5.4 Entity public key remainder


5.4 Entity public key remainder

Before giving any details about the splitting of the entity public keys that are certified using a digital signature scheme with recovery, we make the following remark. In the EMV 2000 specifications, through an abuse of notation, the term "entity public key" refers only to the entity public key modulus . Therefore, in order to keep consistent with the EMV ¢ notations, and at the same time to make clear that it is the modulus part of an entity's public key we are talking about, we refer to it with the notation "entity public key (modulus)".

It is important to note that since the entity public key certificate is produced using a digital signature with recovery, the message M = M R M' to be signed has to be split in two parts (see Appendix D, Section D.3.2):

  1. A part M R that can be recovered from the signature, which can be the complete message if its length is small enough (see Table 5.1) compared to the length of the modulus of the underlying RSA scheme;

    Table 5.1: Splitting of the Entity Public Key (Modulus)

    Name of the Modulus

    Part Recovered from the Certificate

    Part Sent Separately from the Certificate

    Issuer public key (modulus): n I

    If N I N CA ˆ’ 36, then the entire n I can be recovered from the certificate.
    Otherwise, only the N CA ˆ’ 36 most significant bytes of the issuer public key (modulus) can be recovered from the certificate

    If N I > N CA ˆ’ 36, some part of the n I , which is referred to as the Issuer Public Key (modulus) Remainder (tag 92), cannot be recovered from the certificate. It represents a separate item to be transmitted to the verifier

    ICC public key (modulus): n IC

    If N IC N I ˆ’ 42, then the entire n IC can be recovered from the certificate.
    Otherwise, only the N I ˆ’ 42 most significant bytes of the ICC public key (modulus) can be recovered from the certificate

    If N IC > N I ˆ’ 42, some part of the n IC , which is referred to as the ICC Public Key (modulus) Remainder (tag 9F48), cannot be recovered from the certificate, and represents a separate item to be transmitted to the verifier

    ICC PIN encipherment public key (modulus): n PE

    If N PE N I ˆ’ 42, then the entire n PE can be recovered from the certificate.
    Otherwise, only the N I ˆ’ 42 most significant bytes of the ICC PIN encipherment public key (modulus) can be recovered from the certificate

    If N PE > N I ˆ’ 42, some part of the n PE , referred to as the ICC PIN Encipherment Public Key (modulus) Remainder (tag 9F2F) cannot be recovered from the certificate, and represents a separate item to be transmitted to the verifier

  2. A part M' that has to be sent separately to the verifier for the verification of the signature.

Correspondingly, any issuer, ICC, or ICC PIN encipherment public key (modulus) submitted to certification can be conventionally split in two parts. The first part referred to as the leftmost digits of the public key (modulus) can be recovered from the certificate, while the second part, which is referred to as the Public Key (modulus) Remainder, must be sent separately for the verification of the certificate. Table 5.1 summarizes this splitting for issuer, ICC, and ICC PIN encipherment public key (modulus).