User Manual Blockchain Security2Go
User Manual:
Open the PDF directly: View PDF .
Page Count: 31
Download | |
Open PDF In Browser | View PDF |
User Manual Blockchain Security 2Go Starter Kit www.infineon.com User Manual Blockchain Security 2Go Starter Kit Introduction User Manual Blockchain Security 2Go Starter Kit About this document Intended audience The target readers of this document are Blockchain developers that want to develop new applications based on hardware-based security. When reading this document, you should have the Blockchain Security 2Go starter kit, and a basic technical understanding of Blockchain technology. DISCLAIMER The Blockchain Security 2Go starter kit is sold via distribution. Should any claims arise from the purchase of the starter kit, such claims are to be made with the immediate seller of the starter kit. Infineon disclaims all warranties to any indirect purchaser. INFINEON DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. Infineon is also not liable or responsible for any losses, claims or damages arising from or as a result of intentional misconduct or gross negligence of purchasers, indirect purchasers or third parties. Infineon highly recommends the user to take appropriate steps against the loss of the private key, whereby loss includes theft, damage or any other event that could impair the user’s ability to use the key. Please see below the section as to creation of backup. User Manual Blockchain Security 2Go Starter Kit 1 User Manual Blockchain Security 2Go Starter Kit Introduction Table of contents 1 1.1 Introduction .......................................................................................................................... 3 Basic Command Overview ...................................................................................................................... 4 2 2.1 2.2 2.3 How to Integrate the Starter Kit in Blockchain Applications ........................................................ 5 Supported Blockchains ........................................................................................................................... 6 User Credentials Creation ....................................................................................................................... 6 Transaction Signing ................................................................................................................................ 7 3 How to Use the Starter Kit ....................................................................................................... 9 3.1 Key Management ..................................................................................................................................... 9 3.2 Creation of Backups .............................................................................................................................. 10 3.3 PIN Authentication ................................................................................................................................ 10 3.3.1 PIN commands ................................................................................................................................. 11 3.3.2 PIN Authentication Procedure ......................................................................................................... 11 3.4 Expiring Operations............................................................................................................................... 12 3.5 Contactless Communication Interface ................................................................................................. 13 4 API....................................................................................................................................... 15 4.1 APDUs .................................................................................................................................................... 15 4.2 Error Values ........................................................................................................................................... 16 4.3 Command Details .................................................................................................................................. 17 4.3.1 Select Application ............................................................................................................................ 17 4.3.2 Basic Commands.............................................................................................................................. 18 4.3.2.1 GENERATE KEY ............................................................................................................................ 18 4.3.2.2 ENCRYPTED KEYIMPORT ............................................................................................................. 19 4.3.2.3 GET KEY INFO .............................................................................................................................. 20 4.3.2.4 GENERATE SIGNATURE ............................................................................................................... 21 4.3.3 PIN Commands................................................................................................................................. 23 4.3.3.1 PIN and PUK Format ................................................................................................................... 23 4.3.3.2 SET PIN ........................................................................................................................................ 23 4.3.3.3 CHANGE PIN ................................................................................................................................ 24 4.3.3.4 VERIFY PIN ................................................................................................................................... 25 4.3.3.5 UNLOCK PIN ................................................................................................................................ 26 4.4 Usage Example ...................................................................................................................................... 27 5 Abbreviations ....................................................................................................................... 28 6 References ........................................................................................................................... 29 User Manual Blockchain Security 2Go Starter Kit 2 User Manual Blockchain Security 2Go Starter Kit Introduction 1 Introduction Infineon’s Blockchain Security 2Go starter kit provides user credential protection with a security controller offering security on a high level. The starter kit is very generic and supports many different kinds of Blockchain technologies. If you are applying Blockchain technology in your system, the Blockchain Security 2Go starter kit allows you to seamlessly integrate hardware-based security. It provides a lean feature set as well as open source application examples, which enable new ideas to flourish and to generate a secured physical link from the digital to the real world. The Infineon Blockchain Security 2Go starter kit provides an evaluation environment and includes: 5 credit card sized ID1 cards based on ISO/IEC 7810 [1] having a contactless interface and a Class 1 communication antenna based on based on ISO/IEC 14443 [2]. An Infineon security controller. On-card software that supports commands for key-management, signature creation and PIN authentication Open-source software that exemplifies how to integrate the features of the Blockchain Security 2Go cards in a real-world Blockchain system (e.g. sending cryptocurrencies or integrating the cards in a smart contract for eVoting). The software is open source and is hosted on GitHub [3]. The main features that the Blockchain Security 2Go cards offer are creation and storage of up to 255 private/public key pairs for Blockchain applications, loading and storing a key that is provided by the user in an encrypted form, signature generation for signing Blockchain transactions and user authentication with PIN. Figure 1 The Blockchain Security 2Go Starter Kit To learn more about Blockchain in general we recommend the open source books from Andreas M. Antonopoulos “Mastering Bitcoin 2nd Edition - Programming the Open Blockchain”, A. M. Antonopoulos [4] and “Mastering Ethereum”, A. M. Antonopoulos, Gavin Wood [5]. User Manual Blockchain Security 2Go Starter Kit 3 User Manual Blockchain Security 2Go Starter Kit Introduction 1.1 Basic Command Overview To get a first basic overview of the basic commands that are supported by the Blockchain Security 2Go starter kit see Table 1. Chapter 4 provides more details about what the commands do and how they are structured. Table 1 Overview of the Basic Commands Command Short Description GENERATE KEY Generates and stores a new public/private keypair. ENCRYPTED KEYIMPORT Creates and stores a new public/private key pair by deriving the private key from a given seed. GET KEY INFO Provides information about a specific keypair such as the public key. GENERATE SIGNATURE Generates a signature of a given hash (32 bytes). User Manual Blockchain Security 2Go Starter Kit 4 User Manual Blockchain Security 2Go Starter Kit How to Integrate the Starter Kit in Blockchain Applications 2 How to Integrate the Starter Kit in Blockchain Applications In a Blockchain economy, there are various participants such as miner, nodes and the end users as shown in Figure 2. Basically, a Blockchain is a decentralized digital ledger that manages a continuously growing list of data points (chain of blocks). Every block in the chain is cryptographically linked to the previous block. Consequently, to change one block and remain validity, an attacker would have to change the entire chain. The ledger records all transactions that have been sent to or from different accounts. This transaction history allows users to determine the current asset value that belong to an account. All transactions are protected by a digital signature. This makes it extremely difficult to change or alter them without being detected. To create such a digital signature, a secret private key that corresponds to the public key (address) of an account is needed. When knowing the private key of a user, an attacker can do a lot of damage as it allows the creation of seemingly valid transactions. Typically, there is no third party and no possibility to alter the history of a Blockchain, there is no way to revoke such a transaction. Therefore, keys (i.e. Blockchain credentials) require strong protection level in terms of security. This can be achieved with the Blockchain Security 2Go starter kit. Figure 2 The Blockchain Security 2Go starter kit offers protection for the user credentials (keys). To link the Blockchain Security 2Go smart cards to a Blockchain, you need an interface device that handles the communication with the Blockchain (see Figure 3). This could either be an NFC-enabled smartphone, or a host device (e.g. PC, RasperryPi) connected to a contactless reader (e.g. via a PC/SC interface). User Manual Blockchain Security 2Go Starter Kit 5 User Manual Blockchain Security 2Go Starter Kit How to Integrate the Starter Kit in Blockchain Applications Blockchain Security 2Go NFC-A INTERFACE BLOCKCHAIN DEVICE Figure 3 2.1 An interface device having the capability to communicate via NFC to the card and via a network (e.g. internet) to a Blockchain creates the link between the Blockchain Security 2Go cards and the Blockchain network. Supported Blockchains The vast majority of currently existing Blockchains use Elliptic-Curve Cryptography (ECC) as an asymmetric cryptography method. Typically, the elliptic curve secp256k1 is used [6]. The Blockchain Security 2Go starter kit supports all Blockchains based on ECC using the secp256k1 curve, regardless of other underlying technologies such as the network, the form of the Blockchain (public, private), or the application. Some selected examples of supported existing Blockchains are Bitcoin, Ethereum and all ERC-20 tokens, and many more. 2.2 User Credentials Creation To create new user credentials the interface device has to first trigger a new key generation on the card which results in the card securely creating and storing a new public-private key pair. The public key is used to derive the address of the new account at which point transactions to the newly generated address and the account is ready to participate in the Blockchain User Manual Blockchain Security 2Go Starter Kit 6 User Manual Blockchain Security 2Go Starter Kit How to Integrate the Starter Kit in Blockchain Applications Blockchain Security 2Go Card Interface Device GENERATE KEY cmd Generate and store a new keypair Key handle GET KEY INFO cmd Public key Figure 4 2.3 Transform public key to blockchain address Generation of a new Blockchain address with the Blockchain Security 2Go starter kit. Note, instead of the GENERATE KEY command also the ENCRYPTED KEYIMPORT command could be used to generate a new key. Transaction Signing Typically, in Blockchain systems transactions are used to send assets (e.g. cryptocurrency) from one account to another. To demonstrate the authenticity of the sender, the transaction is signed with the senders’ private key. Other participants (i.e. nodes) on the Blockchain use the public key of the sender to verify that the transaction is authentic before adding the transaction to a new block in the Blockchain. Usually a transaction includes information such as the receiver’s public key, the amount of assets that should be transferred or arbitrary data for a smart contract. Before the transaction is signed, the transaction is hashed (e.g. SHA-256 [7]). Then, the signature of this hashed data is calculated on the card with the senders’ private key (see Figure 5). To calculate a signature with a Blockchain Security 2Go card, it has to be hashed off-card. The Blockchain Security 2Go starter kit supports all hashes that lead to 32 byte output data. User Manual Blockchain Security 2Go Starter Kit 7 User Manual Blockchain Security 2Go Starter Kit How to Integrate the Starter Kit in Blockchain Applications Interface Device Transaction HASH Function Generate Signature from Hash (GENERATE SIGNATURE cmd) Transaction Signature Figure 5 Blockchain Security 2Go Card Signature To generate a signature of a transaction, first the transaction message is hashed, then the Blockchain Security 2Go card calculates a signature of this hashed message. User Manual Blockchain Security 2Go Starter Kit 8 User Manual Blockchain Security 2Go Starter Kit How to Use the Starter Kit 3 3.1 How to Use the Starter Kit Key Management In Blockchain systems, knowing a secret private key is directly associated with the control rights for an account. Consequently, it is important to protect the private key. The Blockchain Security 2Go cards feature hardwarebased protection mechanisms to generate and store private keys in a secured way. Note: Always keep the private keys highly protected with hardware-based security, there is no export feature for the private keys. One Blockchain Security 2Go card can generate and store 255 private-public key pairs. Additionally, it is possible to import a keypair that is derived from a password (seed) that is provided by the user. This is achieved with the encrypted keyimport feature. To get the public-key of a keypair use the GET KEY INFO command. The Blockchain Security 2Go cards support on-card key generation providing highly secured private keys. This is achieved with a high entropy hardware-based random number generator. To do this use the GENERATE KEY command. The encrypted keyimport feature allows that on different Blockchain Security 2Go cards the same private key is generated. The user can provide a password (seed). From that given seed a private key is derived with the standardized key derivation function as defined in NIST SP 800-108 [8] using CMAC-AES256 as defined in NIST SP 800-35B [9].This allows that multiple cards can store the same private key. However, the private key itself is derived and stored on-card and is not known to the user. To identify the keypairs, each pair is associated with a keyhandle. An imported key always belongs to the keyhandle 0. Table 2 Overview of the keyhandles for identifying keypairs Keyhandle Number of supported Command for generation keypairs Description 1-255 255 GENERATE KEY On-card generated keypairs 0 1 ENCRYPTED KEYIMPORT Imported keypair User Manual Blockchain Security 2Go Starter Kit 9 User Manual Blockchain Security 2Go Starter Kit How to Use the Starter Kit 3.2 Creation of Backups To create a backup of a keypair use the ENCRYPTED KEYIMPORT command on different cards and provide the same seed. This will lead to the same private key that is stored on the different cards having the keyhandle 0 (see Figure 6). ENCRYPTED KEYLOAD with seed s1 0 private key pk1 0 private key pk1 0 private key pk1 1 … 1 … 1 … Figure 6 Using the ENCRYPTED KEYLOAD command with the same seed on different cards will lead to the same keypair at each card. This allows to make backups for the imported key. Attention: It is not possible to directly backup on-card generated keys that are created with the GENERATE KEY command. These keys cannot be exported or cloned. It will be necessary to use backup mechanisms at a higher level, such as generating multi-signature accounts. 3.3 PIN Authentication The authentication with PIN makes malicious misuse of a Blockchain Security 2Go card harder. Only persons that know the secret PIN value are allowed to use PIN protected functions. This offers protection of the user assets for example in case the card is lost or stolen. The PIN authentication is optional. The user can decide whether to use it or not. If no PIN is configured, all commands are allowed without a preceded PIN authentication. Once the user configures the card with a new PIN using the SET PIN command, the PIN has to be provided before executing the commands GENERATE SIGNATURE, and ENCRYPTED KEYLOAD. User Manual Blockchain Security 2Go Starter Kit 10 User Manual Blockchain Security 2Go Starter Kit How to Use the Starter Kit 3.3.1 PIN commands Below, Table 3 gives an overview of the commands that are used to manage the authentication with PIN. Chapter 4.3.3 provides more details about the PIN commands. Table 3 Overview of the PIN Commands Command Short Description SET PIN Initializes PIN authentication by setting a PIN value and returns a PUK value. CHANGE PIN Changes the current PIN value and creates a new PUK value. VERIFY PIN Activates a new PIN session, so that PIN protected commands are allowed. UNLOCK PIN Deactivates the PIN authentication when providing the valid PUK value. 3.3.2 PIN Authentication Procedure Figure 7 illustrates the overall procedure of the PIN authentication. Initially, all commands are allowed until a PIN is set via the SET PIN command. Once the PIN is set, the user has to initialize a valid PIN session with the VERIFY PIN command. If the card is in such an active PIN session, all commands are allowed until the session is invalidated. A PIN session automatically ends whenever the card is removed. Additionally, the SELECT APP command closes an active PIN session. This allows applications to invalidate a PIN session in use-cases where a card remains on a reader for a long time period. To prevent attacks where an attacker tries to guess the PIN, the number of consecutive incorrect PIN entries is limited as outlined in Table 4. Each time a wrong PIN is entered (i.e. by using the VERIFY PIN or CHANGE PIN command) a PIN retry counter is decreased. Once the counter indicates that the maximal number of wrong retries is reached, the PIN is locked. Then, the VERIFY PIN and CHANGE PIN commands are not allowed anymore. Consequently, it is not possible to activate a new PIN session and use PIN protected commands. To unlock the card use the UNLOCK PIN command and give the valid PUK value. This deactivates the PIN feature and as long as no new PIN is set with the SET PIN command. Each time a new PIN is configured (i.e. with the SET PIN or CHANGE PIN commands), a new PUK value is generated and returned. This PUK code has to be remembered for the case that the PIN has been entered wrong too many times. If the PUK has been entered wrong too many times, the card is irreversibly locked. Attention: It is important to guide the user to carefully backup the PUK value when setting a PIN. When losing the PUK value it is not anymore possible to use a locked card. Table 4 Maximal number of wrong PIN and PUK entries Allowed retries PIN 3 PUK 6 User Manual Blockchain Security 2Go Starter Kit 11 User Manual Blockchain Security 2Go Starter Kit How to Use the Starter Kit Card power up PIN inactive yes All commands are allowed without PIN Has PIN been set before? SET PIN UNLOCK PIN no inactive PIN session PIN-protected commands are not allowed VERIFY PIN SELECT APP active PIN session All commands are allowed Figure 7 3.4 Overview of the PIN States Expiring Operations To enhance the security of the Blockchain Security 2Go card, specific operations have a usage limitation. This means that after calling these operations for a certain amount of times, the operations are blocked. The number of signatures that can be generated with a keypair is limited as outlined in Table 5. The global signature counter and the key-specific signature counters indicate the remaining number of allowed signature operations. Every signature key usage decrements these counters. If a key-specific counter has expired it is not possible to use the effected private key anymore. If the global signature counter expires, no private key can be used from that point forward. The GENERATE SIGNATURE command as well as the GET KEY INFO command return these counters in their responses. This allows users to keep track of the current usage counters and warn the end user if as the counter approaches zero. Attention: Once one of the signature counters reaches zero, it is not possible to use the affected keys from that point forward. Thus it is important to provide an appropriate mechanism to keep the assets that are associated with the keys and for example, to transfer the assets to another account. Table 5 Expiring signature generations Expiring operation Limitation counter Maximal value Signatures that can be generated with one card Global signature counter 1 000 000 Signatures with each on-card generated key (keyhandles between 1 and 255) Signature counter 100 000 Signatures with the imported key (key handle 0) 10 000 Additionally, the number of encrypted keyimports is limited as shown in Table 6. Table 6 Expiring ENCRYPTED KEYIMPORT calls Expiring operation Maximal value Number of ENCRYPTED KEYIMPORT command calls 255 User Manual Blockchain Security 2Go Starter Kit 12 User Manual Blockchain Security 2Go Starter Kit How to Use the Starter Kit 3.5 Contactless Communication Interface The Blockchain Security 2Go starter kit uses the contactless interface and near-field communication (NFC- Type A) to interact with a reader device. NFC is characterized as a short-range communication technology that allows the contactless communication between a NFC reader and a passive (no battery) device such as a Blockchain Security 2go card. Beside standard NFC reader devices which are connected typically via USB to a PC, nowadays the majority of smartphones include NFC functionality. The Blockchain Security 2Go starter kit contactless communication is based on ISO/IEC 14443 [2]. The main components of the cards are: The plastic carrier with the ID-1 format specified in ISO/IEC 7810 [1]. ID-1 is commonly used for standard payment cards or a driving license and has the dimensions of 85.60 × 53.98 mm and rounded corners with a radius of 2.88–3.48 mm. The Infineon security controller. The Class 1 communication antenna based on ISO/IEC 14443-1 [10] which is connected to the chip package. The ISO Class 1 shape classification is a square with the outline dimensions of 64-81 mm and 34-49 mm Note: The Blockchain Security 2Go card dimension and antenna arrangement represents just one of the many form factors that are supported by Infineons’ security controller. Certainly other form factors which are using the contactless interfaces would be feasible too. Examples for innovative contactless chip integrations are provided by the company NFCRing [11] and by Infineon’s SECORA™ Pay W portfolio [12]. To establish a robust contactless interface channel position the card antenna above the reader device. As illustrated in Figure 8, the effective area of the reader antenna as well as the area of the card antenna should overlap. Thus the magnetic field, generated by the reader antenna, is able to flow through the card antenna. Figure 8 Positioning of the Blockchain Security 2Go card on a reader. The class1 antenna of the card should be positioned in a way that the electromagnetic field, generated by the reader antenna flows through the inner area of the card antenna. User Manual Blockchain Security 2Go Starter Kit 13 User Manual Blockchain Security 2Go Starter Kit How to Use the Starter Kit In contrast to a standard NFC USB reader, the reader antenna of mobile devices is not always located around the center. If you have troubles when communicating with the Blockchain Security 2Go cards, investigate the positioning of the card in combination with the used NFC phone. Figure 9 shows the backside of a Google Pixel smartphone. In this case the NFC antenna is located in the upper area of the smartphone. For more details check out the hardware diagram of the Pixel smartphone [13]. Figure 9 Ideal inductively coupled Blockchain Security 2Go Card with a Google Pixel smartphone. The glossy area of the phone indicates the NFC detection area. User Manual Blockchain Security 2Go Starter Kit 14 User Manual Blockchain Security 2Go Starter Kit API 4 API 4.1 APDUs Application Protocol Data Units (APDUs) represent the standard communication messaging format between a smart card and an application device and is defined in part 4 of the ISO 7816 standard [14]. There are two types of APDUS: Command APDUs (to send commands to a smart card) (see Table 7), and Response APDUs (to receive answers from a smart card) (see Table 8). The communication is always initialized from the application device. Table 7 Command APDU header body Identifier Name Length (in bytes) Meaning CLA Class 1 Class of the instruction INS Instruction 1 Instruction P1 Parameter 1 1 Parameter for the command P2 Parameter 2 1 Parameter for the command Lc Length command 0 to 1 Length of the command data Data Data Lc Command data Le Length expected 0 to 1 Length of the expected answer Table 8 Response APDU Identifier Length (in bytes) Meaning Data Nr (at most Ne) Response data field SW1 1 Status word SW2 1 Status word The Lc field gives the length of the data in the command. If there is no data, the length byte is absent. The Le parameter in the command APDU denotes the number of expected bytes in the response data field as follows: If Le is absent, then Ne is zero. A short Le field consists of one byte with any value. o From 0x01 to 0xFF, the byte encodes Ne from one to 255. o If the byte is set to 0x00, then Ne is 256. Here, we use 0x00 to indicate that it is not required to explicitly limit the length of the expected answer. An extended Le field consists of either three or two bytes (for more details see [15]). The Blockchain Security2 go cards do not require to use extended Le fields. User Manual Blockchain Security 2Go Starter Kit 15 User Manual Blockchain Security 2Go Starter Kit API 4.2 Error Values Table 9 outlines the most common errors regarding the communication and APDU formatting (for more details see ISO 7816-3 [15] and ISO 7816-4 [16]). Command-specific errors are listed in the corresponding command description below. Table 9 Generic ISO 7816 errors Error Code Description 90 00 H Success 64 XX H Operation failed (further information in XX) 67 00 H Wrong length 6A 86 H Incorrect parameters P1/P2 6D 00 H Instruction code is not supported or invalid or application has not selected with the SELECT APP command 6E 00 H Class not supported 6F 00 H Unknown error User Manual Blockchain Security 2Go Starter Kit 16 User Manual Blockchain Security 2Go Starter Kit API 4.3 4.3.1 Command Details Select Application The SELECT APP command must be sent as a first command to initialize the current application session. Attention: Before successfully sending the SELECT APP command, no other commands will work. Additionally, it provides information about the status of the card: The PIN activation status indicates whether a PIN has been set or not. The card ID is a unique identifier for each card and can be used to identify a specific card. The Application Identifier (AID) for the Blockchain Security 2Go starter kit is D2 76 00 00 04 15 02 00 01 00 00 00 01 Table 10 SELECT APP Command Code Value CLA 00H INS A4H SELECT APP P1 04H Select by DF name P2 00H No information given Lc 0DH Length of data field Data AID (13 bytes) AID value of the Blockchain Security 2Go starter kit Le 12H Length of the expected answer Table 11 Meaning SELECT APP Response Data Length (in bytes) Meaning PIN activation status 1 Indication whether PIN is active (1) or inactive (0) ID 10 Card ID VersionString 7 Information about the current version (ASCII encoded) 90 00 2 Success Table 12 SELECT APP Error Codes Data Meaning 6A 82H Selected Application not found – wrong AID User Manual Blockchain Security 2Go Starter Kit 17 User Manual Blockchain Security 2Go Starter Kit API 4.3.2 Basic Commands 4.3.2.1 GENERATE KEY Create new ECC private/public keypair. Note: Whenever a new key is generation is triggered a new keyhandle is created. However, if there is a communication error during key generation, a keyhandle might be corrupted and cannot be used afterwards. This means that whenever a user tries to use such a corrupted keypair (i.e. with the GET KEY INFO or GENERATE SIGNATURE command) the command result in the error 0x6A88. Table 13 GENERATE KEY Command Code Value CLA 00H INS 02H GENERATE KEY Command P1 00H RFU P2 00H RFU Le 01H Expected length of answer Table 14 Meaning GENERATE KEY Response Data Meaning 01H …FFH Key handle between 0x01 and 0xFF 90 00 Success Table 15 GENERATE KEY Error Codes Data Meaning 6A 84H Key storage is full (not enough memory) User Manual Blockchain Security 2Go Starter Kit 18 User Manual Blockchain Security 2Go Starter Kit API 4.3.2.2 ENCRYPTED KEYIMPORT Create a new key pair by deriving the private key from a given seed. The encrypted key is associated with the key handle 0. The key derivation operates according to NIST SP800-108 using CMAC-AES256 as defined in NIST SP 800-38B is used. The generated private key based on the keyimport seed depends on a secret value that is already stored in the card. Attention: Note, if a key has already been imported, again calling this command leads to overwriting the existing imported key. Attention: The number of key import calls is limited. When exceeding this number, no new key will be generated. However, the existing key that has been generated by the last keyimport can still be used. Table 16 ENCRYPTED KEYIMPORT Command Code Value CLA 00H INS 20H ENCRYPTED KEYIMPORT P1 00H RFU P2 00H RFU Lc 16H Length of seed Data Seed (16 bytes) User seed for deriving a key pair Table 17 ENCRYPTED KEYIMPORT Response Data Meaning 90 00H Success Table 18 Meaning ENCRYPTED KEYIMPORT Error Codes Data Meaning 69 82H Maximal number of key import calls exceeded (Security status not satisfied) 69 85H Not authenticated with PIN (Condition of use not satisfied) User Manual Blockchain Security 2Go Starter Kit 19 User Manual Blockchain Security 2Go Starter Kit API 4.3.2.3 GET KEY INFO Returns the public key of a given key handle. Additionally, the current signature counter for the given key and the global signature counter are returned. Table 19 GET KEY INFO Command Code Value CLA 00H INS 16H GET KEY INFO P1 Key handle (1 byte) Key handle between 0 and 255 P2 00H RFU Le 00H Table 20 Meaning GET KEY INFO Response Data Length (in bytes) Meaning Global signature counter 4 Remaining signatures of the card (unsigned, MSB first) Signature counter 4 Remaining signatures for the given key (unsigned, MSB first) Public-key 65 Sec1 encoded uncompressed public key [17] 04 || x-coordinate (32 bytes) || y-coordinate (32 bytes) 90 00H 2 Success Table 21 GET KEY INFO Error Codes Data Meaning 6A 88H Given key handle is not available (Referenced data not found) User Manual Blockchain Security 2Go Starter Kit 20 User Manual Blockchain Security 2Go Starter Kit API 4.3.2.4 GENERATE SIGNATURE Signs a given block of data using the stored private key that is associated with the given key handle. Note: The signature will always be returned in canonical form. Table 22 GENERATE SIGNATURE Command Code Value CLA 00H INS 18H GENERATE SIGNATURE P1 Key handle (1 byte) Key that should be used to generate the signature P2 00H RFU Lc 20H Length of data Data Data to sign (32 bytes) Data that should be signed Le 00H Table 23 Meaning GENERATE SIGNATURE Response Data Length (in bytes) Meaning Global signature counter 4 Remaining signatures of the card (unsigned, MSB first) Signature counter 4 Remaining signatures for the given key (unsigned, MSB first) Signature Variable ASN.1 DER [6] encoded signature (see below) 90 00H Success Table 24 ASN.1 DER Signature Encoding Details (for more information see RFC 3279 [6]) 30 lt 02 lr r0 r1 ... rlr-1 02 ls s0 s1 ... sls-1 DER TAG Signature (0x30) Total length of signature DER TAG component (0x02) Length or R (bytes) R component DER TAG component Lenght of S (bytes) S component User Manual Blockchain Security 2Go Starter Kit 21 User Manual Blockchain Security 2Go Starter Kit API Table 25 GENERATE SIGNATURE Error Codes Data Meaning 69 82H Global or key-specific signature counter exceeded (Security status not satisfied) 69 85H Not authenticated with PIN (Condition of use not satisfied) 6A 88H Key with given key handle is not available (Referenced data not found) User Manual Blockchain Security 2Go Starter Kit 22 User Manual Blockchain Security 2Go Starter Kit API 4.3.3 4.3.3.1 PIN Commands PIN and PUK Format No special format for the PIN is required as the given binary value is used as is. Minimal PIN length: 4 bytes Maximal PIN length: 62 bytes The PUK is an 8 bytes value. 4.3.3.2 SET PIN Initial set up of the PIN. Table 26 SET PIN Command Code Value CLA 00H INS 40H SET PIN P1 00H RFU P2 00H RFU Lc Lpin Length of the PIN in bytes (between 4 and 62 bytes) Data PIN value (Lpin bytes) PIN value of length Lpin (format see below) Le 08H Expected length of answer Table 27 Meaning SET PIN Response Data Length (in bytes) Meaning PUK 8 PUK value 90 00H 2 Success Table 28 SET PIN Error Codes Data Meaning 67 00H PIN format is not valid (Wrong length) 69 85H PIN has already been set (Condition of use not satisfied) User Manual Blockchain Security 2Go Starter Kit 23 User Manual Blockchain Security 2Go Starter Kit API 4.3.3.3 CHANGE PIN Change current PIN value. Table 29 CHANGE PIN Command Code Value CLA 00 H INS 42 H CHANGE PIN P1 00 H RFU P2 00 H RFU Lc LcurrentPIN + LnewPIN + 2 Length of the data Data LcurrPIN (1 byte) Length of the current PIN value in bytes PINcurr (between 4 and 62 bytes) Current PIN value LnewPIN (1 byte) Length of the new PIN value in bytes PINnew (between 4 and 62 bytes) New PIN value 08 H Expected length of answer Le Table 30 CHANGE PIN Response Data Meaning PUK (8 byte) PUK value 90 00H Success Table 31 Meaning CHANGE PIN Error Codes Data Meaning 63 CXH PIN is not valid, X retries remaining (Authentication failed) 69 83H Authentication failed, PIN blocked (Authentication method blocked) 69 85H PIN has not been set (Condition of use not satisfied) 6A 80H Format of the new PIN is not valid (min / max length), or Format of the data field not valid (i.e. lengths do not match) (Incorrect parameter in the command data field) User Manual Blockchain Security 2Go Starter Kit 24 User Manual Blockchain Security 2Go Starter Kit API 4.3.3.4 VERIFY PIN Activate a new PIN session, so that commands requiring authentication are allowed. Table 32 VERIFY PIN Command Code Value CLA 00H INS 44H VERIFY PIN P1 00H RFU P2 00H RFU Lc Lpin Length of the given PIN Data PIN value (Lpin bytes) Given PIN value Table 33 VERIFY PIN Response Data Meaning 90 00H Success Table 34 Meaning VERIFY PIN Error Codes Data Meaning 63 CXH PIN is not valid, X retries remaining (Authentication failed) 69 83H Authentication failed, PIN blocked (Authentication method blocked) 69 85H PIN has not been set (Condition of use not satisfied) User Manual Blockchain Security 2Go Starter Kit 25 User Manual Blockchain Security 2Go Starter Kit API 4.3.3.5 UNLOCK PIN Deactivates PIN authentication. This could be desired if user authentication has been set with SET PIN, but is not wanted any more, or the card blocks the authentication as a result of too many wrong PIN entries. Table 35 UNLOCK PIN Command Code Value Meaning CLA 00H Base Logical channel INS 46H UNLOCK PIN P1 00H RFU P2 00H RFU Lc 08H Length of PUK value in bytes Data PUK value (8 byte) PUK value Table 36 UNLOCK PIN Response Data Meaning 90 00H Success Table 37 UNLOCK PIN Error Codes Data Meaning 63 CXH PUK is not valid, X retries remaining (Authentication failed) 69 83H Authentication failed, PUK locked (Authentication method blocked) 69 85H PIN has not been set (Condition of use not satisfied) User Manual Blockchain Security 2Go Starter Kit 26 User Manual Blockchain Security 2Go Starter Kit API 4.4 Usage Example Here is an example of how a sequence of commands could look like. Message Meaning 00A404000DD276000004150200010000000100 SELECT command 0002095F85000100AD00FE76312E302E30 9000 Pin activation status: “PIN inactive”, Card ID: “02095F85000100AD00FE” Version: “v1.0.0” 0002000000 GENERATE KEY 01 9000 Key handle: ”01” 00180100 20 A1A37394D261B648E7E257F3A6 04E328FD622910086C142A18480A027E9FF45C 00 GENERATE SIGNATURE, key handle: ”01”, data: “A1A37394D261B648E7E257F3A604E328FD6 22910086C142A18480A027E9FF45C” 000F423F 0001869F 304402207E191F6B8DB9069327 B4544E4E82B601BE337A45ABDB1D0114B3C2D5BEF6 8D82022010F8A9AD6B42144D85AF0C13C6F47A9D86 63A80E54743DAB1B8DF6D958CD79FD 9000 Global signature counter: “999999”, Signature counter for key 1:” 99999”, Signature: “304402207E191F6B8DB9069327B4544E4E8 2B601BE337A45ABDB1D0114B3C2D5BEF68D8 2022010F8A9AD6B42144D85AF0C13C6F47A9 D8663A80E54743DAB1B8DF6D958CD79FD” 00400000 04 12345678 00 SET PIN, Pin Value: “1234568” 56D1CDF483E9393A 9000 PUK: “56D1CDF483E9393A” 00180100 20 B51C9987EEB2A8B04B82F3914D 478834BBACABCD0451FC2A0BC617F17614A3A4 00 GENERATE SIGNATURE, key handle: ”01”, data: “B51C9987EEB2A8B04B82F3914D478834BBA CABCD0451FC2A0BC617F17614A3A4” 6985 Error (Conditions of use not satisfied) – since no PIN session is active 00440000 04 12345678 00 VERIFY PIN, Pin value: “12345678” 9000 Success 00180100 20 B51C9987EEB2A8B04B82F3914D 478834BBACABCD0451FC2A0BC617F17614A3A4 00 GENERATE SIGNATURE, key handle: ”01”, data: “B51C9987EEB2A8B04B82F3914D478834BBA CABCD0451FC2A0BC617F17614A3A4” 000F423E 0001869E 304402207FC7B1DD5027B09D52 DAEBF936430813411C8E38C11C83FD7FB4CE84BD49 967F02203F6E01487DEF0B3116B687C9A619A05EAA 4C664B772D55B5546E207797DFAF36 9000 Global signature counter: 999998, Signature counter for key 1: 99998, Signature: “304402207FC7B1DD5027B09D52 DAEBF936430813411C8E38C11C83FD7FB4CE 84BD49967F02203F6E01487DEF0B3116B687 C9A619A05EAA4C664B772D55B5546E207797 DFAF36” User Manual Blockchain Security 2Go Starter Kit 27 User Manual Blockchain Security 2Go Starter Kit Abbreviations 5 Table 38 Abbreviations Abbreviations Abbreviation Meaning AID Application Identifier APDU Application Protocol Data Unit CLA Class DER Distinguished Encoding Rules ECC Elliptic-Curve Cryptography ERC Ethereum Request for Comments INS Instruction ISO International Organization for Standardization NIST SP National Institute of Standards & Technology Special Publication PC/SC Personal Computer/Smart Card PIN Personal Identification Number PUK Personal Unlocking Key RFU Reserved for Future Use SEC Standards for Efficient Cryptography TRNG True Random Number Generator User Manual Blockchain Security 2Go Starter Kit 28 User Manual Blockchain Security 2Go Starter Kit References 6 References [1] "ISO/IEC 7810 Identification cards - Physical characteristics," 2003. [Online]. Available: https://www.iso.org/standard/31432.html. [2] "ISO/IEC 14443-3 Cards and security devices for personal identification - Contactless proximity objects Part 3: Initialization and anticollision," 2016. [Online]. Available: https://www.iso.org/standard/70171.html. [3] Infineon Technologies AG, "Blockchain Security 2Go GitHub," [Online]. Available: https://github.com/Infineon/blockchain. [4] A. M. Antonopoulos, " Mastering Bitcoin 2nd Edition - Programming the Open Blockchain," [Online]. Available: https://github.com/bitcoinbook/bitcoinbook. [5] G. W. Andreas M. Antonopoulos, "Mastering Ethereum," [Online]. Available: https://github.com/ethereumbook/ethereumbook. [6] The Internet Society, "RFC 3279 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure," 2002. [Online]. Available: https://tools.ietf.org/html/rfc3279 . [7] NIST, "FIPS 180-4 Secure Hash Standard (SHS)," [Online]. Available: https://csrc.nist.gov/publications/detail/fips/180/4/final. [8] "NIST SP 800-108 Recommendation for Key Derivation Using Pseudorandom Functions," 2009. [Online]. Available: https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=900147. [9] "NIST SP 800-35B Guide to Information Technology Security Services," 2003. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-35/final. [10] "ISO/IEC 14443-1 Cards and security devices for personal identification - Contactless proximity objects Part1: Physical characteristics," 2018. [Online]. Available: https://www.iso.org/standard/73596.html. [11] NFCRing, "NFCRing Website," [Online]. Available: https://nfcring.com/. [12] Infineon Technologies AG, "SECORA™ Pay W," [Online]. Available: https://www.infineon.com/cms/de/about-infineon/press/market-news/2018/INFDSS201811-020.html . [13] Google, "Pixel - Hardwarediagram," [Online]. Available: https://support.google.com/pixelphone/answer/7157629?hl=en. [14] "ISO/IEC 7816 “Identification cards – Integrated circuit cards," [Online]. Available: https://www.iso.org/standard/38770.html. [15] "ISO/IEC 7816-3 Identification cards – Integrated circuit cards Part 3," 2006. [Online]. Available: https://www.iso.org/standard/38770.html. [16] "ISO/IEC 7816-4 Identification cards – Integrated circuit cards Part 4," 2013. [Online]. Available: https://www.iso.org/standard/54550.html. [17] C. Research, "SEC 1: Elliptic Curve Cryptography," 2000. [Online]. Available: http://www.secg.org/SEC1-Ver1.0.pdf. [18] "ISO/IEC 15408 Evaluation Criteria for IT security," 2009. [Online]. Available: https://www.iso.org/standard/50341.html. [19] "ISO/IEC 14443-2 Identification cards - Contactless integrated circuit cards - Proximity cards - Part 2: Radio frequency power and signal interface," 2016. [Online]. Available: https://www.iso.org/standard/66288.html. [20] "ISO/IEC 14443-4 Cards and security devices for personal identification - Contactless proximity objects -," 2018. [Online]. Available: https://www.iso.org/standard/73599.html. [21] Certicom Research, "SEC 2: Recommended Elliptic Curve Paramters," 2010. [Online]. Available: http://www.secg.org/sec2-v2.pdf. User Manual Blockchain Security 2Go Starter Kit 29 Trademarks All referenced product or service names and trademarks are the property of their respective owners. Edition 2019-03-10 Published by Infineon Technologies AG 81726 Munich, Germany © 2019 Infineon Technologies AG. All Rights Reserved. Do you have a question about this document? Email: erratum@infineon.com Document reference IMPORTANT NOTICE The information given in this document shall in no event be regarded as a guarantee of conditions or characteristics (“Beschaffenheitsgarantie”) . With respect to any examples, hints or any typical values stated herein and/or any information regarding the application of the product, Infineon Technologies hereby disclaims any and all warranties and liabilities of any kind, including without limitation warranties of non-infringement of intellectual property rights of any third party. In addition, any information given in this document is subject to customer’s compliance with its obligations stated in this document and any applicable legal requirements, norms and standards concerning customer’s products and any use of the product of Infineon Technologies in customer’s applications. The data contained in this document is exclusively intended for technically trained staff. It is the responsibility of customer’s technical departments to evaluate the suitability of the product for the intended application and the completeness of the product information given in this document with respect to such application. For further information on the product, technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies office (www.infineon.com). WARNINGS Due to technical requirements products may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies office. Except as otherwise explicitly approved by Infineon Technologies in a written document signed by authorized representatives of Infineon Technologies, Infineon Technologies’ products may not be used in any applications where a failure of the product or any consequences of the use thereof can reasonably be expected to result in personal injury.
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : No Page Count : 31 Language : de-AT Tagged PDF : Yes Title : User Manual Author : Hoeller Andrea (IFAT DCGR DSS CLI) Subject : Blockchain Security 2Go Starter Kit Keywords : Infineon Creator : Microsoft® Word 2016 Create Date : 2019:03:22 08:49:15+01:00 Modify Date : 2019:03:22 08:49:15+01:00 Producer : Microsoft® Word 2016EXIF Metadata provided by EXIF.tools