Login
    Contenu x
    AAL2MigrateBlobICSF
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2MigrateBlobICSF

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype (aal2sdk.h)

    aat_int32 AAL2MigrateBlobICSF (
                           TDigipassBlob*   DPBlob,
                           TKernelParms*    CallParms,
                           aat_ascii*       aOldStorageKeyName,
                           aat_ascii*       aOldInitialVector,
                           aat_ascii*       aNewStorageKeyName,
                           aat_ascii*       aNewInitialVector);

    Description

    The BLOB migration function can be used to:

    1. Convert a BLOB encrypted with a software storage key to a BLOB encrypted with an HSM storage key.

      (i.e. software --> HSM-encrypted) BLOB ready to be stored in the database.

    2. Migrate an HSM storage key encrypted BLOB to a NEW HSM storage key encrypted BLOB.

      (i.e. HSM Storage Key 1 --> HSM Storage Key 2).

    You can acquire a software-encrypted BLOB using the Authentication Suite Server SDK API AAL2DPXGetTokenBlobsEx2(). This will extract a BLOB but not migrate it.

    Parameters

    The memory management of the output parameters must be performed by the calling function.

      Table: Parameters (AAL2MigrateBlobICSF)
    TypeNameUseDescription
    TDigipassBlob *DPBlobI/Oauthenticator application BLOB.
    TKernelParms * CallParms IStructure of run time parameters to use during the HSM migrate BLOB function call.
    aat_ascii *aOldStorageKeyNameIString containing the HSM key label used to perform the decryption of the sensitive data of the BLOB in input. This is the label of the HSM storage key used to decrypt the BLOB in case of storage key migration. This parameter has to be set to blank (NULL) when migrating a software encrypted BLOB.
    aat_ascii *aOldInitialVectorIString containing the decryption initial vector to be used during the decryption of the BLOB in input. This parameter has to be set to blank when migrating a software encrypted BLOB.
    aat_ascii *aNewStorageKeyNameI

    String containing the HSM storage key used to perform the 3DES/AES encryption of the sensitive data of the BLOB in output.

    After migration, further usage of the authenticator application BLOB will mandatorily require to use this HSM storage key.

    aat_ascii *aNewInitialVectorI

    16 hexadecimal containing the initial vector. This is the initial vector used to perform the encryption of the sensitive authenticator application BLOB data in output.

    Can be NULL to encrypt the BLOB without any initial vector.

    After migration, further usage of the authenticator application BLOB will mandatorily require to use this initial vector.

    COBOL calling convention

    Entry point: AA2MGBIC
02   W-BLOB               PIC X(248).
02   W-KERNELPARMS.
     03   W-PARMCOUNT     PIC 9(8) USAGE BINARY.
     03   W-PARM01        PIC 9(8) USAGE BINARY.
     . . .
     03   W-PARM19        PIC 9(8) USAGE BINARY.
02   W-RETURN             PIC S9(8) USAGE BINARY.
02   W-OLDSTORAGEKEY      PIC X(65).
02   W-OLDINITVECTOR      PIC X(17).
02   W-NEWSTORAGEKEY      PIC X(65).
02   W-NEWINITVECTOR      PIC X(17).
02   W-API-NAME           PIC X(8) VALUE 'AA2MGBIC'.
. . .
     CALL W-API-NAME USING
           BY REFERENCE W-BLOB
           BY REFERENCE W-KERNELPARMS
           BY REFERENCE W-OLDSTORAGEKEY
           BY REFERENCE W-OLDINITVECTOR
           BY REFERENCE W-NEWSTORAGEKEY
           BY REFERENCE W-NEWINITVECTOR
           RETURNING W-RETURN

    Return codes

      Table: Return codes (AAL2MigrateBlobICSF)
    CodeMeaningCodeMeaning
    0Success908HSM key not found
    412Invalid checksum (software)950Invalid application for AES HSM encryption
    413Invalid Base64 format951Invalid HSM key type for HSM decryption
    414Invalid checksum (HSM)1100Function not supported
    510Invalid Digipass data pointer1118

    Unsupported BLOB

    900Invalid session context handle  
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle