RSA key pair generation || variable length

[Raman Verma]

Hi

I am trying to generate the RSA public/Private key using EI Thales HSM command. 

I am getting a successful response from HSM but the length of the fields is a variable length and it is not getting mapped correctly. 

The response has 3 fields as below

Public key                - nB

Private key length   -N4

private key                nB

My XML Configurations. Pls, let me know if I am doing anything wrong here. Would be a great help.

<?xml version="1.0" encoding="UTF-8"?>

<!-- Generate an RSA Public/Private Key Pair -->
<schema id='EI'>
<field id="key-type-indicator" type="N" length="1" >4</field>
<field id="key-length" type="N" length="4" >0512</field>
<field id="public-key-encoding" type="N" length="2" >01</field>
<field id="delimiter" type="K" length="1">%</field>
<field id="lmk-identifier" type="K" length="2">00</field>
</schema>

<?xml version="1.0" encoding="UTF-8"?>

<schema id='EJ'>
<field id="public-key" type="BFS" length="512" />
<field id="private-key-length" type="N" length="4" />
<field id="private-key" type="BFS" length="2048" />
</schema>

[Mark Salter]

If you include a delimiter in the EI request, then the HSM will reply with a delimiter in EJ which you can probably use.

--

Mark

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/73dedeaa-e05a-4465-b346-ae9df3ae5515n%40googlegroups.com.

[Raman Verma]

Adding a delimiter in the request will not work as HSM will through the error of invalid input data. I just tested this and got the invalid input error.

Maybe I am doing it wrong can you pls specify where to put the delimiter? 

<?xml version="1.0" encoding="UTF-8"?>

<!-- Generate an RSA Public/Private Key Pair -->
<schema id='EI'>
<field id="key-type-indicator" type="N" length="1" >4</field>
<field id="key-length" type="N" length="4" >0512</field>
<field id="public-key-encoding" type="N" length="2" >01</field>
<field id="delimiter" type="K" length="1">%</field>
<field id="lmk-identifier" type="K" length="2">00</field>
</schema>

[Mark Salter]

You need to use the right value as a delimiter!

I have not looked at or really used FSDMsg in a while, I would have code to pull these non FSD forms apart instead - sorry.

--

Mark

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/58fb0b88-63e4-4452-88a3-e9b38d0446b7n%40googlegroups.com.

[Raman Verma]

Is there anyone else who can help me here with this? 

[Raman Verma]

I have tried all available ways to parse the EJ response using fsdMsg but still, it is not able to parse the response. Is there anyone who has done the implementation of EI/EJ command using fsdMsg pls revert.

[Alejandro Revilla]

Instead of:

<field id="private-key-length" type="N" length="4" />
<field id="private-key" type="BFS" length="2048" />

You can use just:

<field id="private-key" type="LLLLBFS" length="2048" />

The 'LLLL' here should handle the variable length field.

Please let us know if this works for you.

--

@apr

--

[Raman Verma]

Hi Alejandro

The problem is parsing the public key for which no length is mentioned. If the public key gets parsed correctly then private key length and private key will get easily parsed. I am stuck in parsing the public key only. 

[Mark Salter]

Is the length of the public key fixed for a given set of inputs (length and encoding option)?

Why not share your input and output - make two runs;  I am thinking the public length you need is static - dependant on request and key length.

--

Mark

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/c01e2279-0247-484a-9131-b197d07737a3n%40googlegroups.com.

[Raman Verma]

Hi Mark

It seems parsing this kind of field is not possible at the moment using FSDMsg. What I have done is, read all the bytes in a single field and then do the parsing as per the DER ANS.1 encoding. This seems the only way to read the fields as of now. 

[Mark Salter]

A quick confirmation if I may...
... is the public key fixed length or do you need to scan for marker bytes such as Manuel describe on another reply?

If you are happy to share the options on your EI, I would like to take a look; it seems like Thales might be missing a length otherwise.

-- 

Mark

Sent from Proton Mail mobile



-------- Original Message --------

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/86474d3a-f9d5-4ae2-b926-92627b5b3cbfn%40googlegroups.com.

[Raman Verma]

The public key length depends on the length provided in the request and the encoding used. If I put a length of 2048 bits then 270 bytes will be the length of the public key in response. Also, the public key can be extracted using the Manuel method by looking for the public key exponent and then parse accordingly.

Request input for EI command goes as below

Key Type Indicator               1 N              Defines the intended usage of the key pair: 

                                                                             '5': PIN encryption/decryption 

Key Length                            4 N               The length of the RSA modulus, in bits: '0320' ... '2048' 

Public Key Encoding            2 N               Encoding rules for the Public Key

                                                                              '02': DER encoded ASN.1 RSA Public Key (INTEGER uses 2's complement representation). 

Public Exponent Length      4 N               Optional. Must be present if a public exponent is supplied. Indicates the length (in bits) of the public exponent. 

Public Exponent                   n B                Optional. Must be an odd value. If not supplied, a default exponent of 65537 is assumed. 

Delimiter                                1 A                Value '%'. 

LMK Identifier                       2 N                 LMK identifier; min value = '00'; max value is defined by license; must be present if the above Delimiter is present.

[Mark Salter]

So, then, for a given set of input options and a length of Key, the output length is known, and why there is no need for a length of data value back on the EJ?

I was interested in your EI content - if you were happy to share, if not, no matter.

-- 

Mark

Sent from Proton Mail mobile



-------- Original Message --------

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/4c01d47f-72d1-4a38-8a9b-6259722aabdfn%40googlegroups.com.

[Raman Verma]

I am not getting what you mean by EI content. If you are asking for the EI message format then it is already added in the first message and I have added the EI command format in the last message. 

Below I am adding the Host command that is getting triggered.

EI5204802%00

[Mark Salter]

I was after your whole command data that went tonthe hsm so I could use and see what you were seeing.

Not to worry, you seem happy to use Manuel's method, so all good.

-- 

Mark

Sent from Proton Mail mobile



-------- Original Message --------

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/71d65bc9-041f-45ad-9888-6b7bce968e95n%40googlegroups.com.

[Walid Zohair]

Who is this ?

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/nf5Wk9RdE1qT_DJQhDSs0nwXOIGOlDVj-DVEBbb1656L7omcQyclQbnb2CWv2xuwKtm_2G-2MT3eQmHb1_X_Mm3zrpPwHql7Grw7gowF3B4%3D%40pm.me.

[Mark Salter]

You are replying to my reply in a Google Groups group for jPos you have subscribed to?

--
M

-- 

Mark

Sent from Proton Mail mobile



-------- Original Message --------

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/CAECO%3D-QFgnRLj0AX61xUV2mtzC1K53vQvxjJkSP9%2BtgpwkxtXA%40mail.gmail.com.