1 /** 2 * --------- 3 * |.##> <##.| SmartCard-HSM Support Scripts 4 * |# #| 5 * |# #| Copyright (c) 2011-2012 CardContact Software & System Consulting 6 * |'##> <##'| Andreas Schwier, 32429 Minden, Germany (www.cardcontact.de) 7 * --------- 8 * 9 * Consult your license package for usage terms and conditions. 10 * 11 * @fileoverview Perform a signature generation and verification using keys stored on a SmartCard-HSM with the issuercert.js scripts 12 */ 13 14 load("../../icao/cvcertstore.js"); 15 load("../lib/smartcardhsm.js"); 16 load("../lib/hsmkeystore.js"); 17 18 load("tools/eccutils.js"); 19 20 21 // Some default values 22 var userPIN = new ByteString("648219", ASCII); 23 24 25 26 // Use default crypto provider 27 var crypto = new Crypto(); 28 29 // Create card access object 30 var card = new Card(_scsh3.reader); 31 card.reset(Card.RESET_COLD); 32 33 // Create SmartCard-HSM card service 34 var sc = new SmartCardHSM(card); 35 36 // Verify user PIN 37 sc.verifyUserPIN(userPIN); 38 39 // Create key store 40 var ks = new HSMKeyStore(sc); 41 42 // Obtain crypto object for SmartCard-HSM 43 var sccrypto = sc.getCrypto(); 44 45 // Message to be signed 46 var message = new ByteString("Hello World", ASCII); 47 48 // List all stored keys 49 var keylist = ks.enumerateKeys(); 50 51 for each (keyname in keylist) { 52 print("Key label: " + keyname); 53 54 // Get key handle 55 var key = ks.getKey(keyname); 56 assert(key != null); 57 58 // Get certificate 59 var cert = ks.getEndEntityCertificate(keyname); 60 assert(cert != null); 61 62 // print(cert); 63 var publicKey = cert.getPublicKey(); 64 65 if (keyname.indexOf("ECC") < 0) { 66 var signature = sccrypto.sign(key, Crypto.RSA, message); // Uses default signing algorithm PKCS#1 V1.5 67 print("Signature: " + signature.toString(HEX)); 68 var ok = crypto.verify(publicKey, Crypto.RSA_SHA256, message, signature); 69 } else { 70 var signature = sccrypto.sign(key, Crypto.ECDSA, message); // Uses default signing algorithm ECDSA with SHA-256 71 print("Signature: " + signature.toString(HEX)); 72 var ok = crypto.verify(publicKey, Crypto.ECDSA_SHA256, message, signature); 73 } 74 print("Signature verification " + (ok ? "passed" : "failed")); 75 } 76