How to encrypt the .wky file outside of the Nitrokey HSM

Hi All,

I have managed to export the .wky wrapped keyfiles with the encrypted privatekey, the “Private Key Description” and the corresponding x509 certificate.

How can I decrypt the .wky file? once I have a copy on my local system?

Regards

The DKEK class located in scsh/sc-hsm/DKEK.js can encode and decode the .wky format. You could write a small Smart Card Shell script to automate that.

1 Like

Thank you so much for you reply.

Are you able to provide the exact command that needs to be run to decode a .wky please?

The use case is that I have exported a privatekey/certificate from the Nitrokey and now its on my locate machine in .wky format.

Apologies for asking a trivial question? I am new to this and really appreciate any support you can offer.

Regards
Wajid

Thank you SC-HSM

I have been provided the following: Any Idea how I am execute this to decrypt a .wky file.

Thank you so much and sorry for the noddy question.

—8<------8<------8<------8<------8<------8<------8<------8<—
var File = require(“scsh/file/File”).File;
var DKEK = require(“scsh/sc-hsm/DKEK”).DKEK;

var fn = GPSystem.mapFilename(“rsa.wky”);
var f = new File(fn);
var bin = f.readAllAsBinary();
var a = new ASN1(bin);
var blob = a.get(0).value;

var fn = GPSystem.mapFilename(“password.pbe”);
var f = new File(fn);
var bin = f.readAllAsBinary();

var share = DKEK.decryptKeyShare(bin, new ByteString(“password”, ASCII));

var crypto = new Crypto();
var dkek = new DKEK(crypto);
dkek.importDKEKShare(share);
dkek.dumpKeyBLOB(blob);
—8<------8<------8<------8<------8<------8<------8<------8<—

1 Like

Save to a file and run it from the Smart Card Shell.

Thanks sc-hsm (you are very helpful)

I have tried the below but it didn’t work. Can you please let me know what file type I need to save the file as? and how do i run it from Smart Card Shell.

I saved the file as a .js file and click on File > Run Script on the Smart Card Shell but got the following error:
GPError: GPSystem (INVALID_TYPE/0) - “Expected string argument” in C:\Program Files\CardContact\scsh3\scsh\file\File.js#62

I also saved the file as a .java and click on File > Run Script and got the same error.

var File = require(“scsh/file/File”).File;
var DKEK = require(“scsh/sc-hsm/DKEK”).DKEK;

var fn = GPSystem.mapFilename(“rsa.wky”);
var f = new File(fn);
var bin = f.readAllAsBinary();
var a = new ASN1(bin);
var blob = a.get(0).value;

var fn = GPSystem.mapFilename(“password.pbe”);
var f = new File(fn);
var bin = f.readAllAsBinary();

var share = DKEK.decryptKeyShare(bin, new ByteString(“password”, ASCII));

var crypto = new Crypto();
var dkek = new DKEK(crypto);
dkek.importDKEKShare(share);
dkek.dumpKeyBLOB(blob);

Thank YOU so much

Regards