I want to use ALG_HMAC_SHA1 method from javacard.security.Signature class. But my javacard framework version is 2.2.1 so Signature class does not include this method for this version. it includes this method after 2.2.2. Is it possible to use this method without upgrading framework version?
Is it possible to use 'ALG_HMAC_SHA1' method from 'Signature' class in javacard framework 2.2.1 version?
626 views Asked by Emel Uras At
2
There are 2 answers
0
On
The HMAC algorithm is not a big deal. As long as your card supports SHA-1 you can simply implement the algorithm on your own. See RFC2104 for details and RFC2202 for test vectors.
BTW: You can not "upgrade the framework version" of a JavaCard - the Card OS and the JavaCard framework is usually not changeable (stored in ROM). You can only buy a different card...
You could always just use the value that you find in the 2.2.2 framework for the constant
ALG_HMAC_SHA1
(=(byte)24
) and pass it to theSignature.getInstance()
method. So using the value is not a problem. However, the smartcard hardware on which you want to run your applet needs to support this algorithm in order for you to be able to use.So if your smartcard hardware supports JC 2.2.1, calling the
getInstance()
method with the value ofALG_HMAC_SHA1
will typically cause aCryptoException
with reason (CryptoException.NO_SUCH_ALGORITHM
) indicating that the algorithm is not supported and JC 2.2.1 does not support any HMAC algorithms). Using the public constant directly will likely result in upload or installation failure.Just to be clear here, I'm not suggesting that compiling for a different framework version might suddenly solve your problem. I'm rather suggesting that you can not simply upgrade the functionality that is available on your card.