Get Public Key (Pubkey)
Introduction
The Get Public Key administrative command is used to retrieve the public key associated with a specific key pair stored on the card. This command is essential for obtaining the public portion of a key pair, which can then be shared or used in various cryptographic operations, such as verifying signatures or establishing secure communications.
The key functions of this command are as follows:
- Public Key Retrieval: Allows administrators to access the public key corresponding to a private key stored on the Cryptnox card.
- Facilitates Secure Communication: By retrieving the public key, it can be distributed to other parties to enable encrypted communication or signature verification without exposing the private key.
This command is particularly useful in scenarios where the public key needs to be shared with external entities or used in applications that require public key cryptography.
Command Specifications
Get Pubkey Command
This command is used to retrieve the public key associated with a specific key pair stored on the card. This command is essential for cryptographic operations that require the public key, such as verifying digital signatures or establishing secure communications. Since the private key remains securely stored on the card, retrieving the public key allows users to share it with others without compromising security. This ensures safe key management while enabling encrypted communication and authentication processes.
The following code snippet outlines the Python object for this command:
def get_public_key(derivation: Derivation, key_type: KeyType, path: str = "m/44'/0'/0'/0/0") -> str:
return card.get_public_key(derivation,key_type,path,compressed=True,hexed=True)For example,
public_key = get_public_key(Derivation.BIP32, KeyType.SECP256K1, "m/44'/0'/0'/0/0")
print(public_key)
Application Protocol Data Unit (APDU) Components
The following table outlines the components of the Application Protocol Data Unit (APDU).
Prerequisites:
- The secure channel must be open.
- PIN or challenge-response must be validated (Except for pinless method or when clear public key read is activated. This can be also called with a clear free command).
- A key must be loaded .
Field | Description | Value |
|---|---|---|
CLA | This field specifies the class of the instruction. | 0x80 |
INS | This field specifies the particular command or operation that the smart card or secure element should execute. | 0xC2 |
P1 | First parameter of the instruction that specifies the details about the operation being requested. | Derivation options. See the table below for more information. |
P2 | First parameter of the instruction that specifies additional details about the operation being requested. | Export options. See the table below for more information. |
Data | Key data | A sequence of 32-bit integers (most significant byte first). Keep this empty if P1=0x00 or P1=0x10. |
The following table outlines the values for the P1 and P2 fields within the ADPU components based on some conditions:
| Field | Field Value | Description |
|---|---|---|
| P1 | 0x00 | Current key k1 |
| 0x01 | Derive with k1 + derive flag for source | |
| 0x10 | Current key r1 | |
| 0x11 | Derive with r1 + derive flag for source | |
| P2 | 0x00 | Read the path of this public key. |
| 0x01 | Read the public key. | |
| 0x02 | Extended public key (BIP32). Only accept P1=0 (it will otherwise return a 0x6A86 response). |
Response
The following table outlines the possible responses that you will receive:
Response Code | Description |
|---|---|
0x9000 | Success |
0x6985 |
|
0x6A80 | Path is incorrectly formed. |
0x6A86 |
|
0x6A88 |
|
0x6986 |
|
0x6983 | A pinless query is set but current path is not set in the allowed path. |
0x6700 |
|
Response data | The response data consists of a public key or path. |
Additional information
Details Around P1 And Its Usage
The P1 parameter specifies the key type and the method used to derive the desired key.
- P1= 0x00, 0x10, or 0x02: The current key will be exported without performing any derivation.
- P1= 0x01 or 0x11: The key derivation follows the path specified in the data field but does not change the card’s current key path.
- The derivation source can be set by performing and OR operation of P1 with the constants defined in the Derive Key command (bits 6-7). This enables key derivation from the master key, parent key, or current key as needed.
P1-P2 Combinations And Their Implications
-
With P1=0 (or 0x10, or 0x02) and P2=1, the card delivers the currently saved public key as output. No data shall be provided in this case, because it doesn’t require any path.
To use the card without a PIN or secure channel, the current key and path must be set, and the pinless option must be activated during a standard session (which requires a secure channel, PIN, challenge, or PUK).
Only reading the current public key (P1 = 0 or 0x10, with P2 = 1) can be done without a PIN or secure channel. No key derivation is allowed in this case.
If using the pinless path, the current path must be set to at least m/43'/60'/1581' (it must begin with this). Otherwise, the card will return error 0x6983. Again, only reading the public key (P2 = 1) is allowed without a PIN or secure channel, and key derivation is not possible. The current path and pinless option must first be activated within a standard session.
Exporting an extended public key (P2 = 2) requires explicit permission using the ExportPubKey "C5" command. By default, this capability is turned off.
-
When P2 = 2 (if allowed), the public key is provided along with additional "extended data." This follows the binary format of the extended public key (xpub) as defined in the BIP32 standard, with a few differences. The fingerprint is given as 32 bytes instead of 4, so an external RIPEMD160 computation is needed to generate the final 4-byte fingerprint (except for the master key, which is all zeros). Since this data is not in its final form or base58 encoded, there is no checksum.
An xpub can only be read after at least the third depth derivation level, following the BIP44 standard, where the first three levels are hardened. The extended public key is useful for wallets to derive account addresses outside the card, manage address changes on the host PC for each transaction, precompute multiple payment addresses, and scan the address chain efficiently.
The first 4 bytes of the xpub data can be modified "on the fly" by the host computer to match the client blockchain being used. By default, the card always sends the version bytes for Bitcoin (BTC) mainnet, and this is usually not changed even when used with other blockchains.
Updated 4 months ago