see_VC_loadkey

This SEE job is used to load a key ticket of an HSM key (HSM storage key, HSM transport key, or HSM issuer master key) into a started Authentication Suite Server SDK SEE machine.

Each time the SEE machine is started, all the HSM keys required later (to perform Authentication Suite Server SDK command transactions in the integrator application) need to be loaded first into the Authentication Suite Server SDK SEE machine using the see_VC_loadkey SEE job of SEE machine.

To load an HSM key into the Authentication Suite Server SDK SEE machine, the integrator application that will load the key needs to obtain the key ticket of an HSM key located on the host computer, and to load it with the see_VC_loadkey SEE job.

The see_VC_loadkey SEE job must contain the following input job bytes:

• 1 byte containing the see_VC_loadkey command code (0x00)
• 4 bytes containing the OneSpan key ID (32-bit integer little-endian encoded)
• x bytes containing the HSM key ticket to load. The size is typically 64 bytes.

Figure: Input job bytes for see_VC_loadkey

The Authentication Suite Server SDK SEE machine can use up to 11 loaded keys at the same time. Once loaded into the SEE machine, the following correspondence will apply between the OneSpan key ID used to load a key, and the Key Name to be used with the Authentication Suite Server SDK host API functions:

OneSpan key ID 0 : “vascoStorageKey”

OneSpan key ID 1 to 9 : “vasco1” to “vasco9”

OneSpan key ID 0x7FFFFF : “vascoTransportKey”

The OneSpan key ID must be little-endian encoded in the input job bytes. It can be between 0 and 9, or 0x7FFFFF.

The see_VC_loadkey SEE job produces the following output reply bytes:

• 4-bytes containing the return code (32 bit integer little-endian encoded)

Figure: Output reply bytes for see_VC_loadkey

Possible return code values are 0 in case of load key success, and -1 in case of failure. The return code is little-endian encoded in the output reply bytes.