- Generated by
1.9.8
|
Crescendo SDK
|
The SDKCore class contains all fundamental methods that can be used by the user to communicate with the SmartCard. More...
Classes | |
| struct | FunctionResult |
| Represents the result of a function execution. More... | |
Public Types | |
| enum | SecretType { PIN , XAUTH } |
| Representing types of secrets that can be used or authentication. More... | |
Public Member Functions | |
| bool | AuthenticateWithPIN (string pin) |
Authenticates on the ACA applet using a PIN. | |
| bool | AuthenticateWithXAUTH (string? xauthKey, string? challenge=default!, XAUTHKeyType? xauthKeyType=null) |
| Authenticates on the ACA applet using an XAUTH key. | |
| FunctionResult | ChangePIN (string? newPin) |
| This function changes the PIN based on the provided parameters. | |
| bool | ChangeXAUTHMode (XAUTHChallengeType xauthMode) |
This function changes the XAUTH mode based on the provided parameter. | |
| bool | ConfigureOATHSlot (string? oathSlot, int buttonPress, string oathKey, int timeStep, OATHModeName oathMode, string oathCounter, HashAlgoValues oathHash, int codeDigits, string friendlyName, int truncationOffset, string transportKey, string pskcPath) |
| This function configures the OATH slot based on the provided parameters. | |
| bool | ConfigureOCRASlot (string? oathSlot, int buttonPress, string ocraSuite, string oathKey, string friendlyName) |
| This function configures the OCRA OATH slot based on the provided parameters. | |
| bool | ConfigureStaticPassword (string password, KeyboardEncodings encoding, string? oathSlot, int buttonPress, string friendlyName) |
| This function configures the Static Password on specified OATH slot based on the provided parameters. Only works with Applet version V4. | |
| bool | DeleteOATHSlot (string? oathSlot, int buttonPress, string? pskcPath) |
| This function deletes the oathSlot configuration and key based on the provided parameters. | |
| bool | DeleteXAUTHKey (XAUTHKeyType xauthKeyType) |
This function deletes a Symmetric XAUTH key of a specified type from the token. | |
| void | Dispose () |
| Releases all resources used by the CrescendoDLL.SDKCore instance. | |
| FunctionResult | EncryptKEKAndDataWithKEK (AsymmetricKeyParameter publicKey, object inputData, KeyTypeToBeTransferredWithSKI dataType) |
Encrypts the Key Encryption Key (KEK) and another input data (either PIV, XAUTH or OATH key) with the KEK. | |
| FunctionResult | FIDOChangePIN (string? newPin) |
| This function changes the FIDO PIN using the CTAP standard. | |
| FunctionResult | FIDOSetPIN (string? newPin) |
| This function sets a FIDO PIN using the CTAP standard. | |
| bool | FIDOTokenReset () |
| Resets the FIDO configuration to its default state and deletes all the discoverable credentials. | |
| FunctionResult | GenerateOTP (string? oathSlot, int buttonPress) |
| This function generates an OTP (One-Time Password) based on the provided parameters. | |
| FunctionResult | GetChallenge () |
| Retrieves a XAUTH challenge. | |
| FunctionResult | GetSKITransportKey () |
| This function retrieves the Secure Key Injection (SKI) RSA3072 transport key. | |
| FunctionResult | ListACAProperties () |
| This function lists the properties of the ACA applet. | |
| FunctionResult | ListFIDOProperties () |
| This function lists the properties of the FIDO Attestation Applet, as well as the basic parameters of the FIDO Authenticator when used with elevated privileges. | |
| FunctionResult | ListOATHProperties () |
| Lists the OATH properties of the OATH applet. | |
| FunctionResult | ListPIVProperties () |
| Prints the properties of the PIV applet. | |
| bool | Logout () |
| Logs out of the ACA applet and clears the cache. | |
| FunctionResult | NewToken (string? newPin) |
Personalizes a new token with newPin , generates and returns a new PUK and personalizes the PIV Personal info (CHUID). | |
| FunctionResult | OCRAAuthenticate (string? oathSlot, int buttonPress, string challenge, string? secret, string? session) |
| This function performs an OCRA Challenge Response or Digital Signature operation with previously configured OCRA slot. | |
| bool | PIVAddDataToDataObject (string berTLVTag, List<(string tag, byte[] data)> tagsData) |
| This function adds one or multiple data items to a PIV data object on a token. | |
| bool | PIVChangeDataObjectACR (string berTLVTag, string personalizationACR, string contactUsageACR, string contactlessUsageACR) |
| This function changes the Access Control Rules (ACR) of a given PIV data object on a token. | |
| bool | PIVDeleteCertificate (string berTLVTag) |
| This function deletes a certificate identified by the berTLVTag from a token. | |
| bool | PIVDeleteDataFromDataObject (string berTLVTag, string tag) |
| This function deletes data identified by a tag from a PIV data object on a token. | |
| bool | PIVDeleteKey (string keyReference) |
| This function deletes a PIV key from the provided key reference. | |
| FunctionResult | PIVGenerateKeyPair (PIVCryptographicMechanismIdentifier cryptoMechanism, string keyReference, bool getExistingPublicKey=false) |
| Generates an asymmetric key pair on the ACA applet or retrieves the public key and the public exponent of a previously generated key pair, if possible. | |
| FunctionResult | PIVGetCertificate (string berTLVTag) |
| This function retrieves a certificate defined by the berTLVTag from a token and exports it as a PFX file. | |
| FunctionResult | PIVGetDataObjectContent (string berTLVTag) |
This function retrieves a PIV data object from a token and returns its content as a JSON string. | |
| FunctionResult | PIVGetPersonalInfo () |
| Retrieves personal information from a PIV (Personal Identity Verification) card. | |
| bool | PIVPutPKIData (string inputFilePath, string password, PIVObjectType pkiObjectType, string? keyReference, string? berTLVTag, string? keyName) |
| This function puts the PKI (Public Key Infrastructure) data to the token based on the provided parameters. | |
| FunctionResult | PIVRawCryptoOperation (string keyReference, DataType inputType, string? inputString, string? inputFilePath, DataType outputType) |
| This function performs a raw cryptographic operation using a private key stored on the token. This is primarily meant for RSA keys, though it is possible to use ECC key as well. | |
| FunctionResult | PIVSignData (string keyReference, DataType inputType, string? inputString, string? inputFilePath, DataType outputType, HashAlgoValues hashAlgo, DataType hashType=DataType.BASE64) |
| This function signs data using a defined PIV key. | |
| FunctionResult | PUKPut (string? puk, bool storePukToPIVDataObjects=true) |
| Puts a PUK on the token. If no PUK is provided, a random 8 byte PUK is generated. | |
| bool | PutXAUTHKey (string? xauthKey, XAUTHKeyType? xauthKeyType) |
This function puts a Symmetric XAUTH key of a specified type onto the token. | |
| FunctionResult | ReadCacheFreshness () |
| Reads the cache freshness. | |
| bool | ResetPINTries (string newPin, string puk) |
| This function resets the PIN tries based on the provided parameters. | |
| bool | ResetToken () |
| Resets the token to its default state. | |
| SDKCore (string token) | |
| Initializes a new instance of the CrescendoDLL.SDKCore class. | |
| bool | SecureKeyInjection (PIVCryptographicMechanismIdentifier cryptoMechanism, string keyReference, string inputJSONObject, string? pivKeyName) |
| This function injects a PIV, OATH or XAUTH key into a token using Secure Key Injection (SKI). | |
| void | SetPINDialog (Func< SecretType, string > userDialog) |
Sets the method to gather the PIN from the user. | |
| void | SetPINForPythonWrapper (string pin) |
Sets the PIN for the Python wrapper. | |
| void | SetXAUTHDialog (Func< SecretType, string > userDialog) |
Sets the method to gather the XAUTH from the user. | |
| void | SetXAUTHForPythonWrapper (string xauth) |
Sets the XAUTH for the Python wrapper. | |
| bool | UpdatePINProperties (int? maxPinTryCounter, int? maxPinUnlockCounter, int? maxContactlessPinCounter, int? minPinLength, int? maxPinLength, int weakPinControl, int changePinAfterFirstUse, int pinNumericOnly) |
| Updates the PIN properties on the ACA applet. | |
| bool | VerifyPin () |
Verifies PIN on the ACA applet. | |
Static Public Member Functions | |
| static void | PrintAllAvailableTokens () |
| This function prints all available tokens and their ATRs to the log. | |
| static void | SetLogAction (LogActionDelegate logAction) |
| Sets the action to be performed when a log message is generated. | |
| static void | SetLogLevel (LogLevel severity) |
| Sets the severity level for logging. | |
| static bool | TokenOptions () |
| function prints all available tokens - their name, reader name and Token ATR | |
The SDKCore class contains all fundamental methods that can be used by the user to communicate with the SmartCard.
|
inline |
Initializes a new instance of the CrescendoDLL.SDKCore class.
| token | The token to be used for initialization. This can be either the index or the name of the reader with the token. |
This constructor begins by calling the Initialize method with the provided token parameter. The Initialize method lists the readers, and then checks if the token parameter is a number or a name. Depending on the type of the token parameter, it finds the index of the token in the list of all the readers accordingly. If the index is valid, it retrieves the reader name and creates a new CrescendoDLL.PCSC.APDUEngine object with the reader name. It also sets the pcscImpl, TokenATR, and TokenName properties of the CrescendoDLL.PCSC.APDUEngine object. After setting up the CrescendoDLL.PCSC.APDUEngine object, it logs the connection details and assigns the CrescendoDLL.PCSC.APDUEngine object to the Engine property of the CrescendoDLL.SDKCore instance.
References CrescendoDLL.SDKCore.Engine.
|
inline |
Authenticates on the ACA applet using a PIN.
| pin | The PIN to be used for authentication. |
true if the PIN verification is successful, false otherwise.This function attempts to verify the pin on the ACA applet. It calls the VerifyPIN method of the ACA applet with the pin . If pin is left empty, the function simply verifies whether the user is already authenticated or not.
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.VerifyPin().
|
inline |
Authenticates on the ACA applet using an XAUTH key.
| xauthKey | The XAUTH key to be used for authentication. If this parameter is null or empty, a default XAUTH key will be used based on the xauthKeyType . |
| challenge | The Encrypted challenge to be used for the authentication. If this parameter is null or empty, a fresh challenge will be retrieved from the ACA applet. |
| xauthKeyType | The type of the XAUTH key to be put onto the token. Valid options are AES and TDES. If this parameter is null, the XAUTH key type will be determined based on the length of xauthKey |
true if the external authentication is successful, false otherwise.This function attempts to authenticate on the ACA applet using the provided xauthKey .
The function calls the Authenticate method on the ACA applet with the provided xauthKey and the XAUTH type read from the token (Static or Dynamic).
The Authenticate method then performs either static or dynamic External Authentication. For static authentication, it uses a fixed challenge string. For dynamic authentication, it either retrieves a fresh challenge using the GetChallenge method or uses the challenge , if provided.
When working with the fresh challenge, the challenge is encrypted with xauthKey and the appropriate encryption method (AES or TDES) based either on the key length or on the xauthKeyType . Either The encrypted challenge or the provided challenge is then used to perform the actual authentication on the ACA applet.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function changes the PIN based on the provided parameters.
| newPin | The new PIN to be set. If not provided, a random 6-digit PIN is generated. |
| InvalidDataException | Thrown when the newPin does not meet the length requirements. |
If the newPin is not provided, a random 6-digit PIN is generated. If the newPin does not meet the length requirements stored on the token, an exception is thrown.
The function then tries to change the PIN to either the newPin , or the randomly generated value.
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.NewToken().
|
inline |
This function changes the XAUTH mode based on the provided parameter.
| xauthMode | XAUTH challenge type. Valid options are Static and Dynamic. |
true if the operation was successful, false otherwise.| InvalidDataException | Thrown when the applet version is 4 or higher and xauthMode was set to Static, as only Dynamic External Authentication Mode is supported. |
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function configures the OATH slot based on the provided parameters.
| oathSlot | The OATH slot to be configured. |
| buttonPress | The number of button presses required to activate the slot, when working with Crescendo Keys. This can be only 0, 1 (on all Applet versions) or 2 (on Applet V4 version) |
| oathKey | The OATH key to be set. |
| timeStep | The time step for the TOTP OATH algorithm in seconds. |
| oathMode | The OATH mode to be set. Valid options are HOTP, TOTP. |
| oathCounter | The OATH counter to be set. |
| oathHash | The hash algorithm to be used by the OATH algorithm. Valid options are SHA1, SHA256 and SHA512. |
| codeDigits | The number of digits in the OATH code. |
| friendlyName | The friendly name for the slot. |
| transportKey | The transport key to be used. Has to be 16 bytes (32 digits) long. |
| pskcPath | The path to the PSKC file. |
| truncationOffset | Truncation Offset Value. Valid options are 0 and 16 |
true if the operation was successful, false otherwise.The function puts the OATH configuration to the token and then puts the OATH key to the token. When working with V4 FIPS token, the OATH key will get transferred to the token using Secure Key Injection.
The function then updates (or creates a new) PSKC file containing all necessary details.
References CrescendoDLL.SDKCore.EncryptKEKAndDataWithKEK(), CrescendoDLL.SDKCore.Engine, CrescendoDLL.SDKCore.GetSKITransportKey(), CrescendoDLL.SDKCore.SecureKeyInjection(), and CrescendoDLL.SDKCore.FunctionResult.StringReturnValue.
|
inline |
This function configures the OCRA OATH slot based on the provided parameters.
| oathSlot | The OATH slot to be configured. |
| buttonPress | The number of button presses required to activate the slot, when working with Crescendo Keys. This can be only 0, 1 (on all Applet versions) or 2 (on Applet V4 version) |
| ocraSuite | The OCRA Suite string value in the format of Algorithm:CryptoFunction:DataInput, as described in RFC6287. |
| oathKey | The OATH key to be set. |
| friendlyName | The friendly name for the slot. |
true if the operation was successful, false otherwise.The function puts an OCRA OATH configuration to the token and then puts the OATH key to the token. When working with V4 FIPS token, the OATH key will get transferred to the token using Secure Key Injection.
References CrescendoDLL.SDKCore.EncryptKEKAndDataWithKEK(), CrescendoDLL.SDKCore.Engine, CrescendoDLL.SDKCore.GetSKITransportKey(), CrescendoDLL.SDKCore.SecureKeyInjection(), and CrescendoDLL.SDKCore.FunctionResult.StringReturnValue.
|
inline |
This function configures the Static Password on specified OATH slot based on the provided parameters. Only works with Applet version V4.
| password | The password to be stored to the token. |
| encoding | The keyboard encoding used to store the static password. Valid options are US and FR. |
| oathSlot | The OATH slot to be configured. |
| buttonPress | The number of button presses required to activate the slot, when working with Crescendo Keys. This can be only 1 or 2 |
| friendlyName | The friendly name for the slot. |
true if the operation was successful, false otherwise.The function first puts the Static Password OATH configuration to the token and then puts password itself in given encoding to the token.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function deletes the oathSlot configuration and key based on the provided parameters.
| oathSlot | The OATH slot to be deleted. |
| buttonPress | The number of button presses required to activate the slot, when working with Crescendo Keys. This can be only 0, 1 (on all Applet versions) or 2 (on Applet V4 version) |
| pskcPath | The path to the PSKC file. |
true if the operation was successful, false otherwise.The function deletes the OATH key using the DeleteOATHKey method on applet V3, or deletes the entire OATH configuration using the DeleteOATHConf method on applet V4.
The function then checks if the PSKC file exists on the pskcPath . If it does, it loads the existing PSKC file, removes the existing KeyPackage with the same Slot ID from the XML content, and saves the entire structure back to the PSKC file. If the PSKC file does not exist or the KeyPackage is not in the PSKC file, the function just logs a warning message that there is nothing to update.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function deletes a Symmetric XAUTH key of a specified type from the token.
| xauthKeyType | The type of the XAUTH key to be deleted. Possible options are TDES and AES. |
true if the XAUTH key deletion was successful, false otherwise.| InvalidDataException | Thrown when the specified XAUTH key type does not exist on the token. |
References CrescendoDLL.SDKCore.Engine.
|
inline |
Releases all resources used by the CrescendoDLL.SDKCore instance.
It also disposes the CardContext object and disconnects and disposes the Reader object. Finally, it suppresses the finalization of the CrescendoDLL.SDKCore instance to prevent the garbage collector from calling the finalizer if it was overridden.
References CrescendoDLL.SDKCore.Engine.
|
inline |
Encrypts the Key Encryption Key (KEK) and another input data (either PIV, XAUTH or OATH key) with the KEK.
| publicKey | The Secure Key Injection (SKI) RSA3072 public (transport) key. |
| inputData | The input data to be encrypted. This can be either XAUTH or OATH key (direct hex string representation), or PIV key (AsymmetricKeyParameter object). |
| dataType | The type of the key to be transferred with SKI. |
JSON format.| InvalidDataException | Thrown when the input XAUTH key size is not valid, when XAUTH or OATH key does not include only valid hexadecimal numbers, or when the publicKeyPEMfilePath does not contain RSA or EC public key in PKCS #8 format. |
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.ConfigureOATHSlot(), CrescendoDLL.SDKCore.ConfigureOCRASlot(), CrescendoDLL.SDKCore.PIVPutPKIData(), and CrescendoDLL.SDKCore.PutXAUTHKey().
|
inline |
This function changes the FIDO PIN using the CTAP standard.
| newPin | The new PIN to be set. If not provided, a random 6-digit PIN is generated. |
If the newPin is not provided, a random 6-digit PIN is generated.
The function then tries to change the PIN to either the newPin , or the randomly generated value using the CTAP standard form of communication.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function sets a FIDO PIN using the CTAP standard.
| newPin | The new PIN to be set. If not provided, a random 6-digit PIN is generated. |
If the newPin is not provided, a random 6-digit PIN is generated.
The function then tries to set the PIN to either the newPin , or the randomly generated value using the CTAP standard form of communication. This will only work when the PIN has not been set/initialized before.
References CrescendoDLL.SDKCore.Engine.
|
inline |
Resets the FIDO configuration to its default state and deletes all the discoverable credentials.
true if the FIDO configuration reset is successful, false otherwise.References CrescendoDLL.SDKCore.Engine.
|
inline |
This function generates an OTP (One-Time Password) based on the provided parameters.
| oathSlot | The OATH slot to be used for generating the OTP. |
| buttonPress | The number of button presses required to activate the slot, when working with Crescendo Keys. This can be only 0, 1 (on all Applet versions) or 2 (on Applet V4 version) |
References CrescendoDLL.SDKCore.Engine.
|
inline |
Retrieves a XAUTH challenge.
This function calls the GetChallenge method of the ACA applet to retrieve the XAUTH challenge, and returns it as a string.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function retrieves the Secure Key Injection (SKI) RSA3072 transport key.
The function checks if a public / private Key pair exists on Key Reference 0xF0 and that the applet version is higher then 4.0. If both public and private keys are initialized, it reads the public key value (modulus and exponent). Otherwise, it generates a new key pair and gets the corresponding public key value.
References CrescendoDLL.SDKCore.Engine, CrescendoDLL.SDKCore.PIVGenerateKeyPair(), and CrescendoDLL.SDKCore.FunctionResult.Success.
Referenced by CrescendoDLL.SDKCore.ConfigureOATHSlot(), CrescendoDLL.SDKCore.ConfigureOCRASlot(), CrescendoDLL.SDKCore.PIVPutPKIData(), and CrescendoDLL.SDKCore.PutXAUTHKey().
|
inline |
This function lists the properties of the ACA applet.
JSON format.References CrescendoDLL.SDKCore.Engine.
|
inline |
This function lists the properties of the FIDO Attestation Applet, as well as the basic parameters of the FIDO Authenticator when used with elevated privileges.
JSON format.References CrescendoDLL.PCSC.cert, and CrescendoDLL.SDKCore.Engine.
|
inline |
Lists the OATH properties of the OATH applet.
JSON format.This function gets OATH applet properties for each possible AID and stores them into an array.
The function then serializes the array into a JSON string using the JsonConvert.SerializeObject method.
References CrescendoDLL.SDKCore.Engine.
|
inline |
Prints the properties of the PIV applet.
JSON format.This function gets PIV applet properties and serializes them into a JSON string using the CrescendoDLL.SDKCore.FunctionResult JsonConvert.SerializeObject method.
References CrescendoDLL.SDKCore.Engine.
|
inline |
Logs out of the ACA applet and clears the cache.
true if the logout is successful, false otherwise.This function attempts to log out of the ACA applet. If the logout is successful, it clears the authentication cache.
References CrescendoDLL.SDKCore.Engine.
|
inline |
Personalizes a new token with newPin , generates and returns a new PUK and personalizes the PIV Personal info (CHUID).
| newPin | The new PIN to be set on the token. If left empty, PIN will not change from the default value. |
PUK that was put on the token as a string.This function attempts to personalize a new token.
It first resets the token and updates the PIN properties to default values.
After that, if newPin is provided, it changes the PIN from the default value to newPin .
A random PUK is generated and put on the token. It also uploads the PUK relevant data to the PIV Data objects.
Finally, it uploads the PIV Personal info (CHUID) and Card Capability Container to the token.
References CrescendoDLL.SDKCore.ChangePIN(), CrescendoDLL.SDKCore.Engine, CrescendoDLL.SDKCore.PIVAddDataToDataObject(), CrescendoDLL.SDKCore.PUKPut(), CrescendoDLL.SDKCore.ResetToken(), CrescendoDLL.SDKCore.FunctionResult.StringReturnValue, CrescendoDLL.SDKCore.FunctionResult.Success, and CrescendoDLL.SDKCore.UpdatePINProperties().
|
inline |
This function performs an OCRA Challenge Response or Digital Signature operation with previously configured OCRA slot.
| oathSlot | The OATH slot to be configured. |
| buttonPress | The number of button presses required to activate the slot, when working with Crescendo Keys. This can be only 0, 1 (on all Applet versions) or 2 (on Applet V4 version) |
| challenge | The challenge to be used for the OCRA operation - this corresponds to Q in the RFC6287. |
| secret | The secret (PIN/Password) to be Hashed and used for the OCRA operation - this corresponds to P in the RFC6287 before the hashing operation. |
| session | The session information to be used for the OCRA operation - this corresponds to S in the RFC6287. |
The function reads the OCRA configuration from specified OATH slot, and processes the input data accordingly. If secret or session are required but not entered, it throws an exception.
The function then constructs the OCRA message and sends it to the token for processing. The OCRA authentication result is then returned as a string.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function adds one or multiple data items to a PIV data object on a token.
| berTLVTag | The BER-TLV tag of the data object to which data is to be added. |
| tagsData | A list of tuples, where each tuple contains a tag (string) and its corresponding data (byte array) to be added. |
true if the data addition is successful, false otherwise.This function first retrieves the PIV data object from the token using the specified berTLVTag . The function then tries to add each specified tagsData to the PIV data object.
If the same tag already exists in the PIV data object, it gets rewritten.
Referenced by CrescendoDLL.SDKCore.NewToken().
|
inline |
This function changes the Access Control Rules (ACR) of a given PIV data object on a token.
| berTLVTag | The BER-TLV tag of the data object whose ACR is to be changed. |
| personalizationACR | The personalization ACR to be set. |
| contactUsageACR | The contact usage ACR to be set. |
| contactlessUsageACR | The contactless usage ACR to be set. |
true if the ACR update is successful, false otherwise.This function first checks the applet version (ACR can be modified only on applet V4). It then checks if the Data object identified by berTLVTag is empty. If it is, the function stores the ACR on the specified PIV data object using the provided ACR values.
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.PIVPutPKIData().
|
inline |
This function deletes a certificate identified by the berTLVTag from a token.
| berTLVTag | The BER-TLV tag of the certificate to be deleted. |
true if the certificate deletion is successful, false otherwise.| InvalidDataException | Thrown when the berTLVTag does not correspond to a valid certificate on the token, or when the public key from the certificate does not match the public key stored under tag 0x68 in the PIV Data Object. |
The Function first retrieves the data object from the token using the berTLVTag and extracts the certificate from the data object.
If the public key stored under tag 0x68 does not correspond to the public key from the certificate (or if there is no tag 0x68 in the PIV Data Object), it adds the public key from the certificate to the dataObject.
It then removes both tags connected to the certificate from the PIV Data Object.
References CrescendoDLL.PCSC.cert.
|
inline |
This function deletes data identified by a tag from a PIV data object on a token.
| berTLVTag | The BER-TLV tag of the data object from which data is to be deleted. |
| tag | The tag of the data to be deleted. If set to all, all data from the data object will be deleted. |
true if the data deletion is successful, false otherwise.This function retrieves the PIV data object from the token using the specified berTLVTag and removes the specified tag from the PIV data object. If the parameter tag is all, it removes all content from the PIV data object.
It then constructs a new data field from the updated PIV data object and updates the PIV data object on the token.
|
inline |
This function deletes a PIV key from the provided key reference.
| keyReference | The key reference to the key that needs to be deleted. |
true if the key deletion is successful, false otherwise.References CrescendoDLL.SDKCore.Engine.
|
inline |
Generates an asymmetric key pair on the ACA applet or retrieves the public key and the public exponent of a previously generated key pair, if possible.
| cryptoMechanism | The cryptographic mechanism identifier to be used for key pair generation. Possible options are RSA2048, RSA3072, RSA4096, CURVEP256 and CURVEP384. |
| keyReference | The key reference for the key pair. |
| getExistingPublicKey | A boolean indicating whether to retrieve the public key and the public exponent of a previously generated key pair. If false, a new key pair is generated. |
This function attempts to generate an asymmetric key pair on the ACA applet or retrieve the public key and the public exponent of a previously generated key pair based on the getExistingPublicKey parameter.
If getExistingPublicKey is true, it checks if the input key reference exists and has an initialized public key. If not, it throws an exception. If getExistingPublicKey is false, it tries to generate an asymmetric key pair on the specified keyReference with the specified cryptoMechanism .
If getExistingPublicKey is true, it logs a success message indicating the successful retrieval of the asymmetric key pair. If getExistingPublicKey is false, it updates the cache freshness and logs a success message indicating the successful generation of the asymmetric key pair.
The function then constructs and returns the public key parameters based on the cryptographic mechanism identifier.
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.GetSKITransportKey().
|
inline |
This function retrieves a certificate defined by the berTLVTag from a token and exports it as a PFX file.
| berTLVTag | The BER-TLV tag of the certificate to be retrieved. |
| InvalidDataException | Thrown when the BER-TLV tag does not correspond to a valid certificate on the token. |
The function first retrieves the data object from the token using the berTLVTag tag and extracts the certificate from the data object. It then exports the certificate to a base64 string.
References CrescendoDLL.PCSC.cert.
|
inline |
This function retrieves a PIV data object from a token and returns its content as a JSON string.
| berTLVTag | The BER-TLV tag of the data object to be retrieved. |
JSON string.This function retrieves a PIV data object from the token using the specified berTLVTag . It then serializes the data object into a JSON string.
|
inline |
Retrieves personal information from a PIV (Personal Identity Verification) card.
The function retrieves the personal information from the PIV card by reading the Card Holder Unique Identifier and Printed Information data objects. The data is then serialized into a JSON string.
References CrescendoDLL.PCSC.PIV.
|
inline |
This function puts the PKI (Public Key Infrastructure) data to the token based on the provided parameters.
| inputFilePath | The path to the input file containing the PKI data. This can be either P12, PFX or PEM file. |
| password | The password for the input file. |
| pkiObjectType | The type of the PKI object to be imported to the token (private key, certificate, or both). |
| keyReference | The PIV Key reference to be used for private key storage. |
| berTLVTag | The BER-TLV tag of a PIV Data object where a certificate should be stored. |
| keyName | Optional name of the PIV key. Can be any string max. 32 characters long. |
true if the operation was successful, false otherwise.| InvalidDataException | Thrown when an unknown PKI object data type is provided. |
Depending on the pkiObjectType , the function either puts the private key to the token, puts the certificate to the token, or puts both the private key and the certificate to the token. If the pkiObjectType is unknown, it throws an exception.
For each PKI object type, the function determines the action based on the user input of keyReference and berTLVTag . It either puts the key or certificate to the token using the provided keyReference or berTLVTag , or finds the first key reference with an uninitialized private key and puts the key to the token using that key reference.
If none of the parameters keyReference and berTLVTag are entered and the pkiObjectType is cert, the function also checks if the public key from the certificate matches any BER-TLV buffer with a public key and an initialized private key in the corresponding key reference. If it does not find any match, it throws an exception.
References CrescendoDLL.PCSC.cert, CrescendoDLL.SDKCore.EncryptKEKAndDataWithKEK(), CrescendoDLL.SDKCore.Engine, CrescendoDLL.SDKCore.GetSKITransportKey(), CrescendoDLL.PCSC.PIV, CrescendoDLL.SDKCore.PIVChangeDataObjectACR(), CrescendoDLL.SDKCore.SecureKeyInjection(), and CrescendoDLL.SDKCore.FunctionResult.StringReturnValue.
|
inline |
This function performs a raw cryptographic operation using a private key stored on the token. This is primarily meant for RSA keys, though it is possible to use ECC key as well.
| keyReference | The reference to the private key that will be used for the cryptographic operation. |
| inputType | The encoding type of the input string. Valid options are HEX, BASE64, BASE64URL and UTF8. If the input is read from a file, another option BIN (read bytes directly) is available. |
| inputString | The input data to be used in the cryptographic operation. |
| inputFilePath | The path to the file containing the data to be used in the cryptographic operation. |
| outputType | The encoding type of the output string. Valid options are HEX, BASE64, BASE64URL and UTF8. If the output is read from a file, another option BIN (write bytes directly) is available. |
This function starts by reading the data in specified format inputType from the file specified by inputFilePath , or directly as a inputFilePath .
No padding is applied to the input data. You are fully responsible for the proper length and encoding of the input data.
Cryptographic operation using the private key defined by it's keyReference is then performed on the input data. Result of the cryptographic operation in defined format outputType is then returned.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function signs data using a defined PIV key.
| keyReference | The reference to the key that will be used for signing. |
| inputType | The encoding type of the input string. Valid options are HEX, BASE64, BASE64URL and UTF8. If the input is read from a file, another option BIN (read bytes directly) is available. |
| inputString | The input string to be signed. |
| inputFilePath | The path to the file containing the data to be signed. |
| outputType | The encoding type of the output string. Valid options are HEX, BASE64, BASE64URL and UTF8. If the output is read from a file, another option BIN (write bytes directly) is available. |
| hashAlgo | Hash algorithm to be used for input data hashing. Valid options are SHA1, SHA256 and SHA512 |
| hashType | The encoding type of the hash string. Valid options are HEX, BASE64, BASE64URL and UTF8. If the hash is to be saved to a file, another option BIN (write bytes directly) is available |
This function starts by reading the data in specified format inputType from the file specified by inputFilePath , or directly as a inputFilePath . It then hashes it using the hashAlgo algorithm.
Depending on the cryptographic mechanism of the Key, the function prepares the data for signing. For RSA mechanisms, the function pads the data to the appropriate length according to the PKCS1 padding scheme. For ECC mechanisms, the function uses the hash directly.
The prepared hashed data is then signed by the private key defined by it's keyReference . Signature in defined format outputType is then returned.
References CrescendoDLL.SDKCore.Engine, CrescendoDLL.PCSC.SHA1, CrescendoDLL.PCSC.SHA256, and CrescendoDLL.PCSC.SHA512.
|
inlinestatic |
This function prints all available tokens and their ATRs to the log.
For each reader with a token, The function adds an item to a list with the reader's name, token name, token ATR (Answer To Reset), and the assigned number for the -t parameter. Finally, it prints the list to the log.
Referenced by CrescendoDLL.SDKCore.TokenOptions().
|
inline |
Puts a PUK on the token. If no PUK is provided, a random 8 byte PUK is generated.
| puk | The PUK to be put on the token. If this is null or empty, a random PUK is generated. |
| storePukToPIVDataObjects | Default value is true. If set to false the PUK value will not be stored in the corresponding PIV data objects, meaning it will not be retrievable later. |
This function begins by checking if the puk parameter is null or empty.
If puk is null or empty, it generates a random 8 byte PUK.
The function then calls the ChangeReferenceData method of the ACA applet with the PUK (either the one provided or the one it generated) to change or create the PUK on the token.
If the PUK putting process is successful, it updates the cache freshness.
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.NewToken().
|
inline |
This function puts a Symmetric XAUTH key of a specified type onto the token.
| xauthKey | The XAUTH key to be put onto the token. If this parameter is null or empty, a default XAUTH key will be used based on the xauthKeyType . |
| xauthKeyType | The type of the XAUTH key to be put onto the token. Valid options are AES and TDES. If this parameter is null, the XAUTH key type will be determined based on the length of xauthKey |
true if the XAUTH key storage was successful, false otherwise.| InvalidDataException | Thrown when the specified XAUTH key type is invalid, or when the XAUTH key size is wrong. |
If the xauthKey is null or empty, the function sets the XAUTH key to a default value based on the xauthKeyType . If the xauthKeyType parameter is null, it determines the XAUTH key type based on the length of the xauthKey .
When working with V4 FIPS token, the XAUTH key will get transferred to the token using Secure Key Injection.
References CrescendoDLL.SDKCore.EncryptKEKAndDataWithKEK(), CrescendoDLL.SDKCore.Engine, CrescendoDLL.SDKCore.GetSKITransportKey(), CrescendoDLL.SDKCore.SecureKeyInjection(), and CrescendoDLL.SDKCore.FunctionResult.StringReturnValue.
|
inline |
Reads the cache freshness.
This function checks the applet version and throws an InvalidDataException if the applet version is less than 4.0.
It then gets a cache freshness data object from the token. If the data object is empty, it logs a warning message.
References CrescendoDLL.SDKCore.Engine.
|
inline |
This function resets the PIN tries based on the provided parameters.
| newPin | The new PIN to be set. |
| puk | The PUK (Personal Unblocking Key) used for resetting the PIN tries. |
true if the operation was successful, false otherwise.If the puk is not empty, the function resets the PIN tries using the ACAApplet's ResetPINTries method and stores the new PIN in cache.
References CrescendoDLL.SDKCore.Engine.
|
inline |
Resets the token to its default state.
true if all operations (authentication, token reset and cache freshness update) are successful, false otherwise.This function attempts to reset the token to its default state. It first checks if authentication is necessary and performs it if needed. If the authentication fails, it throws an exception. The function then attempts to reset the token, store the default PIN in the cache, and update the cache freshness. Each of these operations returns a boolean indicating its success. If any operation fails, the function will return false.
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.NewToken().
|
inline |
This function injects a PIV, OATH or XAUTH key into a token using Secure Key Injection (SKI).
| cryptoMechanism | The cryptographic mechanism to be used. Possible options are RSA2048, RSA3072, RSA4096, CURVEP256 and CURVEP384. |
| keyReference | The reference to the key. |
| inputJSONObject | The input JSON formatted string containing the encrypted session KEK key and encrypted data. |
| pivKeyName | Optional name of the PIV key. Can be any string max. 32 characters long. |
true if the key injection is successful, false otherwise.| InvalidDataException | Thrown when the input JSON file cannot be deserialized, or when the XAUTH key size read from the JSON file is wrong, or when the JSON file does not contain any objects called OATHKeyProperties, XAUTHKeyProperties, PIVRSAKeyProperties or PIVECKeyProperties. |
The function first reads the encrypted session KEK key and encrypted data from the inputJSONObject .
The function then injects the appropriate PIV, XAUTH or OATH key into the token depending on the properties in the JSON object.
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.ConfigureOATHSlot(), CrescendoDLL.SDKCore.ConfigureOCRASlot(), CrescendoDLL.SDKCore.PIVPutPKIData(), and CrescendoDLL.SDKCore.PutXAUTHKey().
|
inlinestatic |
Sets the action to be performed when a log message is generated.
| logAction | The action to be performed when a log message is generated. |
|
inlinestatic |
Sets the severity level for logging.
| severity | The severity level for logging. Valid options are DEBUG, INFO, WARN, ERROR and SILENT |
|
inline |
Sets the method to gather the PIN from the user.
| userDialog | The method to gather the PIN from the user. |
Referenced by CrescendoDLL.SDKCore.SetPINForPythonWrapper().
|
inline |
Sets the PIN for the Python wrapper.
| pin | The PIN to be set. |
This function is an override specifically for the Python wrapper. It uses the SetPINDialog function to set the method for gathering the PIN as just passing the pin .
References CrescendoDLL.SDKCore.SetPINDialog().
|
inline |
Sets the method to gather the XAUTH from the user.
| userDialog | The method to gather the XAUTH from the user. |
Referenced by CrescendoDLL.SDKCore.SetXAUTHForPythonWrapper().
|
inline |
Sets the XAUTH for the Python wrapper.
| xauth | The XAUTH to be set. |
This function is an override specifically for the Python wrapper. It uses the SetXAUTHDialog function to set the method for gathering the PIN as just passing the xauth .
References CrescendoDLL.SDKCore.SetXAUTHDialog().
|
inlinestatic |
function prints all available tokens - their name, reader name and Token ATR
true if the operation was successful, false otherwise.The function prints all available tokens using the PrintAllAvailableTokens method.
References CrescendoDLL.SDKCore.PrintAllAvailableTokens().
|
inline |
Updates the PIN properties on the ACA applet.
| maxPinTryCounter | The maximum number of PIN tries allowed on contact interface. |
| maxPinUnlockCounter | The maximum number of PIN unlock tries allowed. |
| maxContactlessPinCounter | The maximum number of PIN tries allowed on contactless interface. |
| minPinLength | The minimum length of the PIN. |
| maxPinLength | The maximum length of the PIN. |
| weakPinControl | The weak PIN control parameter. True means weak Pin control enabled, false means weak pin control disabled |
| changePinAfterFirstUse | The parameter indicating whether to change the PIN after first use. |
| pinNumericOnly | The parameter indicating whether the PIN is numeric only. |
true if all operations (authentication, PIN properties update, and cache freshness update) are successful, false otherwise.This function attempts to update the PIN properties on the ACA applet. If the ACA applet version is less than 4.0 and any of the maxPinTryCounter , maxPinUnlockCounter , or maxContactlessPinCounter parameters are not null, it logs a warning message indicating that these values cannot be modified on applets with a version less than 4.0.
The function then attempts to update the PIN properties on the ACA applet. If the applet version is 4.0 or higher, it updates the PIN properties separately for changePinAfterFirstUse and weakPinControl (separate APDUs are needed).
References CrescendoDLL.SDKCore.Engine.
Referenced by CrescendoDLL.SDKCore.NewToken().
|
inline |
Verifies PIN on the ACA applet.
true if the PIN verification is successful, false otherwise.This function determines PIN from user input, and then calls CrescendoDLL.SDKCore.AuthenticateWithPIN.
References CrescendoDLL.SDKCore.AuthenticateWithPIN().
1.9.8