PKI cards offer

Arnaud LOTIGIER - Sept 2004

 Agenda

• Gemplus PKI cards road map

• Gemplus PKI cards in the GemSafe solution
• GPK16000
• GemSafe applets
• GemSafe applets in a PKI environment
• GemSafe applets in the GSL environment.
• GemSafe applets technical specifications

2
 Gemplus PKI cards roadmap

GemSafe v2
java applet
GemID
java applet
GemSafe v1
java applet
(RSA2048)

Native OS

Native OS

2003 2004 2005

3
 Gemplus PKI cards in the
GemSafe solution

• GPK16000 , GemID and GemSafe applets are integrated in the

GemSafe solution.

• GemSafe is a smartcard based software solution, supporting

many key functions for safe network access and
communications: logon, authentication, digital signing,
encryption…

• In the GemSafe solution, the smartcard stores the keys,

certificates, and the other credentials, and performs all the
sensitive cryptographic operations.

4
 GPK16000

• GPK16000 is the current Gemplus native PKI smartcard.

• GPK16000 main features are:

 Support of RSA keys up to 1024 bits
 Support of RSA functions (Digital Signature, Session key Decipherment,
On Board Key Generation…)
 Secure storage of sensitive data
• Protection by PIN, Ext Auth, Secure messaging.
 Data management
 E-Purse capability

• Note: GemSAFE-IS 16K is the version of GPK16000 OS that is

dedicated to the Identrus compliant applications.

5
GemSafe applets
 GemSafe applets: common
features

• GemSafe (and GemID) applets are the Gemplus PKI applets, which main features are the
following:

 Digital signature
 Session key decipherment
 On board key generation
 Secure card/reader mutual authentication
 Support of RSA, 3-DES, SHA-1 algorithms.
 Data management
 Secure storage of sensitive data:
• Protection by PIN, Ext Auth, Secure messaging.
 Based on E-Sign K (CWA-14890) specifications
 Compliant to ISO 7816 -4-5-6-8-9-15
 Compliant to Identrus requirements
 Integrated in a JavaCard multi-application environment.
 Compatible with the GemXpresso Pro range

7
 GemSafe applets: specific
features
• GemSafe v1:
 PK functions with RSA up to 2048 bits.
 Card/reader mutual authentication based on 3-DES (E-Sign K scheme)

• GemID
 PK functions with RSA up to 1024 bits.
 Card/reader mutual authentication based RSA and Diffie-Hellmann (E-Sign K
scheme)

• GemSafe v2 (availability Q4 2004):

 PK functions with RSA up to 2048 bits
 Full E-Sign K compliancy.
 Combines both 3-DES and RSA + DH card/reader mutual authentication
schemes.
 CC EAL4+ certificate, according to PP SSCD (CWA-14169)
 Multiple instances capability.

8
 GemSafe applets in
GemXpresso cards

• GXP3-E64PK
 GemSafe applets can be loaded in EEPROM.

• GXP3-E32/16PK:
 GemID applet present in ROM
 GemSafe applets can be loaded in EEPROM

• GXP3.2-E32/18PK:
 GemID and GemSafe v1 present in ROM
 Samples in Sept 04

• GXP3.2-E64PK:
 GemSafe v1 and GemSafe v2 present in ROM
 Samples in Nov 04

9
GemSafe applets in a
PKI environment
 Digital Signature with
GemSafe applet (1/3)

• A digital signature ensures both the integrity and the authenticity of a

message.

• GemSafe applets support the PSO: Compute Digital Signature

command, in order to perform a digital signature computed with a
private key, securely stored in the smart card.

• Signature with RSA key up to 2048 bits

 Hash can be performed either in (SHA-1) or out the card.

• Padding PKCS#1 or ISO9796.

• Application example :
 S/Mime (Secure Multipurpose Internet Mail Extension) uses digital
signatures to ensure the integrity and authenticity of e-mails.

11
 Digital Signature with
GemSafe applet (2/3)
• Performing a digital signature:

Cipher the hash with the

sender’s PRIVATE key Append the signature
to the document
Document Compute hash digest
(mathematical summary)

• A smart card with GemSafe applet will:

 securely store the private key
Send
 perform the cipher operation with the private key.
• The hash can be done either in the smart card or outside the smart card.

12
 Digital Signature with
GemSafe applet (3/3)
• Verifying a digital signature.

Using the sender’s PUBLIC key and the

received signature, compute the
expected hash digest

?
?
Receive
• Signature verification does not require high security, since it’s done
using the public key of the sender:
Using
 this operation is typically done without a smart the received message, compute
card.
the received hash digest

13
 Session Key Decipher with
GemSafe applet (1/3)

• The objective of a encipher / decipher function is to ensure the confidentiality

of a document.

• GemSafe applets do not offer an encipher function (it’s not necessary to use a
smart card for this function), but instead offer the decipher function
(PSO:Decipher command).

• Decipher of data up to 512 bits (this data is typically a 3DES session key)

• Data must be padded according to PKCS#1 v1.5 and encrypted with RSA.

• Application example:
 S/Mime (Secure Multipurpose Internet Mail Extension) uses
encryption/decryption to ensure the confidentiality of e-mails.

14
 Session Key Decipher with
GemSafe applet (2/3)
• Performing a message encipher:

Document

Encipher the document

with a symmetric
• This operation does not
Encipher the symmetric
require
session key with the
high security, sincekey
Send
it’s performed using the
session key receiver’s PUBLIC
public key of the receiver:
 a smart card is not necessary for encipher.

15
 Session Key Decipher with
GemSafe applet (3/3)
• Performing a message decipher:
Document

Receive Unwrap the symmetric

session key with the
• A smart card with the GemSafe applet
receiver’s will: key
PRIVATE
Decipher the document
with the symmetric
session key
 securely store the private key of the receiver.
 unwrap the symmetric session key, using the private key of the receiver.
• The decipher operation of the document with the symmetric session key can
be done outside the smart card.

16
 Client authentication using
digital certificate (1/3)

• The objective of a client/server authentication is to ensure that the

client and the server:
 are trustworthy parties
 own a valid private key.

• The authentication is done by combining control of digital certificate

and of digital signature capability.

• GemSafe applets are able to:

 securely store digital certificates.
 perform digital signature.

• Application example: SSL3 (Secure Socket Layer) implements

client/server authentication for web applications.

17
 Client authentication using
digital certificate (2/3)
• Control of digital certificate:
Authenticator
 Certificate presentation

 This is Mr X
 His public key is 1234
 A CA I trust vouches for
Mr X’s trustworthiness
 By verifying the CA’s
Client - Mr X signature, I bind 1234 to Mr X
• A smart card with GemSafe applet will securely store digital
certificates of any format (X509 or other).

18
 Client authentication using
digital certificate (3/3)
• Control of digital signature: Authenticator

 Random challenge

Client - Mr X
 Send signed challenge
 Sign challenge
with •PRIVATE
A smart key
card with GemSafe applet will securely store the private key
and perform the digital signature.

19
 On Board Key Generation
with GemSafe applet

• On Board Key Generation is done by GemSafe applet via the Generate

Public Key Pair command.

• This function is aimed at initialising or replacing existing RSA key

pairs.
 RSA key containers must be created at pre-personalization step

• This function allows a user or an application to manage the life span

of its RSA key pairs.

• Supported key sizes: up to 2048 bits.

20
GemSafe applets in the
GemSafe Libraries
environment
 Integration is GSL v4.x

• GemSafe (and GemID) applets are supported by the GemSafe

Libraries v4.x

• GemSafe applets pre-personalization, compatible with GemSafe

Libraries, can be done in Gemplus factory.

22
 GemSafe applet
pre-personalization for GSL

• Example: standard profile for GXP3.2 E18 PK:

 1 RSA key 2048 bits
 4 RSA keys 1024 bits
 2 RSA keys 512 bits

• This standard profile can be adapted to the application needs,

and to the available EEPROM area in the java platform.

23
GemSafe applets
Technical Specifications
 GemSafe applets files and
data objects management
(1/2)
• Binary EFs
 number dependant on EEPROM size

• DFs

• PIN objects
 GemSafe v1 and GemID:
• Up to 3 PINs
• PINs are 8 bytes long, or 16 digits long (with BCD coding)
 GemSafe v2:
• Up to 15 PINs
• PINs are from 8 to 16 bytes long.
 “Change PIN before first use” option

• Up to 15 Security Environments

25
 GemSafe applet files and
data objects management
(2/2)
• RSA keys
 Up to 2048 bits keys
 Maximum nb of private keys defined at applet installation.

• 3DES secret keys (not present in GemID)

 2 secret keys (Kenc and Kmac) for 3-DES card/terminal mutual
authentication.

26
 APDU commands
• Personalization only commands: • Management of SE:
 Create File  MSE: Set
 Initialise Update (OP)  MSE: Restore
 External Auth (OP)
 End Personalisation • PK functions:
 Generate Public Key Pair
• PIN / User identification  PSO: Compute DSI
 Verify Card Holder  PSO: Decipher
 Change Reference Data  PSO:Hash (GemSafe v2)
 Reset Retry Counter
• Data management:
• Card/Terminal Authentication:  Read Binary
 PK External Auth (GemID,GemSafe  Update Binary
v2)  Erase Binary
 PK Internal Auth  Get Data
(GemID, GemSafe v2)  Put Data
 PSO: Verify Certificate (GemID,
GemSafe v2) • Files management:
 SK Mutual Auth  Select File
(GemSafe v1 and v2)  Activate File
 Get Challenge  Deactivate File
 Create File

27