Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable PKI (RSA) cryptosystem in SMAdaptor #99

Merged
merged 5 commits into from
Jan 5, 2016
Merged

Enable PKI (RSA) cryptosystem in SMAdaptor #99

merged 5 commits into from
Jan 5, 2016

Conversation

demsey
Copy link
Contributor

@demsey demsey commented Jan 2, 2016

Main changes are in 03d5397 where structure of SecureKey and SecureDESKey was refactored (with care about backward compatibility) These changes are important because of the upcoming PCI requirements (for TR-31 or equivalent, see https://www.pcisecuritystandards.org/documents/PTS_PIN_Technical_FAQs_v2_Nov_2015_final.pdf section PIN Security Requirement 18)

46d5453 - provide interface for data signature calculation (encription with private key), but this is useless when there is no private key. So 77eac37 provide interface for key pair generation.

Algorithm for calculating the signature data is easy to implement.
But I can not reveal the private key encryption (emulated HSM), even knowing the proper key pair and a variant of LMK. Therefore, at the moment it is possible to implement only the generation of the private key that will work with JCESecurityModule but will not be accepted by the emulated HSM (like a PIN under LMK)

demsey and others added 5 commits January 2, 2016 13:57
@demsey
Wrong scope of translateKeySchemeImpl method
6189f25 
Commit 7c3e9f has introduced method translateKeySchemeImpl with wrong scope
@demsey
Prepare constants for encription RSA variant keys
8d943de
@demsey
SecureVariantKey intermediate layer between secure keys
03d5397 
In order to ensure the possibility of using other keys than a variant,
was needed reorganization of existing structures SecureKey and SecureDESKey.
 * Introduced new class SecureVariantKey with variant attributes.
 * Variant attributes was moved form SecureDESkey to this new as more relevant.
 * Schema attributes as general for all kinds of keys was moved to SecureKey

This commit introduce separation between variant keys and possible
in future other kinds (e.g. TR-31 key block keys or equivalent).
It enables also additional extending of variant keys for example
private or public keys (which do not have a key check value).
@demsey
Add support for SMAdaptor.calculateSignature
46d5453
@krauz0 @demsey
Add support for SMAdaptor.generateKeyPair
77eac37
ar added a commit that referenced this pull request Jan 5, 2016
@ar
Merge pull request #99 from demsey/rsa
3762dbe 
Enable PKI (RSA) cryptosystem in SMAdaptor
@ar ar merged commit 3762dbe into jpos:master Jan 5, 2016
@demsey demsey deleted the rsa branch March 4, 2016 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@demsey @ar @krauz0