1 /**
  2  *  ---------
  3  * |.##> <##.|  SmartCard-HSM Support Scripts
  4  * |#       #|  
  5  * |#       #|  Copyright (c) 2011-2012 CardContact Software & System Consulting
  6  * |'##> <##'|  Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de)
  7  *  --------- 
  8  *
  9  * Consult your license package for usage terms and conditions.
 10  * 
 11  * @fileoverview Perform a signature generation and verification using keys stored on a SmartCard-HSM with the issuercert.js scripts
 12  */
 13 
 14 load("../../icao/cvcertstore.js");
 15 load("../lib/smartcardhsm.js");
 16 load("../lib/hsmkeystore.js");
 17 
 18 load("tools/eccutils.js");
 19 
 20 
 21 // Some default values
 22 var userPIN = new ByteString("648219", ASCII);
 23 
 24 
 25 
 26 // Use default crypto provider
 27 var crypto = new Crypto();
 28 
 29 // Create card access object
 30 var card = new Card(_scsh3.reader);
 31 card.reset(Card.RESET_COLD);
 32 
 33 // Create SmartCard-HSM card service
 34 var sc = new SmartCardHSM(card);
 35 
 36 // Verify user PIN
 37 sc.verifyUserPIN(userPIN);
 38 
 39 // Create key store
 40 var ks = new HSMKeyStore(sc);
 41 
 42 // Obtain crypto object for SmartCard-HSM
 43 var sccrypto = sc.getCrypto();
 44 
 45 // Message to be signed
 46 var message = new ByteString("Hello World", ASCII);
 47 
 48 // List all stored keys
 49 var keylist = ks.enumerateKeys();
 50 
 51 for each (keyname in keylist) {
 52 	print("Key label: " + keyname);
 53 
 54 	// Get key handle
 55 	var key = ks.getKey(keyname);
 56 	assert(key != null);
 57 
 58 	// Get certificate
 59 	var cert = ks.getEndEntityCertificate(keyname);
 60 	assert(cert != null);
 61 
 62 //	print(cert);
 63 	var publicKey = cert.getPublicKey();
 64 
 65 	if (keyname.indexOf("ECC") < 0) {
 66 		var signature = sccrypto.sign(key, Crypto.RSA, message);		// Uses default signing algorithm PKCS#1 V1.5
 67 		print("Signature: " + signature.toString(HEX));
 68 		var ok = crypto.verify(publicKey, Crypto.RSA_SHA256, message, signature);
 69 	} else {
 70 		var signature = sccrypto.sign(key, Crypto.ECDSA, message);		// Uses default signing algorithm ECDSA with SHA-256
 71 		print("Signature: " + signature.toString(HEX));
 72 		var ok = crypto.verify(publicKey, Crypto.ECDSA_SHA256, message, signature);
 73 	} 
 74 	print("Signature verification " + (ok ? "passed" : "failed"));
 75 }
 76