List Nitrokeys in SCS with DENK1234567 ID

Hi,

a usability topic.
While testing and learning with PKA, DKEK, XKEK and four Nitrokeys HSM. The reader is showing only Nitrokey Nitrokey HSM 0-4.
Since on this Win-PC without Admin rights I am not able (out of the box) to use opensc tooling to list the Keys behind every reader.

I have to select the reader and use the key manager to show what key is behind every HSM number. The number is also changing depending on the plugin order.

Is there an script available to list the output what the key manager is showing?
If not this feature request has a very low priority :slight_smile:
An automatic loop on all reader? << bronze plated solution.
The silver plated solution would be to offer this as a keyboard shortcut like Run Script or Key Manager.
The gold plated solution would be to use the DENK1234567 or other unique identifier property within the reader info.

Thanks and kind regards,
Tobias

You mean something like this

var SmartCardHSM = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSM;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;


var readerList = Card.getReaderList();

var crypto = new Crypto();

for (var i = 0; i < readerList.length; i++) {
	var sc;
	try	{
		var card = new Card(readerList[i]);
		var sc = new SmartCardHSM(card);
		var devAutCert = sc.readBinary(SmartCardHSM.C_DevAut);
		var chain = SmartCardHSM.validateCertificateChain(crypto, devAutCert);
		var ks = new HSMKeyStore(sc);
	}
	catch(e) {
		print("Skiping reader " + readerList[i]);
		continue;
	}

	print(chain.path);

	var aliases = ks.enumerateKeys();
	for (var j = 0; j < aliases.length; j++) {
		var k = ks.getKey(aliases[j]);
		print(" " + k.getLabel() + " " + k.getType() + "(" + k.getSize() + ")");
	}
}

You could also amend the key manager with your own plug-ins.

1 Like

nice. I’ve added to the keymanager/keymanager.js this output

print("-------------------------------------------------------------------");
print("Listing output of all compatible reader");
print("-------------------------------------------------------------------");

var SmartCardHSM = require('scsh/sc-hsm/SmartCardHSM').SmartCardHSM;
var HSMKeyStore = require("scsh/sc-hsm/HSMKeyStore").HSMKeyStore;

var readerList = Card.getReaderList();
var crypto = new Crypto();

for (var i = 0; i < readerList.length; i++) {
    var sc;
    try {
        //print("Processing reader: " + readerList[i]);

        var card = new Card(readerList[i]);
        var sc = new SmartCardHSM(card);
        var devAutCert = sc.readBinary(SmartCardHSM.C_DevAut);
        var chain = SmartCardHSM.validateCertificateChain(crypto, devAutCert);
        var ks = new HSMKeyStore(sc);
    } catch (e) {
        //print("Skipping reader: " + readerList[i]);
        continue;
    }

    print("Certificate chain for reader " + readerList[i] + ":");
    print(chain.path);

    var aliases = ks.enumerateKeys();
    for (var j = 0; j < aliases.length; j++) {
        var k = ks.getKey(aliases[j]);
        print("  Key: " + k.getLabel() + " " + k.getType() + "(" + k.getSize() + ")");
    }
}

print("-------------------------------------------------------------------");
print("End of reader output");
print("-------------------------------------------------------------------");