From 16aa0b8f339a03973307a2f2267113a963bf3344 Mon Sep 17 00:00:00 2001 From: Adam Velebil Date: Mon, 20 Jan 2025 17:18:59 +0100 Subject: [PATCH] more replaceKvn updates --- .../smartcard/scp/SecurityDomainSession.java | 28 +++++++++++++------ 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/core/src/main/java/com/yubico/yubikit/core/smartcard/scp/SecurityDomainSession.java b/core/src/main/java/com/yubico/yubikit/core/smartcard/scp/SecurityDomainSession.java index f2ad6e68..a61223e7 100644 --- a/core/src/main/java/com/yubico/yubikit/core/smartcard/scp/SecurityDomainSession.java +++ b/core/src/main/java/com/yubico/yubikit/core/smartcard/scp/SecurityDomainSession.java @@ -336,9 +336,12 @@ public void deleteKey(KeyRef keyRef, boolean deleteLast) throws ApduException, I * *

Requires off-card entity verification. * + *

If the new key is replacing an existing key with different KVN, the key being replaced can + * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with + * that KVN will be deleted. + * * @param keyRef the KID-KVN pair to assign the new key - * @param replaceKvn if 0x00, creates key with KVN from keyRef; if non-zero, replaces key with - * KVN=replaceKvn + * @param replaceKvn if non-zero replace existing key * @return the public key from the generated key pair */ public PublicKeyValues.Ec generateEcKey(KeyRef keyRef, int replaceKvn) @@ -365,10 +368,13 @@ public PublicKeyValues.Ec generateEcKey(KeyRef keyRef, int replaceKvn) * *

Requires off-card entity verification. * + *

If the new key is replacing an existing key with different KVN, the key being replaced can + * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with + * that KVN will be deleted. + * * @param keyRef the KID-KVN pair to assign the new key set, KID must be 1 * @param keys the key material to import - * @param replaceKvn if 0x00, creates key with KVN from keyRef; if non-zero, replaces key with - * KVN=replaceKvn + * @param replaceKvn if non-zero replace existing key */ public void putKey(KeyRef keyRef, StaticKeys keys, int replaceKvn) throws ApduException, IOException, BadResponseException { @@ -412,10 +418,13 @@ public void putKey(KeyRef keyRef, StaticKeys keys, int replaceKvn) * *

Requires off-card entity verification. * + *

If the new key is replacing an existing key with different KVN, the key being replaced can + * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with + * that KVN will be deleted. + * * @param keyRef the KID-KVN pair to assign the new secret key, KID must be 0x11, 0x13, or 0x15 * @param secretKey a private EC key used to authenticate the SD - * @param replaceKvn if 0x00, creates key with KVN from keyRef; if non-zero, replaces key with - * KVN=replaceKvn + * @param replaceKvn if non-zero replace existing key */ public void putKey(KeyRef keyRef, PrivateKeyValues secretKey, int replaceKvn) throws ApduException, IOException, BadResponseException { @@ -457,10 +466,13 @@ public void putKey(KeyRef keyRef, PrivateKeyValues secretKey, int replaceKvn) * *

Requires off-card entity verification. * + *

If the new key is replacing an existing key with different KVN, the key being replaced can + * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with + * that KVN will be deleted. + * * @param keyRef the KID-KVN pair to assign the new public key * @param publicKey a public EC key used as CA to authenticate the off-card entity - * @param replaceKvn if 0x00, creates key with KVN from keyRef; if non-zero, replaces key with - * KVN=replaceKvn + * @param replaceKvn if non-zero replace existing key */ public void putKey(KeyRef keyRef, PublicKeyValues publicKey, int replaceKvn) throws ApduException, IOException, BadResponseException {