Class SmartCardHSM
Class implementing support for SmartCard-HSM access
Defined in: smartcardhsm.js.
Constructor Attributes | Constructor Name and Description |
---|---|
SmartCardHSM(card)
Create a SmartCard-HSM access object
|
Method Attributes | Method Name and Description |
---|---|
addKeyToMap(key)
Add a new key to the map of keys
|
|
<static> |
SmartCardHSM.buildGAKPwithECC(innerCAR, algo, chr, dp, outerCAR, privateKey)
Build input for Generate Asymmetric Key Pair command for generating an ECC key pair
|
<static> |
SmartCardHSM.buildGAKPwithRSA(innerCAR, algo, chr, keysize, outerCAR)
Build input for Generate Asymmetric Key Pair command for generating a RSA key pair
|
<static> |
SmartCardHSM.buildPrkDforECC(keyid, label, keysize)
Create a PKCS#15 PrivateECCKey description
|
<static> |
SmartCardHSM.buildPrkDforRSA(keyid, label, modulussize)
Create a PKCS#15 PrivateRSAKey description
|
changeUserPIN(currentPIN, newPIN)
Change User PIN
|
|
decipher(keyid, algo, data)
Decipher cryptogram or agree shared secret using Diffie-Hellman
|
|
deleteFile(fid)
Delete file system object (EF or key)
|
|
Determine an unused key identifier
|
|
<static> |
SmartCardHSM.dumpKeyData(keydata)
Dump C-Data of Generate Asymmetric Key Pair command
|
Enumerate key objects in the SmartCard-HSM and build the map of keys
|
|
Enumerate Objects
|
|
generateAsymmetricKeyPair(newkid, signkid, keydata)
Generate an asymmetric key pair
|
|
generateRandom(length)
Generate random data
|
|
Get crypto object
|
|
getKey(path)
Get a key reference object
|
|
importKeyShare(keyshare)
Import DKEK share or query status
|
|
initDevice(options, initialPIN, initializationCode, retryCounterInitial, keyshares)
Initialize device and clear all keys and files
|
|
logout()
Logout
|
|
openSecureChannel(crypto, devAuthPK)
Open a secure channel using device authentication
|
|
Request PIN Status Information
|
|
readBinary(fid, offset, length)
Read transparent EF referenced by file identifier
|
|
sign(keyid, algo, data)
Sign data using referenced key
|
|
<static> |
SmartCardHSM.stripLeadingZeros(value)
Strips leading zeros of a ByteString
|
unwrapKey(id, keyblob)
Unwrap key with DKEK
|
|
updateBinary(fid, offset, data)
Update transparent EF referenced by file identifier
|
|
<static> |
SmartCardHSM.validateCertificateChain(crypto, devAutCert)
Validate device certificate chain
|
validateCertificateChain(crypto)
Validate device certificate chain
|
|
verifyUserPIN(userPIN)
Verify User PIN
|
|
wrapKey(id)
Wrap key under DKEK
|
Class Detail
SmartCardHSM(card)
Create a SmartCard-HSM access object
- Parameters:
- {Card} card
- the card object
Method Detail
addKeyToMap(key)
Add a new key to the map of keys
- Parameters:
- {HSMKey} key
- the HSM key
<static>
{ByteString}
SmartCardHSM.buildGAKPwithECC(innerCAR, algo, chr, dp, outerCAR, privateKey)
Build input for Generate Asymmetric Key Pair command for generating an ECC key pair
- Parameters:
- {PublicKeyReference} innerCAR
- the CA the request shall be directed to
- {ByteString} algo
- the public key algorithm
- {PublicKeyReference} chr
- the certificate holder reference associated with this key
- {Key} dp
- the domain parameter for the key
- {PublicKeyReference} outerCAR
- the certificate holder reference of the public key for verifying the outer signature
- {Key} privateKey
- optional parameter to supply a private key value for import. This only works with the development version of the SmartCard-HSM.
- Returns:
- the encoded C-Data for GENERATE ASYMMETRIC KEY PAIR
<static>
{ByteString}
SmartCardHSM.buildGAKPwithRSA(innerCAR, algo, chr, keysize, outerCAR)
Build input for Generate Asymmetric Key Pair command for generating a RSA key pair
- Parameters:
- {PublicKeyReference} innerCAR
- the CA the request shall be directed to
- {ByteString} algo
- the public key algorithm
- {PublicKeyReference} chr
- the certificate holder reference associated with this key
- {Number} keysize
- the module size in bits (1024, 1536 or 2048)
- {PublicKeyReference} outerCAR
- the certificate holder reference of the public key for verifying the outer signature
- Returns:
- the encoded C-Data for GENERATE ASYMMETRIC KEY PAIR
<static>
{ASN1}
SmartCardHSM.buildPrkDforECC(keyid, label, keysize)
Create a PKCS#15 PrivateECCKey description
- Parameters:
- {Number} keyid
- the key identifier
- {String} label
- the key label
- keysize
- Returns:
- the PrivateECCKey description
<static>
{ASN1}
SmartCardHSM.buildPrkDforRSA(keyid, label, modulussize)
Create a PKCS#15 PrivateRSAKey description
- Parameters:
- {Number} keyid
- the key identifier
- {String} label
- the key label
- {Number} modulussize
- Returns:
- the PrivateECCKey description
changeUserPIN(currentPIN, newPIN)
Change User PIN
- Parameters:
- {ByteString} currentPIN
- current user PIN value
- {ByteString} newPIN
- new user PIN value
decipher(keyid, algo, data)
Decipher cryptogram or agree shared secret using Diffie-Hellman
- Parameters:
- {Number} keyid
- the key identifier
- {Number} algo
- the algorithm identifier
- {ByteString} data
- the the cryptogram or concatenation of x || y of ECC public key
- Returns:
- the plain output
deleteFile(fid)
Delete file system object (EF or key)
- Parameters:
- {ByteString} fid
- the two byte file object identifier
{Number}
determineFreeKeyId()
Determine an unused key identifier
- Returns:
- a free key identifier or -1 if all key identifier in use
<static>
SmartCardHSM.dumpKeyData(keydata)
Dump C-Data of Generate Asymmetric Key Pair command
- Parameters:
- {ByteString} keydata
- the content of C-Data
{String[]}
enumerateKeys()
Enumerate key objects in the SmartCard-HSM and build the map of keys
- Returns:
- the list of key labels
enumerateObjects()
Enumerate Objects
- Returns:
- the enumeration
{ByteString}
generateAsymmetricKeyPair(newkid, signkid, keydata)
Generate an asymmetric key pair
- Parameters:
- {Number} newkid
- key identifier for new key
- {Number} signkid
- key identifier for signing the new public key
- {ByteString} keydata
- the key data template
- Returns:
- the certificate signing request containing the new public key
generateRandom(length)
Generate random data
- Parameters:
- {Number} length
- number of bytes
- Returns:
- the random bytes
{HSMCrypto}
getCrypto()
Get crypto object
- Returns:
- the HSMCrypto object
{Key}
getKey(path)
Get a key reference object
- Parameters:
- {String} path
- the relative path of the PKI element (e.g. "/UTCVCA1/UTDVCA1/UTTERM")
- Returns:
- the key or null if not found
{Object}
importKeyShare(keyshare)
Import DKEK share or query status
- Parameters:
- {ByteString} keyshare
- 32 byte key share
- Returns:
- object with properties sw{Number}, shares{Number}, outstanding{Number} and kcv{ByteString}
initDevice(options, initialPIN, initializationCode, retryCounterInitial, keyshares)
Initialize device and clear all keys and files
- Parameters:
- {ByteString} options
- two byte option mask
- {ByteString} initialPIN
- initial user PIN value
- {ByteString} initializationCode
- secret code for device initialization (set during first use)
- {Number} retryCounterInitial
- retry counter for user PIN
- {Number} keyshares
- number of device key encryption key shares (optional)
logout()
Logout
{ISOSecureChannel}
openSecureChannel(crypto, devAuthPK)
Open a secure channel using device authentication
- Parameters:
- {Crypto} crypto
- the crypto provider to use
- {Key} devAuthPK
- the device authentication public key
- Returns:
- the initialized secure channel
{Number}
queryUserPINStatus()
Request PIN Status Information
- Returns:
- the status word SW1/SW2 returned by the device
{ByteString}
readBinary(fid, offset, length)
Read transparent EF referenced by file identifier
- Parameters:
- {ByteString} fid
- the two byte file identifier
- {Number} offset
- the offset into the EF (optional)
- {Number} length
- the number of byte to read (optional)
- Returns:
- the data read from the EF
sign(keyid, algo, data)
Sign data using referenced key
- Parameters:
- {Number} keyid
- the key identifier for signing
- {algo} algo
- the algorithm identifier
- {ByteString} data
- the data to be signed
- Returns:
- the signature value
<static>
{ByteString}
SmartCardHSM.stripLeadingZeros(value)
Strips leading zeros of a ByteString
- Parameters:
- {ByteString} value
- the ByteString value
- Returns:
- the stripped ByteString object, may be an empty ByteString
unwrapKey(id, keyblob)
Unwrap key with DKEK
- Parameters:
- {Number} id
- key id
- {ByteString} keyblob
- the wrapped key
updateBinary(fid, offset, data)
Update transparent EF referenced by file identifier
- Parameters:
- {ByteString} fid
- the two byte file identifier
- {Number} offset
- the offset into the EF
- {ByteString} data
- the data to write
<static>
{Key}
SmartCardHSM.validateCertificateChain(crypto, devAutCert)
Validate device certificate chain
- Parameters:
- {Crypto} crypto
- the crypto provider to use
- {ByteString} devAutCert
- the device certificate chain read from EF.C_DevAut
- Returns:
- the device authentication public key
{Key}
validateCertificateChain(crypto)
Validate device certificate chain
- Parameters:
- {Crypto} crypto
- the crypto provider to use
- Returns:
- the device authentication public key
verifyUserPIN(userPIN)
Verify User PIN
- Parameters:
- {ByteString} userPIN
- user PIN value
- Returns:
- the status word SW1/SW2 returned by the device
{ByteString}
wrapKey(id)
Wrap key under DKEK
- Parameters:
- {Number} id
- key id
- Returns:
- key blob with encrypted key value