cryptnoxpy.card.basic_g0
¶
Module containing class for Basic card of 0th generation
Module Contents¶
Classes¶
Class containing functionality for Basic cards of the 0th generation |
- class cryptnoxpy.card.basic_g0.BasicG0(connection: cryptnoxpy.connection.Connection, data: List[int] = None, debug: bool = False)¶
Bases:
cryptnoxpy.card.basic.Basic
Class containing functionality for Basic cards of the 0th generation
- select_apdu = [160, 0, 0, 16, 0, 1, 1]¶
- puk_rule = 15 digits¶
- _ALGORITHM¶
- change_pairing_key(self, index: int, pairing_key: bytes, puk: str = '') None ¶
Set the pairing key of the card
- Parameters
index (int) – Index of the pairing key
pairing_key (bytes) – Pairing key to set for the card
puk (str) – PUK code of the card
- Raises
DataValidationException – input data is not valid
SecureChannelException – operation not allowed
PukException – PUK code is not valid
- derive(self, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '')¶
Derive key on path and make it the current key in the card
- Requires
PIN code or challenge-response validated
Seed must exist
- Parameters
key_type (KeyType) – Key type to do derive on
path (str) – Path on which to do derivation
- abstract dual_seed_public_key(self, pin: str = '') bytes ¶
Get the public key from the card for dual initialization of the cards
- Requires
PIN code or challenge-response validated
- Parameters
pin (str) – PIN code of card if it was opened with a PIN check
- Returns
Public key and signature that can be sent into the other card
- Return type
bytes
- Raises
DataException – The received data is invalid
- abstract dual_seed_load(self, data: bytes, pin: str = '') None ¶
Load public key and signature from the other card into the card to generate same seed.
- Requires
PIN code or challenge-response validated
- Parameters
pin (str) – PIN code of card if it was opened with a PIN check
data (bytes) – Public key and signature of public key from the other card
- property extended_public_key(self) bool ¶
- Returns
Extended public key turned on
- Return type
bool
- abstract generate_random_number(self, size: int) bytes ¶
Generate random number on the car and return it.
- Parameters
size (int) – Output data size in bytes (between 16 and 64, mod 4)
- Returns
Random number generated by the chip
- Return type
bytes
- Raises
DataValidationException – size in not a number between 16 and 64 or is not divisible by 4
- generate_seed(self, pin='') bytes ¶
Generate a seed directly on the card.
- Requires
PIN code or challenge-response validated
- Parameters
pin (str, optional) – PIN code of the card. Can be empty if card is opened with challenge-response validation
- Returns
Primary node “m” UID (hash of public key)
- Return type
bytes
- Raises
KeyGenerationException – There was an issue with generating the key
KeyAlreadyGenerated – The card already has a seed generated
- get_public_key(self, derivation: cryptnoxpy.enums.Derivation, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '', compressed: bool = True) str ¶
Get the public key from the card.
- Requires
PIN code or challenge-response validated, except for PIN-less path
Seed must exist
- Parameters
derivation (Derivation) – Derivation to use.
key_type (KeyType) – Key type to use
path (str) –
compressed (bool) – The returned value is in compressed format.
- Returns
The public key for the given path in hexadecimal string format
- Return type
str
- Raises
DerivationSelectionException – Card is not initialized with seed
ReadPublicKeyException – Invalid data received from card
- abstract history(self, slot: int = 0) NamedTuple ¶
Get history of hashes the card has signed regardless of any parameters given to sign
- Requires
PIN code or challenge-response validated
- Parameters
index (int) – Index of entry in history
- Returns
Return entry containing signing_counter, representing index of sign call, and hashed_data, the data that was signed
- Return type
NamedTuple
- property initialized(self) bool ¶
- Returns
Whether the card is initialized
- Return type
bool
- load_seed(self, seed: bytes, pin: str = '') None ¶
Load the given seed into the Cryptnox card.
- Requires
PIN code or challenge-response validated
- Parameters
seed (bytes) – Seed to initialize the card with
pin (str, optional) – PIN code of the card. Can be empty if card is opened with challenge-response validation
- Raises
KeyGenerationException – Data is not correct
- property pin_authentication(self) bool ¶
- Returns
Whether the PIN code can be used for authentication
- Return type
bool
- property pinless_enabled(self) bool ¶
- Returns
Return whether the card has a pinless path
- Return type
bool
- reset(self, puk: str) None ¶
Reset the card and return it to factory settings.
- Parameters
puk – PUK code associated with the card
- property seed_source(self) cryptnoxpy.enums.SeedSource ¶
- Returns
How the seed was generated
- Return type
- abstract set_pin_authentication(self, status: bool, puk: str) None ¶
Turn on/off authentication with the PIN code. Other methods can still be used.
- Parameters
status (bool) – Status of PIN authentication
puk (str) – PUK code associated with the card
- Raises
DataValidationException – input data is not valid
PukException – PUK code is not valid
- abstract set_pinless_path(self, path: bytes, puk: str) None ¶
Enable working with the card without a PIN on path.
- Parameters
path (bytes) – Path to be available without a PIN code
puk (str) – PUK code of the card
- Raises
DataValidationException – input data is not valid
PukException – PUK code is not valid
- abstract set_extended_public_key(self, status: bool, puk: str) None ¶
Turn on/off extended public key output.
- Requires
Seed must be loaded
- Parameters
status (bool) – Status of PIN authentication
puk (str) – PUK code associated with the card
- Raises
DataValidationException – input data is not valid
PukException – PUK code is not valid
KeyException – Seed not found
- sign(self, data: bytes, derivation: cryptnoxpy.enums.Derivation, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '', pin: str = '', filter_eos: bool = False) bytes ¶
Sign the message using given derivation.
- Requires
PIN code provided, authenticate with user key by signing same message or PIN-less path used
Seed must be loaded
- Parameters
data (bytes) – Data to sign
derivation (Derivation) – Derivation to use.
key_type (KeyType, optional) – Key type to use. Defaults to K1
path (str, optional) – Path of the key. If empty use main key
pin (str, optional) – PIN code of the card
filter_eos (str, optional) – Filter signature so it is valid for EOS network, might take longer. Defaults to False
- Returns
The signature generated by the card in DER common format.
- Return type
bytes
- Raises
DataException – Invalid data received during signature
- property signing_counter(self) int ¶
- Returns
Counter of how many times the card has been used to sign
- Return type
int
- property user_data(self) bytes ¶
- Returns
Read user data that was written into the card.
- Return type
bytes
- abstract user_key_add(self, slot: cryptnoxpy.enums.SlotIndex, data_info: str, public_key: bytes, puk_code: str, cred_id: bytes = b'') None ¶
Add user public key into the card for user authentication
- Parameters
slot (int) – Slot to write the public key to 1 - EC256R1 2 - RSA key, 2048 bits, public exponent must be 65537 3 - FIDO key
data_info (bytes) – 64 bytes of user data
public_key (bytes) – Public key of the secure element to be used for authentication
puk_code (str) – PUK code of the card
cred_id (bytes, optional) – Cred id. Used for FIDO2 authentication
- Raises
DataValidationException – Invalid input data
- abstract user_key_delete(self, slot: cryptnoxpy.enums.SlotIndex, puk_code: str) None ¶
Delete the user key from slot and free up for insertion
- Parameters
slot (SlotIndex) – Slot to remove the key from
puk_code (str) – PUK code of the card
- Raises
DataValidationException – Invalid input data
- abstract user_key_info(self, slot: cryptnoxpy.enums.SlotIndex) Tuple[str, str] ¶
Get the description and public key of the user key
- Requires
PIN code or challenge-response validated
- Parameters
slot (SlotIndex) – Index of slot for which to fetch the description
- Returns
Description and public key in slot
- Return type
tuple[str, str]
- abstract user_key_enabled(self, slot_index: cryptnoxpy.enums.SlotIndex) bool ¶
Check if user key is present in given slot
- Parameters
slot_index (SlotIndex) – Slot index to check for
- Returns
Whether the user key for slot is present
- Return type
bool
- abstract user_key_challenge_response_nonce(self) bytes ¶
Get 32 bytes random value from the card that is used to open the card with a user key
Take nonce value from the card. Sign it with a third party application, like TPM. Send the signature back into the card using
user_key_challenge_response_open()
- Returns
32 bytes random value used as nonce
- Return type
bytes
- abstract user_key_challenge_response_open(self, slot: cryptnoxpy.enums.SlotIndex, signature: bytes) bool ¶
Send the nonce signature to the card to open it for operations, like it was opened by a PIN code
- Parameters
slot (SlotIndex) – Slot to use to open the card
signature (bytes) – Signature generated by a third party like TPM.
- Returns
Whether the challenge response authentication succeeded
- Return type
bool
- Raises
DataValidationException – invalid input data
- abstract user_key_signature_open(self, slot: cryptnoxpy.enums.SlotIndex, message: bytes, signature: bytes) bool ¶
Used for opening the card to sign the given message
- Parameters
slot (SlotIndex) – Slot to use to open the card
message (bytes) – Message that will be sent to sign operation
signature (bytes) – Signature generated by a third party, like TPM, on the same message
- Returns
Whether the challenge response authentication succeeded
- Return type
bool
- Raises
DataValidationException – invalid input data
- _sign_eos(self, apdu: List[int], data: bytes, pin: str) bytes ¶
- static valid_puk(puk: str, puk_name: str = 'puk') str ¶
Check if provided puk is valid
- Parameters
puk (str) – The puk to check if valid
puk_name (str, optional) – Value used in DataValidationException for puk name. Defaults to: puk
- Return str
Provided puk in str format if valid
- Raises
DataValidationException – Provided puk is not valid
- property valid_key(self) bool ¶
Check if the card has a valid key
- Returns
Whether the card has a valid key.
- Return type
bool
- verify_pin(self, pin: str) None ¶
Check PIN code and open the card for operations that are protected.
The method is sending the PIN code to the card to open it for other operations. If there is an issue an exception will be raised.
- Parameters
pin (str) – PIN code to check against the card.
- Raises
PinException – Invalid PIN code
DataValidationException – Invalid length or PIN code authentication disabled
SoftLock – The card has been locked and needs power cycling before it can be used again
- _check_init(self)¶
- property _owner(self) cryptnoxpy.card.base.User ¶
Get the available information about the owner of the card from the card
When the card is initialized the owner name and email address are stored on the card. This method will read and return them.
- Returns
A dictionary containing the owner name and email address
- Return type
Dict[str, str]
- Raises
CryptnoxCard.PinException – PIN code wasn’t validated.
CryptnoxCard.SecureChannelException – Secure channel not opened.