Limits of Java Card Cryptography

In the previous section I described the code that is supposed to provide cryptographic support for Java Card applications. Unfortunately, if you were to to use this code in your Java Card applet it would throw a null pointer exception in Step 1. This is because I instantiated the Cipher class for the ALG_DES_CBC_NOPAD algorithm. The current version of JCDK does not support this algorithm, and therefore, instead of returning a Cipher object, it would throw an exception.

In fact, instead of the long list of algorithms in Listing 3, only the following three algorithms are currently implemented in JCDK:

1. ALG_DES_CBC_ISO9797_M2
2. ALG_AES_BLOCK_128_CBC_NOPAD
3. ALG_RSA_PKCS1

None of these three algorithms is supported by the KDC server that I used in my series of articles on Kerberos authentication ("Lock down J2ME applications with Kerberos;" see Resources). I decided to use the ALG_DES_CBC_NOPAD algorithm in this article because most KDC servers support the DES algorithm, and it is one of the most popular encryption algorithms used in Kerberos-based systems (see Resources).

However, this doesn't mean that my sample e-bank application will only work with a few KDC servers: you should be able to use the e-bank application with any KDC server compliant with Kerberos version 5. In fact, I will ensure this by demonstrating, in the next section, a very flexible technique for overcoming the limitations of cryptography support in Java Card.