key-attestation.js
Summary
Key attestation example
var CVC = require("scsh/eac/CVC").CVC;
var SmartCardHSM = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSM;
var SmartCardHSMKeySpecGenerator = require("scsh/sc-hsm/SmartCardHSM").SmartCardHSMKeySpecGenerator;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;
var crypto = new Crypto();
var card = new Card(_scsh3.reader);
card.reset(Card.RESET_COLD);
var sc = new SmartCardHSM(card);
var devAutCert = sc.readBinary(SmartCardHSM.C_DevAut);
var chain = SmartCardHSM.validateCertificateChain(crypto, devAutCert);
if (this.chain == null) {
throw new GPError(module.id, GPError.DEVICE_ERROR, 0, "SmartCard-HSM authentication failed");
}
sc.openSecureChannel(crypto, chain.publicKey, Key.AES);
sc.verifyUserPIN(new ByteString("648219", ASCII));
var ks = new HSMKeyStore(sc);
var dp = new Key();
dp.setComponent(Key.ECC_CURVE_OID, new ByteString("brainpoolP256r1", OID));
var gen = new SmartCardHSMKeySpecGenerator(Crypto.EC, dp);
var label = "Key Attestation Example";
print("Generating " + label);
if (ks.hasKey(label)) {
ks.deleteKey(label);
}
var req = ks.generateKeyPair(label, gen);
print("Full certificate chain:");
print("SRCA : " + chain.srca);
print("DICA : " + chain.dica);
print("DevAut : " + chain.devicecert);
print("Request : " + req);
req.decorate();
print(req.getASN1());
assert(chain.dica.verifyWithCVC(crypto, chain.srca), "Could not validate DICA");
assert(chain.devicecert.verifyWithCVC(crypto, chain.dica), "Could not validate Device");
assert(req.verifyATWithCVC(crypto, chain.devicecert), "Could not validate request");
Documentation generated by
JSDoc on Sat Feb 24 15:17:19 2024