开发者

ISO 9797 padding method 2 and MAC generation in java

I'm hoping that some of you may be able to help me on this issue.

I've used the SmartCardShell program to run a javascript code that extracts the data off a British e-Passport.

I'm trying to replicate the code in java for my dissertation. However I am stumped on the MAC generation.

The javascript code for the data encryption and MAC generation is:

var cryptogram = crypto.encrypt(kenc, Crypto.DES_CBC, plain, new ByteString("0000000000000000", HEX));
print("Cryptogram   : " + cryptogram);'

var mac = crypto.sign(kmac, Crypto.DES_MAC_EMV, cryptogram.pad(Crypto.ISO9797_METHOD_2));
print("MAC          : " + mac);

I've managed to correctly verify that my encryption key (Kenc) is generated correctly.

Going off the script code, the MAC key (Kmac) is also a triple DES key which is done via:

byte[] kmackey = new byte[24];
System.arraycopy(kmac, 0, kmackey, 0, kmac.length);
System.arraycopy(kmac, 0, kmackey, kmac.length, 8);
System.out.println("kmackey = " + ConvertToHex.convertToHex(kmackey));

DESedeKeySpec desedekey = new DESedeKeySpec(kmackey);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
Key KMac = keyFactory.generateSecret(desedekey);

As seen above, the javascript code "signs" the data with the Kmac key, the DES_MAC_EMV mechanism and pads the cryptogram data with the ISO 9797 padding method 2 - which I believe is called "bit padding".

Can anyone assist me in creating/explaining to me a Java equivalent of the DES_MAC_EMV mechanism and the ISO 9797 padding method 2?

Appreciate the help

Just to add as I forgot to mention it, I am creating a system to connect to the e-Passport and extract d开发者_开发技巧ata. At the minute I am verifying the data I obtained from the SmartCardShell program/javascript code. This is not a javacard applet/application, it is solely a Java "host" application

HSK


Padding

Padding is actually very simple. Some places refer to the padding method 2 of ISO 9797-1 as Bit Padding. You basically add a single 0x80 byte at the end and then append sufficient number of 0x00 so that the total length of the message is a multiple of 8.

Encryption

DES_MAC_EMV in the above code is more formally named ISO 9797-1 Algorithm 3. Some articles/ websites also refer to it as Retail MAC algorithm.

You need two 8 byte keys for this algorithm and perform 3DES as defined below. Please note that this is my understanding of the algorithm (off-my-head); please read the formal specs for a "correct" understanding:

  1. First do the required padding
  2. Use an initialisation vector of 0 (all zeroes)
  3. Chain and encrypt 8 bit blocks using the first key (as in single DES)
  4. The final block needs a 3DES application; hence decrypt using the second key and encrypt it with the first key again
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜