Cryptographic Objects ===================== Objects stored in a smart card can be obtained using the :js:func:`Token.getObjects` method. Objects stored in a certificate store can be obtained using the :js:func:`CertStore.getObjects` method. Note that, as per the PKCS#11 specifications, certificates and keys are linked together through their :js:attr:`Object.ckId` attribute. Also note that private objects can be seen only after a succesfull call to :js:func:`Pin.login` using the PIN they are associated with. Applications will therefore typically have the following workflow for performing a cryptographic operation: - Use :js:func:`Token.getObjects` to retrieve all objects, and filter the result using the :js:attr:`Object.type` attribute. If ``type`` is ``"certificate"``, it can be used as a candidate. - Additional filtering may be applied on the candidate certificates, depending on their key usage or issuer. If multiple certificates remain in the candidate list, a choice can be presented to the user. - The chosen certificate's identifier is obtained through the :js:attr:`Object.ckId` property. - The associated PIN is obtained from the :js:attr:`Token.pins` array, at the index given by the chosen certificate's :js:attr:`Object.pinNumber` property. - The PIN must be verified, by calling the :js:func:`Pin.login` method on the associated PIN object. - A new call to :js:func:`Token.getObjects` must be issued, which will return all objects, including the private keys. - The new object list must be filtered again, this time by both checking that :js:attr:`Object.type` is ``"privateKey"`` and that :js:attr:`Object.ckId` is the same value as the chosen certificate's identifier. - If the card contents is consistent, a single private key object is obtained from this procedure. The cryptographic operation can be carried out on this object, typically using either the :js:func:`Key.sign`, :js:func:`Key.hashAndSign` or :js:func:`Key.decrypt` method. Common properties ----------------- These properties are available for all kind of objects (:js:class:`SCWS.Certificate`, :js:class:`SCWS.Key` and :js:class:`SCWS.DataContainer` objects). .. js:autoclass:: SCWS.Object() .. js:autoattribute:: Object#handle .. js:autoattribute:: Object#parent .. js:autoattribute:: Object#type .. js:autoattribute:: Object#ckId .. js:autoattribute:: Object#ckLabel .. js:autoattribute:: Object#private .. js:autoattribute:: Object#modifiable .. js:autoattribute:: Object#pinNumber .. js:autofunction:: Object#getDetails .. js:autofunction:: Object#getExportLink Certificate Objects ------------------- .. js:autoclass:: SCWS.Certificate() .. js:autoattribute:: Certificate#root .. js:autoattribute:: Certificate#subject .. js:autoattribute:: Certificate#issuer .. js:autoattribute:: Certificate#notBefore .. js:autoattribute:: Certificate#notAfter .. js:autofunction:: Certificate#getDetails .. js:autofunction:: Certificate#getTrust .. js:autofunction:: Certificate#getValue Key Objects ----------- .. js:autoclass:: SCWS.Key() .. js:autoattribute:: Key#keyType .. js:autoattribute:: Key#algorithmName .. js:autoattribute:: Key#keyLength .. js:autoattribute:: Key#partialHash .. js:autofunction:: Key#getDetails Data Container Objects ---------------------- .. js:autoclass:: SCWS.DataContainer() .. js:autoattribute:: DataContainer#application .. js:autofunction:: DataContainer#getValue .. js:autofunction:: DataContainer#setValue