sign.js
Summary
Generate ECC key and sign some data
var CVC = require("scsh/eac/CVC").CVC;
var SmartCardHSM = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSM;
var SmartCardHSMKey = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKey;
var SmartCardHSMKeySpecGenerator = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKeySpecGenerator;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;
var card = new Card(_scsh3.reader);
var crypto = new Crypto();
var sc = new SmartCardHSM(card);
var devAutCert = this.sc.readBinary(SmartCardHSM.C_DevAut);
var chain = SmartCardHSM.validateCertificateChain(crypto, devAutCert);
sc.verifyUserPIN(new ByteString("648219", ASCII));
var ks = new HSMKeyStore(sc);
var label = "TestECC";
if (ks.hasKey(label)) {
ks.deleteKey(label);
}
var dp = new Key();
dp.setComponent(Key.ECC_CURVE_OID, new ByteString("brainpoolP256r1", OID));
var gen = new SmartCardHSMKeySpecGenerator(Crypto.EC, dp);
gen.algorithms = new ByteString("7073", HEX);
gen.setKeyUseCounter(1);
var req = ks.generateKeyPair(label, gen);
print(req.getASN1());
if (!req.verifyATWith(crypto, chain.publicKey, chain.devicecert.getPublicKeyOID())) {
throw new Error("Failed at verifyATWith()");
}
var pub = req.getPublicKey();
if (!req.verifyWith(crypto, pub, req.getPublicKeyOID())) {
throw new Error("Failed at verifyWith()");
}
var msg = new ByteString("Hello World", ASCII);
var key = ks.getKey(label);
sc.updateKey(key);
print("Key use counter: " + key.useCounter);
var sccrypto = sc.getCrypto();
var signature = sccrypto.sign(key, Crypto.ECDSA_SHA256, msg);
print("Signature: " + signature);
assert(crypto.verify(pub, Crypto.ECDSA_SHA256, msg, signature), "Signature failed verification");
sc.updateKey(key);
print("Key use counter: " + key.useCounter);
try {
var signature = sccrypto.sign(key, Crypto.ECDSA_SHA256, msg);
}
catch(e) {
assert(e.reason == 0x6984, "Did not fail with reference data unusable");
}
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024