This function extends AL2GenVerifySignatureCmd. With this function, you can address the HSM storage key by name and to specify an initial vector. The initial vector is used during the 3DES/AES encryption of the sensitive authenticator application BLOB data.
The signature validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software e-Signature Validation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
This function must be used with the post-HSM API AAL2ProcVerifySignatureRpl.
Parameters
Table: Parameters (AAL2GenVerifySignatureCmdEx)
Type
Name
Use
Description
aat_byte *
Cmd
O
Up to 659 bytes that serialize the VERIFY SIGNATURE command type and the input data to the verify signature function on the HSM:
Command type - 2 bytes
An authenticator application BLOB - 192 bytes
Runtime parameters - 80 bytes
StorageKeyName - up to 128 characters
InitialVector - 8 bytes
Signature - up to 41 characters
Signed data fields - 160 characters
Field count - 4 bytes
Deferred signature data - 4 bytes
Host time - 4 bytes
Plus 36 bytes for Authentication Suite Server SDK internal use.
aat_int32 *
CmdSize
I/O
On entry, this parameter contains the size of the Cmd buffer.On exit, this parameter contains the length of the Cmd message.
TDigipassBlob *
DPData
I
authenticator application BLOB.
TKernelParms*
CallParms
I
Structure of runtime parameters to use during this function call.
aat_ascii *
aStorageKeyNameIn
I
String of up to 128+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive Digipass application BLOB data.
aat_ascii *
aIVIn
I
String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
aat_ascii *
aSignatureIn
I
String of up to 17 numeric or hexadecimal characters, null-terminated or padded with spaces.
aat_ascii *
aSigned DataFieldsIn
I
Array of 8 left-justified, null-terminated, or space-padded strings of max. 20 characters. This parameter holds the 8 possible data fields that are entered into the Digipass authenticator to generate a signature. The Digipass data fields are limited to 16 decimal, hexadecimal, or alphabetic characters.
aat_int32
FieldCount
I
Numeric value from 1 to 8 indicating the number of data fields to use from the aSignedDataFieldsIn array.
aat_int32
Deferred Signature Data
I
Must be 0 if signature is validated in online mode (OnlineSG=1 or 2).
If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.)
If this parameter is >0, the filled parameter must be the Digipass time, not the host time.
If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.
Return codes
Table: Return codes (AAL2GenVerifySignatureCmdEx)
Code
Meaning
Code
Meaning
0
Success
413
Invalid Base64 format
139
Invalid signature pointer
510
Invalid Digipass data pointer
141
Invalid field count
590
Invalid command pointerr
148
Invalid data field pointer
706
Invalid data buffer pointer
207
Deferred signature not allowed with OnLineSG not Null
1018
Invalid TLV item pointer
412
Invalid checksum (software)
1025
Data buffer too small
Cet article vous a-t-il été utile ?
Merci pour vos commentaires! Notre équipe vous répondra
