Different Java utilities for EstEID hacking
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
.gitignore
.travis.yml
LICENSE
Manifest.mf
README.md
build.xml
fake.ca
pom.xml
testcard.conf

README.md

EstEID hacker   Build Status Coverity status Maven Central Latest release LGPL-3.0 licensed

Java utility and source code for everything and anything related to EstEID:

Usage

  • Fetch and build the software (requires Unix-like OS)

      git clone https://github.com/martinpaljak/esteidhacker.git
      cd esteidhacker
      ant
    
  • In this README esteid is used as an alias for java -jar esteid-app.jar. esteid.exe can be used on Windows.

Emulation

  • Create a new FakeEstEID card

      esteid -install -ca fake.ca -new
    
  • Run EstEID test-suite against a real card (via PC/SC):

      $ esteid -info -test-crypto -pin1 XXXX -pin2 YYYYY 
      ATR:  3BFE1800008031FE45803180664090A4162A00830F9000EF
      Type: JavaCard2011
      PIN tries remaining: PIN1: 3; PIN2: 3; PUK: 1;
      Doc#: AA0448165
      Cardholder: MARTIN PALJAK
      Certificate subject: C=EE,O=ESTEID,OU=authentication,CN=PALJAK\,MARTIN\,38207162722,SURNAME=PALJAK,GIVENNAME=MARTIN,SERIALNUMBER=38207162722
      Auth cert C=EE,O=ESTEID,OU=authentication,CN=PALJAK\,MARTIN\,38207162722,SURNAME=PALJAK,GIVENNAME=MARTIN,SERIALNUMBER=38207162722
      ENCRYPT: OK
      DECRYPT: OK
      Sign cert C=EE,O=ESTEID,OU=digital signature,CN=PALJAK\,MARTIN\,38207162722,SURNAME=PALJAK,GIVENNAME=MARTIN,SERIALNUMBER=38207162722
      ENCRYPT: OK
    
  • Run EstEID test-suite against a real test Digi-ID card (via PC/SC):

      $ esteid -info -test
      ATR:  3BFE9400FF80B1FA451F034573744549442076657220312E3043
      Type: DigiID
      PIN tries remaining: PIN1: 3; PIN2: 3; PUK: 3;
      Doc#: N0000952
      Certificate subject: C=EE,O=ESTEID (DIGI-ID),OU=authentication,CN=ŽAIKOVSKI\,IGOR\,37101010021,SURNAME=ŽAIKOVSKI,GIVENNAME=IGOR,SERIALNUMBER=37101010021
      Auth cert C=EE,O=ESTEID (DIGI-ID),OU=authentication,CN=ŽAIKOVSKI\,IGOR\,37101010021,SURNAME=ŽAIKOVSKI,GIVENNAME=IGOR,SERIALNUMBER=37101010021
      ENCRYPT: OK
      DECRYPT: OK
      Sign cert C=EE,O=ESTEID (DIGI-ID),OU=digital signature,CN=ŽAIKOVSKI\,IGOR\,37101010021,SURNAME=ŽAIKOVSKI,GIVENNAME=IGOR,SERIALNUMBER=37101010021
      ENCRYPT: OK
    
  • Run EstEID test-suite against an emulated card (read: test the FakeEstEIDApplet):

      $ esteid -emulate -info -test
      ATR:  3B80800101
      Type: AnyJavaCard
      PIN tries remaining: PIN1: 3; PIN2: 3; PUK: 3;
      Doc#: A0000001
      Cardholder: SIILIPOISS JÄNES-KARVANE
      Certificate subject: C=EE,O=ESTEID,OU=authentication,CN=UDUS\,SIILIPOISS\,10101010005,SURNAME=UDUS,GIVENNAME=SIILIPOISS,SERIALNUMBER=10101010005
      Auth cert C=EE,O=ESTEID,OU=authentication,CN=UDUS\,SIILIPOISS\,10101010005,SURNAME=UDUS,GIVENNAME=SIILIPOISS,SERIALNUMBER=10101010005
      ENCRYPT: OK
      DECRYPT: OK
      Sign cert C=EE,O=ESTEID,OU=digital signature,CN=UDUS\,SIILIPOISS\,10101010005,SURNAME=UDUS,GIVENNAME=SIILIPOISS,SERIALNUMBER=10101010005
      ENCRYPT: OK
    
  • Clone a card

      $ esteid -clone
    

Personalization

    $ esteid -perso testcard.conf -install # load the applet
    $ esteid -perso testcard.conf -data # store personal data file
    $ esteid -perso testcard.conf -genauth # generate authentication key ...
    $ esteid -perso testcard.conf -genauth -ca fake.ca # or generate key and load a certificate with the fake CA
    $ esteid -perso testcard.conf -gensign # generate signature key ...
    $ esteid -perso testcard.conf -gensign -ca fake.ca # or generate key and load a certificate with the fake CA
    # If certificates are generated elsewhere ...
    $ esteid -perso testcard.conf -authcert auth.pem # load authentication certificate from auth.pem
    $ esteid -perso testcard.conf -authcert sign.pem # load signature certificate from sign.pem
    $ esteid -perso testcard.conf -finalize # finalize personalization
    # All of the previous in one run
    $ esteid -perso testcard.conf -new -ca fake.ca
    # Be sure to specify the right CMK!
    $ esteid -cmk 1 -key XX..XX -loadpins -pin1 0090 -pin2 01497 -puk 17258403 # does not require PIN1
    $ esteid -cmk 2 -key XX..XX -genauth -pin1 0090 # generate new authentication key, requires PIN1
    $ esteid -cmk 2 -key XX..XX -gensign -pin1 0090 # generate new signature key, requires PIN1
    $ esteid -cmk 3 -key xx..XX -authcert auth.pem -pin1 0090 # load new authentication signature, requires PIN1
    $ esteid -cmk 3 -key xx..XX -authcert auth.pem -pin1 0090 # load new authentication signature, requires PIN1
    # Print the CA PEM files for the fake CA
    $ esteid -ca fake.ca -dump

Dependencies

License

Mixed LGPL/MIT, please check individual files! Other options available upon request.

Contact

Upcoming features

  • Planned:
    • Pinpad support for PC/SC readers
  • Wishlist:
    • A GUI maybe, not unlike qesteidutil?

Components

EstEID.java

Encapsulates all the APDU protocol knowledge and exposes high-level and meaningful API for making operations with the card (more precisely: on-card application). Can talk to any PC/SC terminal or somethig else exposed via javax.smartcardio CommandAPDU/ResponseAPDU pairs.

Exception handling:

  • CardException when javax.smartcardio classes fail
  • EstEIDException when card protocol (or data formats) have unexpected situations
  • WrongPINException when a passed in PIN is incorrect

Source: EstEID.java

Similar projects

FakeEstEIDCA

Utility for maintaining a SK look-alike CA for EstEID related certificates (root, esteid, user auth/sign) based on BouncyCastle.

Source: FakeEstEIDCA.java

Similar and related projects


All about the EstEID