AAL2GenQADecryptQABlobCmd

Mis à jour le 22 Jan 2025
1 Minute à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function Prototype

aat_int32 AAL2GenQADecryptQABlobCmd(
                                    aat_byte        *Cmd,
                                    aat_int32       *CmdSize,
                                    TDigipassBlob   *DPData,
                                    TKernelParms    *CallParms,
                                    aat_ascii       *aStorageKeyNameIn,
                                    aat_ascii       *aIVIn,
                                    aat_ascii       *aChallenge,
                                    aat_int32       *aEncryptionQABlob);

Description

This function creates a command for the HSM to process. It is used to decrypt an encrypted QA BLOB provided by the Authentication Suite Server SDK Software Question/Answer Authentication Service implemented in a Digipass for Web architecture.

With this function, you can address the HSM storage key by name and to specify an initial vector. The initial vector is used during the 3DES/AES encryption of the sensitive authenticator application BLOB data.

This function must be used with the post-HSM API AAL2ProcQADecryptQABlobRpl.

Parameters

Table: Parameters (AAL2GenQADecryptQABlobCmd)
Type	Name	Use	Description
aat_byte *	Cmd	O	Up to 839 bytes that serialize the DECRYPT QA BLOB command type and the input data to the decrypt function on the HSM: Command Type - 2 bytes Digipass application BLOB - 192 bytes Runtime parameters - 80 bytes StorageKeyName - up to 128 characters InitialVector - 8 bytes Challenge - up to 17 characters Encrypted QA BLOB - up to 372 characters Encrypted QA BLOB size - 4 bytes Host time - 4 bytes Plus 32 bytes for Authentication Suite Server SDK internal use.
aat_int32 *	CmdSize	I/O	On entry, this parameter contains the size of the Cmd buffer. On exit, this parameter contains the length of the Cmd message.
TDigipassBlob*	DPData	I	Digipass application BLOB.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	aStorage KeyNameIn	I	String of up to 128+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive Digipass application BLOB data.
aat_ascii *	aIVIn	I	String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
aat_ascii *	aChallenge	I	String of up to 17 numeric characters, left-justified, null-terminated or right-padded with spaces. This parameter holds the challenge that may be used for validating the OTP in the encrypted QABlob. If no challenge is used, this parameter should be NULL.
aat_ascii *	aEncryptedQABlob	I	String of up to 370+1 null-terminated alphanumeric characters. Encrypted QABlob format: OTP - Up to 16+1 characters (16-byte OTP + 1-byte separator) UserID - Up to 32+1 characters (32-byte UserID +1-byte separator) Answer hashes - Up to 10 times 32 hexadecimal characters Checksum - 2 checksum numeric characters Each answer hash contains: 2 hexadecimal characters representing the index (01 to 0A) 30 hexadecimal characters containing the encrypted answer hash

Return codes

Table: Return codes (AAL2GenQADecryptQABlobCmd)
Code	Meaning	Code	Meaning
0	Success	590	Invalid command pointer
149	Invalid initial vector length	706	Invalid data buffer pointer
412	Invalid checksum (software)	1000	Function does not support EMV-CAP
413	Invalid Base64 format	1018	Invalid TLV item pointer
510	Invalid Digipass data pointer	1025	Data buffer too small
536	Invalid encrypted QABlob pointer

Cet article vous a-t-il été utile ?

What's Next

AAL2GenResetStaticPasswordCmd

Table des matières

Function Prototype
Description
Parameters
Return codes