Get Pubkey
The Get Public Key administrative command is used to retrieve the public key associated with a specific key pair stored on the card. This command is essential for obtaining the public portion of a key pair, which can then be shared or used in various cryptographic operations, such as verifying signatures or establishing secure communications.
The key functions of this command are as follows:
- Public Key Retrieval: Allows administrators to access the public key corresponding to a private key stored on the Cryptnox card.
- Facilitates Secure Communication: By retrieving the public key, it can be distributed to other parties to enable encrypted communication or signature verification without exposing the private key.
This command is particularly useful in scenarios where the public key needs to be shared with external entities or used in applications that require public key cryptography.
Command Specifications
Get Pubkey Command
This command is used to retrieve the public key associated with a specific key pair stored on the card. This command is essential for cryptographic operations that require the public key, such as verifying digital signatures or establishing secure communications. Since the private key remains securely stored on the card, retrieving the public key allows users to share it with others without compromising security. This ensures safe key management while enabling encrypted communication and authentication processes.
The following code snippet outlines the Python object for this command:
def get_public_key(derivation: Derivation, key_type: KeyType, path: str = "m/44'/0'/0'/0/0") -> str:
return card.get_public_key(derivation,key_type,path,compressed=True,hexed=True)
For example,
public_key = get_public_key(Derivation.BIP32, KeyType.SECP256K1, “m/44’/0’/0’/0/0”)
print(public_key)
Application Protocol Data Unit (APDU) Components
The following table outlines the components of the Application Protocol Data Unit (APDU).
Field | Description | Value |
CLA | This field specifies the class of the instruction. | 0x80 |
INS | This field specifies the particular command or operation that the smart card or secure element should execute. | 0xC2 |
P1 | First parameter of the instruction that specifies the details about the operation being requested. | Derivation options. See the table below for more information. |
P2 | First parameter of the instruction that specifies additional details about the operation being requested. | Export options. See the table below for more information. |
Data | Key data | A sequence of 32-bit integers (most significant byte first). Keep this empty if P1=0x00 or P1=0x10. |
The following table outlines the values for the P1 and P2 fields within the ADPU components
based on some conditions:
Field | Field Value | Description |
P1 | 0x00 | Current key k1 |
0x01 | Derive with k1 + derive flag for source | |
0x10 | Current key r1 | |
0x11 | Derive with r1 + derive flag for source | |
P2 | 0x00 | Read the path of this public key. |
0x01 | Read the public key. | |
0x02 | Extended public key (BIP32). Only accept P1=0 (it will otherwise return 0x6A86 response). |
📘 Prerequisites
- The secure channel must be open.
- PIN or challenge response must be validated (Except for pinless method or when clear public key read is activated. This can be also called with a clear free command).
- A key must be loaded .
Response
The following table outlines the possible responses that you will receive:
Response Code | Description |
0x9000 | Success |
0x6985 |
|
0x6A80 | Path is incorrectly formed. |
0x6A86 |
|
0x6A88 |
|
0x6986 |
|
0x6983 | A pinless query is set but current path is not set in the allowed path. |
0x6700 |
|
Response data | The response data consists of a public key or path. |