Javacard - 使用明文 pin 以外的其他方式保护 RSA 私钥？

Question

假设我想使用比明文 PIN 更强大的东西来保护 Javacard 上 RSA 私钥的使用...例如自定义质询/响应机制。我该如何实现这个目标？

我看到 javacard.framework.OwnerPIN::setValidatedFlag() 应该在不提供 PIN 的情况下解锁卡。但是，如果我尝试从主应用程序调用它，我会在编译时收到此错误:

错误:setValidatedFlag(boolean) 已在 OwnerPIN 中保护访问

Answer 1

Say I wanted to protect use of a RSA Private Key on a Javacard with something stronger than a plaintext PIN... such as a custom challenge/response mechanism. How would I accomplish this?

您对其进行编程，确保质询是随机的、响应时间常数的验证以及生成的身份验证状态免受更改。

有许多可能的质询/响应协议(protocol)，但没有现成的实现。也就是说，所有的成分(随机数生成器、密码、MAC 算法、瞬时存储 - 即 RAM - 和图灵完整的字节码解释器)都在那里。

如果您要使用质询/响应协议(protocol)，那么您不会使用 OwnerPIN 类，而是使用 transient 。

<小时/>

这里有一个关于如何执行此类身份验证的快速模型，但请注意，它甚至不是针对 Java Card 编译的。

针对攻击的防护是随机加入的；并非每个平台都需要它们，并且肯定还有其他类型的保护可能(例如与倒置值进行比较、随机延迟、RAM 状态蜜 jar 等)。

private static final short TRUE = 0x3A5C;
private static final short FALSE = (short) 0xA3C5;

private static final short SINGLETON_SIZE = 1;
private static final short SINGLETON_INDEX = 0;

private static final short NOT_AUTHENTICATED = 0x0000;
private static final short AUTHENTICATED = 0x5C3A;

private final short[] authenticationState;

TransientState() {
    authenticationState = JCSystem.makeTransientShortArray(SINGLETON_SIZE, JCSystem.CLEAR_ON_DESELECT);
}

private void authenticate() {
    // reset authentication state
    authenticationState[SINGLETON_INDEX] = NOT_AUTHENTICATED;

    // perform the challenge / response authentication (mock)
    short authenticationSucceeded = TRUE;

    if (authenticationSucceeded == TRUE) {

        // check against perturbation of flow control

        authenticationState[SINGLETON_INDEX] = AUTHENTICATED;

        // check against perturbation of flow control

    }
}

private void sign() {
    if (authenticationState[SINGLETON_INDEX] != AUTHENTICATED) {
        // throw exception, e.g. SECURITY_CONDITIONS_NOT_SATISFIED
    }

    if (authenticationState[SINGLETON_INDEX] == AUTHENTICATED) {

        // check against perturbation of flow control

        // create signature

        // check against perturbation of flow control

        // verify signature (could protect the private key against exposure)

        // check against perturbation of flow control

        // return signature
    }
}

public void process() {
    switch (ins) {
    case INS_MUTUAL_AUTHENTICATE:
        authenticate();
        break;
    case INS_PSO_SIGN:
        sign();
        break;
    default:
        // throw INS_NOT_SUPPORTED or something
    }
}