AAL2QADecryptQABlob

Function prototype

aat_int32 AAL2QADecryptQABlob (
                               TDigipassBlob      DPData,
                               TKernelParms*      CallParms,
                               aat_ascii*         Challenge,
                               aat_ascii*         aEncryptedQABlob,
                               aat_ascii*         aQABlob,
                               aat_int32*         QABlobSize);

Description

This function decrypts the encrypted QA BLOB provided by the Java applet of the Digipass for Web architecture.

Score-based Digipass

For Digipass devices that integrate the score-based algorithm, Authentication Suite Server SDK performs a score-based authentication to decrypt the QA BLOB. This allows retrieving the Digipass scoring value. Once Authentication Suite Server SDK has successfully decrypted the QA BLOB, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2QADecryptQABlob) for more details.

Parameters

Table: Parameters (AAL2QADecryptQABlob)
Type	Name	Use	Description
TDigipassBlob *	DPData	I/O	authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
TKernelParms *	KernelParms	I	List of formatted kernel parameters: ParamertName1=Value1;ParameterName2=Value2;….
aat_ascii *	Challenge	I	Challenge for CR mode.
aat_ascii *	EncryptedQABlob	I	Encrypted QA BLOB format: OTP User ID: up to32 chars Idx1: 02 chars XHA1: 30 chars Idx2: 02 chars XHA2: 30 chars ... Checksum: 16 chars
aat_ascii *	QABLOB	O	BLOB resulting from the formatted answer hash: User ID: 32 chars BLOB version: 02 chars Hash number: 02 chars \|Index \|02 chars \|Hash \|30 chars Checksum: 16 chars
aat_int32	QABLOBSize	I/O	In input, this parameter must indicate the size of the allocated buffer for the QABlob parameter (recommended 359 bytes). In output, this parameter indicates the length of the QABlob string (without the null-terminated character).

Return codes

Table: Return codes (AAL2QADecryptQABlob)
Code	Meaning	Code	Meaning
0	Success	603	Invalid Gordian stimulus information
10001	Success with context warning[1]	802	Change password mandatory
10002	Success with user warning[1]	803	New password too short
10003	Success with user & context warning[1]	804	New password too long
10004	Success with platform warning[1]	1000	Function does not support EMV-CAP
10005	Success with platform & context warning[1]	1025	Buffer too small
10006	Success with platform & user warning[1]	1039	Invalid response length with DP algorithm
10007	Success with platform & user & context warning[1]	1040	Invalid host code length with DP algorithm
1	Code not verified	1103	Unlock Version 2 not supported
2	Static password validation failed	1116	Response check digit not allowed
131	Missing required challenge	1117	Challenge check digit not allowed
140	Challenge corrupted	1118	Unsupported BLOB
201	Code replay attempt	-101	Challenge too short
202	Identification error threshold reached	-102	Challenge too long
205	Inactive days reached	-103	Challenge check digit wrong
208	Application disabled	-105	Challenge minimum length not allowed
412	Invalid checksum	-106	Challenge maximum length not allowed
413	Invalid Base64 format	-107	Challenge number wrong
510	Invalid Digipass data pointer	-108	Challenge character invalid
530	Invalid QA data pointer	-201	Response length out of bounds
532	Invalid QA data length	-202	Response too short
535	Invalid QA number	-203	Response too long
536	Invalid encrypted QA data	-204	Response check digit wrong
600	Invalid Gordian root information	-205	Response character not decimal
601	Invalid Gordian today information	-206	Response character not hexadecimal
602	Invalid Gordian tomorrow information	-207	Response character set not specified

Specific score-based authentication code (see Score-based DIGIPASS)

AAL2QADecryptQABlob

Function prototype

Description

Score-based Digipass

Parameters

Return codes

Resources