Jcop4 NQ-Applet #2425
Jcop4 NQ-Applet #2425
Conversation
frankmorgner
left a comment
frankmorgner
left a comment
There was a problem hiding this comment.
This looks very nice. Is there some product information for the card available on the internet?
The issuer of the card is Vertrauensdiensteanbieter der Bundesagentur für Arbeit Additional information for the vendor/chip/os: |
frankmorgner
left a comment
frankmorgner
left a comment
There was a problem hiding this comment.
Thanks for looking at the comments, the code looks good now.
With your research, it seems like Vertrauensdiensteanbieter der Bundesagentur für Arbeit should work best as "vendor". According to this internal directive your card may be the Digitale Dienstkarte (dDk), but I don't know for sure.
Yes, I have also found this internal directive, but it lacks of technical details. The card can be either a "dDK" which is issued for the employees of the organization (over 100k cards!), or a guest/mass-signature card. |
3 participants
NQ-Applet Card Driver and PKCS15 Emulator
Checklist
Cards Supported
This PR contains the card driver and the PKCS15 emulator for the JCOP4 based cards released with the NQ Applet by Bundesagentur für Arbeit, a German Federal Agency. The NQ Applet contains 2 3072-Bit RSA private keys with the associated certificates, intended for non qualified PKI operations. The card may include a Q Applet for qualified signatures, not included in this PR.
The NQ Applet has a limited ISO compatible APDU set, for instance neither SELECT FILE nor MSE is supported.
3072-Bit Raw RSA
The applet can execute only raw RSA calculations, thus the input and the output of such calculations require buffers for 384 octets. Unfortunately the function sc_pkcs15_compute_signature() in pkcs15-sec.c defined the buffer size as
buflen = inlen + 256;which may result an SC_ERROR_BUFFER_TOO_SMALL during padding, like in sc_pkcs1_add_01_padding().I changed the definition of this buffer size to:
buflen = inlen + modlen;