Menu
With the class javacard.security.KeyAgreement (Java Card 3.0.1 classic) it is possible to make an EC-DH key agreement. But there's no specific curve defined. As i understood, the standard IEEE P1363 does not specify domain parameters. So what curve is used in the Java Card implementation?
924
That's simple: none. You have to set your own parameters. It depends on the card which kind of parameters are supported. The same goes for the key sizes. For JCOP (on a chip with asymmetric co-processor) you can be reasonably certain that curves over F(p) with a maximum key size of 320 bits are supported for instance.
So you should check the user manual (or whatever other manual) of your Java Card runtime environment which curves are supported. After that you need to set the domain parameter values yourself for the ECPublicKey using the various setters (all but setW), then generate an (ephemeral) key pair and perform ECDH key agreement. Obviously you can also set all the parameters including the public / private key value instead of generating a new key pair.
In the case of JCOP you may need to copy the domain parameters to the ECPrivateKey as well before generating the key pair.
In 3.0.1 you can only choose to make the private key transient, which means that all of the domain parameters need to be stored in RAM as well. The public key must be in persistent memory (EEPROM or flash). In 3.0.5 it is possible to create separate domain parameters in EEPROM/flash and then create keys using the KeyBuilder.buildKeyWithSharedDomain method. This allows the parameters to stay in EEPROM while the actual keys can be stored in (transient) memory.
You could check your user manual to see if any curves have been stored inside of the ROM. But domain parameters take quite a bit of space, so this is not all that likely. I personally like the Brainpool curves such as BrainpoolP256r1 most, but NIST curves such as P-256 can be used as well. Bouncy Castle (core) has a whole bunch of curves inside.
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
