AAL2MigrateBlobICSFEx

Mis à jour le 22 Jan 2025
1 Minute à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype (aal2sdk.h)

aat_int32 AAL2MigrateBlobICSFEx (
                           TDigipassBlob*   DPBlob,
                           TKernelParms*    CallParms,
                           aat_ascii*       aTransportKeyName,
                           aat_ascii*       aTransportKeyKCV,
                           aat_ascii*       aStorageKeyName,
                           aat_ascii*       aInitialVector);

Description

The extended BLOB migration function allows you to migrate an HSM transport key encrypted BLOB into an HSM storage key encrypted BLOB (i.e. HSM transport key → HSM storage key) ready to be stored in the database.

It is used in conjunction with AAL2DPXInitHSM.

You can retrieve an HSM transport key-encrypted BLOB using the Authentication Suite Server SDK API AAL2DPXGetTokenBlobsEx2(). This function will extract a BLOB but not migrate it.

You only can retrieve this HSM transport key-encrypted BLOB if the relevant DPX file has been created using HSM transport key encryption, also called DPX double encryption.

Parameters

The memory management of the output parameters must be performed by the calling function.

Table: Parameters (AAL2MigrateBlobICSF)
Type	Name	Use	Description
TDigipassBlob *	DPBlob	I/O	authenticator application BLOB.
TKernelParms *	CallParms	I	Structure of run time parameters to use during the HSM migrate BLOB function call.
aat_ascii*	aTransportKeyName	I	String containing the HSM key label used to perform the decryption of the sensitive data of the BLOB in input.
aat_ascii*	aTransportKeyKCV	I	String containing the KCV of the HSM transport key used to perform the DPX decryption of the BLOB in input.
aat_ascii*	aStorageKeyName	I	String containing the HSM storage key used to perform the 3DES/AES encryption of the sensitive data of the BLOB in output. After migration, further usage of the authenticator application BLOB will mandatorily require to use this HSM storage key.
aat_ascii*	aInitialVector	I	String of 16 hexadecimal characters, containing the initial vector. This is the initial vector used to encrypt the sensitive authenticator application BLOB data in output. Can be NULL to encrypt the BLOB without any initial vector. After migration, further usage of the authenticator application BLOB will mandatorily require to use this initial vector.

COBOL calling convention

Entry point: AA2MGBIX
02   W-BLOB               PIC X(248).
02   W-KERNELPARMS.
     03   W-PARMCOUNT     PIC 9(8) USAGE BINARY.
     03   W-PARM01        PIC 9(8) USAGE BINARY.
     . . .
     03   W-PARM19        PIC 9(8) USAGE BINARY.
02   W-RETURN             PIC S9(8) USAGE BINARY.
02   W-TRANSPORTKEY       PIC X(65).
02   W-TRANSPORTKEYKCV    PIC X(7).
02   W-STORAGEKEY         PIC X(65).
02   W-INITVECTOR         PIC X(17).
02   W-API-NAME           PIC X(8) VALUE 'AA2MGBIx'.
. . .
     CALL W-API-NAME USING
           BY REFERENCE W-BLOB
           BY REFERENCE W-KERNELPARMS
           BY REFERENCE W-TRANSPORTKEY
           BY REFERENCE W-TRANSPORTKEYKCV
           BY REFERENCE W-STORAGEKEY
           BY REFERENCE W-INITVECTOR
           RETURNING W-RETURN

Return codes

Table: Return codes (AAL2MigrateBlobICSF)
Code	Meaning	Code	Meaning
0	Success	908	HSM key not found
412	Invalid checksum (software)	911	HSM invalid key KCV
413	Invalid Base64 format	950	Invalid application for AES HSM encryption
414	Invalid checksum (HSM)	951	Invalid HSM key type for HSM decryption
510	Invalid Digipass data pointer	1100	Function not supported
900	Invalid session context handle	1118	Unsupported BLOB

Cet article vous a-t-il été utile ?

What's Next

AAL2MigratePKBlobICSF

Table des matières

Function prototype (aal2sdk.h)
Description
Parameters
COBOL calling convention
Return codes