Documentation
¶
Overview ¶
Package key provides functions for preparing keys for import into a card.
Index ¶
Constants ¶
const ( CMac UsageType = iota RMac = iota CMacRMac = iota CEnc = iota REnc = iota CEncREnc = iota CDek = iota RDek = iota CDekRDek = iota PkSdAut = iota SkSdAut = iota Token = iota Receipt = iota Dap = iota PkSdAutToken = iota SkSdAutReceipt = iota PkSdAutDap = iota PkSdAutTokenDap = iota )
const ( TypeDES byte = 0x80 TypeAES byte = 0x88 AccessSdAndApplication byte = 0x00 AccessSdOnly byte = 0x01 AccessApplicationOnly byte = 0x02 AccessNotAvailable byte = 0xFF TypeHMACSHA1 byte = 0x90 TypeHMACSHA160 byte = 0x91 TypeRSAPublicKeyE byte = 0xA0 TypeRSAPublicKeyN byte = 0xA1 TypeRSAPrivateKeyN byte = 0xA2 TypeRSAPrivateKeyD byte = 0xA3 TypeRSAPrivateKeyCRTP byte = 0xA4 TypeRSAPrivateKeyCRTQ byte = 0xA5 TypeRSAPrivateKeyCRTPQ byte = 0xA6 TypeRSAPrivateKeyCRTDP1 byte = 0xA7 TypeRSAPrivateKeyCRTDQ1 byte = 0xA8 TypeECCPublicKey byte = 0xB0 TypeECCPrivateKey byte = 0xB1 TypeECCFieldParameterP byte = 0xB2 TypeECCFieldParameterA byte = 0xB3 TypeECCFieldParameterB byte = 0xB4 TypeECCFieldParameterG byte = 0xB5 TypeECCFieldParameterN byte = 0xB6 TypeECCFieldParameterK byte = 0xB7 TypeECCKeyParameterReference byte = 0xF0 TypeExtendedFormat byte = 0xFF )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ComponentBasic ¶
type ComponentBasic struct {
Type byte // Type of the Key Components.
Block ComponentBlock // Block with a Key Components.
KCV []byte // Optional Key Check Value.
}
ComponentBasic is a key component in basic format.
func GetCurveParametersAk ¶
func GetCurveParametersAk(curvename string, usePaddingPresentFormat bool) (kcParameterA, kcParameterK *ComponentBasic, err error)
GetCurveParametersAk returns field parameters A and k of an elliptic curve as ComponentBasic. Supported curve names are: P-224, P-256, P-384, P-521, brainpoolP256t1, brainpoolP256r1, brainpoolP384t1, brainpoolP384r1, brainpoolP512t1 and brainpoolP512r1
func NewComponentBasic ¶
func NewComponentBasic(keyComponentType byte, keyComponentValue, kcv []byte, paddingLength int, usePaddingPresentFormat bool) *ComponentBasic
NewComponentBasic creates a new ComponentBasic.
If the key component value needs be encrypted, it shall be encrypted with the DEK key of the current secure messaging session.
Depending on the indicated padding length, the key component is either wrapped with a ComponentPaddedBlock (in case of applied padding) or a ComponentUnpaddedBlock (in case of no padding).
For some key components it is required to provide a key check value (e.g. for AES or DES keys).
If you want to provide details regarding key usage and key access, use NewComponentExtended.
type ComponentBlock ¶
ComponentBlock is the interface that encodes key component blocks on bytes.
type ComponentExtended ¶
type ComponentExtended struct {
ComponentBasic
UsageQualifier UsageQualifier // Key Usage Qualifier.
Access util.NullByte // Key Access.
}
ComponentExtended is a key component in extended format.
func NewComponentExtended ¶
func NewComponentExtended(keyComponentType byte, keyComponentValue, kcv []byte, paddingLength int, keyUsage UsageQualifier, keyAccess util.NullByte, forcePaddedFormat bool) *ComponentExtended
NewComponentExtended creates a new ComponentExtended with a key component. It calls NewComponentBasic and adds the extended data Key Usage Qualifier and Key Access.
If the key component value needs to be encrypted, it shall be encrypted with the static DEK/S-DEK of the current secure messaging session.
Depending on the indicated padding length, the key component is either wrapped with a ComponentPaddedBlock (in case of applied padding) or a ComponentUnpaddedBlock (in case of no padding).
For some key components it is required to provide a key check value (e.g. for AES or DES keys).
type ComponentPaddedBlock ¶
type ComponentPaddedBlock struct {
LengthComponent int
Value []byte // For a public key component, the key component value does not need to be encrypted and the Key Components Block only contains the clear-text key component value.
}
ComponentPaddedBlock is a key component block that contains an encrypted key component and the length of padding that has been applied to the key component for encryption.
func (ComponentPaddedBlock) Bytes ¶
func (block ComponentPaddedBlock) Bytes() ([]byte, error)
Bytes implements the ComponentBlock interface and encodes ComponentPaddedBlock on LV-encoded bytes
type ComponentUnpaddedBlock ¶
type ComponentUnpaddedBlock struct {
Value []byte
}
ComponentUnpaddedBlock is a key component block that contains a key component that might have been encrypted, but not padded.
func (ComponentUnpaddedBlock) Bytes ¶
func (block ComponentUnpaddedBlock) Bytes() ([]byte, error)
Bytes implements the ComponentBlock interface.
type DataBasic ¶
type DataBasic struct {
Components []ComponentBasic
}
DataBasic represents the data field of a PUT KEY command and contains a list of ComponentBasic.
type DataExtended ¶
type DataExtended struct {
Components []ComponentExtended
}
DataExtended represents the data field of a PUT KEY command and contains a list of ComponentExtended.
func (DataExtended) Bytes ¶
func (de DataExtended) Bytes() ([]byte, error)
Bytes returns DataExtended as LV-encoded bytes.
type UsageQualifier ¶
type UsageQualifier struct {
Verification bool
Computation bool
SecureMessagingResponse bool
SecureMessagingCommand bool
Confidentiality bool
CryptographicChecksum bool
DigitalSignature bool
CryptographicAuthorization bool
KeyAgreement bool
}
UsageQualifier contains usage qualifiers for keys.
func UsageForType ¶
func UsageForType(usage UsageType) *UsageQualifier
UsageForType returns UsageQualifier configured for the given UsageType.
func (UsageQualifier) Bytes ¶
func (uq UsageQualifier) Bytes() []byte
Bytes returns UsageQualifier as 1-2 bytes, depending on the presence of KeyAgreement.
Source Files