Change of target from 3.0.4 to 3.0.5

[KingCZE]

Hi, if I change the target from 3.0.4 to 3.0.5 (for J3R180 JCOP4-180K), would it give any more crypto options or any benefits at all? Would it even work?

A built with target 3.0.5, jc320v24.0_kit and jdk-17.0.10 has 70 kB compared to 17kB of the release build (which is however from 2019). That's a huge difference.

Thanks.

[martinpaljak]

add strip="true" and you'll get a similar-sized result (.cap file is essentially a .jar, you can look inside). Just changing the target will not change the content of the source code, so you will not get anything "new".

[martinpaljak]

FYI, targeting 3.0.5 with latest JC kit:

Generated by Oracle Corporation converter  [v3.2.0]
On Fri Mar 29 07:59:06 EET 2024 with JDK 17.0.9 (Azul Systems, Inc.)
Code size 11919 bytes (14143 with debug)

vs released

Generated by Sun Microsystems Inc. converter 1.3
On Sun Mar 17 13:52:57 CET 2019 with JDK 1.8.0_191 (Oracle Corporation)
Code size 11945 bytes (14146 with debug)

[KingCZE]

Thanks a lot.
From what I see, 3.0.5 would only add SHA3 and RSA 3072 (apart from some altered command for random num generator) if added to the source code, which is probably not a big deal.

[KingCZE]

I don't know why, but none of the algorithms work for me when I use the stripped cap (no matter if 3.0.4 or 3.0.5). I have J3R180 JCOP4-180K, which should support pretty much everything (and it does with SmartPGP). When I used the 70kB unstripped 3.0.5 cap, it was at least able to generate a RSA 2048 key. I have no idea what the issue is.

patrik@King-Laptop:~$ pkcs15-init --generate-key "ec/brainpoolP512r1" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA ECC-512 03/2024" --id "01" --use-pinpad --verbose
Using reader with a card: Gemalto Ezio Shield (I21110801762) 00 00
Connecting to card in reader Gemalto Ezio Shield (I21110801762) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
Failed to generate key: Not supported

patrik@King-Laptop:~$ pkcs15-init --generate-key "ec/brainpoolP512r1" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA ECC-512 03/2024" --id "01" --verbose
Using reader with a card: Gemalto Ezio Shield (I21110801762) 00 00
Connecting to card in reader Gemalto Ezio Shield (I21110801762) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
Failed to generate key: Not supported

patrik@King-Laptop:~$ pkcs15-init --generate-key "ec/brainpoolP512r1" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA ECC-512 03/2024" --id "01" --verbose
Using reader with a card: Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00
Connecting to card in reader Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
Failed to generate key: Not supported

patrik@King-Laptop:~$ pkcs15-init --generate-key "ec/brainpoolP320r1" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA ECC-320 03/2024" --id "01" --verbose
Using reader with a card: Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00
Connecting to card in reader Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
User PIN [User PIN] required.
Please enter User PIN [User PIN]: 
Failed to generate key: Card does not support the requested operation

patrik@King-Laptop:~$ pkcs15-init --generate-key "ec/nistp256" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA ECC-256 03/2024" --id "01" --verbose
Using reader with a card: Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00
Connecting to card in reader Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
User PIN [User PIN] required.
Please enter User PIN [User PIN]: 
Failed to generate key: Card does not support the requested operation

patrik@King-Laptop:~$ pkcs15-init --generate-key "rsa/4096" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA RSA-4096 03/2024" --id "01" --verbose
Using reader with a card: Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00
Connecting to card in reader Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
Failed to generate key: Not supported

patrik@King-Laptop:~$ pkcs15-init --generate-key "rsa/2048" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA RSA-2048 03/2024" --id "01" --verbose
Using reader with a card: Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00
Connecting to card in reader Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
User PIN [User PIN] required.
Please enter User PIN [User PIN]: 
Failed to generate key: Wrong length

patrik@King-Laptop:~$ pkcs15-init --generate-key "rsa:2048" --auth-id "ff" -u "keyAgreement,keyCertSign,cRLSign" --label "TEST KEY CA RSA-2048 03/2024" --id "01" --verbose
Using reader with a card: Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00
Connecting to card in reader Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00...
Using card driver Javacard with IsoApplet.
Found JavaCard isoApplet
About to generate key.
User PIN [User PIN] required.
Please enter User PIN [User PIN]: 
Failed to generate key: Wrong length