def process_card(connection, options):
"""
Implement your function here
"""
global log_level
# Open card
card = CAC(connection, log_level=log_level)
# Select GP Manager
card.apdu_select_application(APDU.APPLET.SECURITY_GEMALTO)
# Open our secure channel
card.open_secure_channel(APDU.APPLET.SECURITY_GEMALTO, APDU.AUTH_KEYS.GEMALTO)
# Try locking the card
# card.apdu_set_status(APDU.SET_STATUS_PARAM.TYPE.SECURITY_DOMAIN,
# APDU.SET_STATUS_PARAM.STATE_CARD.LOCKED)
# List all applications
card.print_applications()
def process_card(connection, options):
"""
Implement your function here
"""
global log_level
# Open card
card = CAC(connection, log_level=log_level)
# Select GP Manager
card.apdu_select_application(APDU.APPLET.SECURITY_GEMALTO)
# Open our secure channel
card.open_secure_channel(APDU.APPLET.SECURITY_GEMALTO,
APDU.AUTH_KEYS.GEMALTO)
# Try locking the card
# card.apdu_set_status(APDU.SET_STATUS_PARAM.TYPE.SECURITY_DOMAIN,
# APDU.SET_STATUS_PARAM.STATE_CARD.LOCKED)
# List all applications
card.print_applications()
def main(args=None):
opts = optparse.OptionParser()
opts.add_option("-r",
"--reader",
action="store",
type="int",
dest="reader",
default=-1,
help="Reader number from --list or -1 for all.")
opts.add_option("-R",
"--listreaders",
action="store_true",
dest="listreaders",
default=False,
help="List Available Readers")
opts.add_option("-E",
"--encrypt",
action="store_true",
dest="encrypt",
default=False,
help="Do a public key encryption.")
opts.add_option("-D",
"--decrypt",
action="store_true",
dest="decrypt",
default=False,
help="SIGN/DECRYPT using the smartcard.")
opts.add_option("-S",
"--signd",
action="store_true",
dest="sign",
default=False,
help="SIGN/DECRYPT using the smartcard.")
opts.add_option("-d",
"--debug",
action="store_true",
dest="debug",
default=False,
help="Enable DEBUG")
opts.add_option(
"-x",
"--certs",
action="store",
type="string",
dest="savecerts",
default=None,
help="Extract all of the certificates to specified directory.")
opts.add_option("-i",
"--input",
action="store",
type="string",
dest="input",
default=None,
help="Input file.")
opts.add_option("-o",
"--output",
action="store",
type="string",
dest="output",
default=None,
help="Output file.")
opts.add_option("-k",
"--pubkey",
action="store",
type="string",
dest="pubkey",
default=None,
help="Public key to use for crytographic operations.")
opts.add_option("-c",
"--cert",
action="store",
type="string",
dest="cert",
default=None,
help="Certificate to use for SIGN/DECRYPT command. %s" %
CAC_KEYS)
opts.add_option(
"-p",
"--pin",
action="store",
type="string",
dest="pin",
default=None,
help=
"PIN for the CAC card. (WARNING: 3 failed attempts will lock the card.)"
)
(options, positionals) = opts.parse_args(args)
# List our readers
reader_list = readers()
if options.listreaders:
print "Available readers: "
for i in range(len(reader_list)):
print " %d: %s" % (i, reader_list[i])
return
# Set our logging level
log_level = logging.ERROR
if options.debug:
log_level = logging.DEBUG
for i in range(len(reader_list)):
if options.reader == i or options.reader < 0:
try:
print "Using: %s" % reader_list[i]
connection = reader_list[i].createConnection()
connection.connect()
card = CAC(connection, log_level=log_level)
# Enter the PIN to use for authorized APDUs
PIN = [0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37]
if options.pin is not None:
PIN = []
for a in range(len(options.pin)):
PIN.append(ord(options.pin[a]))
# What function are we performing?
if options.savecerts is not None:
extract_certs(card, options.savecerts)
# Encrypt a file using a public key?
if options.encrypt:
# Check params
if options.input is None:
print "ERROR: No input file given."
opts.print_usage()
sys.exit()
if options.pubkey is None:
print "ERROR: No public key file given."
opts.print_usage()
sys.exit()
if options.output is None:
print "ERROR: No output file given."
opts.print_usage()
sys.exit()
# Use openssl
call([
"openssl", "pkeyutl", "-encrypt", "-in", options.input,
"-pubin", "-inkey", options.pubkey, "-out",
options.output
])
print "Encrypted %s using %s -> %s." % (
options.input, options.pubkey, options.output)
if options.decrypt or options.sign:
# Check params
if options.input is None:
print "ERROR: No input file given."
opts.print_usage()
sys.exit()
if options.cert is None:
print "ERROR: No CAC certificate selected."
opts.print_usage()
sys.exit()
if options.output is None:
print "ERROR: No output file given."
opts.print_usage()
sys.exit()
if options.cert not in CAC_KEYS:
print "ERROR: not valid key selected."
opts.print_usage()
sys.exit()
if options.pin is None or len(PIN) < 4:
print "ERROR: No PIN given to authenticate to card."
opts.print_usage()
sys.exit()
# VERIFY PIN
logger.info("Verfying PIN...")
data, sw1, sw2 = card.apdu_verify_pin(PIN, 0x00)
# Select CAC Applet
logger.info("Selecting CAC Applet...")
card.apdu_select_application(APDU.APPLET.DOD_CAC)
# Select appropriate key
logger.info("Selecting appropriate key...")
cur_key = CAC_APPLET_OBJECTS.__dict__[options.cert]
card.apdu_select_object(cur_key)
# Read input
sign_data = HELPER.read_binary(options.input)
data, sw1, sw2 = card.apdu_sign_decrypt(sign_data)
HELPER.write_binary(data, options.output)
print "Decrypted %s -> %s." % (options.input,
options.output)
for i in range(len(data)):
if data[i] == 0x00 and i != 0:
print "ASCII: %s" % APDU.get_str(data[i:-1])
except smartcard.Exceptions.CardConnectionException as ex:
print "ERROR: Couldn't connect to card in %s" % reader_list[i]
def main(args=None):
opts = optparse.OptionParser()
opts.add_option("-r", "--reader", action="store", type="int",
dest="reader", default= -1,
help="Reader number from --list or -1 for all.")
opts.add_option("-R", "--listreaders", action="store_true",
dest="listreaders", default=False,
help="List Available Readers")
opts.add_option("-E", "--encrypt", action="store_true",
dest="encrypt", default=False,
help="Do a public key encryption.")
opts.add_option("-D", "--decrypt", action="store_true",
dest="decrypt", default=False,
help="SIGN/DECRYPT using the smartcard.")
opts.add_option("-S", "--signd", action="store_true",
dest="sign", default=False,
help="SIGN/DECRYPT using the smartcard.")
opts.add_option("-d", "--debug", action="store_true",
dest="debug", default=False,
help="Enable DEBUG")
opts.add_option("-x", "--certs", action="store", type="string",
dest="savecerts", default=None,
help="Extract all of the certificates to specified directory.")
opts.add_option("-i", "--input", action="store", type="string",
dest="input", default=None,
help="Input file.")
opts.add_option("-o", "--output", action="store", type="string",
dest="output", default=None,
help="Output file.")
opts.add_option("-k", "--pubkey", action="store", type="string",
dest="pubkey", default=None,
help="Public key to use for crytographic operations.")
opts.add_option("-c", "--cert", action="store", type="string",
dest="cert", default=None,
help="Certificate to use for SIGN/DECRYPT command. %s" % CAC_KEYS)
opts.add_option("-p", "--pin", action="store", type="string",
dest="pin", default=None,
help="PIN for the CAC card. (WARNING: 3 failed attempts will lock the card.)")
(options, positionals) = opts.parse_args(args)
# List our readers
reader_list = readers()
if options.listreaders:
print "Available readers: "
for i in range(len(reader_list)):
print " %d: %s" % (i, reader_list[i])
return
# Set our logging level
log_level = logging.ERROR
if options.debug:
log_level = logging.DEBUG
for i in range(len(reader_list)):
if options.reader == i or options.reader < 0:
try:
print "Using: %s" % reader_list[i]
connection = reader_list[i].createConnection()
connection.connect()
card = CAC(connection, log_level=log_level)
# Enter the PIN to use for authorized APDUs
PIN = [0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37]
if options.pin is not None:
PIN = []
for a in range(len(options.pin)):
PIN.append(ord(options.pin[a]))
# What function are we performing?
if options.savecerts is not None:
extract_certs(card, options.savecerts)
# Encrypt a file using a public key?
if options.encrypt:
# Check params
if options.input is None:
print "ERROR: No input file given."
opts.print_usage()
sys.exit()
if options.pubkey is None:
print "ERROR: No public key file given."
opts.print_usage()
sys.exit()
if options.output is None:
print "ERROR: No output file given."
opts.print_usage()
sys.exit()
# Use openssl
call(["openssl", "pkeyutl", "-encrypt",
"-in", options.input,
"-pubin",
"-inkey", options.pubkey,
"-out", options.output])
print "Encrypted %s using %s -> %s." % (options.input,
options.pubkey,
options.output)
if options.decrypt or options.sign:
# Check params
if options.input is None:
print "ERROR: No input file given."
opts.print_usage()
sys.exit()
if options.cert is None:
print "ERROR: No CAC certificate selected."
opts.print_usage()
sys.exit()
if options.output is None:
print "ERROR: No output file given."
opts.print_usage()
sys.exit()
if options.cert not in CAC_KEYS:
print "ERROR: not valid key selected."
opts.print_usage()
sys.exit()
if options.pin is None or len(PIN) < 4:
print "ERROR: No PIN given to authenticate to card."
opts.print_usage()
sys.exit()
# VERIFY PIN
logger.info("Verfying PIN...")
data, sw1, sw2 = card.apdu_verify_pin(PIN, 0x00)
# Select CAC Applet
logger.info("Selecting CAC Applet...")
card.apdu_select_application(APDU.APPLET.DOD_CAC)
# Select appropriate key
logger.info("Selecting appropriate key...")
cur_key = CAC_APPLET_OBJECTS.__dict__[options.cert]
card.apdu_select_object(cur_key)
# Read input
sign_data = HELPER.read_binary(options.input)
data, sw1, sw2 = card.apdu_sign_decrypt(sign_data)
HELPER.write_binary(data, options.output)
print "Decrypted %s -> %s." % (options.input, options.output)
for i in range(len(data)):
if data[i] == 0x00 and i != 0:
print "ASCII: %s" % APDU.get_str(data[i:-1])
except smartcard.Exceptions.CardConnectionException as ex:
print "ERROR: Couldn't connect to card in %s" % reader_list[i]