importmanagementkey.js
Summary
Import a default AES for managing SO-PINs
var SmartCardHSM = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSM;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;
var DKEK = require('scsh/sc-hsm/DKEK').DKEK;
print("WARNING - This setup is for testing purpose only. Do not use in a production environment");
var crypto = new Crypto();
var card = new Card(_scsh3.reader);
var sc = new SmartCardHSM(card);
var ks = new HSMKeyStore(sc);
if (ks.hasKey("TrustCenter Token Management Key (Test)")) {
throw new Error("Key does already exist");
}
var i = -1;
do {
i++;
var kd = sc.queryKeyDomainStatus(i);
if ((kd.sw == 0x6A86) || (kd.sw == 0x6D00)) {
throw new Error("No free key domain slot");
}
} while (kd.sw != 0x6A88);
print("Found empty key domain slot " + i);
sc.verifyUserPIN();
sc.createDKEKKeyDomain(i, 1);
var share = new ByteString("0000000000000000000000000000000000000000000000000000000000000000", HEX);
sc.importKeyShare(i, share);
var dkek = new DKEK(crypto);
dkek.importDKEKShare(share);
var aes = new Key();
aes.setComponent(Key.AES, new ByteString("00112233445566778899AABBCCDDEEFF", HEX));
var keyid = new ByteString("BF6F0C7EDC145466", HEX);
var blob = dkek.encodeAESKey(aes);
var key = ks.importAESKey("TrustCenter Token Management Key (Test)", blob, 128, keyid);
print("Key imported");
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024