From 5c22673a9e0f2b7297e5db67ec02d33e935590eb Mon Sep 17 00:00:00 2001
From: Marcos Del Sol Vives <marcos@orca.pet>
Date: Sat, 6 Jun 2026 17:34:54 +0200
Subject: [PATCH] Fix compatibility with EMV cards (fixes #10)

The card raises an exception when referencing KeyPair. This commit fixes
it by simply using separate private and public key objects.
---
 .../mysmartlogon/gidsApplet/CRTKeyFile.java   | 30 ++++++++++++-------
 .../mysmartlogon/gidsApplet/GidsApplet.java   | 10 +++----
 2 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/src/main/com/mysmartlogon/gidsApplet/CRTKeyFile.java b/src/main/com/mysmartlogon/gidsApplet/CRTKeyFile.java
index 2a36b76..4fe5b96 100644
--- a/src/main/com/mysmartlogon/gidsApplet/CRTKeyFile.java
+++ b/src/main/com/mysmartlogon/gidsApplet/CRTKeyFile.java
@@ -32,7 +32,6 @@
 import javacard.framework.Util;
 import javacard.security.CryptoException;
 import javacard.security.KeyBuilder;
-import javacard.security.KeyPair;
 import javacard.security.RSAPrivateCrtKey;
 import javacard.security.RSAPublicKey;
 
@@ -44,7 +43,8 @@ public class CRTKeyFile extends ElementaryFile {
     private final short posCRT;
     private final short lenCRT;
 
-    private KeyPair keyPair = null;
+    private RSAPublicKey rsaPublicKey = null;
+    private RSAPrivateCrtKey rsaPrivateKey = null;
     private byte[] symmetricKey = null;
 
     public CRTKeyFile(short fileID, byte[] fileControlInformation, short pos, short len) {
@@ -63,22 +63,31 @@ void clearContents() {
         if (symmetricKey != null) {
             symmetricKey = null;
         }
-        if (keyPair != null) {
-            keyPair.getPrivate().clearKey();
-            keyPair = null;
+        if (rsaPublicKey != null) {
+            rsaPublicKey.clearKey();
+            rsaPublicKey = null;
+        }
+        if (rsaPrivateKey != null) {
+            rsaPrivateKey.clearKey();
+            rsaPrivateKey = null;
         }
         if(JCSystem.isObjectDeletionSupported()) {
             JCSystem.requestObjectDeletion();
         }
     }
 
-    public void SaveKey(KeyPair kp) {
+    public void SaveKey(RSAPublicKey publicKey, RSAPrivateCrtKey privateKey) {
         clearContents();
-        keyPair = kp;
+        rsaPublicKey = publicKey;
+        rsaPrivateKey = privateKey;
+    }
+
+    public RSAPublicKey GetPublicKey() {
+        return rsaPublicKey;
     }
 
-    public KeyPair GetKey() {
-        return keyPair;
+    public RSAPrivateCrtKey GetPrivateKey() {
+        return rsaPrivateKey;
     }
 
     public void CheckUsage(byte operation, byte algRef) throws NotFoundException {
@@ -342,7 +351,8 @@ private void importRsaKey(byte[] buffer, short offset, short length) throws Inva
             // If the key is usable, it MUST NOT remain in buf.
             Util.arrayFillNonAtomic(buffer, offset, length, (byte)0x00);
             clearContents();
-            this.keyPair = new KeyPair(rsaPuKey, rsaPrKey);
+            this.rsaPublicKey = rsaPuKey;
+            this.rsaPrivateKey = rsaPrKey;
             if(JCSystem.isObjectDeletionSupported()) {
                 JCSystem.requestObjectDeletion();
             }
diff --git a/src/main/com/mysmartlogon/gidsApplet/GidsApplet.java b/src/main/com/mysmartlogon/gidsApplet/GidsApplet.java
index afe324e..186f9c3 100644
--- a/src/main/com/mysmartlogon/gidsApplet/GidsApplet.java
+++ b/src/main/com/mysmartlogon/gidsApplet/GidsApplet.java
@@ -283,7 +283,7 @@ private void processGetData(APDU apdu) throws ISOException {
                     ISOException.throwIt(ISO7816.SW_DATA_INVALID);
                 }
                 file.CheckPermission(pinManager, File.ACL_OP_KEY_GETPUBLICKEY);
-                PublicKey pk = file.GetKey().getPublic();
+                PublicKey pk = file.GetPublicKey();
 
                 // Return pubkey. See ISO7816-8 table 3.
                 try {
@@ -463,7 +463,7 @@ public void processGenerateAsymmetricKeypair(APDU apdu) throws ISOException {
             }
             ISOException.throwIt(ISO7816.SW_UNKNOWN);
         }
-        file.SaveKey(kp);
+        file.SaveKey((RSAPublicKey) kp.getPublic(), (RSAPrivateCrtKey) kp.getPrivate());
 
         // Return pubkey. See ISO7816-8 table 3.
         try {
@@ -718,7 +718,7 @@ private void decipher(APDU apdu) {
         // Get the key - it must be an RSA private key,
         // checks have been done in MANAGE SECURITY ENVIRONMENT.
         CRTKeyFile key = (CRTKeyFile) currentKey[0];
-        PrivateKey theKey = key.GetKey().getPrivate();
+        PrivateKey theKey = key.GetPrivateKey();
 
         // Check the length of the cipher.
         // Note: The first byte of the data field is the padding indicator
@@ -767,7 +767,7 @@ private void computeDigitalSignature(APDU apdu) throws ISOException {
             lc = transmitManager.doChainingOrExtAPDU(apdu);
 
             // RSA signature operation.
-            rsaKey = key.GetKey().getPrivate();
+            rsaKey = key.GetPrivateKey();
 
             rsaRawCipher.init(rsaKey, Cipher.MODE_ENCRYPT);
             sigLen = rsaRawCipher.doFinal(ram_buf, (short) 0, lc, ram_buf, (short)0);
@@ -782,7 +782,7 @@ private void computeDigitalSignature(APDU apdu) throws ISOException {
             lc = apdu.setIncomingAndReceive();
 
             // RSA signature operation.
-            rsaKey = key.GetKey().getPrivate();
+            rsaKey = key.GetPrivateKey();
 
             if(lc > (short) 247) {
                 ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);