Overview of Using Cryptography Extensions

A selection of Security and Cryptography classes are supported by the simulator (cref). The support for security and cryptography enables you to:

  • Generate message digests using the SHA1 and SHA256 algorithms.

  • Generate cryptographic keys on Java Card technology-compliant smart cards for use in the ECC and RSA algorithms

  • Set cryptographic keys on Java Card technology-compliant smart cards for use in the AES, DES, 3DES, HMAC, ECC, and RSA algorithms

  • Encrypt and decrypt data with the keys using the AES, DES, 3DES, and RSA algorithms.

  • Generate and verify signatures using MAC, CMAC, HMAC,DSA, ECDSA, and RSA algorithms.

  • Generate sequences of random bytes

  • Generate checksums

  • Use part of a message as padding in a signature block

  • Generate derived data using KDF in Counter mode and PRF for TLSv1.2 algorithms

    Note:

    DES is also known as single-key DES. 3DES is also known as triple-DES.

Refer to the following publications, for more information on the cryptographic algorithms and schemes:

  • For SHA1 — "Secure Hash Standard", FIPS Publication 180-1: http://www.itl.nist.gov

  • For DES — "Data Encryption Standard (DES)", FIPS Publication 46-2 and "DES Modes of Operation", FIPS Publication 81: http://www.itl.nist.gov

  • For RSA — "RSAES-OAEP (Optimal Asymmetric Encryption Padding) Encryption Scheme": http://www.emc.com

  • For AES — "Advanced Encryption Standard (AES)" FIPs Publication 197: http://www.itl.nist.gov

  • For ECC"Public Key Cryptography for the Financial Industry: The Elliptic Curve Digital Signature Algorithm" (ECDSA) X9.62-1998: http://www.x9.org

  • For Checksum — "Information technology—Telecommunications and information exchange between systems—High-level data link control (HDLC) procedures" ISO/IEC-13239:2002 (replaces ISO-3309): http://www.iso.org

  • For SHA256"Secure Hash Standard", FIPS Publication 180-2: http://www.itl.nist.gov

  • For HMAC"Keyed-Hashing for Message Authentication", RFC-2104

  • For KDF in Counter mode — "Key Derivation Function in Counter Mode", NIST SP 800-108

  • For PRF of TLS"Pseudo Random Function", TLS version 1.2 defined in IETF RFC 5246

  • For DSA"Digital Signature Algorithm", Standard, NIST FIPS 186.