RIPEMD-160 on javacard??
Hi!
I have a serious problem. I need to generate an RIPEMD-160 hashvalue on a javacard, but my jcop21id-card doesn't soppurt that. Is there any way to implement this algorithm on the card in software? Or would this be too slow?
Thanx for your help! Bye
Strunker
My card doesn't support integers, it only supports shorts (16 bit). So I had the same idea as you. I tried to use arrays of shorts, but the performance is very poor. I have not implemented the whole algorithm, but only rotate and addition for a performance test. I need approx. 55 seconds to hash 1 kb of data on my javacard. And that's really slow!
You said you tested a software version of SHA-1 on your card and it was quite fast. Did your card support integers? That would explain why it was so fast. And SHA-1 is much faster than RIPEMD160.
Similar Messages
-
How to use RIPEMD-160 with CL_ABAP_MESSAGE_DIGEST
Hi *,
I want to generate a RIPEMD-160 hash value with CL_ABAP_MESSAGE_DIGEST .
I wrote a short test report ( see below ) and with e.g. SHA512'. or MD5 the logic works fine.
But it dosn't work with RIPEMD-160 .
In the system there is loaded / integrated the cryptolib 8.4.7 pl 35.
How can I find out, witch paramter I have to use ?
Thanks
Robert
REPORT z_test_hash_ripemd.
DATA:my_data TYPE string,
if_hashstring TYPE string,
if_hashxstring TYPE xstring,
if_hashb64string TYPE string,
ld_algorithm TYPE string VALUE 'SHA1'.
DATA: l_ef_hashx TYPE xstring .
my_data = 'Ein Hund kam in die Küche, und stal dem Koch ein Ei ....'.
START-OF-SELECTION .
ld_algorithm = 'SHA512'.
TRY.
CALL METHOD cl_abap_message_digest=>calculate_hash_for_char
EXPORTING
if_algorithm = ld_algorithm " 'RIPEMD160' "''SHA512' "'RIPEMD-160'
if_data = my_data
* if_length = 0
IMPORTING
ef_hashstring = if_hashstring
ef_hashxstring = if_hashxstring
ef_hashb64string = if_hashb64string
ef_hashx = l_ef_hashx.
CATCH cx_abap_message_digest .
MESSAGE i701(bc) WITH 'Fehler!' .
RETURN.
ENDTRY.
WRITE: / if_hashstring .Hi Vaibhav
You may not catch exceptions returned by function module using try endtry block.
It works well with the exception returned by methods.
In case of function modules or BAPI what u can do is to check sy-subrc returned and give message accordingly. If it returns a structure like bapireturn then display message returned.
in case of exception returned by a method, do it like this...
data: excep type cx_root.
data: v_str type string.
try.
*any method call or division by zero (for ex)
catch cx_root into excep.
endtry.
if excep is not initial.
CALL METHOD excep->if_message~get_text
receiving
RESULT = v_str.
endif.
*display the value returned in v_str on screen -
Formula node(RIPEMD-160)
Hi:
I have project for RIPEMD-160 password control program,I need call standard RIPEMD-160 C language,
I am understand Labview,but I am not understand C language,
How can I use Formula node or Call Library function node?
Can you help me,
below is my program
unsigned int K;
unsigned char B[ ]={0xB3,0xE6,0x1F,0xCA,0x7A,0xA6,0xE3,0xF5,0xF7,0x58,0x59,0xF3,0xE0,0x35,0x85,0x59,0x1C,0x0A,0x08,0xA7,0xF3,0x59,0x0F,0xE5,0x3D,0x53,0x71,0xFA,0x7B,0xAC,0x4C,0x19,0x0F,0xE5,0x3D,0x53,0xF1,0xFA,0x7B,0xAC,0xB3,0xE6,0xBC,0x06,0x30,0xAB,0x43,0x81,0xE1,0x14,0x1A,0xCF,0x50,0xFE,0x33,0xD5,0xAF,0x1F,0xC7,0xBA,0x9F,0x35,0x2C,0xF9};
D=RIPEMD-160 [B];
K0=D13
K1=D7
K2=D63
K3=D53
K4=D1
K5=D47
K6=D0
K7=D17
K8=D51
K9=D66
K10=D41
K11=D35
K12=D25
K13=D60
K14=D11
K15=D27
RIPEMD-160 sample code see attach files.
autocar
附件:
rmd160.c 11 KB
rmd160.h 6 KBHello autocar.
有關如何將C語言轉成DLL,您可能需要找C語言的高手,建議您到雅虎或到其他BBS站求救。
Thanks
NI Taiwan AEs -
Digital Signature Certificate algorithm
Hi Friends
Please clarify below points as we are planning to use SHA 256 algorithm with digital certificate while signing using SECULIB libraray.
1) Does SAP support SHA 256 algorithm , if yes doesnt any additional library files are required.
2) Does SAP support SHA 256 algorithm differently from ECC6
Thanks
LavanyaPlease check the below notes:
[Note 455033 - SAPCRYPTOLIB versions, bugs and fixes|https://service.sap.com/sap/support/notes/455033]
[Note 991968 - Value list for login/password_hash_algorithm|https://service.sap.com/sap/support/notes/991968]
Following Algorithms are provided by SAPCryptolib
1. Under HASH Algorithms:
RSA-MD2 OID 1.2.840.113549.2.2, NULL parameter
RSA-MD4 OID 1.2.840.113549.2.4, NULL parameter
RSA-MD5 OID 1.2.840.113549.2.5, NULL parameter
NIST-SHA OID 1.3.14.3.2.18, NULL parameter
SHA-1 OID 1.3.14.3.2.26, NULL parameter
md2 Same algorithm as RSA-MD2
md4 Same algorithm as RSA-MD4
md5 Same algorithm as RSA-MD5
RIPEMD-160 OID 1.3.36.3.2.1, NULL parameter
ripemd160 Same algorithm as RIPEMD-160
sha Same algorithm as NIST-SHA
sha1 Same algorithm as SHA-1
For more details on which algo.s are supported and provided by SAPCryptolib, please check the following links:
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e186c590-0201-0010-af8d-a2697dee13c0
[Secure System Management FAQ|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/a0b60eb4-a1fa-2b10-58b6-b83ed4d3ff82]
Regards,
Dipanjan -
Help diagnosing "The selected certificate has errors: Invalid Signature"
I am unable to sign a PDF using a new certificate I have received. I have tried Acrobat X and XI. I have also tried importing both the root and issuing CAs as trust anchors. Those certs seem to verify fine. This issue appears to be with the signature on my cert.
My suspicion is that the issue stems from the issuing CA's use of the "AlternateSignatureAlgorithm", 1.2.840.113549.1.1.10 RSASSA-PSS, for my user cert. Acrobat does not seem to recognize this algorithm. It simply lists the OID value when I look at the signature algorithm under details.
The certificate is validated fine using certutil.exe and works fine when I use it for client SSL authentication. I am using Windows 7 and have tried both 32 and 64 bit PCs.
Has anyone experienced this before?
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
X509 Certificate:
Version: 3
Serial Number: 100000
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
NotBefore: 11/15/2012 2:14 PM
NotAfter: 11/16/2022 2:14 PM
Subject:
CN=xyz Issuing CA
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 e3 0b d4 99 e6 01 f1
0010 0e a4 e1 82 8a 8c 39 27 62 7a 03 23 fe 03 3f b5
0020 0d b6 fa c2 1b 86 44 d6 2f 76 65 b0 02 ff 83 69
0030 b7 6a 8d b2 d7 22 74 e3 04 9a 01 ec 4c 0f de ff
0040 c3 db 8f b5 c1 d3 7d 80 f5 ca cc ca 6d ef df 2a
0050 31 25 18 0b 92 1b 4b 1f 41 c0 5f b6 b2 7e f4 43
0060 99 43 01 cf c2 60 de 79 75 ec dc 61 11 ea 87 d0
0070 76 56 a6 4f 00 4a 31 94 37 a5 37 7b 0d 61 49 74
0080 67 88 31 df 81 16 a2 ed 5c 77 6b 23 6b 92 35 c8
0090 b3 05 cc 5a 06 3c a3 b3 6c d8 ad 1e 66 28 4e 90
00a0 3f ad 66 db 6d 13 dd c8 44 29 a0 4f 62 9c f5 5a
00b0 c1 7e 84 fc e6 24 57 c2 bd ce f1 80 b7 bd 13 b8
00c0 9f d1 8a bb 41 43 67 9f 68 25 f6 a6 a2 be 44 89
00d0 11 4f 12 3d 2d d3 85 be 38 f9 97 bd e1 ce 5c 8c
00e0 4e d4 ce be 19 0b a7 91 5d ee 1e c1 84 2c 2a 5e
00f0 bb e5 4a fb 7f 2a f4 b8 06 2b 63 1f d9 c3 d9 d3
0100 5a 13 2d ea 19 63 dd 7c e5 02 03 01 00 01
Certificate Extensions: 9
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
2.5.29.14: Flags = 1(Critical), Length = 16
Subject Key Identifier
8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
2.5.29.35: Flags = 1(Critical), Length = 7e
Authority Key Identifier
KeyID=c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Certificate Issuer:
Directory Address:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
Certificate SerialNumber=00 96 b6 de 15 a7 4b 97 ac
2.5.29.31: Flags = 0, Length = 36
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://pki.xyzre.qa1/crls/root-ca.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 37
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://pki.xyzre.qa1/root-ca.cer
2.5.29.32: Flags = 0, Length = 6e
Certificate Policies
[1]Certificate Policy:
Policy Identifier=2.16.840.1.101.3.2.1.48
[1,1]Policy Qualifier Info:
Policy Qualifier Id=CPS
Qualifier:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/documents/test_policy.pdf
1.3.6.1.4.1.311.21.1: Flags = 0, Length = 3
CA Version
V0.0
1.3.6.1.4.1.311.20.2: Flags = 0, Length = c
Certificate Template Name (Certificate Type)
SubCA
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 41 a4 3f 79 99 d2 aa fa f9 4b 88 0c a6 be 6f 40
0010 0b df 10 93 f5 bb 48 c7 1f 89 73 73 09 58 b4 22
0020 f2 b8 0f 78 b1 da 16 81 cd 2d 86 5a 22 90 67 cd
0030 22 03 56 d5 c2 f4 df 79 b2 2a 82 e0 2e 5a 9a c3
0040 92 b5 4d f2 fe 3d 6b f0 97 b0 b7 85 b6 e9 99 4c
0050 f5 87 34 81 bc 27 f0 77 a1 c6 b2 50 b1 c8 b6 2f
0060 6f 01 61 0d 1d bc cd 3b 07 2d 18 71 d3 f1 f2 03
0070 78 e6 82 24 27 b1 65 d5 4b be 6c 20 f7 60 30 4c
0080 49 42 07 4c 13 d9 7d 77 7f 10 a4 32 bc 30 d4 82
0090 bf 40 06 0f 84 32 43 65 67 47 d0 19 59 0e e7 c2
00a0 d9 c1 10 0a 5e df a2 18 04 86 e5 e4 09 80 99 75
00b0 fd 21 ad 86 5f 77 ab 5d aa 79 74 ed eb ba c4 e8
00c0 f1 fb b2 ae 6a dd 07 5c cc 3d 93 99 ff 45 e6 f6
00d0 c6 d6 d3 22 69 c3 43 50 c0 69 e4 7f 3e 73 df 76
00e0 6f 9d fc 73 ed 54 0b 49 3b 6f c8 99 32 b1 9b d5
00f0 15 bd 5f 40 07 a2 f2 92 0e 74 2b f2 01 39 52 b0
Non-root Certificate
Key Id Hash(rfc-sha1): 8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
Key Id Hash(sha1): e7 a5 38 8b 64 5e bd 6e ee 7b 3f 61 bb 8a ed 2c cc 4b 2c 2f
Cert Hash(md5): 69 84 7c 7c d8 2a 35 12 e9 6b e8 6a fd ca be 92
Cert Hash(sha1): eb 2f 11 1b b0 c2 92 a0 14 74 50 42 50 1e de c5 53 de d7 df
---------------- End Nesting Level 1 ----------------
CERT_MD5_HASH_PROP_ID(4):
69 84 7c 7c d8 2a 35 12 e9 6b e8 6a fd ca be 92
CERT_SHA1_HASH_PROP_ID(3):
eb 2f 11 1b b0 c2 92 a0 14 74 50 42 50 1e de c5 53 de d7 df
CERT_KEY_IDENTIFIER_PROP_ID(20):
8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
Cannot find the certificate and private key for decryption.
================ Certificate 1 ================
================ Begin Nesting Level 1 ================
X509 Certificate:
Version: 3
Serial Number: 96b6de15a74b97ac
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Issuer:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
NotBefore: 11/13/2012 3:35 PM
NotAfter: 11/13/2032 3:35 PM
Subject:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 d2 5f 7d c0 c5 25 7f
0010 2c 4c a2 4a 9b 6f e7 7a 35 cd 9a 2a 88 30 36 9b
0020 f8 a4 d8 31 64 72 36 1c 1b 2c dc 73 11 d6 57 a2
0030 97 91 6d bb d0 3c 13 65 28 4d 78 4e e1 c7 06 ac
0040 16 c1 2a 62 39 ba 39 f9 a1 b9 4a 14 39 28 58 0d
0050 f4 97 83 d5 ee 45 91 4a 41 06 e5 b9 60 40 20 48
0060 85 f4 2d 8e 04 7f 81 12 3a 26 e1 0f 21 32 49 bc
0070 20 ef 12 69 5a 20 a4 51 65 6d 85 4c 0f 4c 91 4c
0080 26 47 27 a7 9e 49 e0 f7 56 08 fc 90 47 11 6c a9
0090 b8 81 c6 83 c8 b2 2d e8 c4 ba 8b 45 32 c5 dd a0
00a0 d9 1c 85 10 d6 6b 42 50 9a 42 d6 e4 51 32 73 59
00b0 92 5b d1 44 82 dc be 75 65 94 e7 4a 79 15 ed 23
00c0 f8 a3 3e 28 92 31 75 5c fa b9 1b 6d e0 c3 d0 24
00d0 7a 09 86 d0 2d c7 42 eb 6b fc 95 ed 62 13 21 35
00e0 2f 0e b6 cd c2 c3 66 d4 a6 1b 53 15 49 64 ac 34
00f0 11 20 8b e4 46 bc 60 68 3e 1b cb 5c b8 05 f4 a8
0100 0a a3 53 d0 37 2a 2d 73 01 02 03 01 00 01
Certificate Extensions: 7
2.5.29.19: Flags = 1(Critical), Length = 5
Basic Constraints
Subject Type=CA
Path Length Constraint=None
2.5.29.14: Flags = 1(Critical), Length = 16
Subject Key Identifier
c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Certificate Signing, Off-line CRL Signing, CRL Signing (06)
2.5.29.35: Flags = 1(Critical), Length = 7e
Authority Key Identifier
KeyID=c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Certificate Issuer:
Directory Address:
CN=xyz QA CA
O=xyz Technical Resources Ltd
C=US
Certificate SerialNumber=00 96 b6 de 15 a7 4b 97 ac
2.5.29.31: Flags = 0, Length = 36
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://pki.xyzre.qa1/crls/root-ca.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 37
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://pki.xyzre.qa1/root-ca.cer
2.5.29.32: Flags = 0, Length = 6e
Certificate Policies
[1]Certificate Policy:
Policy Identifier=2.16.840.1.101.3.2.1.48
[1,1]Policy Qualifier Info:
Policy Qualifier Id=CPS
Qualifier:
http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/documents/test_policy.pdf
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA
Algorithm Parameters:
05 00
Signature: UnusedBits=0
0000 69 25 3a 36 f1 13 25 88 73 94 eb cf 5b 70 2e 86
0010 8c 0d 7a 8f 3a 49 0e 42 18 da c9 00 26 68 ea 42
0020 cd 2a 24 43 0d ec 6b 15 73 14 33 69 c2 60 3d 40
0030 1c 4d 59 12 7a e9 03 00 81 ba 1e 50 55 05 bd 60
0040 88 84 bb 8e e3 f5 ce 00 42 ae fd 01 05 fd bc 5f
0050 af cc e3 a4 4d f2 84 8b 9b 0d 24 16 d6 d4 51 da
0060 50 9c c4 69 d6 b8 18 be e5 5c 48 b8 8a a3 d4 22
0070 0e 26 f2 15 d8 ff 19 34 d4 1d 69 50 02 51 da e8
0080 ad 05 a3 2f 1c e9 0f da e3 4c 36 c4 cd 6e a5 76
0090 88 19 90 78 ad fe 94 62 46 91 2b 0a 36 df e2 ea
00a0 4a a9 f4 5c dc 77 4d e5 f4 ab e9 b9 da f6 b0 9f
00b0 6c f5 50 74 14 19 05 df 96 b5 ee af a3 31 a5 af
00c0 8f 6c be 67 43 78 55 0e 39 46 80 05 12 5f c2 4f
00d0 24 fc 13 f7 e5 ee 64 0f dd 9a 49 5c 57 10 1c 4b
00e0 7a 9f 5a 1f 0c ec 5b 8d b4 c4 ed d8 09 cc 1c d9
00f0 9f 04 3f 85 ab 95 48 8e 77 e0 91 81 39 46 fb a3
Signature matches Public Key
Root Certificate: Subject matches Issuer
Key Id Hash(rfc-sha1): c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Key Id Hash(sha1): f0 fc 52 1c c1 a6 16 2d 28 c1 71 84 ae d4 18 87 74 c4 f8 1c
Cert Hash(md5): c9 af 16 63 9e 51 7b 8e 22 25 96 d7 a7 66 fa ab
Cert Hash(sha1): e6 0b ef c1 fb e6 94 13 dc 9f 26 80 33 31 43 d9 ec af d7 be
---------------- End Nesting Level 1 ----------------
CERT_MD5_HASH_PROP_ID(4):
c9 af 16 63 9e 51 7b 8e 22 25 96 d7 a7 66 fa ab
CERT_SHA1_HASH_PROP_ID(3):
e6 0b ef c1 fb e6 94 13 dc 9f 26 80 33 31 43 d9 ec af d7 be
CERT_KEY_IDENTIFIER_PROP_ID(20):
c5 91 51 88 76 e2 a4 13 5a 2f 11 84 29 54 de cf 4f 93 28 eb
Cannot find the certificate and private key for decryption.
================ Certificate 2 ================
================ Begin Nesting Level 1 ================
X509 Certificate:
Version: 3
Serial Number: 1500000003a24d67389af826d7000000000003
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS
Algorithm Parameters:
30 00
Issuer:
CN=xyz Issuing CA
NotBefore: 11/15/2012 3:13 PM
NotAfter: 11/15/2013 3:13 PM
Subject:
[email protected]
CN=(e) Hugh Kelley
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
Public Key Length: 2048 bits
Public Key: UnusedBits = 0
0000 30 82 01 0a 02 82 01 01 00 e4 55 77 34 c0 b7 58
0010 55 cd 71 1e da d4 83 fd f4 bd a5 d5 26 52 6c 7e
0020 8d 74 ea 0a b6 2c 0c ae b4 8f fc 95 07 9b 1a d4
0030 e1 9f ed e3 7e d7 f4 f0 04 2c e4 ed 4c 49 2b d7
0040 b4 42 c0 1c 12 7c b8 76 22 83 e6 d9 44 78 ce 26
0050 20 5c 9c 71 30 3c 78 01 74 fa ac f9 7b b3 83 28
0060 a8 18 52 10 d4 a5 f0 29 40 15 40 16 5c 90 4b 5d
0070 c4 57 9d 3d 29 4e ce 80 b1 f1 ae 17 a4 cc 85 0b
0080 a2 5e 73 0f ac 0f ff 8b 05 0c b9 f2 17 b3 ad 2f
0090 b7 33 c7 ac bf 16 0f 09 2a e6 b7 f9 90 42 0b 6f
00a0 3b 7f df 86 e6 e9 33 b6 d5 2d be 5f 65 4b 87 45
00b0 d4 53 fc 8e de 0f 49 fd 8b 84 f5 2e cd 00 a9 cd
00c0 0c b2 e2 7e 3e f9 e3 28 2f 9a 55 85 3e b8 b2 3a
00d0 89 ce 19 bd 88 b2 74 da 42 ac bf 07 6c 4a b8 2e
00e0 94 36 3b 28 f0 45 ec 59 f4 22 f3 03 47 85 ef 4c
00f0 ba f5 24 3e 55 60 8b e8 6e e3 e9 1e bf 3c c9 75
0100 88 9c 39 6c 20 66 c0 92 85 02 03 01 00 01
Certificate Extensions: 10
1.3.6.1.4.1.311.21.7: Flags = 0, Length = 30
Certificate Template Information
Template=1.3.6.1.4.1.311.21.8.11609700.13554795.12405411.13975648.10011376.129.8742862.14 66929
Major Version Number=100
Minor Version Number=5
2.5.29.37: Flags = 0, Length = 22
Enhanced Key Usage
Client Authentication (1.3.6.1.5.5.7.3.2)
Secure Email (1.3.6.1.5.5.7.3.4)
Encrypting File System (1.3.6.1.4.1.311.10.3.4)
2.5.29.15: Flags = 1(Critical), Length = 4
Key Usage
Digital Signature, Key Encipherment (a0)
1.3.6.1.4.1.311.21.10: Flags = 0, Length = 28
Application Policies
[1]Application Certificate Policy:
Policy Identifier=Client Authentication
[2]Application Certificate Policy:
Policy Identifier=Secure Email
[3]Application Certificate Policy:
Policy Identifier=Encrypting File System
1.2.840.113549.1.9.15: Flags = 0, Length = 37
SMIME Capabilities
[1]SMIME Capability
Object ID=1.2.840.113549.3.2
Parameters=02 02 00 80
[2]SMIME Capability
Object ID=1.2.840.113549.3.4
Parameters=02 02 00 80
[3]SMIME Capability
Object ID=1.3.14.3.2.7
[4]SMIME Capability
Object ID=1.2.840.113549.3.7
2.5.29.14: Flags = 0, Length = 16
Subject Key Identifier
c2 1d d2 c8 90 64 9c 38 a9 66 9d 12 8b 1a a6 ab a8 72 2a 11
2.5.29.35: Flags = 0, Length = 18
Authority Key Identifier
KeyID=8a 54 1f f7 43 b9 fd 19 3f 82 28 08 13 3d fa 73 42 11 e3 6f
2.5.29.31: Flags = 0, Length = 44
CRL Distribution Points
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://pki.xyzre.qa1/crls/xyz Issuing CA.crl
1.3.6.1.5.5.7.1.1: Flags = 0, Length = 45
Authority Information Access
[1]Authority Info Access
Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://pki.xyzre.qa1/xyz Issuing CA.crt
2.5.29.17: Flags = 0, Length = 50
Subject Alternative Name
Other Name:
Principal [email protected]
RFC822 [email protected]
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS
Algorithm Parameters:
30 00
Signature: UnusedBits=0
0000 51 58 a1 89 fc fe 9d b3 67 36 9f 4d 41 75 9e 9f
0010 b8 30 10 3b c8 f1 0b 6a b8 ab 84 73 2e 91 7e 05
0020 e0 3a 5b 34 cd 0a 35 bd e0 f6 c2 7c 7f d0 d6 b3
0030 03 3d 8c dd 52 04 7f 62 55 a5 14 a7 5a 20 77 5d
0040 0f bb f6 4d a3 8c 2e 98 76 39 f4 30 18 bf be 5f
0050 0c 62 20 40 39 34 e6 de d2 dd 01 dd e9 bb d0 e5
0060 1e 93 93 0e de c4 c5 86 9e 15 72 ea 4c 37 5c 6c
0070 3d dc 69 8d 17 9d f8 b6 2a 51 1f f5 bc f5 fb 58
0080 2c 03 4f 88 b8 58 a3 cd ca 38 28 3a c9 34 79 4a
0090 46 7c de a1 a8 fa 28 34 1f 23 96 69 51 f1 c7 41
00a0 0b c8 a9 39 71 6c 4f 57 81 7f ec a7 2f 65 b9 97
00b0 c8 2d 1e 24 ff fc d9 58 5c 07 e9 2c 83 77 64 a9
00c0 8f 5d 42 9e c3 ea 85 88 39 7b 23 56 38 6d c9 15
00d0 4c 80 de cf 00 e0 73 27 e2 f1 b3 d4 c9 b5 83 74
00e0 4f 6e 6f 03 2f df c1 29 24 de 6a 70 cf de d4 1f
00f0 fb 07 08 85 89 f9 08 f7 68 5c 68 29 2e 3c 6c de
Non-root Certificate
Key Id Hash(rfc-sha1): c2 1d d2 c8 90 64 9c 38 a9 66 9d 12 8b 1a a6 ab a8 72 2a 11
Key Id Hash(sha1): 42 9c bd 63 60 4c d2 a8 55 bd 1b f4 70 25 34 cd 72 38 ca 8c
Cert Hash(md5): af 8b 1e 76 71 f5 53 f4 93 62 1d e7 5e a8 d1 ff
Cert Hash(sha1): 4f 3b d3 48 ba 05 65 dd 99 bb 33 65 5b 5e ba 13 28 fe 2d 80
---------------- End Nesting Level 1 ----------------
CERT_MD5_HASH_PROP_ID(4):
af 8b 1e 76 71 f5 53 f4 93 62 1d e7 5e a8 d1 ff
CERT_SHA1_HASH_PROP_ID(3):
4f 3b d3 48 ba 05 65 dd 99 bb 33 65 5b 5e ba 13 28 fe 2d 80
CERT_KEY_PROV_INFO_PROP_ID(2):
Key Container = {0136F9BB-2135-4642-827C-B883E0BDAF41}
Unique container name: 1119ced7dad9cbd7d39924c9f35b5886_f10cfee5-eccc-4ef4-b0fb-7042bc1815c3
Provider = Microsoft Enhanced Cryptographic Provider v1.0
ProviderType = 1
Flags = 0
KeySpec = 1 -- AT_KEYEXCHANGE
CERT_CEP_PROP_ID(87):
Enrollment Policy Url: ldap:
Enrollment Policy Id: {D8416D24-E050-45B1-B348-B9218292357C}
Enrollment Server Url: Q-PKI-01.xyzre.qa1\xyz Issuing CA
Request Id: 3
Flags = 0
DefaultNone -- 0
Url Flags = 20 (32)
PsfAllowUnTrustedCA -- 20 (32)
Authentication = 2
Kerberos -- 2
Enrollment Server Authentication = 2
Kerberos -- 2
CERT_REQUEST_ORIGINATOR_PROP_ID(71):
Q-APPDEV7-01.xyzre.qa1
CERT_KEY_IDENTIFIER_PROP_ID(20):
c2 1d d2 c8 90 64 9c 38 a9 66 9d 12 8b 1a a6 ab a8 72 2a 11
Unique container name: 1119ced7dad9cbd7d39924c9f35b5886_f10cfee5-eccc-4ef4-b0fb-7042bc1815c3
PP_KEYSTORAGE = 1
CRYPT_SEC_DESCR -- 1
KP_PERMISSIONS = 3f (63)
CRYPT_ENCRYPT -- 1
CRYPT_DECRYPT -- 2
CRYPT_EXPORT -- 4
CRYPT_READ -- 8
CRYPT_WRITE -- 10 (16)
CRYPT_MAC -- 20 (32)
D:(A;ID;GAGR;;;SY)(A;ID;GAGR;;;BA)(A;ID;GAGR;;;S-1-5-21-2052111302-1708537768-839522115-2 4370)
Allow Full Control NT AUTHORITY\SYSTEM
Allow Full Control BUILTIN\Administrators
Allow Full Control xyzRE\hugh.kelley
Private Key:
PRIVATEKEYBLOB
Version: 2
aiKeyAlg: 0xa400
CALG_RSA_KEYX
Algorithm Class: 0xa000(5) ALG_CLASS_KEY_EXCHANGE
Algorithm Type: 0x400(2) ALG_TYPE_RSA
Algorithm Sub-id: 0x0(0) ALG_SID_RSA_ANY
0000 52 53 41 32 RSA2
0000 ...
048c
Encryption test passed
CertUtil: -dump command completed successfully.Hi Hugh,
As you figured out the certificate was using a signature algorithm that Acrobat did not understand. The "signature algorithm" is a composite of the the digest algorithm (e.g. sha1), and the encryption algorithm (e.g. RSA). Acrobat understands the following digest algorithms; MD5, SHA-1, RIPEMD-160, SHA-256, SHA384, and SHA512. As far as encryption algorithms go, it understands DSA and RSA. Just to make things a little more complicated, version XI also can handle elliptic curve, but versions 6 thru 10 were limited to DSA & RSA. If you are using a digital ID created with the DSA encryption algorithm then the only digest algorithm Acrobat can use with is SHA-1. Just like you saw sha1RSA, you could also use a digital ID with the sha1DSA signature algorithm. If you are using RSA then it will pair with all six digest algorithms I noted above (e.g. sha256RSA).
The Probabilistic Signature Scheme is not something Acrobat understands at all.
Steve -
Usb flash and truecrypt [Solved]
I'm running kernel 2.6.19. Yesterday installed truecrypt and encrypted my usb flash.
]$ truecrypt --properties /dev/sda1
Enter keyfile path [none]:
Enter password for '/dev/sda1':
Volume properties:
Location: /dev/sda1
Size: 1001111040 bytes
Type: Normal
Encryption algorithm: AES-Twofish
Key size: 512 bits
Block size: 128 bits
Mode of operation: LRW
PKCS-5 PRF: HMAC-RIPEMD-160
PKCS-5 iteration count: 2000
Volume created: Tue Apr 10 20:34:56 2007
Header modified: Tue Apr 10 20:34:56 2007
However when I try to mount it I get:
$ truecrypt /dev/sda1 /media/usbf
Enter password for '/dev/sda1':
FATAL: Module truecrypt not found.
truecrypt: Failed to load TrueCrypt kernel module
then I try as root:
# modprobe truecrypt
FATAL: Module truecrypt not found.
I checked other threads but none of the solutions solved my problem.
Last edited by Alexo (2007-04-24 15:24:15)$ sudo pacman -Sy kernel26
checking package integrity... done.
loading package data... done.
checking for file conflicts...
error: the following file conflicts were found:
kernel26: /lib/modules/2.6.20-ARCH/modules.alias: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.ccwmap: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.dep: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.ieee1394map: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.inputmap: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.isapnpmap: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.ofmap: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.pcimap: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.seriomap: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.symbols: exists in filesystem
kernel26: /lib/modules/2.6.20-ARCH/modules.usbmap: exists in filesystem
Question: shall I
$ sudo pacman -U kernel26
or
$ sudo pacman -Sf kernel26 -
Hi,
I need to implement SHA, MD5 and RIPEMD-160.
I would like to know the difference between update and doFinal and what do they compute.
I also need help to do the message padding.
thanx.Are you implementing the algorithms or using the algorithms? If you're simply using the algorithms:
update( byte[] data ) will append the data into the buffer to be digested. So you can add multiple byte arrays, like this:
update ( someData );
update (otherData );
update ( stillMoreData );
doFinal ( ) will actually run the algorithm and reset the javax.crypto.Mac object.
If you're actually implementing the algorithms, look at the actual standards for these algorithms for details such as padding, and refer to the javax.crypto.Mac section in the J2SE API.
- Joscar -
Digital signature / certificate
how does the certificate (digital signature) work in OS X?
I installed one certificate from Trustcenter.de , put it in 'login' keychain.
I created one myself in the 'login' keychain.
I created one myself in the 'system' keychain.
None of those i can see in the Digital Signature menu in: Microsoft Excell, Open Office 2.3, Neooffice
I installed 5-6 certificates on windows xp and vista machines at my work, using digital signature is crutial for me, please help..Please check the below notes:
[Note 455033 - SAPCRYPTOLIB versions, bugs and fixes|https://service.sap.com/sap/support/notes/455033]
[Note 991968 - Value list for login/password_hash_algorithm|https://service.sap.com/sap/support/notes/991968]
Following Algorithms are provided by SAPCryptolib
1. Under HASH Algorithms:
RSA-MD2 OID 1.2.840.113549.2.2, NULL parameter
RSA-MD4 OID 1.2.840.113549.2.4, NULL parameter
RSA-MD5 OID 1.2.840.113549.2.5, NULL parameter
NIST-SHA OID 1.3.14.3.2.18, NULL parameter
SHA-1 OID 1.3.14.3.2.26, NULL parameter
md2 Same algorithm as RSA-MD2
md4 Same algorithm as RSA-MD4
md5 Same algorithm as RSA-MD5
RIPEMD-160 OID 1.3.36.3.2.1, NULL parameter
ripemd160 Same algorithm as RIPEMD-160
sha Same algorithm as NIST-SHA
sha1 Same algorithm as SHA-1
For more details on which algo.s are supported and provided by SAPCryptolib, please check the following links:
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e186c590-0201-0010-af8d-a2697dee13c0
[Secure System Management FAQ|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/a0b60eb4-a1fa-2b10-58b6-b83ed4d3ff82]
Regards,
Dipanjan -
PKI, certificate and keychain.app experts needed!
Hi all!
I have the following problem. To verify e-mails signed (qualified in the sense of german signature-laws) the highest german CA-certificate is needed. So I imported this CA-Root-Cerificate into the x.509 keychain in keychain.app. There it is 1) not recognized as a CA-Root-Certificate and 2) it can't be verified.
Some research discovered that the main difference between this cert and all the other pre-intsalled certs is that it uses the RIPEMD-160 hash-algorithm and not SHA1.
My question is: Can anybody confirm that RIPEMD-160 is not supported in Mac OS X or does anbody have an idea what is going wrong.
If anybody needs the german root-ca-cert I can e-mail it!
Thanks for any help in advance!
Tom
Mac OS X (10.4.8)The following are up to date and seem to be connected to the keyboard buffer in some way: (I had airdisplay, but that is no longer on the drive - I think ML kicked it off the disk when I installed ML).
TextExpander
Keyboard Maestro
Clipboard History
I've closed them down. The problem continues.
I also use Path Finder in which the sticky problem occurs. If I force quit it once the problem begins, that fixes it, but if I then try dragging in just Finder, the problem returns. So it's both in Finder and Path Finder that the issue occurs. I've even relaunched Finder, but that doesn't fix the problem when it has begun. I also discovered that any kind of drag causes the problem now - every time. For example, in some app that displayed a table, if I try widening a column by draging the column heading left or right, then the widening/shrinking continues when I let go of the left mouse hold and then just move the mouse, even if it's off the app's window. -
Can declare an Integer in JavaCard Applet
I got an message "unsupported int type of field..."
So I think in Applet we can only 2 type those are "short" and "byte".
But with an example "E-Bank" applet I saw
public static int CONTEXT_SPECIFIC = 160;
And of course, I cannot compile or convert...
I'm just a brand new of javacard, so please help me... how can I declare an integer in applet (if it can).
Thanks a lot to every one who read this.
Anh T�iThe 16bits/32bits CPU card have better chance to support Integer,
Sharp Javacard 1024KB and base on 16bits/32bits CPU and it support Integer as data type . The 32bits CPU smallest data type is Integer ( 32bits).
Meantime 32bits CPU at same clock will run 4 time faster. -
Ipod Classic 160 GB not Recognized by Itunes
Itunes does not recognize my Classic Ipod 160 GB. I have tried all the suggestions offered by apple. Any advice?
I had the same problem with my iPod classic 80 GB. I spent an hour on the phone with Apple support this morning. It is interesting that I could still sync my iPhone and an older iPod, just not the Classic - so I suspected either a hardware or Mac software issue. The solution (I think) is that the permission in OS X for the device is not recognized. After restoring my iPod to factory settings, and completely deleting and reloading a new copy of iTunes, I am now able to get my Mac to recognize this iPod. Following the instructions found here:
http://docs.info.apple.com/article.html?path=Mac/10.5/en/8342.html
I was able to add permission for the "administrator" to have read and write privileges on this device. That seems to have solved the problem. Thanks to Ryan at Apple Expert for the troubleshooting. Good luck! -
Why is my iPhone 4S breaking up SMS messages that are shorter than 160 characters?
With my iPhone 4S running 5.1, I'll tap out a message that reads on the character counter as less than 160 characters. When I press send, I hear the "sent message" swoosh sound happen twice, as it does when the phone splits a long message into multiple parts.
The recipient confirms that the message does get split into two parts even though its contents did not exceed 160 characters. Through some experimenting, I have determined that it happens with messages that exceed 120 characters. In cases of messages with lengths 120-160 characters, it cuts the last word off and sends it as a separate message.
Why is this happening?
(In addition, checking my Google Voice history also confirms that the messages get split up even though they do not exceed the character limit.)I'm having the same exact issue. I've only noticed it since I upgraded to IOS 5.1. Unless the SMS message is very short, it gets broken into at least two separate messages when I hit send. I think this is happening even if the message I'm sending is less than 120 characters.
It doesn't bother me either, but like AmZam05 mentions, I feel bad for the recipient who is now getting mulitple SMS messages from me when they would get a single SMS message prior to me upgrading to IOS 5.1.
EDIT: Wanted to add that this is with a Sprint iPhone 4S w/ IOS 5.1. I've also found some forum threads elsewhere speaking of the same problem others are having. There seems to be a "workaround" for this by adding a few blank spaces at the end of your SMS text message, then sending it. -
160 counters in FPGA. Use arrays or 160 loops?
I need to program a 7811R FPGA module to give me 160, 16 bit counters. Originally I made 4 loops (one for each connector) and put the counts from each loop in a 40 element array - mostly to make it easier to program. I'm wondering if that's a bad idea. Would it be better to use an individual loop for each counter? Or maybe use one array per 8 bit port (20, eight element arrays)? I don't have my board yet so I haven't been able to test it.
GeorgeHello George!
I am terribly sorry I misread your previous question. You want to check for pulses on 160 lines and then keep track of the number of pulses in a 160 element array. I believe this is the only efficent way todo this but I am concerned whether their will be enough real estate on the FPGA to handle this 160 element array. Additionally, its going to take some time to read and process 160 lines at the same time. Therefore you may want to break this up into 20 loops of 8 lines so that you are not waiting for one loop todo all the processing. This would also give you 8 arrays of 20 elements. Sorry it took me so long to get on the same page with this issue. I hope this helps and please continue to write if you have more questions.
Allan S.
National Instruments -
I made a simple applet to test the speed of adding arrays, depending whether they are saved in EEPROM or RAM. Since working with variables stored in RAM should be faster, I was really surprised when I noticed no difference between them. I would really like to know where I went wrong, but simply can-t figure it out, so any help would be really appreciated. I used Eclipse 3.2 with JCOP Tools 3.1.1b and JCOP31 v2.2 JavaCard. The code I produced is:
package test;
import javacard.framework.APDU;
import javacard.framework.ISO7816;
import javacard.framework.Applet;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
public class SimpleMemoryTest extends Applet {
private static final short ARRAY_SIZE = 32;
byte[] eeprom_a, eeprom_b, eeprom_c;
byte[] ram_a, ram_b, ram_c;
short[] mem;
private SimpleMemoryTest() {
this.mem = new short[2];
public static void install(byte[] bArray, short bOffset, byte bLength) {
new SimpleMemoryTest().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
public void process(APDU apdu) {
if (selectingApplet()) return;
byte[] buf = apdu.getBuffer();
switch (buf[ISO7816.OFFSET_INS]) {
case (byte) 0x00: { // Print memory info to verify where arrays are stored
mem[0] = JCSystem.getAvailableMemory(JCSystem.MEMORY_TYPE_PERSISTENT);
mem[1] = JCSystem.getAvailableMemory(JCSystem.MEMORY_TYPE_TRANSIENT_DESELECT);
buf[0] = (byte)(mem[0] / 256);
buf[1] = (byte)(mem[0] % 256);
buf[2] = (byte)(mem[1] / 256);
buf[3] = (byte)(mem[1] % 256);
apdu.setOutgoingAndSend((short)0, (short)4);
break;
case (byte) 0x01: { // Put arrays in EEPROM.
this.eeprom_a = new byte[ARRAY_SIZE];
this.eeprom_b = new byte[ARRAY_SIZE];
this.eeprom_c = new byte[ARRAY_SIZE];
break;
case (byte) 0x02: { // Put arrays in RAM.
this.ram_a = JCSystem.makeTransientByteArray(ARRAY_SIZE, JCSystem.CLEAR_ON_DESELECT);
this.ram_b = JCSystem.makeTransientByteArray(ARRAY_SIZE, JCSystem.CLEAR_ON_DESELECT);
this.ram_c = JCSystem.makeTransientByteArray(ARRAY_SIZE, JCSystem.CLEAR_ON_DESELECT);
break;
case (byte) 0x03: { // Add arrays in EEPROM 100 times
short i, j;
for (i = (short) 0; i < (short) 100; i++) {
for (j = (short) 0; j < (short) ARRAY_SIZE; j++) {
eeprom_c[j] = (byte)(eeprom_a[j] + eeprom_b[j]);
break;
case (byte) 0x04: { // Add arrays in RAM 100 times
short i, j;
for (i = (short) 0; i < (short) 100; i++) {
for (j = (short) 0; j < (short) ARRAY_SIZE; j++) {
ram_c[j] = (byte)(ram_a[j] + ram_b[j]);
break;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}When you create a byte array, all values are initialized to 0. Looking at your loops, it seems you're adding 0's only. Smart card operating systems normally do a read before write, to make sure not the same value is written. It saves time, and in case of EEPROM also to prolong the lifetime. I think this is the reason why you see no difference .. because there is no writing. Do something like
eeprom_c[j] = (byte)(i + j);
Matjaz wrote: case (byte) 0x03: { // Add arrays in EEPROM 100 times
short i, j;
for (i = (short) 0; i < (short) 100; i++) {
for (j = (short) 0; j < (short) ARRAY_SIZE; j++) {
eeprom_c[j] = (byte)(eeprom_a[j] + eeprom_b[j]);
break;
case (byte) 0x04: { // Add arrays in RAM 100 times
short i, j;
for (i = (short) 0; i < (short) 100; i++) {
for (j = (short) 0; j < (short) ARRAY_SIZE; j++) {
ram_c[j] = (byte)(ram_a[j] + ram_b[j]);
break; -
Javacard and session variables
Hello,
I'm trying to find a reasonable Javacard technique to handle "session variables" that must be kept between successive APDUs, but must be re-initialized on each card reset (and/or each time the application is selected); e.g. currently selected file, currently selected record, current session key, has the user PIN been verified...
Such variables are best held in RAM, since changing permanent (EEPROM or Flash) variables is so slow (and in the long run limiting the operational life of the card).
Examples in the Java Card Kit 2.2.2 (e.g. JavaPurseCrypto.java) manipulate session variables in the following way:
1) The programmers group session variables of basic type (Short, Byte, Boolean) according to type, and map each such variable at an explicit index of a vector (one per basic type used as session variable).
2) At install() time, each such vector, and each vector session variable, is explicitly allocated as a transient object, and this object is stored in a field of the application (in permanent memory), where it remains across resets.
3) Each use of a session variable of basic type is explicitly translated by the programmer into using the appropriately numbered element of the appropriate vector.
4) Vector session variables require no further syntactic juggling, but eat up an object descriptor worth of permanent data memory (EEPROM or Flash), and a function call + object affectation worth of applet-storage memory (EEPROM, Flash or ROM).
The preparatory phase goes:
public class MyApp extends Applet {
// transientShorts array indices
final static byte TN_IX = 0;
final static byte NEW_BALANCE_IX=(byte)TN_IX+1;
final static byte CURRENT_BALANCE_IX=(byte)NEW_BALANCE_IX+1;
final static byte AMOUNT_IX=(byte)CURRENT_BALANCE_IX+1;
final static byte TRANSACTION_TYPE_IX=(byte)AMOUNT_IX+1;
final static byte SELECTED_FILE_IX=(byte)TRANSACTION_TYPE_IX+1;
final static byte NUM_TRANSIENT_SHORTS=(byte)SELECTED_FILE_IX+1;
// transientBools array indices
final static byte TRANSACTION_INITIALIZED=0;
final static byte UPDATE_INITIALIZED=(byte)TRANSACTION_INITIALIZED+1;
final static byte NUM_TRANSIENT_BOOLS=(byte)UPDATE_INITIALIZED+1;
// remanent variables holding reference for transient variables
private short[] transientShorts;
private boolean[] transientBools;
private byte[] CAD_ID_array;
private byte[] byteArray8; // Signature work array
// install method
public static void install( byte[] bArray, short bOffset, byte bLength ) {
//Create transient objects.
transientShorts = JCSystem.makeTransientShortArray( NUM_TRANSIENT_SHORTS,
JCSystem.CLEAR_ON_DESELECT);
transientBools = JCSystem.makeTransientBooleanArray( NUM_TRANSIENT_BOOLS,
JCSystem.CLEAR_ON_DESELECT);
CAD_ID_array = JCSystem.makeTransientByteArray( (short)4,
JCSystem.CLEAR_ON_DESELECT);
byteArray8 = JCSystem.makeTransientByteArray( (short)8,
JCSystem.CLEAR_ON_DESELECT);
(..)and when it's time for usage, things go:
if (transientShorts[SELECTED_FILE_IX] == (short)0)
transientShorts[SELECTED_FILE_IX] == fid;
transientBools[UPDATE_INITIALIZED] =
sig.verify(MAC_buffer, (short)0, (short)10,
byteArray8, START, SIGNATURE_LENGTH);I find this
a) Verbose and complex.
b) Error-prone: there is nothing to prevent the accidental use of transientShorts[UPDATE_INITIALIZED].
c) Wastefull of memory: each use of a basic-type state variable wastes some code; each vector state variable wastes an object-descriptor worth of permanent data memory, and code for its allocation.
d) Slow at runtime: each use of a "session variable", especially of a basic type, goes thru method invocation(s) which end up painfully slow (at least on some cards), to the point that for repeated uses, one often attain a nice speedup by caching a session variable, and/or transientShorts and the like, into local variables.
As an aside, I don't get if the true allocation of RAM occurs at install time (implying non-selected applications eat up RAM), or at application selection (implying hidden extra overhead).
I dream of an equivalent for the C idiom "struct of state variables". Are these issues discussed, in a Sun manual, or elsewhere? Is there a better way?
Other desperate questions: does a C compiler that output Javacard bytecode make sense/exists? Or a usable Javacard bytecode assembler?
Francois GrieuInteresting post.
I don't have a solution to your problem, but caching the session variables arrays in local variable arrays is a good start. This should be only done when the applet is in context, e.g. selected or accessed through the shareable interface. This values should be written back to EEPROM at e.g. deselect or some other important point of time. Do you run into problems if a tear happens? I don't think so since the session variables should be transactional, and a defined point will commit a transaction.
Analyzing the bytecode is a good idea. I know of a view in JCOP Tools (Eclipse plugin) where you can analyze the bytecode and optimize it to your needs.
Maybe you are looking for
-
Extra Stuff That Adobe Installs with Photoshop CS6
Just having gone through a test installation of Photoshop CS6 on a Windows 8 x64 virtual machine, I found it interesting that just after Photoshop CS6 went in Windows itself reported, through the Action Center, that a bunch of ''background'' programs
-
My ipad2 volume is stuck in headphone mode?
Headphones are not plugged in and the volume displays headphones when I try to adjust the volume. I have tried to reset all settings through iPad settings and by holding down the home and power buttons but neither work. I have also tried to plug and
-
Best practice concerning embedding script in report vs. controlling from Java
Hi, I'm faced(probably not the only one) with adding some intelligence to my reports. In a prior post I was curious about displaying/hiding sections based on conditions found in the bean/pojo. Is there a best practice concerning embedding logic in
-
Anyone know of a good OLAP DML/DDL tutorial? (and NOT reference guide)
In addition to Analytic Workspace, I am trying to learn how to build cubes using just the OLAP DML / DDL language. Oracle and others have published a great deal of reference material on the language of OLAP DML / DDL but I can't find any real tutoria
-
5508 - iPad getting disconnected from WLAN Using EAP-TLS
We are seeing an issue with an ipad connecting to a WLAN configured for EAP-TLS using ISE 1.2, getting disconnected. The ipad will hop top another SSID. It will connect back to the other ssid when selected. Any ideas? I have a debug client for whe