Assignment 4 : More Applet Programming - SSH/Smartcard Integration

SSH/Smartcard Integration
2/20/2000, Naomaru Itoi (
Revised 3/9/2000
Revised 11/6/2000

In this assignment, you are to learn integration of card side and host side programming by implementing a SSH client with smartcard. You are asked to write a Java applet to perform RSA decryption, and to modify the SSH client to call the card. Problem Description
The following steps do not have to be carried out in this order.
  1. Install SSH
    Copy /afs/ to your directory, configure, compile and install on your operating system (Solaris 2.6, RedHat 6.1, or OpenBSD 2.6).
  2. Generate a public / private key pair, place the public key on your home directory in iceaxe.
  3. Use sample binary /afs/ name)/ssh to print out your private key with -K option (e.g., ssh -K


    Make sure to copy your public key (.ssh/ into .ssh/authorized_keys in the host you want to log in.

    For example, I generated a key pair on prom.engin, therefore prom has my private key (identity) and my public key ( in ~/.ssh. I copied the public key to soso.eecs:~/.ssh/authorized_keys.

    prom% ./ssh -K
    setting printKey flag...

    ------------printing key
    1/p mod q:

    ----------------------printing key done

  4. Card initialization
    Write your private key to the card with jR command in pay.
    Note that jR command writes the private key to a key number 0x10. When you load this key in your applet by setKeyInstance(), you have to specify this number.
    Write your n of the public key to the file 3f.00/73.68 (sh) on card by sending create APDU and write binary APDU from pay. It should look like this:
    % pay> jR (private key (p, q, 1/p mod q, dp, dq) from ssh -K)
    % pay> f 3f.00
    /* create file "sh" */
    % pay> ic f0 E0 00 00 10
    01 00 73 68 02 01 00 00 FF 00 00 00 00 00 00 00
    /* select */
    % pay> f 73.68
    /* write to "sh" */
    % pay> ic f0 d6 00 00 80
    (public key (n) from ssh -K)
  5. ssh modification
    Now your ssh client (with -s option) should let you log on to iceaxe (or whatever) without typing the password.



Congratulation, assignment 4 is done. As always, send questions to If you are interested in doing more, talk to us. Good luck. :)