importAESFromKeyManager.js

Summary

Example for importing an AES key using a runnin key manager instance.


/**
 *  ---------
 * |.##> <##.|  SmartCard-HSM Support Scripts
 * |#       #|
 * |#       #|  Copyright (c) 2011-2015 CardContact Software & System Consulting
 * |'##> <##'|  Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de)
 *  ---------
 *
 * Consult your license package for usage terms and conditions.
 *
 * @fileoverview Example for importing an AES key using a runnin key manager instance.
 */

if (typeof(km) == "undefined") {
	throw new Error("Key Manager must be running");
}

var aes = new Key();
aes.setComponent(Key.AES, new ByteString("00112233445566778899AABBCCDDEEFF", HEX));
aes.label = "ImportedAESKey";


// Locate an empty key domain
var kdid = -1;
do {
	kdid++;
	var kd = km.sc.queryKeyDomainStatus(kdid);
	if ((kd.sw == 0x6A86) || (kd.sw == 0x6D00)) {
		throw new Error("No empty key domain found.");
	}
} while (kd.sw != 0x6A88);

// Create DKEK domain with random DKEK
km.sc.createDKEKKeyDomain(kdid, 1);
var share = km.crypto.generateRandom(32);
km.sc.importKeyShare(kdid, share);

// Create DKEK encoder and import share
var dkek = new DKEK(km.crypto);
dkek.importDKEKShare(share);

// Encode AES key into blob
var blob = dkek.encodeAESKey(aes);
dkek.dumpKeyBLOB(blob);

var key = km.ks.importAESKey(aes.label, blob, aes.getSize());

// Remove the Key Encryption Key
km.sc.deleteKEK(kdid);

// Force a refresh
km.setCard(km.sc.card);


Documentation generated by JSDoc on Thu Apr 3 11:32:15 2025