Function prototype
aat_int32 AAL2MigratePKBlob (
aat_ascii* PKBlob,
TKernelParms* CallParms,
aat_int32 DeriveVector,
aat_int32 StorageDeriveKey1,
aat_int32 StorageDeriveKey2,
aat_int32 StorageDeriveKey3,
aat_int32 StorageDeriveKey4);
Description
This function is used to migrate software protection keys for a given payload key BLOB. Migrating the protection keys for a given payload key BLOB does not change the payload key, but only the keys used to protect the BLOB.
There are two ways to derive this default Authentication Suite Server SDK database protection key with kernel parameters:
- Using the derive vector (DeriveVector)
- Using the four storage derive keys (StorageDeriveKey1, StorageDeriveKey2, StorageDeriveKey3, StorageDeriveKey4).
The payload key BLOB software protection key migration is only applicable to hardware and software Digipass compliant with the Secure Channel protocol.
Parameters
Table: Parameters (AAL2MigratePKBlob) | Type | Name | Use | Description |
|---|
| aat_ascii * | PKBlob | I/O | 88+1 characters string, null-terminated. Contains the payload key BLOB to migrate from existing software protection keys to new ones.Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes. |
| TKernelParms * | CallParms | I | Structure of runtime parameters to use during this function call. (Contains the old values of the derive vector and storage derive keys that may have been used initially to software encrypt the payload keyBLOB.) |
| aat_int32 * | DeriveVector | I | New derive vector to use for payload key BLOB encryption. Values range from 0x00 to 0x7FFFFFFF. |
| aat_int32 * | StorageDerive Key1 | I | New storage derivation key part 1 to use for payload key BLOB encryption. Values range from 0x00 to 0xFFFFFFFF. |
| aat_int32 * | StorageDerive
Key2 | I | New storage derivation key part 2 to use payload key BLOB encryption. Values range from 0x00 to 0xFFFFFFFF. |
| aat_int32 * | StorageDerive
Key3 | I | New storage derivation key part 3 to use for payload key BLOB encryption. Values range from 0x00 to 0xFFFFFFFF. |
| aat_int32 * | StorageDerive
Key4 | I | New storage derivation key part 4 to use for payload key BLOB encryption. Values range from 0x00 to 0xFFFFFFFF. |
Return codes
Table: Return codes (AAL2MigratePKBlob) | Code | Meaning | Code | Meaning |
|---|
| 0 | Success | 1119 | Unsupported payload key BLOB |
| 412 | Invalid checksum | 1286 | Invalid payload key pointer |
| 413 | Invalid Base64 format | -1501 | Memory allocation failed |
| 1100 | Function not supported | | |