sign.js

Summary

Generate ECC key and sign some data


/**
 *  ---------
 * |.##> <##.|  SmartCard-HSM Support Scripts
 * |#       #|
 * |#       #|  Copyright (c) 2011-2012 CardContact Software & System Consulting
 * |'##> <##'|  Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de)
 *  ---------
 *
 * Consult your license package for usage terms and conditions.
 *
 * @fileoverview Generate ECC key and sign some data
 */

var CVC = require("scsh/eac/CVC").CVC;
var SmartCardHSM = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSM;
var SmartCardHSMKey = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKey;
var SmartCardHSMKeySpecGenerator = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKeySpecGenerator;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;



var card = new Card(_scsh3.reader);
var crypto = new Crypto();
var sc = new SmartCardHSM(card);

// Authenticate device and obtain device authentication public key
var devAutCert = this.sc.readBinary(SmartCardHSM.C_DevAut);
var chain = SmartCardHSM.validateCertificateChain(crypto, devAutCert);

// Login
sc.verifyUserPIN(new ByteString("648219", ASCII));

// Create keystore abstraction
var ks = new HSMKeyStore(sc);
var label = "TestECC";

if (ks.hasKey(label)) {
	ks.deleteKey(label);
}

// Define domain parameter for key
var dp = new Key();
dp.setComponent(Key.ECC_CURVE_OID, new ByteString("brainpoolP256r1", OID));

var gen = new SmartCardHSMKeySpecGenerator(Crypto.EC, dp);
gen.algorithms = new ByteString("7073", HEX);
gen.setKeyUseCounter(1);

var req = ks.generateKeyPair(label, gen);

print(req.getASN1());

// Verify key attestation
if (!req.verifyATWith(crypto, chain.publicKey, chain.devicecert.getPublicKeyOID())) {
	throw new Error("Failed at verifyATWith()");
}

var pub = req.getPublicKey();

// Verify proof of correspondance
if (!req.verifyWith(crypto, pub, req.getPublicKeyOID())) {
	throw new Error("Failed at verifyWith()");
}

// Sign message
var msg = new ByteString("Hello World", ASCII);
var key = ks.getKey(label);

sc.updateKey(key);
print("Key use counter: " + key.useCounter);

var sccrypto = sc.getCrypto();

var signature = sccrypto.sign(key, Crypto.ECDSA_SHA256, msg);

print("Signature: " + signature);

assert(crypto.verify(pub, Crypto.ECDSA_SHA256, msg, signature), "Signature failed verification");

sc.updateKey(key);
print("Key use counter: " + key.useCounter);

try	{
	var signature = sccrypto.sign(key, Crypto.ECDSA_SHA256, msg);
}
catch(e) {
	assert(e.reason == 0x6984, "Did not fail with reference data unusable");
}


Documentation generated by JSDoc on Sat Feb 24 15:17:19 2024