AAL2GenGenPayloadKeyBlobCmd

  • Published on Jul 9, 2025
  • 2 minute(s) read
Prev Next

Function prototype

aat_int32 AAL2GenGenPayloadKeyBlobCmd(
                                      aat_byte        *Cmd,
                                      aat_int32       *CmdSize,
                                      TDigipassBlob   *DPMAData,
                                      TKernelParms    *CallParms,
                                      aat_ascii       *aStorageKeyNameIn,
                                      aat_ascii       *aIVIn,
                                      aat_ascii       *MessageVector);

Description

This function creates a command that directs the HSM to generate a payload key BLOB using the given data, and to return a result in the form of a reply.

It is only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). For more information, refer to the Authentication Suite Server SDK Product Guide.

Payload key BLOBs must be generated only if the Digipass uses the Secure Channel feature and has to be post-provisionned (DPX does not contain the payload key).

No payload key BLOB must be generated if it has been obtained during import (AAL2DPXGetTokenBlobsEx2) or if the Digipass authenticator does not support the Secure Channel feature.

The payload key BLOB generation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Digipass Multi-Device Activation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.

This function must be used with the post-HSM API AAL2ProcGenPayloadKeyBlobRpl.

Parameters

  Table: Parameters (AAL2GenGenPayloadKeyBlobCmd)
TypeNameUseDescription
aat_byte *CmdO

Up to 464 bytes that serialize the PAYLOAD KEY BLOB GENERATION command type and the input data to the payload key BLOB generation function on the HSM:

  • Command type - 2 bytes
  • Digipass Master Activation application BLOB - 192 bytes
  • Runtime parameters - 80 bytes
  • StorageKeyName - up to 128 characters
  • InitialVector - 8 bytes
  • MessageVector - up to 26 characters
  • Host time - 4 bytes

Plus 24 bytes for Authentication Suite Server SDK internal use.

aat_int32 *CmdSizeI/O

On entry, this parameter contains the size of the Cmd buffer.On exit, this parameter contains the length of the Cmd message.

TDigipassBlobDPMAData I

Digipass master activation application BLOB of the Digipass serial number license that will be used for the activation.

TKernelParms *CallParmsI

Structure of runtime parameters to use during this function call.

aat_ascii *aStorageKey NameIn I

String of up to 128+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive Digipass application BLOB data.

aat_ascii *aIVInI

String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.

aat_ascii *MessageVectorI

A string of up to 26+1 characters containing the message parameter settings, null-terminated (obtained during import).

Return codes

  Table: Return codes (AAL2GenGenPayloadKeyBlobCmd)
CodeMeaningCodeMeaning
0Success1000Function does not support EMV-CAP
149Invalid initial vector length1018Invalid TLV item pointer
412Invalid checksum (software)1025Data buffer too small
413Invalid Base64 format1265Invalid master application data pointer
590Invalid command pointer1266Invalid message vector pointer
706Invalid data buffer pointer