AAL2MigratePKBlobICSF

Mis à jour le 22 Jan 2025
2 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype

aat_int32 AAL2MigratePKBlobICSF (
                             aat_ascii*      PKBlob,
                             TKernelParms*   CallParms,
                             aat_ascii*      aOldStorageKeyName,
                             aat_ascii*      aOldInitialVector,
                             aat_ascii*      aNewStorageKeyName,
                             aat_ascii*      aNewInitialVector);

Description

This function is used to migrate HSM protection keys for a given payload key BLOB. Migrating the protection keys for a given payload key BLOB does not change the payload key, but only the keys used to protect the BLOB.

It is only applicable to hardware or software Digipass compliant with the Secure Channel protocol; for more information, refer to the OneSpan Authentication Suite Server SDK Product Guide.

The BLOB migration function can be used to:

Convert a payload key BLOB encrypted with a software storage key to a payload key BLOB encrypted with an HSM storage key
(i.e. software → HSM-encrypted) Payload key BLOB ready to be stored in the database.
This is not applicable in case of a payload key BLOB directly generated from Authentication Suite Server SDK for ICSF.
Migrate an HSM storage key encrypted payload key BLOB to a newHSM storage key encrypted payload key BLOB
(i.e. HSM storage key 1 → HSM storage key 2).

Parameters

Table: Parameters (AAL2MigratePKBlobICSF)
Type	Name	Use	Description
aat_ascii *	PKBlob	I/O	88+1 characters string, null-terminated. Contains the payload key BLOB to migrate from existing software protection keys to new ones.Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call. (Contains the old values of the derive vector and storage derive keys that may have been used initially to software encrypt the payload key BLOB.)
aat_ascii *	aOldStorageKeyName	I	String containing the HSM key label used to perform the decryption of the sensitive data of the payload key BLOB in input. This is the label of the HSM storage key used to decrypt the payload key BLOB in case of storage key migration. This parameter has to be set to blank (NULL) when migrating a software encrypted payload key BLOB.
aat_ascii *	aOldInitialVector	I	String containing the decryption initial vector to be used during the decryption of the payload key BLOB in input. This parameter has to be set to blank when migrating a software encrypted payload key BLOB.
aat_ascii *	aNewStorageKeyName	I	String containing the HSM storage key used to perform the 3DES/AES encryption of the sensitive data of the payload key BLOB in output. After migration, further usage of the payload key BLOB will mandatorily require to use this HSM storage key.
aat_ascii *	aNewInitialVector	I	16 hexadecimal containing the initial vector. This is the initial vector used to perform the encryption of the sensitive data of the payload key BLOB in output. Can be NULL to encrypt the payload key BLOB without any initial vector. After migration, further usage of the payload key BLOB will mandatorily require to use this initial vector.

Cet article vous a-t-il été utile ?

What's Next

AAL2MigratePKBlobICSFEx

Table des matières

Function prototype
Description
Parameters