[Pcsclite-muscle] Directly using RSA key of a smartcard

Ludovic Rousseau ludovic.rousseau at gmail.com
Wed Jun 21 14:37:02 PDT 2023


Hello,

Le mer. 21 juin 2023 à 19:09, Michael Conrad <mike at nrdvana.net> a écrit :
>
> Hello, I'm new to smartcards and curious if it is possible to ask the
> card "what is your public RSA key", encrypt something with that public
> key, and then ask the card to decrypt it back to the original value.  In
> other words, I want to get at the raw encryption API without the hassle
> of the gpg infrastructure that is normally used for this.  (and yes I
> understand that the things directly encrypted with RSA need to be small
> values like raw AES keys, used for further encryption and decryption
> using CBC or similar)
>
> If so, could you provide some pointers on convenient ways I might access
> this API from a script?  (but I can write C if I need to)

I would suggest to use the PKCS#11 API for that.

One easy way it to use the Python wrapper PyKCS11 but you can do the
same using the C API.
https://pypi.org/project/PyKCS11/

One example of encrypting with the public key and decrypt using the
private key is available in the sample code directory; rsa_encrypt.py
https://github.com/LudovicRousseau/PyKCS11/blob/master/samples/rsa_encrypt.py#L57-L61

This sample code first generates an RSA key pair but you can remove
this part of the code and use an existing key pair on your yubikey.

Bye

-- 
 Dr. Ludovic Rousseau



More information about the pcsclite-muscle mailing list