APDU to do decipher in OpenPGP card?

Quan Nguyen quannguyen at mbm.vn
Wed Jul 18 05:23:18 CEST 2012 

Thanks Achim,

It looks like my input data is correct.
I have 2048-bit key in the card and the encrypted message is 256 bytes long:

00 2A 80 86 00 01 01       # CLA, INS, P1P2, Lc = 257
00                         # Indicator
DB 2D 96 07 B0 17 7A 4D    # Message 256 bytes
BF 54 C8 1A 2C 0D 1A 98 32 31 D4 CD E3 0B FE EB
96 74 00 D2 FC 7A 4C B6 60 E5 CE 4F 80 EC 9F 9A
22 40 F6 88 CD 7F D9 1E F3 FA 1D AF C9 F8 F7 17
9B 14 73 E0 49 F4 47 E1 9C FF 4D EB AE 60 5B 71
8D 03 BB 7C 73 62 25 2B B0 E1 8B A7 55 96 B4 1C
89 8D 84 27 04 5A 33 BF 26 B4 D1 EF 5B 68 2B 9C
42 F0 2E 0F E7 94 3F 23 81 DC D2 CD 9F 6B 6C E0
D1 12 6B B7 EA DF 01 2F 8D 9A F8 19 7E 60 57 33
78 BD B1 96 58 08 4E E8 23 CB 46 97 5A 43 BA 25
63 50 4F 03 EE 24 5C 24 61 C0 1F 04 6D B4 EB 39
EC 66 82 26 E2 2C 0C FC 5C 39 D1 9C 3C E9 DA 6A
01 A0 1F 01 9A F4 A2 77 51 2C 30 91 3C 4C 9A 7D
24 E4 88 DE D8 A9 67 C0 F3 EF BA 14 21 FD 4E 12
60 09 BC BF BD 4E D1 4A F0 C5 78 23 B3 62 9A 5A
66 6F 06 BB 52 5D 79 FF CC 49 36 DF 11 BB C9 9C
41 D7 0B B7 57 4B 78 1D
01 00                      # Le

I stored a pairs of key & certificate to the card (using my code in
OpenSC), then used the certificate to encrypt one email and now I'm
trying to decrypt it with the private key bound with that certificate.

When doing DECIPHER, how the card know which key to be used if the
card contains more than 1 key with the same modulus length (currently
my card contains 2 keys of the same 2048-bit length)?

On Tue, Jul 17, 2012 at 6:52 PM, Achim Pietig <achim at pietig.com> wrote:
>
> Hello Quân,
>
> the error 6A88 occurs if no decrypt key is present in the card.
> You should import a key first with PUT DATA.
>
> The plain text of the cryptogram shall be formatted in compliance with PKCS#1, as decribed on page 40 of the OpenPGP card specification.
> Then the plain text is encrypted with the DEC key and the result has the same length than the modulus of the DEC key.
> The cryptogram is sent with a leading 00 byte (padding indicator), so the complete length of the command data is modulus + 1.
> For key length > 1024 you have to use extended length format for the APDU.
>
> Regards,
> Achim


--
Regards,
Quân

More information about the Gnupg-devel mailing list