'Cryptography Checksum'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-smartcardsdk
Subject:    Cryptography Checksum
From:       Kenny Adeniji <KennyA () REEL ! COM>
Date:       1999-05-18 18:24:41
[Download RAW message or body]


Kenny Adeniji's Question
I am looking for information on how-to determine the cryptographic checksum.

I am using Gemplus' GCR410 smart card reader and GPK4000 smart card.
The cryptographic checksum is calculated as follows:
Kts is the temporary session key.
1. R1 is calculated as 3DES(Block 1, Kts)
2. R2 is calculated as 3DES(Block 2 XOR R1, Kts)
3. This is repeated for each block of 8 bytes, with the result of the one
computation (Ri) being used in the next one (Ri+1)
4. Rn is the final computation, using the final data block, Block n and is
calculated as 3DES(Block n XOR Rn-1)
5. CRYCKS is the result of this final computation (i.e., Rn)
Only the three least significant bytes of the CRYCKS will be used for secure
messaging.
The questions are how to derive 3DES(Block 1, Kts), 3DES(Block 2 XOR R1,
Kts), 3DES(Block n XOR Rn-1)?

Jean-Marc Robert's Response

The 3DES is used as a block cipher as follows:
Let the key K be a 16-byte keys. Let Kl be the 8 most significant bytes of K
and let Kr be the 8 least significant bytes of K.
Then, the encryption of a message block of 8 bytes M is given as follows:
3DES (K, M) = DES (Kl, DES-1 (Kr, DES (Kl, M)))
i.e. 1) Encrypt M with the key Kl i.e. compute X = DES (Kl, M) 2) Decrypt X
with the key Kr i.e. compute Y = DES-1 (Kr, X) 3) Encrypt Y with the key Kl
i.e. compute Z = DES (Kl, Y)
The result of the computation is Z i.e. 3DES (K, M) = Z
Therefore, the Crycks is computed by using 3DES as a block cipher is CBC
mode (in fact outer-CBC mode). The message is divided into blocks of 8-byte
and the Crycks is computed as described in your message.
If necassary, the message is padded with 0x00 to make sure that the length
of the message is divided by 8.
Milan Hrdlicka's Response
lf you need is to implement 3DES algorithm. I believe, you can find it on
the Internet. Quite good descrioption of DES is on
http://www.columbia.edu/~ariel/ssleay/des-algor.html, link "FIPS 46-2 -
(DES), Data Encryption Standard" but there should be an useful
implementation somewhere else.

Then computing of CRYCKS might look like this:

void getcrycks(BYTE *buf, int bufl, BYTE *skey, BYTE crycks[8]){
 int i,p;
 memset(crycks,0,8);
 p=0;
 while(p<bufl){
  for(i=0; i<8 && p<bufl; i++,p++)
   crycks[i]^=buf[p];
  Comp3DES(crycks,skey);
 }
}

Crypto++ 3.1 - a C++ Class Library of Cryptographic Schemes
http://www.eskimo.com/~weidai/cryptlib.html
Kenny Adeniji's Question
Successfully computed a temporary administration key using the Select File
Key (SELFK) command.
Use the GetResponse command to read 12 bytes ( Computed cyptogram 4 least
significant bytes and 8-byte card random number).
Which of the 12 bytes is the temporary administration key?
How-to call either DES or DES3 function with the temporary administration
key?

Thank you.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic