问题描述
我有一个小程序(你可以看看它有JavaCard小程序不与RSA加密工作)。
小程序生成RSA公开和构造以及与APDU命令加密一些字节数组私钥。
I have an applet (you can take a look at it there JavaCard applet is not working with RSA encryption).Applet generates RSA public and private keys in constructor and with APDU command encrypt some byte array.
小程序生成带有KeyBuilder.LENGTH_RSA_2048在设有卡伤心,JavaCard的只支持DDA 2048位密钥长度的文档公钥和私钥。
Applet generates public and private keys with KeyBuilder.LENGTH_RSA_2048 in docs provided with cards sad that JavaCard supports 2048 bits key length only in DDA.
所以,问题是什么是DDA和SDA。它们之间的区别是什么?而主要的问题是:如何安装(?或运行)在此模式下小程序
So question is what is DDA and SDA. Differences between them? And main question is: how to install (or run?) applet in this mode?
我发现了什么:
更新1 :SDA - 静态数据认证
DDA - 动态数据认证
What I found out:Update 1: SDA -- Static Data AuthenticationDDA -- Dynamic Data Authentication
推荐答案
所以问题是:
什么是DDA和SDA。它们之间的差异?
SDA - SDA确保IC卡的数据的真实性。 SDA后,它是确保从IC卡中的数据是真实的,没有任何人改变。
但SDA并不保证ICC数据的唯一性。你可以看到SDA的图是什么样子,
SDA - SDA ensures the authenticity of ICC data. After SDA it is sure that the data from the ICC is real and hasn't changed by anyone.But SDA doesn't assure the uniqueness of ICC data. You can see the diagram of SDA is like,
在这里你可以看到两个RSA对是在SDA,结果使用
(1) - IssuerRSA
Here you can see two RSA Pair is using during SDA,
(1) - IssuerRSA
(2) - CA_RSA
(2) - CA_RSA
这个图是非常的描述和明确的了解SDA的流动。您还可以检查有关SDA更多的描述。而DDA流程是什么样子,
this diagram is very descriptive and clear to understand the flow of SDA. Also you can check EMV BOOK 2 for more description about SDA. while DDA flow is like ,
在这里你可以看到3 RSA对是用DDA,
here you can see 3 RSA Pair is using in DDA,
1 - IssuerRSA
1 - IssuerRSA
2 - CA_RSA
2- CA_RSA
3 - ICC RSA(新RSA密钥是在所有的卡独特的,每张卡产生卡个性化在这个RSA双所以这对RSA将每张卡不同)
3 - ICC RSA ( new RSA key which is unique in all card, Each card generate this RSA pair during personalization of card so this RSA Pair will be different for each card)
SDA保证在卡上的数据是有效的,因为我们相信这签署数据高水平的权威认证。但是,攻击者可以通过记录卡会话和因为同样的数据在这里用于所有的会话建立,例如一个新的virtuel卡。
SDA guarantees that data on cards is valid because we trust a high level certification authority which signs the data. But an attacker can record a card session and build for example a new virtuel card because same data is used here for all session.
但在DDA流 - 我们可以说,它是由终端检查SDA +提供随机数据卡签署并在这里这部分对卡无法克隆,因为每个会话使用不同的随机号码,以便记录卡会不会在工作忘词会议。
But in DDA flow - we can say it is checking SDA + giving random data to card by Terminal to sign and here this part makes cloning of card impossible because each session use different random number so recording a card session will not work in next card session.
希望它能帮助更多可以从和 DDA ,的
hope it helps and more can you read from SDA and DDA , Gemalto
这篇关于SDA和DDA在Java卡之间型动物?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!