AAL2GenPayloadKeyBlobICSF

Mis à jour le 22 Jan 2025
2 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype

aat_int32 AAL2GenPayloadKeyBlobICSF (
                                 TDigipassBlob   *DPMAData,
                                 TKernelParms    *CallParms,
                                 aat_ascii       *aStorageKeyNameIn,
                                 aat_ascii       *aInitialVectorIn,
                                 aat_ascii       *MessageVector,
                                 aat_ascii       *PKBlob,
                                 aat_int32       *PKBlobLength);,

Description

This function generates a payload key BLOB embedding a randomly generated payload key.

It is only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). For more information, refer to the Authentication Suite Server SDK Product Guide.

The Secure Channel feature, optionally applicable after the activation of a compliant Digipass authenticator, allows protecting the messages exchanged between the server and the client (request messages and deactivation messages). During the activation process, the Secure Channel feature requires provisioning of a payload key represented on the server side by a payload key BLOB.

In this case, first a payload key BLOB will have to be generated once for each Digipass serial number license.

Payload key BLOBs must be generated only if the Digipass authenticator uses the Secure Channel feature and have to be post-provisioned (DPX does not contain payload key).
No payload key BLOB must be generated if the payload key BLOB has been obtained during import (AAL2DPXGetTokenBlobsEx2) or if the Digipass authenticator does not support the Secure Channel feature.

The different Digipass instances activated from one Digipass serial number license must use the same payload key BLOB to be provisioned with the same payload key.

Parameters

Table: Parameters (AAL2GenPayloadKeyBlobICSF)
Type	Name	Use	Description
TDigipassBlob	DPMAData	I/O	Digipass master activation application BLOB of the Digipass serial number license that will be used for the activation. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	aStorageKeyNameIn	I	String of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data.
aat_ascii *	aInitialVectorIn	I	String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
aat_ascii *	MessageVector	I	A string of up to 26+1 characters containing the message parameter settings, null-terminated (obtained during import).
aat_ascii *	PKBlob	O	A string of 88+1 characters, null-terminated. It contains the generated payload key BLOB for a Digipass serial number license.Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
aat_int32 *	PKBloblength	I/O	In input, this parameter must indicate the size of the allocated buffer for the PKBlob parameter (recommended 89 bytes). In output, this parameter indicates the length of the PKBlob string (without the null-terminated character).

COBOL calling convention

Entry point: AA2GPKIC
02   W-MA-BLOB              PIC X(248).
02   W-KERNELPARMS.
     03  W-PARMCOUNT       PIC 9(8) USAGE BINARY.
     03  W-PARM01          PIC 9(8) USAGE BINARY.
     . . .
     03  W-PARM19          PIC 9(8) USAGE BINARY.
02   W-MSGVECTOR           PIC X(27).
02   W-PKBLOB              PIC X(89).
02   W-PKBLOB-LENGTH       PIC 9(8) USAGE BINARY VALUE 89.
02   W-RETURN              PIC S9(8) USAGE BINARY.
02   W-STORAGEKEY          PIC X(65).
02   W-INITVECTOR          PIC X(17).
02   W-API-NAME             PIC X(8) VALUE 'AA2GPKIC'.
. . .
     CALL W-API-NAME USING
           BY REFERENCE W-MA-BLOB
           BY REFERENCE W-KERNELPARMS
           BY REFERENCE W-STORAGEKEY
           BY REFERENCE W-INITVECTOR
           BY REFERENCE W-MSGVECTOR
           BY REFERENCE W-PKBLOB
           BY REFERENCE W-PKBLOB-LENGTH
           RETURNING W-RETURN

Return codes

Table: Return codes (AAL2GenPayloadKeyBlobICSF)
Code	Meaning	Code	Meaning
0	Success	1262	Payload key data buffer too small
412	Invalid checksum (software)	1264	Invalid master application
413	Invalid Base64 format	1265	Invalid master application data pointer
414	Invalid checksum (HSM)	1266	Invalid message vector pointer
900	Invalid session context handle	1267	Invalid message vector length
908	HSM key not found	1268	Invalid message vector version
951	Invalid HSM key type for HSM decryption	1286	Invalid payload key data pointer
1000	Function does not support EMV-CAP	1287	Invalid payload key data length pointer
1025	Buffer too small	1310	Invalid payload key type
1118	Unsupported BLOB	1316	Secure Channel not supported

Cet article vous a-t-il été utile ?

What's Next

AAL2GenSignatureICSF

Table des matières

Function prototype
Description
Parameters
COBOL calling convention
Return codes