I want to use a nitrokey start as a license token for an application I have written.
To this end I need I way to implement challenge response on a USB stack like libusb or libusbp alone.
- I need to ask the nitrokey give me its public key.
- I need to ask the nitrokey to sign a nonce using the corresponding private key.
- I can then verify the returned signature in the application.
I cannot ask my users to install and set up gpg and all the cruft that comes with it.
Where can I find the documentation for direct access to the nitrokey? Do there exist convenient examples for this use case?
update:
I have done some reading of the pynitrokey source and see that there are iso7816 functions cmd_external_authenticate and cmd_internal_authenticate which i could use for mutual authentication.
These functions should be easy enough to port to my system.
However the input/outputs of these functions are not documented well enough and these functions seem not to be used by pynitrokey itself (grep doesn’t find them being called)
How to determine the keysize/algos etc. being used?