Re: [Globalplatform-developers] GP Data encryption

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello again,

Looks like that I need is:

OPGP_ERROR_STATUS calculate_enc_ecb_two_key_triple_des(BYTE key[16], BYTE
*message, int messageLength, BYTE *encryption, int *encryptionLength)

I have found the svn repo, will send a patch.

Sébastien Lorquet

Le 12/09/2016 à 16:23, Sebastien Lorquet a écrit :
> Hello,
> 
> Is there someone still reading this list?
> 
> I would like to follow up on this
> 
> https://sourceforge.net/p/globalplatform/mailman/message/31626315/
> 
> I have to use this and would like to say a word about this encryption.
> 
> It would not be wise to encrypt the full data field, because it is not always
> the real requirement:
> 
> - GP Data encryption does not define padding so encrypted data length always has
> to be a multiple of 8 bytes.
> 
> - Sometimes data is sent via DGIs (kind of TLV tags) and ONLY the DGI CONTENTS
> has to be enecrypted. And more than one DGI can be sent in the same STORE DATA APDU.
> 
> So the real need is not an extension of sendApdu but a new API in globalPlatform.h:
> 
> 
> OPGP_API OPGP_ERROR_STATUS GP211_encrypt_data(GP211_SECURITY_INFO *secInfo,
> PBYTE *buffer, DWORD bufferLength);
> 
> OPGP_API OPGP_ERROR_STATUS GP211_decrypt_data(GP211_SECURITY_INFO *secInfo,
> PBYTE *buffer, DWORD bufferLength);
> 
> Since there is no padding, the input and output buffers always have the same
> length (multiple of 8 bytes) the data can be processed in place.
> 
> Only thing these functions have to do is encrypt/decrypt using triple-DES ECB
> with 2 keys.
> 
> What is the proper development process to get this implemented and included in
> the next releases ? It is a valuable addition to GlobalPlatform library.
> 
> Thanks for reading,
> 

Re: [Globalplatform-developers] GP Data encryption

Implementation of GlobalPlatform smart card specification

Re: [Globalplatform-developers] GP Data encryption