me a Java equivalent of the DES_MAC_EMV mechanism and the ISO 9797 padding method 2?
Appreciate the help
Just to add as I forgot to mention it, I am creating a system to connect to the e-Passport and extract d开发者_开发技巧ata. At the minute I am verifying the data I obtained from the SmartCardShell program/javascript code. This is not a javacard applet/application, it is solely a Java "host" application
HSK
Padding
Padding is actually very simple. Some places refer to the padding method 2 of ISO 9797-1 as Bit Padding. You basically add a single 0x80 byte at the end and then append sufficient number of 0x00 so that the total length of the message is a multiple of 8.
Encryption
DES_MAC_EMV in the above code is more formally named ISO 9797-1 Algorithm 3. Some articles/ websites also refer to it as Retail MAC algorithm.
You need two 8 byte keys for this algorithm and perform 3DES as defined below. Please note that this is my understanding of the algorithm (off-my-head); please read the formal specs for a "correct" understanding:
- First do the required padding
- Use an initialisation vector of 0 (all zeroes)
- Chain and encrypt 8 bit blocks using the first key (as in single DES)
- The final block needs a 3DES application; hence decrypt using the second key and encrypt it with the first key again
精彩评论