cryptnoxpy.card.nft

Module containing class for NFT card

Module Contents

Classes

Nft

Class containing functionality for NFT card which has limited capabilities
class cryptnoxpy.card.nft.Nft(*args, **kwargs)

Bases: cryptnoxpy.card.basic_g1.BasicG1

Class containing functionality for NFT card which has limited capabilities

type
_type = NFT
abstract derive(self, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '')

Derive key on path and make it the current key in the card

Requires

  • PIN code or challenge-response validated

  • Seed must exist

Parameters

  • key_type (KeyType) – Key type to do derive on

  • path (str) – Path on which to do derivation

get_public_key(self, derivation: cryptnoxpy.enums.Derivation = Derivation.CURRENT_KEY, key_type: cryptnoxpy.enums.KeyType = KeyType.K1, path: str = '', compressed: bool = False) str

Get the public key from the card.

Requires

  • PIN code or challenge-response validated, except for PIN-less path

  • Seed must exist

Parameters

  • derivation (Derivation) – Derivation to use.

  • key_type (KeyType) – Key type to use

  • path (str) –

  • compressed (bool) – The returned value is in compressed format.

Returns

The public key for the given path in hexadecimal string format

Return type

str

Raises
abstract generate_random_number(self, size: int) bytes

Generate random number on the car and return it.

Parameters

size (int) – Output data size in bytes (between 16 and 64, mod 4)

Returns

Random number generated by the chip

Return type

bytes

Raises

DataValidationException – size in not a number between 16 and 64 or is not divisible by 4

abstract load_seed(self, seed: bytes, pin: str = '') None

Load the given seed into the Cryptnox card.

Requires

  • PIN code or challenge-response validated

Parameters

  • seed (bytes) – Seed to initialize the card with

  • pin (str, optional) – PIN code of the card. Can be empty if card is opened with challenge-response validation

Raises

KeyGenerationException – Data is not correct

abstract set_pin_authentication(self, status: bool, puk: str) None

Turn on/off authentication with the PIN code. Other methods can still be used.

Parameters

  • status (bool) – Status of PIN authentication

  • puk (str) – PUK code associated with the card

Raises
abstract set_pinless_path(self, path: str, puk: str) None

Enable working with the card without a PIN on path.

Parameters

  • path (str) – Path to be available without a PIN code

  • puk (str) – PUK code of the card

Raises
abstract user_key_add(self, slot: cryptnoxpy.enums.SlotIndex, data_info: str, public_key: bytes, puk_code: str, cred_id: bytes = b'') None

Add user public key into the card for user authentication

Parameters

  • slot (int) – Slot to write the public key to 1 - EC256R1 2 - RSA key, 2048 bits, public exponent must be 65537 3 - FIDO key

  • data_info (bytes) – 64 bytes of user data

  • public_key (bytes) – Public key of the secure element to be used for authentication

  • puk_code (str) – PUK code of the card

  • cred_id (bytes, optional) – Cred id. Used for FIDO2 authentication

Raises

DataValidationException – Invalid input data

abstract user_key_delete(self, slot: cryptnoxpy.enums.SlotIndex, puk_code: str) None

Delete the user key from slot and free up for insertion

Parameters

  • slot (SlotIndex) – Slot to remove the key from

  • puk_code (str) – PUK code of the card

Raises

DataValidationException – Invalid input data

abstract user_key_info(self, slot: cryptnoxpy.enums.SlotIndex) Tuple[str, str]

Get the description and public key of the user key

Requires

  • PIN code or challenge-response validated

Parameters

slot (SlotIndex) – Index of slot for which to fetch the description

Returns

Description and public key in slot

Return type

tuple[str, str]

user_key_enabled(self, slot_index: cryptnoxpy.enums.SlotIndex)

Check if user key is present in given slot

Parameters

slot_index (SlotIndex) – Slot index to check for

Returns

Whether the user key for slot is present

Return type

bool

abstract user_key_challenge_response_nonce(self) bytes

Get 32 bytes random value from the card that is used to open the card with a user key

Take nonce value from the card. Sign it with a third party application, like TPM. Send the signature back into the card using user_key_challenge_response_open()

Returns

32 bytes random value used as nonce

Return type

bytes

abstract user_key_challenge_response_open(self, slot: cryptnoxpy.enums.SlotIndex, signature: bytes) bool

Send the nonce signature to the card to open it for operations, like it was opened by a PIN code

Parameters

  • slot (SlotIndex) – Slot to use to open the card

  • signature (bytes) – Signature generated by a third party like TPM.

Returns

Whether the challenge response authentication succeeded

Return type

bool

Raises

DataValidationException – invalid input data

abstract user_key_signature_open(self, slot: cryptnoxpy.enums.SlotIndex, message: bytes, signature: bytes) bool

Used for opening the card to sign the given message

Parameters

  • slot (SlotIndex) – Slot to use to open the card

  • message (bytes) – Message that will be sent to sign operation

  • signature (bytes) – Signature generated by a third party, like TPM, on the same message

Returns

Whether the challenge response authentication succeeded

Return type

bool

Raises

DataValidationException – invalid input data

signature_check(self, nonce: bytes) cryptnoxpy.card.base.SignatureCheckResult

Sign random 32 bytes for validation that private key of public key is on the card.

This call doesn’t increase signature counter and doesn’t go into signature history.

Parameters

nonce (bytes) – random 16 bytes that will be used to sign

Returns

Message that was signed and the signature

Return type

SignatureCheckResult

Raises
_init_data(self, name: str, email: str, pin: str, puk: str, pairing_secret: bytes = base.BASIC_PAIRING_SECRET, nfc_sign: bool = False)