Documentation Index

Fetch the complete documentation index at: https://docs.onespan.com/llms.txt

Use this file to discover all available pages before exploring further.

AAL2GenMessageActivation1Ex

Prev Next

Availability: Authentication Suite Server SDK 4.0.2 and later

Service: Digipass Multi-Device Activation

Function prototype

aat_int32 AAL2GenMessageActivation1Ex(TDigipassBlob *DPMAData,
                                      TKernelParms *CallParms,  
                                      aat_ascii *Challenge,  
                                      aat_ascii *StaticVector,
                                      aat_ascii *MessageVector, 
                                      aat_ascii *ActivationVector, 
                                      aat_byte *Fido2PublicKey,
                                      aat_int32 Fido2PublicKeyLength,
                                      aat_ascii *Activation1Message,  
                                      aat_int32 *Activation1MessageLength);

Description

AAL2GenMessageActivation1Ex() overloads AAL2GenMessageActivation1(), exposing additional Fido2PublicKey and Fido2PublicKeyLength parameters to provide device binding support for FIDO2–capable authenticators, such as DIGIPASS FX2.

This function generates an Activation Message 1 from the master activation application (the license), the static vector, the message vector, and the activation vector. The Activation Message 1 allows to activate an authenticator license in the device.

It is only applicable to hardware or software authenticators compliant with the multi-device two-step activation (in context of multi-device licensing).

The Activation Message 1 is used in the multi-device activation process for all authenticator instances of a particular license.

A challenge can be used to optionally generate an Activation Message 1 bound to a particular challenge. Using challenges allows generating different Activation Messages 1 for the same license. With this, it is possible to verify afterwards that the device code returned by the Digipass device corresponds to the license activated with a particular challenge (except for bound FIDO2 devices). This also makes it possible to create a new Activation Message 1 for a given license and to invalidate the previous one. If used, the challenge must contain 16 numeric or hexadecimal characters, and the same challenge will have to be reused afterwards to validate the device code returned by the Digipass device with the AAL2VerifyDeviceCodeEx() function. The AAL2GenerateChallenge() function can be used to generate a challenge with 16 numeric characters.

Parameters

Table: Parameters (AAL2GenMessageActivation1Ex)
TypeNameUseDescription
TDigipassBlobDPMADataI

Digipass master activation application BLOB of the Digipass serial number license to use for the activation.

TKernelParms *CallParmsI

Structure of runtime parameters to use during this function call.

aat_ascii *ChallengeI

Optional string of 16 numeric or hexadecimal characters, left-justified, null-terminated or right-padded with spaces. This parameter holds the challenge which must be used to generate the Activation Message 1. If no challenge must be used to generate the Activation Message 1, this parameter must be NULL.

The challenge is not used to validate the device code (using AAL2VerifyDeviceCodeEx()) in case of device binding for FIDO2-capable authenticators.

aat_ascii *StaticVectorI

Software Digipass parameter settings, up to 4094 characters, null-terminated.

aat_ascii *MessageVectorI

String of up to 26+1 characters containing the message parameter settings , null-terminated (obtained during import).

aat_ascii *ActivationVectorI

String containing the activation vector corresponding to the Digipass serial number to activate (obtained during import).

aat_byte *Fido2PublicKeyI

A buffer of length of Fido2PublicKeyLength bytes that contains the public key generated by the authenticator during the FIDO2 registration ceremony. It is used to bind the authenticator instance with the FIDO2 instance.

aat_int32Fido2PublicKeyLengthI

The size of the allocated buffer for the FIDO2 public key parameter.

aat_ascii *Activation1MessageO

String of up to 4202+1 hexadecimal characters, null-terminated. It contains the Activation Message 1 necessary during the activation process of the Digipass instances of a particular license.

aat_int32 *

Activation1MessageLength

I/O

In input, this parameter must indicate the size of the allocated buffer for the Activation1Message parameter (recommended 4203 bytes).

In output, this parameter indicates the length of the Activatin1Message string (without the null-terminated character).

Return codes

Table: Return codes (AAL2GenMessageActivation1Ex)
CodeMeaningCodeMeaning
0Success1268Invalid message vector version
412Invalid checksum1269Invalid message vector pointer
413Invalid Base64 format1270Invalid activation message pointer
537Invalid static vector pointer1271Invalid activation message length pointer
545Invalid static vector length1272Invalid message body type
580Static vector light not found1273Invalid activation vector length
1000Function does not support EMV-CAP1274Invalid message protocol version
1118Unsupported BLOB1275Invalid message protection type
1025Buffer too small1288Invalid serial number prefix
1264Invalid master application1289Invalid serial number suffix
1265Invalid master application data pointer1331Activation 1 not supported
1266Invalid message vector pointer-101Challenge too short
1267Invalid message vector length-102Challenge too long