Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is it possible to use Cipher.ALG_RSA_PKCS1 on JC222 #52

Open
ble0 opened this issue Apr 22, 2021 · 1 comment
Open

Is it possible to use Cipher.ALG_RSA_PKCS1 on JC222 #52

ble0 opened this issue Apr 22, 2021 · 1 comment

Comments

@ble0
Copy link

ble0 commented Apr 22, 2021

Is it possible to use Cipher.ALG_RSA_PKCS1 in PIV_SUPPORT_RSA instead on the default Cipher.ALG_RSA_NOPAD?
Will the PIV applet work the same?
@mistial-dev
Copy link
Contributor

For your first question, the best reference for what cards support what is going to be this page.

https://www.fi.muni.cz/~xsvenda/jcalgtest/table.html

As you can see, ALG_RSA_PKCS1 was introduced prior to JC2.2.2, and is well supported (even if a few cards don't support it).

PKCS1 padding is different from no padding at all, but as I understand it you can still have the client application do the PKCS1 padding if you want it, with the applet just doing it "raw" at that point.

Will the PIV applet work the same?

I believe (though am not certain) that doing so would break the applet such that TLS (for example) would be limited to TLS 1.1. Essentially, you force the use of specific padding, rather than leaving it to the client.

Why do you want to do this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ble0 @mistial-dev