github-af / SmartPGP

SmartPGP is a JavaCard implementation of the OpenPGP card specifications
GNU General Public License v2.0
229 stars 48 forks source link

Creating RSA4096 keys on J3H145 #21

Closed bmunger closed 4 years ago

bmunger commented 4 years ago

I have purchased a J3H145 card configured with RSA4096 support. After SmartPGP cap installation, gpg recognizes the card correctly. However, sending a key results in:

gpg: KEYTOCARD failed: Hardware problem

I installed the included test applet and ran the python script to test the card and it appears to have RSA4096 support. What am I missing?

[+] Select applet... ok [+] Test random... ok [+] Test RSA 1024 static... ok [+] Test RSA 1024 generate... ok [+] Test RSA_CRT 1024 static... ok [+] Test RSA_CRT 1024 generate... ok [+] Test RSA 2048 static... ok [+] Test RSA 2048 generate... ok [+] Test RSA_CRT 2048 static... ok [+] Test RSA_CRT 2048 generate... ok [+] Test RSA 3072 static... ok [+] Test RSA 3072 generate... ok [+] Test RSA_CRT 3072 static... ok [+] Test RSA_CRT 3072 generate... ok [+] Test RSA 4096 static... ok [+] Test RSA 4096 generate... ok [+] Test RSA_CRT 4096 static... ok [+] Test RSA_CRT 4096 generate... ok [+] Test NIST P-256 static... ok [-] Test NIST P-256 static (without W)... KO 0x6503 [+] Test NIST P-256 generate... ok [+] Test NIST P-521 static... ok [+] Test NIST P-521 generate... ok [-] Test NIST P-521 (size = 528) static... KO 0x6F00 [-] Test NIST P-521 (size = 528) generate... KO 0x6F00 [+] Test PIN... ok

I can generate RSA4096 keys on the card from gpg --card-edit though.

af-anssi commented 4 years ago

In order to be able to import RSA keys of 4096 bits, the size of internal buffer must be adjusted. I just committed a new section in the README. By default, the internal buffer is not large enough to hold the private key template in CRT form. Sorry for the inconvenience, it was not clearly documented before.

martinbeier commented 4 years ago

@bmunger I have/had the same issue -> keytocard failed with SW 65 81 (memory failure)

@af-anssi thanks for clearing up he internal buffer requirements, I had tested with some bigger numbers than standard, but not that big :) After testing with Constants.INTERNAL_BUFFER_MAX_LENGTH = 0x730 -> I was able to copy a RSA 4096 key to the card!

One drawback: for me: this is working only for the javacard-3.0.1 branch (without ECC stuff), I think it's related to insufficient memory during install on the card (for javacard-3.0.4 branch)

I'm really happy, that RSA 4096 is working and now looking forward for the ECC stuff :)

bmunger commented 4 years ago

I can confirm this also works. Thank you.