Warning !

This sample must be used with a SWYS device to operate.

As soon the sample starts, the end-user must enter the PIN on the PAD of SWYS device.

A private key is required on the smartcard to operate the ETC_SignEx function

First initialize the PKCS#11 layer clicking the button

At last, before to close this page, mind to release the PKCS#11 library clicking the button below

ETC_DeviceIOCTL

Sends proprietary commands to the reader, the smart card, the device ot the middleware.

                            
var etcDeviceIOCTLCallback = {

    success: function (status, data) {
        'use strict';
        alert(" The function succeeded with status (" + status + ") and data (" + JSON.stringify(data) "));
    },

    error: function (status) {
        'use strict';
        alert("An error occured with status code " + status);
    }
};

theObjectPKCS11.ETC_DeviceIOCTL(etcDeviceIOCTLCallback);
                            

Try it !

Click the button to invoke the function.

Use value 15 to get the device's SWYS characteristics

There is no input data required with the code 15.

 

ETC_GetDeviceCertificates

ETC_GetDeviceCertificates is a common C_FindObjects function invocation with a special attribute used to obtain the characteristics of the reader/token.
The Number parameter 'sessionHandle' is the PKCS#11 session handle.
The Number 'certificateCategory' defines the certificate type targeted by the search. As described into the PKCS11 specification for values of the CKA_CERTIFICATE_TYPE attribute, the certificate category can be: 0 = unspecified (default value), 2 = authority (CA certificates).
The callback object called when the operation finished.
The 'success' callback function returns an array of certificate object handles found into the device.


var sessionHandle = 222222,
    certificateCategory = 2, // Search for CA certificates
    callback = {

        success : function (status, data) {

            var message = "The function returned the following information (" + JSON.stringify(data) + ")";
            alert(message);
        },
        
        error : function (errorCode) {

            alert("The function failed with code (" + errorCode + ")");
        }
    };
    
theObjectPKCS11.ETC_GetDeviceCertificates(sessionHandle, certificateCategory, callback);
                                

Try it !

Click the button to invoke the function.

 

ETC_SignEx

Signs data in a single part using CKM_RSA_PKCS as signature mechanism and CKM_SHA256 as hash mechansim.

This function invokes internally the C_SignInit and ETC_SignEx functions and sends back the result.


The Number parameter 'sessionHandle' is the PKCS#11 session handle.
The Number parameter 'keyObjectHandle' object handle of the key that is used for signature.
The Array of byte parameter 'data' contains the clear-text buffer to sign shown to end-user for verification.
The Number parameter 'certificateObjectHandle' is terminal certificate object handle used for terminal signature.
The Array of byte parameter 'hidden' is the buffer to add to the signature which is not shown to the end-user for verification.
The Array of byte parameter 'hash' is the hashed data to be signed by the card.
The Boolean parameter 'signaturePKI' is set to true to use the PKI signature or false to use the OTP signature.

The success callback returns a byte array 'signatureTerminal' containing the signature provided by the terminal and a byte array 'signatureCard' containing the signature provided by the smart card.


var callback = {

        success : function (status, data) {

            // The returned 'data' object contains the properties 'signatureDevice' and 'signatureCard
            var message = "The function returned the following the signature (" + JSON.stringigy(data.buffer) + ")";
            alert(message);
        },
        error : function (errorCode) {

            alert("The function failed with code (" + errorCode + ")");
        }
    },
    sessionHandle = 22222222, // A valid session handle provided by C_OpenSession
    keyObjectHandle = 3333333, // A valid private key object handle (as provided by 'C_FindObjects' or 'C_GenerateKeyPair' functions for example)
    data = [67,111,111,108,32,116,114,97,110,115,97,99,116,105,111,110,32,116,111,32,99,111,110,102,105,114,109], // Byte array to display on the reader screen and sign
    certificateObjectHandle = 77777, // A valid device's certificate object handle (as returned by the 'C_FindObjects' or 'ETC_GetDeviceCertificate' function for example)
    hidden = [68, 101, 102, 97, 117, 108, 116, 32, 72, 105, 100, 100, 101, 110, 32, 68, 97, 116, 97], 
    hash = [48,49,48,13,6,9,96,134,72,1,101,3,4,2,1,5,0,4,32,56,48,192,134,9,194,189,215,54,240,119,18,31,183,75,16,229,220,77,26,14,197,49,205,147,100,253,210,145,117,114,24],
    signaturePKI = 1; // set the value to 'true' to generate PKI signature otherwise a OTP signature is computed
    
theObjectPKCS11.ETC_SignEx(sessionHandle, keyObjectHandle, data, certificateObjectHandle, hidden, hash, signaturePKI, callback);                                        

Try it !

Click the button to invoke the function.