diff options
| author | Dominik Schürmann <dominik@dominikschuermann.de> | 2016-03-08 02:27:56 +0100 |
|---|---|---|
| committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2016-03-08 02:27:56 +0100 |
| commit | 3d1d26899707e453147e3c1b27894d367516b23b (patch) | |
| tree | b01e6859b02f22a902a77b0f22ae4ec899fc9270 /OpenKeychain/src | |
| parent | b6db814951215a8c79669d4e9e1cfa896af3c95d (diff) | |
| download | open-keychain-3d1d26899707e453147e3c1b27894d367516b23b.tar.gz open-keychain-3d1d26899707e453147e3c1b27894d367516b23b.tar.bz2 open-keychain-3d1d26899707e453147e3c1b27894d367516b23b.zip | |
Add nfcGenerateOnCardKey by Joey Castillo before it gets lost
Diffstat (limited to 'OpenKeychain/src')
| -rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java index c3352363a..dc5e583af 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenNfcActivity.java @@ -934,6 +934,48 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity implemen } /** + * Generates a key on the card in the given slot. If the slot is 0xB6 (the signature key), + * this command also has the effect of resetting the digital signature counter. + * NOTE: This does not set the key fingerprint data object! After calling this command, you + * must construct a public key packet using the returned public key data objects, compute the + * key fingerprint, and store it on the card using the nfcSetFingerprint method. + * + * @param slot The slot on the card where the key should be generated: + * 0xB6: Signature Key + * 0xB8: Decipherment Key + * 0xA4: Authentication Key + * @return the public key data objects, in TLV format. For RSA this will be the public modulus + * (0x81) and exponent (0x82). These may come out of order; proper TLV parsing is required. + * + * TODO: nfcSetFingerprint missing. + */ + public byte[] nfcGenerateOnCardKey(int slot) throws IOException { + if (slot != 0xB6 && slot != 0xB8 && slot != 0xA4) { + throw new IOException("Invalid key slot"); + } + + if (!mPw3Validated) { + nfcVerifyPIN(0x83); // (Verify PW1 with mode 82 for decryption) + } + + String generateKeyApdu = "0047800002" + String.format("%02x", slot) + "0000"; + String getResponseApdu = "00C00000"; + + String first = nfcCommunicate(generateKeyApdu); + String second = nfcCommunicate(getResponseApdu); + + if (!second.endsWith("9000")) { + throw new IOException("On-card key generation failed"); + } + + String publicKeyData = nfcGetDataField(first) + nfcGetDataField(second); + + Log.d(Constants.TAG, "Public Key Data Objects: " + publicKeyData); + + return Hex.decode(publicKeyData); + } + + /** * Parses out the status word from a JavaCard response string. * * @param response A hex string with the response from the token |