[Pcsclite-muscle] Directly using RSA key of a smartcard
Jakub Jelen
jjelen at redhat.com
Thu Jun 22 02:21:03 PDT 2023
On 6/21/23 23:37, Ludovic Rousseau wrote:
> Hello,
>
> Le mer. 21 juin 2023 à 19:09, Michael Conrad <mike at nrdvana.net> a écrit :
>>
>> Hello, I'm new to smartcards and curious if it is possible to ask the
>> card "what is your public RSA key", encrypt something with that public
>> key, and then ask the card to decrypt it back to the original value. In
>> other words, I want to get at the raw encryption API without the hassle
>> of the gpg infrastructure that is normally used for this. (and yes I
>> understand that the things directly encrypted with RSA need to be small
>> values like raw AES keys, used for further encryption and decryption
>> using CBC or similar)
>>
>> If so, could you provide some pointers on convenient ways I might access
>> this API from a script? (but I can write C if I need to)
>
> I would suggest to use the PKCS#11 API for that.
>
> One easy way it to use the Python wrapper PyKCS11 but you can do the
> same using the C API.
> https://pypi.org/project/PyKCS11/
>
> One example of encrypting with the public key and decrypt using the
> private key is available in the sample code directory; rsa_encrypt.py
> https://github.com/LudovicRousseau/PyKCS11/blob/master/samples/rsa_encrypt.py#L57-L61
>
> This sample code first generates an RSA key pair but you can remove
> this part of the code and use an existing key pair on your yubikey.
Indeed, you need a PKCS#11 module in between your application and the
card and for that OpenSC can be used, which should work with the OpenPGP
cards or most of the other common card types in the wild:
https://github.com/OpenSC/OpenSC/
Regards,
--
Jakub Jelen
Crypto Team, Security Engineering
Red Hat, Inc.
More information about the pcsclite-muscle
mailing list