Store symmetric keys in Java Card

独自空忆成欢 提交于 2019-12-23 01:24:22

问题


I am working on an applet which has to share some keys of type AESKey with different terminals. The thing is I don't know in advance how many terminals it will have to handle.

As there is no structure like HashTable in Java Card, it's getting complicated. I can still fix an upper bound and instanciate as much objects AESKey but I would like to search for another way to do.

I thought I could do something with byte arrays, but is it a bad practice to store keys in byte[]?

I think the answer is yes and it is only recommanded to store it in transient arrays to make computations. Otherwise, I don't understand the role of AESKey objects. Just want to be sure.


回答1:


Important security-relevant data like keys and PINs shall always be stored in the therefore designated objects from the Javacard API, e.g. AESKey.
The smartcard operating system will perform additional internal operations to protect there values from leaking.
If you don't know how many terminals the card will encounter you could encapsulate the Keys in an Object which is part of a linked list:

class KeyElement{
   KeyElement next;
   AESKey key;
}



回答2:


Technically, it is possible to store key values in a byte[] with some 'unknown level of security' by using the following scheme:

Store only wrapped (i.e. encrypted) values of the key in the persistent byte array using some persistent wrapping key.

Prior to the key use, unwrap the desired key using the same wrapping key into a transient key object. Then use it at will.

Advantage: Probably more memory efficient than the 'many AESKey objects approach'.

Drawback: It is quite weird. I would do my best not to implement it this way.

Desclaimer: I am no crypto expert, so please do validate my thoughts.

Desclaimer 2: Of course the most reasonable way is to use key derivation as Maarten Bodewes noted...




回答3:


In fact, creating AESKey array is possible in Java Card. I thought that only byte arrays (byte[]) were authorized but no.

So nothing forbids me to declare an AESKey array (AESKey[]) if I consider that I have to fix an upperbound to limit the number of keys in my applet.



来源:https://stackoverflow.com/questions/32526257/store-symmetric-keys-in-java-card

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!