forked from philipWendland/IsoApplet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcompile and run as admin.bat
211 lines (134 loc) · 7.23 KB
/
compile and run as admin.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
@echo off
set path=%path%;"C:\Program Files\OpenSC Project\OpenSC\tools"
set reader=Virtual Smart Card Architecture Virtual PCD 0
set simulator=jcardsim-3.0.4-SNAPSHOT.jar
set simulator=jcardsim-3.0.5-SNAPSHOT.jar
set applet_base=IsoApplet3\src
set applet_path=%applet_base%\xyz\wendland\javacard\pki\isoapplet
rem set jcmath=JCMathLib-master\applet\src\main\java\opencrypto\jcmathlib\*.java JCMathLib-master\applet\src\main\java\opencrypto\jcmathlib\curves\*.java
rem set OPENSC_DEBUG=999
rem goto :softHSM
C:
cd\Users\user\Desktop\virtualsmartcard-0.8_win64
set reader11=--slot-description "%reader%"
set reader15=-r "%reader%"
rem pre-requisites:
rem OpenSC-0.24.0_win64.msi ++ x32 ?
rem jdk-21_windows-x64_bin.msi ?
rem BixVReaderInstaller.msi
rem BixVReader.cer ?
rem jcardsim-3.0.5-SNAPSHOT.jar
rem IsoApplet3 (gitclone)
rem in 'IsoApplet.java' leave as this: public static final boolean DEF_PRIVATE_KEY_IMPORT_ALLOWED = DEF_PRIVATE_KEY_EXPORT_ALLOWED = true;
rem pnputil OR devcon -> extract https://download.microsoft.com/download/8/6/9/86925F0F-D57A-4BA4-8278-861B6876D78E/wdk/Installers/09844d1815314132979ed88093f49c6f.cab and rename
if exist jcardsim_isoapplet.cfg goto :ok_cfg
echo com.licel.jcardsim.card.applet.0.AID=F276A288BCFBA69D34F31001 >> jcardsim_isoapplet.cfg
echo com.licel.jcardsim.card.applet.0.Class=xyz.wendland.javacard.pki.isoapplet.IsoApplet >> jcardsim_isoapplet.cfg
echo com.licel.jcardsim.card.ATR=3B80800101 >> jcardsim_isoapplet.cfg
:ok_cfg
tasklist /fi "WINDOWTITLE eq simulator" 2>NUL | find /I "java.exe" >NUL
if "%ERRORLEVEL%"=="0" goto :applet_running
echo ***************************
echo ******* restarting ********
echo ***************************
devcon.exe disable *Bix*
devcon.exe enable *Bix*
rem pnputil /disable-device ?? "USB\VID_08E6&PID_3437\5&E57B0DF&0&6"
rem pnputil /enable-device
echo ***************************
echo ******* compilation *******
echo ***************************
del %applet_path%\*.class
javac -cp %simulator% -Xlint:deprecation %applet_path%\*.java %jcmath%
if "%ERRORLEVEL%"=="1" pause
echo ***************************
echo ***** starting applet *****
echo ***************************
start /min "simulator" java -cp %applet_base%;%simulator% com.licel.jcardsim.remote.BixVReaderCard jcardsim_isoapplet.cfg
ping 0.0.0.0 >NUL
tasklist /fi "WINDOWTITLE eq simulator" 2>NUL | find /I "java.exe" >NUL
if "%ERRORLEVEL%"=="1" exit
:applet_running
echo ***************************
echo ****** send card apdu *****
echo ***************************
opensc-tool %reader15% --send-apdu 80b800001a0cf276a288bcfba69d34f310010cf276a288bcfba69d34f3100100
echo ***************************
echo ***** formating card *****
echo ***************************
pkcs15-init %reader15% --create-pkcs15 --so-pin 1234 --so-puk 1234567890123456 --serial 123456789a123456789b123456789c12 --profile pkcs15+onepin
rem echo ***************************
rem echo ******* setting pin ******
rem echo ***************************
rem pkcs15-init %reader15% --store-pin --so-pin 1234 --so-puk 1234567890123456 --pin 1234 --puk 1234567890123456
echo ***************************
echo ******* export jump ******
echo ***************************
goto :export_loop
echo ***************************
echo ****** importing pfx ******
echo ***************************
pkcs15-init %reader15% --store-private-key ekey_cert_ca.pfx --id 46 -f PKCS12 --auth-id 01 --passphrase Senha123 --pin 1234
echo ***************************
echo ****** dumping list *******
echo ***************************
pkcs15-tool %reader15% --dump
echo ***************************
echo ***** Cert Propagation ****
echo ***************************
rem C:\Windows\SysWOW64\certutil.exe -scinfo
rem currently must manually add certificate when certutil shows it, because Provider must be smart card
echo ***************************
echo *** Export Certificate ****
echo ***************************
rem cert/pubkey
pkcs11-tool.exe %reader11% --id 46 --login --pin 1234 --read-object --type cert --output-file cert.cer
rem not found: secrkey/data
rem not allowed: privkey pkcs11-tool.exe %reader11% --id 46 --login --pin 1234 --read-object --type privkey --output-file export.key
rem get priv key via multiple apdu
opensc-tool %reader15% --send-apdu 002000011031323334000000000000000000000000 --send-apdu 00CA3F0000 --send-apdu 00CA3F0100 --send-apdu 00CA3F0200 --send-apdu 00CA3F0300 --send-apdu 00CA3F0400 --send-apdu 00CA3F0500 > key.txt
rem 00 class CA get data 3F FF p1 get private key 00 key offset block 00 data length
rem 69 82 E Security condition not satisfied.
rem 69 85 E Conditions of use not satisfied.
rem 6F 00 E Command aborted – more exact diagnosis not possible (e.g., operating system error).
rem 00 01 ram_buf out of bounds
rem 00 03 APDUException.BUFFER_BOUNDS
cmd
exit
:export_loop
set /a pos=%pos%+1
echo ***************************
echo ***** export wait %pos%
echo ***************************
pause
pkcs11-tool.exe %reader11% --id 46 --login --pin 1234 --read-object --type cert --output-file cert_%pos%.cer
opensc-tool %reader15% --send-apdu 002000011031323334000000000000000000000000 --send-apdu 00CA3F0000 --send-apdu 00CA3F0100 --send-apdu 00CA3F0200 --send-apdu 00CA3F0300 --send-apdu 00CA3F0400 --send-apdu 00CA3F0500 > key_%pos%.txt
goto :export_loop
:openSC_pkcs11
rem pkcs11-tool.exe --read-object --type privkey --id 01 -l --pin 1234
https://github.com/OpenSC/OpenSC/blob/e2b1fb81e0e1339eebaa36fb90635e03f69d4da3/src/tools/pkcs11-tool.c#L4088
https://github.com/OpenSC/OpenSC/pull/1393
:openSC_pkcs15-tool_export-cert
https://github.com/OpenSC/OpenSC/issues/1522
https://github.com/OpenSC/OpenSC/blob/master/src/pkcs15init/pkcs15-isoApplet.c#L783
https://github.com/OpenSC/OpenSC/blob/master/src/pkcs15init/pkcs15-cflex.c#L938
rem outputs hex pubkey, windows incompatible: pkcs15-tool %reader15% --read-public-key 46 --auth-id 01 --output test.key
:openssl
rem extract as pem: ekey and certs
openssl pkcs12 -in certs.pfx -nocerts -out pem_ekey.key
openssl pkcs12 -in certs.pfx -clcerts -nokeys -out pem_cert.key
rem decrypt ekey
openssl rsa -in pem_ekey.key -out pem_key.key
rem convert pem_key to der_key
openssl rsa -in pem_key.key -out der_key.key -outform der
:softHSM
rem https://github.com/opendnssec/SoftHSMv2/issues/597
"C:\Program Files (x86)\OpenSC Project\SoftHSMv2.5\bin\softhsm2-util.exe" --init-token --slot 0 --label "My token 1"
pkcs11-tool.exe -v --module "C:\Program Files (x86)\OpenSC Project\SoftHSMv2.5\lib\softhsm2-x64.dll" -l --pin 1234 --write-object cerj.key --type privkey --id 2222
pkcs11-tool.exe -v --module "C:\Program Files (x86)\OpenSC Project\SoftHSMv2.5\lib\softhsm2-x64.dll" -l --pin 1234 --write-object cert.crt --type cert --id 2222
"C:\Program Files (x86)\OpenSC Project\SoftHSMv2.5\bin\softhsm2-util.exe" --show-slots
pkcs11-tool --module "C:\Program Files (x86)\OpenSC Project\SoftHSMv2.5\lib\softhsm2-x64.dll" --show-info
pkcs11-tool --module "C:\Program Files (x86)\OpenSC Project\SoftHSMv2.5\lib\softhsm2-x64.dll" --list-objects
C:\Windows\SysWOW64\certutil.exe -csplist
cmd
exit