quad · July 7, 2024 21:15
diff --git a/example-yubikey-secp256k1.py b/example-yubikey-secp256k1.py
 from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
 from cryptography.hazmat.primitives.hashes import SHA256
 from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
 from ykman.device import list_all_devices
 from ykman.logging import init_logging
 from yubikit.core import TRANSPORT
 from yubikit.core.smartcard import SmartCardConnection
 from yubikit.logging import LOG_LEVEL
 from yubikit.management import CAPABILITY
 from yubikit.openpgp import EcAttributes, KEY_REF, OID, OpenPgpSession

 # Uncomment this to see what goes over the wire
 #init_logging(LOG_LEVEL.TRAFFIC)

 device, info = [
    (device, info)
    for device, info in list_all_devices()
    if CAPABILITY.OPENPGP in info.supported_capabilities.get(TRANSPORT.USB, [])
 ][0]

 def is_secp256k1_ecattr(attr):
    return isinstance(attr, EcAttributes) and attr.oid == OID.SECP256K1

 with device.open_connection(SmartCardConnection) as connection:
    openpgp = OpenPgpSession(connection)

    if not is_secp256k1_ecattr(openpgp.get_algorithm_attributes(KEY_REF.SIG)):
        print("Generating secp256k1 key in SIG slot...")
        openpgp.verify_admin("12345678")
        openpgp.generate_ec_key(KEY_REF.SIG, OID.SECP256K1)

    public_key = openpgp.get_public_key(KEY_REF.SIG)
    public_key_sec = public_key \
        .public_bytes(Encoding.X962, PublicFormat.CompressedPoint) \
        .hex()
    print(f"SIG slot secp256k1 public key: {public_key_sec}")

    print("Signing with secp256k1 key in SIG slot...")
    data = b"abc123"
    openpgp.verify_pin("123456")
    signature = openpgp.sign(data, SHA256())
    print(f"Signature: {signature.hex()}")

    public_key.verify(signature, data, ECDSA(SHA256()))
    print("OK")
	from cryptography.hazmat.primitives.asymmetric.ec import ECDSA
	from cryptography.hazmat.primitives.hashes import SHA256
	from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
	from ykman.device import list_all_devices
	from ykman.logging import init_logging
	from yubikit.core import TRANSPORT
	from yubikit.core.smartcard import SmartCardConnection
	from yubikit.logging import LOG_LEVEL
	from yubikit.management import CAPABILITY
	from yubikit.openpgp import EcAttributes, KEY_REF, OID, OpenPgpSession

	# Uncomment this to see what goes over the wire
	#init_logging(LOG_LEVEL.TRAFFIC)

	device, info = [
	(device, info)
	for device, info in list_all_devices()
	if CAPABILITY.OPENPGP in info.supported_capabilities.get(TRANSPORT.USB, [])
	][0]

	def is_secp256k1_ecattr(attr):
	return isinstance(attr, EcAttributes) and attr.oid == OID.SECP256K1

	with device.open_connection(SmartCardConnection) as connection:
	openpgp = OpenPgpSession(connection)

	if not is_secp256k1_ecattr(openpgp.get_algorithm_attributes(KEY_REF.SIG)):
	print("Generating secp256k1 key in SIG slot...")
	openpgp.verify_admin("12345678")
	openpgp.generate_ec_key(KEY_REF.SIG, OID.SECP256K1)

	public_key = openpgp.get_public_key(KEY_REF.SIG)
	public_key_sec = public_key \
	.public_bytes(Encoding.X962, PublicFormat.CompressedPoint) \
	.hex()
	print(f"SIG slot secp256k1 public key: {public_key_sec}")

	print("Signing with secp256k1 key in SIG slot...")
	data = b"abc123"
	openpgp.verify_pin("123456")
	signature = openpgp.sign(data, SHA256())
	print(f"Signature: {signature.hex()}")

	public_key.verify(signature, data, ECDSA(SHA256()))
	print("OK")