#card #certificate #read #verify #document #reader #jpki

app jpki-cli

Read certificates, sign and verify documents using your JPKI card

10 releases

0.4.3 Oct 21, 2023
0.4.2 Mar 16, 2023
0.4.1 Oct 2, 2022
0.3.0 Jul 14, 2022
0.1.5 Mar 2, 2022

#1776 in Cryptography

LGPL-2.1-or-later

45KB
919 lines

jpki-cli

crates.io Rust

Easy yet simple CLI to access your JPKI card.

✅ Prerequisites

All platforms:

  • PC/SC supported NFC reader

On GNU/Linux:

  • pcsc-lite (libpcsclite)

📦 Installation

On macOS or Linux, Homebrew Tap can be used for installation:

brew tap siketyan/tap
brew install jpki-cli

Alternatively, build from source using Cargo:

cargo install jpki-cli

💚 Examples

Crypto AP

Dumps the certificate for digital signature:

jpki-cli crypto read-certificate > certificate.der

If you want the certificate for user authentication, insert --auth:

jpki-cli crypto --auth read-certificate > certificate.der

Signs the data from stdin using key-pair for digital signature:

cat plain.txt | jpki-cli crypto sign > signature.sig

Verifies the signature using the dumped certificate:

cat plain.txt | jpki-cli crypto verify certificate.der signature.sig

Gets the PIN status:

jpki-cli crypto stat
jpki-cli crypto --auth stat # Status of PIN for authentication

Surface AP

Dumps the photo using PIN B (DoB YYMMDD + Expiry YYYY + CVC XXXX):

jpki-cli surface get photo > photo.jpg
# PIN: YYMMDDYYYYXXXX

Using PIN A (My Number) instead:

jpki-cli surface get photo > photo.jpg
# PIN: XXXXYYYYZZZZ

For list of available data to dump, see the help:

jpki-cli surface get --help

Gets the PIN status:

jpki-cli surface stat a # PIN Type A
jpki-cli surface stat b # PIN Type B

Support AP

Reads the "My Number" from the card:

jpki-cli support get my-number

Reads text attributes from the card as JSON:

jpki-cli support get attributes --pretty
jpki-cli support get attributes | jq # The output is JSON, so you can query it w/ jq

Gets the PIN status:

jpki-cli support stat

Dependencies

~19–31MB
~546K SLoC