My sensors do send RSA-1024 encrypted data. Each message is around 15 bytes, messagesize. I want to decrypt the messages offline in an offline “server”.
Can I use the smartcard-hsm for the following features:
- Decrypt my messages
- Check the key usage because the number of decrypted messages is a metric to bill the customer.
- Refresh the key usage counter, without the need to expose the original key in of course a secure way. The customer buys “messages” to be decrypted.
- During its lifetime, the card should be able to decrypt 100 million messages, with the usage of the key counter.
Can the smardcard-hsm fulfil my request? If the smartcard can decrypt all of the messages, I have a secure system.
Thx for your advice
The SmartCard-HSM supports RSA1024 keys and the decrypt function.
It also supports a key use counter that can be set during key generation. This key use counter is decremented at each cryptographic operation with the key and it will block the key once the counter reached zero.
However, you can not reset the key use counter and you can not set a key use counter during key import. As the key use counter is stored in EEPROM (or Flash memory for 4.x devices), each cryptographic operations contributes to memory wear-out. For pre 4.0 card the chip manufacturer guarantees 500.000 write cycle, our test show that about 5.000.000 cycle are no issue.
If you send 15 bytes of data, what kind of padding do you use for RSA? Normally a padded and encrypted message using RSA-1024 should be at least 1 kilobyte long. If you have only 15 bytes encrypted there is chance something is really broken.