importmanagementkey.js

Summary

Import a default AES for managing SO-PINs


/**
 *  ---------
 * |.##> <##.|  SmartCard-HSM Support Scripts
 * |#       #|
 * |#       #|  Copyright (c) 2020 CardContact Systems GmbH
 * |'##> <##'|  32429 Minden, Germany (www.cardcontact.de)
 *  ---------
 *
 * Consult your license package for usage terms and conditions.
 *
 * @fileoverview Import a default AES for managing SO-PINs
 */

var SmartCardHSM = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSM;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;
var DKEK = require('scsh/sc-hsm/DKEK').DKEK;


print("WARNING - This setup is for testing purpose only. Do not use in a production environment");

var crypto = new Crypto();
var card = new Card(_scsh3.reader);
var sc = new SmartCardHSM(card);
// Attach key store
var ks = new HSMKeyStore(sc);

if (ks.hasKey("TrustCenter Token Management Key (Test)")) {
	throw new Error("Key does already exist");
}

var i = -1;
do {
	i++;
	var kd = sc.queryKeyDomainStatus(i);
	if ((kd.sw == 0x6A86) || (kd.sw == 0x6D00)) {
		throw new Error("No free key domain slot");
	}
} while (kd.sw != 0x6A88);

print("Found empty key domain slot " + i);

sc.verifyUserPIN();

// Create DKEK domain with 00.00 DKEK
sc.createDKEKKeyDomain(i, 1);
var share = new ByteString("0000000000000000000000000000000000000000000000000000000000000000", HEX);
sc.importKeyShare(i, share);

// Create DKEK encoder and import share
var dkek = new DKEK(crypto);
dkek.importDKEKShare(share);

var aes = new Key();
aes.setComponent(Key.AES, new ByteString("00112233445566778899AABBCCDDEEFF", HEX));
var keyid = new ByteString("BF6F0C7EDC145466", HEX);

// Encode AES key into blob
var blob = dkek.encodeAESKey(aes);
var key = ks.importAESKey("TrustCenter Token Management Key (Test)", blob, 128, keyid);

print("Key imported");


Documentation generated by JSDoc on Sat Feb 24 15:17:19 2024