[Globalplatform-developers] GP Data encryption

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

Is there someone still reading this list?

I would like to follow up on this

https://sourceforge.net/p/globalplatform/mailman/message/31626315/

I have to use this and would like to say a word about this encryption.

It would not be wise to encrypt the full data field, because it is not always
the real requirement:

- GP Data encryption does not define padding so encrypted data length always has
to be a multiple of 8 bytes.

- Sometimes data is sent via DGIs (kind of TLV tags) and ONLY the DGI CONTENTS
has to be enecrypted. And more than one DGI can be sent in the same STORE DATA APDU.

So the real need is not an extension of sendApdu but a new API in globalPlatform.h:

OPGP_API OPGP_ERROR_STATUS GP211_encrypt_data(GP211_SECURITY_INFO *secInfo,
PBYTE *buffer, DWORD bufferLength);

OPGP_API OPGP_ERROR_STATUS GP211_decrypt_data(GP211_SECURITY_INFO *secInfo,
PBYTE *buffer, DWORD bufferLength);

Since there is no padding, the input and output buffers always have the same
length (multiple of 8 bytes) the data can be processed in place.

Only thing these functions have to do is encrypt/decrypt using triple-DES ECB
with 2 keys.

What is the proper development process to get this implemented and included in
the next releases ? It is a valuable addition to GlobalPlatform library.

Thanks for reading,

-- 
Sébastien Lorquet

[Globalplatform-developers] GP Data encryption

Implementation of GlobalPlatform smart card specification

[Globalplatform-developers] GP Data encryption