Function prototype
aat_int32 AAL2ChangeEncryptedStaticPasswordEs (
TDigipassBlob* DPData,
TKernelParms* CallParms,
aat_ascii* Challenge,
aat_ascii* CESPR,
aat_ascii* aServerPublicKey);
Description
This function is an extension of AAL2ChangeEncryptedStaticPassword. It includes the enhanced security feature. This feature prevents potential man-in-the-middle attacks in the architecture integrating software Digipass authenticators. A server public key, such as a certificate, can be used in input to diversify the challenge.
This parameter is optional. If it is not used, this function is identical with AAL2ChangeEncryptedStaticPassword.
Parameters
Table: Parameters (AAL2ChangeEncryptedStaticPasswordEs) | Type | Name | Use | Description |
|---|
| TDigipassBlob * | DPData | I/O | authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes. |
| TKernelParms * | CallParms | I | Structure of runtime parameters to use during this function call. |
| aat_ascii * | Challenge | I | String of 16 numeric characters, left-justified, null-terminated or right-padded with spaces. This parameter holds the challenge that was proposed to the user to generate the CESPR. This parameter is mandatory. |
| aat_ascii * | CESPR | I | 16 hexadecimal characters, left-justified, null-terminated or right-padded with spaces. This parameter is the change-encrypted-static-password request generated by the Digipass 110 applet. |
| aat_ascii * | aServerPublicKey | I | String of up to 1024 hexadecimal characters, null-terminated. This parameter is used as a diversifier to prevent man-in-the-middle attacks. If this parameter is NULL, diversification will not take place. |
Return codes
Table: Return codes (AAL2ChangeEncryptedStaticPasswordEs) | Code | Meaning | Code | Meaning |
|---|
| 0 | Success | 809 | Encrypted static password not supported |
| 131 | Missing required challenge | 1000 | Function does not support EMV-CAP |
| 166 | Missing required CESPR | 1103 | Unlock Version 2 not supported |
| 167 | Input data corrupted (challenge or CESPR) | 1118 | Unsupported BLOB |
| 169 | CESPR character invalid | -101 | Challenge too short |
| 412 | Invalid checksum software | -102 | Challenge too long |
| 413 | Invalid Base64 format | -151 | CESPR too short |
| 510 | Invalid Digipass data pointer | -152 | CESPR too long |
| 803 | New encrypted static password too short | -1501 | Memory allocation failed |
| 804 | New encrypted static password too long | | |