Re: [Opensc-devel] How to retrieve RSA private key from wrapped key blob?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

I've finally managed to obtain a card and all credentials required to download the SDK, but now I have bumped into a problem with the script itself. 

I fired up Smart Card Shell GUI, set sc-hsm-workspace as workspace directory and selected scsh/sc-hsm/DKEK.js script to run. As a result it produced the following error:

    Running setup script config.js ...

    SCSH3 - Smart Card Shell 3.7.1917
    ---------------------------------------------------------------------------
    (c) 2005-2011 CardContact Software & System Consulting (www.cardcontact.de)
    Enter 'help' for a command overview or 'quit' to close the shell

    >load("/root/opensc/sc-hsm-workspace/sc-hsm-workspace/scsh/sc-hsm/DKEK.js");
    org.mozilla.javascript.EcmaError: ReferenceError: "exports" is not defined. (/root/opensc/sc-hsm-workspace/sc-hsm-workspace/scsh/sc-hsm/DKEK.js#25)
        at /root/opensc/sc-hsm-workspace/sc-hsm-workspace/scsh/sc-hsm/DKEK.js#25
    >

I've tried several other scripts from scsh directory, all of them finished with the same error. Scripts from sc-hsm-sdk-scripts directory run without this problem.  I used the same instance of Smart Card Shell which I used for account activation process., so the software itself should be fine. 

I suspect it's some simple rookie mistake and I didn't initialize something correctly, but I was unable to find any clues in the documentation. Perhaps there should be some wiki page for absolute beginners to document problems like this one?

Best regards,
Przemysław Ogorzałek

-----Original Message-----
From: Andreas Schwier [mailto:and...@ca...] 
Sent: Tuesday, April 19, 2016 2:19 PM
To: ope...@li...
Subject: Re: [Opensc-devel] How to retrieve RSA private key from wrapped key blob?

Dear Przemysław,

if you register at the CardContact Developers Network, you can download
the SDK [1]. It contains a class DKEK.js which can be used to decrypt
and dump the key blob.

Andreas

[1]
https://devnet.cardcontact.de/attachments/download/55/sc-hsm-workspace-20160229.zip

On 04/19/2016 02:03 PM, Ogorzalek, Przemyslaw wrote:
> Hello,
> 
> I wonder if it's possible to decrypt wrapped RSA private key downloaded from a smartcard? The key was generated and obtained by the following set of commands:
> 
> sc-hsm-tool --create-dkek-share dkek/dkek-share-1.pbe
> sc-hsm-tool --create-dkek-share dkek/dkek-share-2.pbe
> 
> sc-hsm-tool --initialize --dkek-shares 2
> sc-hsm-tool --import-dkek-share dkek/dkek-share-1.pbe
> sc-hsm-tool --import-dkek-share dkek/dkek-share-2.pbe
> pkcs11-tool -l --pin 123456 --keypairgen --key-type rsa:2048 --id 11 --usage-sign
> sc-hsm-tool --wrap-key wrap-key.bin --key-reference 1
> 
> I know how to upload the key to a new card, but what if I want to change the technology stack and stop using smartcards in the future? Is there any way to  reencrypt the RSA key to store it in file protected simply by a passphrase?
> 
> Assume that I have both DKEK key shares and corresponding passwords, and I can perform the whole process in a designated secure room.
> 
> I have also asked this question on superuser.com: http://superuser.com/questions/1066719/how-to-retrieve-rsa-private-key-from-wrapped-key-blob
> So if you can answer my question, the reputation is yours to get :)
> 
> Best regards,
> Przemysław Ogorzałek
> 
> 
> 
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> 
> 
> 
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
> 

-- 

    ---------    CardContact Systems GmbH
   |.##> <##.|   Schülerweg 38
   |#       #|   D-32429 Minden, Germany
   |#       #|   Phone +49 571 56149
   |'##> <##'|   http://www.cardcontact.de
    ---------    Registergericht Bad Oeynhausen HRB 14880
                 Geschäftsführer Andreas Schwier

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensc-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/opensc-devel

Re: [Opensc-devel] How to retrieve RSA private key from wrapped key blob?

OpenSC - tools and libraries for smart cards

Re: [Opensc-devel] How to retrieve RSA private key from wrapped key blob?