decrypt_keyblob.js
Summary
No overview generated for 'decrypt_keyblob.js'
PublicKeyReference = require('scsh/eac/PublicKeyReference').PublicKeyReference;
SmartCardHSM = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSM;
SmartCardHSMKeySpecGenerator = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKeySpecGenerator;
DKEK = require("scsh/sc-hsm/DKEK").DKEK;
var pin = new ByteString("648219", ASCII);
var initializationCode = new ByteString("57621880", ASCII);
var dkekshare1 = new ByteString("A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5", HEX);
var dkekshare2 = new ByteString("E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1E1", HEX);
var card = new Card(_scsh3.reader);
var sc = new SmartCardHSM(card);
if (sc.queryUserPINStatus() == 0x6984) {
var page = "<html><p><b>Warning:</b></p><br/>" +
"<p>This is a new device that has never been initialized before.</p><br/>" +
"<p>If you choose to continue this test, then the device initialization code will be set to " + initializationCode.toString(ASCII) + " </p><br/>" +
"<p>Please be advised, that this code can be changed later, however the same code must be used in subsequent re-initialization of the device.</p><br/>" +
"<p>Press OK to continue or Cancel to abort.</p>" +
"</html>";
var userAction = Dialog.prompt(page);
assert(userAction != null);
}
sc.initDevice(new ByteString("0001", HEX), pin, initializationCode, 3, 2);
sc.importKeyShare(dkekshare1);
var status = sc.importKeyShare(dkekshare2);
print("Device initialized:");
print("-------------------");
print("SW : " + status.sw.toString(HEX));
print("Shares : " + status.shares);
print("Outstanding : " + status.outstanding);
print("KVC : " + status.kcv.toString(HEX));
print("");
var crypto = new Crypto();
var dkek = new DKEK(crypto);
dkek.importDKEKShare(dkekshare1);
dkek.importDKEKShare(dkekshare2);
var kenc = dkek.getKENC();
var kmac = dkek.getKMAC();
print("Values derived from DKEK shared:");
print("--------------------------------");
print("DKEK : " + dkek.dkek.toString(HEX));
print("KVC : " + dkek.getKCV().toString(HEX));
print("Kenc : " + kenc.getComponent(Key.AES).toString(HEX));
print("Kmac : " + kmac.getComponent(Key.AES).toString(HEX));
print("");
sc.verifyUserPIN(pin);
var spec = new SmartCardHSMKeySpecGenerator(Crypto.RSA, 1024);
var rsp = this.sc.generateAsymmetricKeyPair(1, 0, spec.encode());
var keyblob = sc.wrapKey(1);
print("Key blob");
print("--------");
print(keyblob);
dkek.dumpKeyBLOB(keyblob);
var keyspec = new Key();
keyspec.setComponent(Key.ECC_CURVE_OID, new ByteString("brainpoolP256r1", OID));
var spec = new SmartCardHSMKeySpecGenerator(Crypto.EC, keyspec);
var rsp = this.sc.generateAsymmetricKeyPair(2, 0, spec.encode());
var keyblob = sc.wrapKey(2);
print("Key blob");
print("--------");
print(keyblob);
dkek.dumpKeyBLOB(keyblob);
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024