Using Smart Card Based Certificates on iOS - Use Case Description
The AirID Crypto Keychain Sample App demonstrates the reading of the certificate, signing, encryption and decryption in combination with the AirID card reader and the inserted smart card.
1. Please check before you start:
For this use case on iOS you will require:
- A smart card, CardOS 4.4 OpenSC initialized with a test certificate (provided with the AirID Evaluation-Kit)
- An AirID Version 1, wireless smart card reader (provided with the AirID Evaluation-Kit)
- An iOS device with operating system from version 9.0 upwards
- Internet connection to download the AirID Crypto Keychain Sample App
Please use this smart card and PINs for using smart card based certificates on iOS demo use case:
- User PIN: 123456
- PUK: 12345678
2. Initial Installation
Follow the steps below to install and configure the software components:
- AirID Central App installation
- Bluetooth pairing
- Crypto Keychain Sample App installation
2.1 AirID Central App Installation
Follow the steps below to install the AirID Central App.
The AirID Central is a management App for your AirID. The App provides you with information and settings options for your AirID when your AirID is connected to your Android device. Furthermore, the initial Bluetooth pairing needs to be realised within the AirID Central App.
- Go to the official App Store on your iOS device
- Search for AirID Central App and install it (https://itunes.apple.com/de/app/airid-central/id1188344771?mt=8) )
The AirID Central App has been installed and the next step will be Bluetooth Pairing of the AirID with your iOS device.
2.2 Bluetooth Pairing
To pair your iOS device with the AirID reader follow these steps:
- Insert your smart card to power on the AirID reader and activate Bluetooth at the AirID reader by navigating to the connection menu and pressing the jog dial control element. The AirID should display:
- Make sure that Bluetooth is activated on your iOS device (Settings > Bluetooth > On)
- Open the AirID Central App
- Select the AirID (serial number) in the shown device list
A six-digit pairing key will be show on AirID display and also on the iOS device. If the PIN matches press Connect on the iOS device and choose Yes on the AirID by scrolling down in the menu and pressing the jog dial control element
- After succesful pairing, the device name of the paired device will be displayed on the AirID.
The AirID has been paired with your iOS device and next step will be the Crypto Keychain Sample App installation.
2.3 Crypto Keychain Sample Installation
To install the Crypto Keychain Sample App go to the official App Store on your iOS device, search for Crypto Keychain Sample and install the App (https://itunes.apple.com/de/app/crypto-keychain-sample/id1198207413?mt=8).
Now, the App is installed and you will be able to sign snd encrypt messages and to import certificate.
If you already paired AirID with another device, please navigate to "Prefered Device" in the AirID menu press the Jog-Dial and choose "new". Then press the Jog-Dial again to confirm.
3. Using AirID Crypto Keychain Sample App
The AirID Crypto Keychain Sample App demonstrates the reading of the certificate, signing, encryption and decryption.
3.1 Import Certificate
Please folow the steps below to start the App and to import the certificate from the smart card:
- Open the Crypto Keychain Sample App
- Wait until keys are exchanged and the connection to AirID is established
- To get started click Import Certificates and they will be displayed and stored in a list
- To read the certficate information select the red info icon on the right side
The App has been started and the certificated has been imported. The next use case is signing of a message.
3.2 Signing
To sign a message please follow the steps below:
- Select the red signing icon on the right side
- Enter a sample message
- Generate the hash (SHA256) of the message by clicking Hash and the hash will be shown
- Enter the PIN (=123456) of the smart card in the AirID reader
- Click Sign to get the signed message
- Click Verify Message to compare the hash
- Compare the displayed hashes
3.3 Encryption and decryption
To encrypt and decrypt a message please follow the steps below
- Select the red keychain icon on the right side
- Enter a sample message
- Click Encrypt and the encrypted message will be shown
- Enter the PIN (=123456) of the smart card in the AirID reader
- Click Decrypt to get the decrypted message
3.4 Using automated "Distance Log-Out" with AirID
The AirID reader locks the iOS Crypto Keychain Sample App automatically, if a (preset) distance between your device and your AirID has been exceeded.
The "Distance Log-Out" is managed in AirID settings using "Distance Sensor".
Please set the "Distance Sensor" value so that the access to the device is automatically locked when the predefined distance from AirID is exceeded.
- Make sure, AirID is connected via BLE with your working device
- Take your AirID and navigate to Settings > Distance Sensor
- Select On
- Select Presetting and Mid
Optionally, you can select any other presetting value or do a manual setting.
Settings can only be changed with an active Bluetooth connection between your device and AirID reader.
To avoid unintended disconnects, keep in mind that the minimum distance for the automated log-out is about three meters between your device and AirID reader.
The distance value for the "Distance Sensor" feature represents a relative value. It depends on the signal strength of the AirID, on the environment and on other interferencing signals.