I am trying get the Public Key (FastSCPGetECKAPublicKey) from the SE050 Dev Board and proofing the private Key possession with a ECDSA Signature from this Public Key (FastSCPGetECKAPublicKey).
Do I need to create a CryptoObject (in the Docu it is mentioned the FastSCPGetECKAPublicKey already created)?
Where can I find good example project only using APDU Commands (Soft Reset, Select Applet etc.) to communicate with the SE050?
Is "creating a Session" necessary for retrieving the public Key and Signing a Random Message or can this happen sessionless?
Best regards
Julian
Hello Julian,
creating a session with the command CreateSession is not necessary to do a signature.
the command FastSCPGetECKAPublicKey (now called ECKeySessionGetECKAPublicKey) is only used to fetch the public key when needed for session creation with Elliptic Curve authentication or for ImportExternalObject.
The mechanism of encrypted session creation is best shown when compiling the examples with authentication enabled - so call cmake with -DSE05X_Auth=ECKey and the examples will execute with authentication. Prerequisite is that the example authentication keys have been provisioned before using the example se05x_Delete_and_test_provision.
In case you are not interested in the ECKey authentication but just like to do a signature then I recommend the example ex_ecc of the Plug & Trust Middleware.
It shows creating a signature using
sss_asymmetric_sign_digest(&ctx_asymm, digest, digestLen, signature, &signatureLen);
Reading the public key works as shown in ex_ecdh works using
sss_key_store_get_key(&pCtx->ks, &keyPair, publicKey, &publicKeyLen, &publicKeyBitLen);
To see the APDUs created by these functions just enable debug logging in nxLog_Default_Config.h with
#define NX_LOG_ENABLE_DEFAULT_DEBUG 1
and execute the examples to see which APDUs are exchanged.
Kind regards,
Michael
Hi Michael,
thank you - the plug and trust examples are great
best regards
Julian