:py:mod:`cryptnoxpy.card.basic_g1` ================================== .. py:module:: cryptnoxpy.card.basic_g1 .. autoapi-nested-parse:: Module containing class for Basic card of 1st generation Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: cryptnoxpy.card.basic_g1.BasicG1 .. py:class:: BasicG1(connection: cryptnoxpy.connection.Connection, data: List[int] = None, debug: bool = False) Bases: :py:obj:`cryptnoxpy.card.basic.Basic` Class containing functionality for Basic cards of the 1st generation .. py:attribute:: select_apdu :annotation: = [160, 0, 0, 16, 0, 1, 18] .. py:attribute:: puk_rule :annotation: = 12 digits and/or letters .. py:attribute:: _ALGORITHM .. py:attribute:: PUK_LENGTH :annotation: = 12 .. py:attribute:: _INITIALIZATION_FLAG .. py:attribute:: _SEED_FLAG .. py:attribute:: _PIN_AUTH_FLAG .. py:attribute:: _PINLESS_FLAG .. py:attribute:: _EXTENDED_PUBLIC_KEY .. py:method:: change_pairing_key(self, index: int, pairing_key: bytes, puk: str = '') -> None Set the pairing key of the card :param int index: Index of the pairing key :param bytes pairing_key: Pairing key to set for the card :param str puk: PUK code of the card :raises DataValidationException: input data is not valid :raises SecureChannelException: operation not allowed :raises PukException: PUK code is not valid .. py:method:: derive(self, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '') Derive key on path and make it the current key in the card :requires: - PIN code or challenge-response validated - Seed must exist :param KeyType key_type: Key type to do derive on :param str path: Path on which to do derivation .. py:method:: dual_seed_public_key(self, pin: str = '') -> bytes Get the public key from the card for dual initialization of the cards :requires: - PIN code or challenge-response validated :param str pin: PIN code of card if it was opened with a PIN check :return: Public key and signature that can be sent into the other card :rtype: bytes :raises DataException: The received data is invalid .. py:method:: dual_seed_load(self, data: bytes, pin: str = '') -> None Load public key and signature from the other card into the card to generate same seed. :requires: - PIN code or challenge-response validated :param str pin: PIN code of card if it was opened with a PIN check :param bytes data: Public key and signature of public key from the other card .. py:method:: extended_public_key(self) -> bool :property: :return: Extended public key turned on :rtype: bool .. py:method:: generate_random_number(self, size: int) -> bytes Generate random number on the car and return it. :param int size: Output data size in bytes (between 16 and 64, mod 4) :return: Random number generated by the chip :rtype: bytes :raises DataValidationException: size in not a number between 16 and 64 or is not divisible by 4 .. py:method:: generate_seed(self, pin: str = '') -> bytes Generate a seed directly on the card. :requires: - PIN code or challenge-response validated :param pin: PIN code of the card. Can be empty if card is opened with challenge-response validation :type pin: str, optional :return: Primary node "m" UID (hash of public key) :rtype: bytes :raises KeyGenerationException: There was an issue with generating the key :raises KeyAlreadyGenerated: The card already has a seed generated .. py:method:: get_public_key(self, derivation: cryptnoxpy.enums.Derivation, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '', compressed: bool = True) -> str Get the public key from the card. :requires: - PIN code or challenge-response validated, except for PIN-less path - Seed must exist :param Derivation derivation: Derivation to use. :param KeyType key_type: Key type to use :param str path: :param bool compressed: The returned value is in compressed format. :return: The public key for the given path in hexadecimal string format :rtype: str :raises DerivationSelectionException: Card is not initialized with seed :raises ReadPublicKeyException: Invalid data received from card .. py:method:: history(self, index: int = 0) -> NamedTuple Get history of hashes the card has signed regardless of any parameters given to sign :requires: - PIN code or challenge-response validated :param int index: Index of entry in history :return: Return entry containing signing_counter, representing index of sign call, and hashed_data, the data that was signed :rtype: NamedTuple .. py:method:: initialized(self) -> bool :property: :return: Whether the card is initialized :rtype: bool .. py:method:: load_seed(self, seed: bytes, pin: str = '') -> None Load the given seed into the Cryptnox card. :requires: - PIN code or challenge-response validated :param bytes seed: Seed to initialize the card with :param pin: PIN code of the card. Can be empty if card is opened with challenge-response validation :type pin: str, optional :raises KeyGenerationException: Data is not correct .. py:method:: pin_authentication(self) -> bool :property: :return: Whether the PIN code can be used for authentication :rtype: bool .. py:method:: pinless_enabled(self) -> bool :property: :return: Return whether the card has a pinless path :rtype: bool .. py:method:: reset(self, puk: str) -> None Reset the card and return it to factory settings. :param puk: PUK code associated with the card .. py:method:: seed_source(self) -> cryptnoxpy.enums.SeedSource :property: :return: How the seed was generated :rtype: SeedSource .. py:method:: set_pin_authentication(self, status: bool, puk: str) -> None Turn on/off authentication with the PIN code. Other methods can still be used. :param bool status: Status of PIN authentication :param str puk: PUK code associated with the card :raises DataValidationException: input data is not valid :raises PukException: PUK code is not valid .. py:method:: set_pinless_path(self, path: bytes, puk: str) -> None Enable working with the card without a PIN on path. :param bytes path: Path to be available without a PIN code :param str puk: PUK code of the card :raises DataValidationException: input data is not valid :raises PukException: PUK code is not valid .. py:method:: set_extended_public_key(self, status: bool, puk: str) -> None Turn on/off extended public key output. :requires: - Seed must be loaded :param bool status: Status of PIN authentication :param str puk: PUK code associated with the card :raises DataValidationException: input data is not valid :raises PukException: PUK code is not valid :raises KeyException: Seed not found .. py:method:: signing_counter(self) -> int :property: :return: Counter of how many times the card has been used to sign :rtype: int .. py:method:: user_data(self) -> bytes :property: :return: Read user data that was written into the card. :rtype: bytes .. py:method:: user_key_add(self, slot: cryptnoxpy.enums.SlotIndex, data_info: str, public_key: bytes, puk_code: str, cred_id: bytes = b'') -> None Add user public key into the card for user authentication :param int slot: Slot to write the public key to 1 - EC256R1 2 - RSA key, 2048 bits, public exponent must be 65537 3 - FIDO key :param bytes data_info: 64 bytes of user data :param bytes public_key: Public key of the secure element to be used for authentication :param str puk_code: PUK code of the card :param cred_id: Cred id. Used for FIDO2 authentication :type cred_id: bytes, optional :raises DataValidationException: Invalid input data .. py:method:: user_key_delete(self, slot: cryptnoxpy.enums.SlotIndex, puk_code: str) -> None Delete the user key from slot and free up for insertion :param SlotIndex slot: Slot to remove the key from :param str puk_code: PUK code of the card :raises DataValidationException: Invalid input data .. py:method:: user_key_info(self, slot: cryptnoxpy.enums.SlotIndex) -> Tuple[str, str] Get the description and public key of the user key :requires: - PIN code or challenge-response validated :param SlotIndex slot: Index of slot for which to fetch the description :return: Description and public key in slot :rtype: tuple[str, str] .. py:method:: user_key_enabled(self, slot_index: cryptnoxpy.enums.SlotIndex) Check if user key is present in given slot :param SlotIndex slot_index: Slot index to check for :return: Whether the user key for slot is present :rtype: bool .. py:method:: user_key_challenge_response_nonce(self) -> bytes Get 32 bytes random value from the card that is used to open the card with a user key Take nonce value from the card. Sign it with a third party application, like TPM. Send the signature back into the card using :func:`~cryptnoxpy.card.base.Base.user_key_challenge_response_open` :return: 32 bytes random value used as nonce :rtype: bytes .. py:method:: user_key_challenge_response_open(self, slot: cryptnoxpy.enums.SlotIndex, signature: bytes) -> bool Send the nonce signature to the card to open it for operations, like it was opened by a PIN code :param SlotIndex slot: Slot to use to open the card :param bytes signature: Signature generated by a third party like TPM. :return: Whether the challenge response authentication succeeded :rtype: bool :raises DataValidationException: invalid input data .. py:method:: user_key_signature_open(self, slot: cryptnoxpy.enums.SlotIndex, message: bytes, signature: bytes) -> bool Used for opening the card to sign the given message :param SlotIndex slot: Slot to use to open the card :param bytes message: Message that will be sent to sign operation :param bytes signature: Signature generated by a third party, like TPM, on the same message :return: Whether the challenge response authentication succeeded :rtype: bool :raises DataValidationException: invalid input data .. py:method:: sign(self, data: bytes, derivation: cryptnoxpy.enums.Derivation = Derivation.CURRENT_KEY, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '', pin: str = '', filter_eos: bool = False) -> bytes Sign the message using given derivation. :requires: - PIN code provided, authenticate with user key by signing same message or PIN-less path used - Seed must be loaded :param bytes data: Data to sign :param Derivation derivation: Derivation to use. :param key_type: Key type to use. Defaults to K1 :type key_type: KeyType, optional :param path: Path of the key. If empty use main key :type path: str, optional :param pin: PIN code of the card :type pin: str, optional :param bool filter_eos: Filter signature so it is valid for EOS network, might take longer. Defaults to False :type filter_eos: str, optional :return: The signature generated by the card in DER common format. :rtype: bytes :raises DataException: Invalid data received during signature .. py:method:: valid_key(self) -> bool :property: Check if the card has a valid key :return: Whether the card has a valid key. :rtype: bool .. py:method:: valid_puk(puk: str, puk_name: str = 'puk') -> str :staticmethod: Check if provided puk is valid :param str puk: The puk to check if valid :param puk_name: Value used in DataValidationException for puk name. Defaults to: puk :type puk_name: str, optional :return str: Provided puk in str format if valid :raise DataValidationException: Provided puk is not valid .. py:method:: verify_pin(self, pin: str) -> None Check PIN code and open the card for operations that are protected. The method is sending the PIN code to the card to open it for other operations. If there is an issue an exception will be raised. :param str pin: PIN code to check against the card. :raises PinException: Invalid PIN code :raises DataValidationException: Invalid length or PIN code authentication disabled :raises SoftLock: The card has been locked and needs power cycling before it can be used again .. py:method:: _clear_bit(value, bit) :staticmethod: .. py:method:: _info(self) -> bytes :property: .. py:method:: _owner(self) -> cryptnoxpy.card.base.User :property: Get the available information about the owner of the card from the card When the card is initialized the owner name and email address are stored on the card. This method will read and return them. :return: A dictionary containing the owner name and email address :rtype: Dict[str, str] :raises CryptnoxCard.PinException: PIN code wasn't validated. :raises CryptnoxCard.SecureChannelException: Secure channel not opened. .. py:method:: _set_bit(value, bit) :staticmethod: