Store symmetric keys in Java Card

ⅰ亾dé卋堺 提交于 2019-12-07 06:10:30

Important security-relevant data like keys and PINs shall always be stored in the therefore designated objects from the Javacard API, e.g. AESKey.
The smartcard operating system will perform additional internal operations to protect there values from leaking.
If you don't know how many terminals the card will encounter you could encapsulate the Keys in an Object which is part of a linked list:

class KeyElement{
   KeyElement next;
   AESKey key;
}

Technically, it is possible to store key values in a byte[] with some 'unknown level of security' by using the following scheme:

Store only wrapped (i.e. encrypted) values of the key in the persistent byte array using some persistent wrapping key.

Prior to the key use, unwrap the desired key using the same wrapping key into a transient key object. Then use it at will.

Advantage: Probably more memory efficient than the 'many AESKey objects approach'.

Drawback: It is quite weird. I would do my best not to implement it this way.

Desclaimer: I am no crypto expert, so please do validate my thoughts.

Desclaimer 2: Of course the most reasonable way is to use key derivation as Maarten Bodewes noted...

In fact, creating AESKey array is possible in Java Card. I thought that only byte arrays (byte[]) were authorized but no.

So nothing forbids me to declare an AESKey array (AESKey[]) if I consider that I have to fix an upperbound to limit the number of keys in my applet.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!