Is it possible to use Cipher.ALG_RSA_PKCS1 on JC222

[ble0]

Is it possible to use Cipher.ALG_RSA_PKCS1 in PIV_SUPPORT_RSA instead on the default Cipher.ALG_RSA_NOPAD? Will the PIV applet work the same?

[mistial-dev]

For your first question, the best reference for what cards support what is going to be this page.

https://www.fi.muni.cz/~xsvenda/jcalgtest/table.html

As you can see, ALG_RSA_PKCS1 was introduced prior to JC2.2.2, and is well supported (even if a few cards don't support it).

PKCS1 padding is different from no padding at all, but as I understand it you can still have the client application do the PKCS1 padding if you want it, with the applet just doing it "raw" at that point.

Will the PIV applet work the same?

I believe (though am not certain) that doing so would break the applet such that TLS (for example) would be limited to TLS 1.1. Essentially, you force the use of specific padding, rather than leaving it to the client.

Why do you want to do this?