AAL2GenVerifySignatureCmd

  • Published on Jul 9, 2025
  • 2 minute(s) read
Prev Next

Function prototype

aat_int32 AAL2GenVerifySignatureCmd(
                                    aat_byte       *Cmd,
                                    aat_int32      *CmdSize,
                                    TDigipassBlob  *DPData,
                                    TKernelParms   *CallParms,
                                    aat_ascii      *Signature,
                                    aat_ascii       SignedDataFields[8][20],
                                    aat_int32       FieldCount,
                                    aat_int32       DeferredSignatureData);

Description

This function creates a command that directs the HSM to validate a signature using the given data and to return a result in the form of a reply.

The signature validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software e-Signature Validation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.

This function must be used with the post-HSM API AAL2ProcVerifySignatureRpl.

Parameters

  Table: Parameters (AAL2GenVerifySignatureCmd)
TypeNameUseDescription
aat_byte *CmdO

Up to 515 bytes that serialize the VERIFY SIGNATURE command type and the input data to the verify signature function on the HSM:

  • Command type - 2 bytes
  • An authenticator application BLOB - 192 bytes
  • Runtime parameters - 80 bytes
  • Signature - up to 41 characters
  • Signed data fields - 160 characters
  • Field count - 4 bytes
  • Deferred signature data - 4 bytes
  • Host time - 4 bytes

Plus 28 bytes for Authentication Suite Server SDK internal use.

aat_int32 * CmdSizeI/O

On entry, this parameter contains the size of the Cmd buffer.On exit, this parameter contains the length of the Cmd message.

TDigipassBlob *DPDataIauthenticator application BLOB.
TKernelParms*CallParmsI

Structure of runtime parameters to use during this function call.

aat_ascii * SignatureIString of up to 17 numeric or hexadecimal characters, null-terminated or padded with spaces.
aat_ascii * Signed DataFieldsI

Array of 8 left-justified, null-terminated, or space-padded strings of max. 20 characters. This parameter holds the 8 possible data fields that are entered into the Digipass authenticator to generate a signature. The Digipass data fields are limited to 16 decimal, hexadecimal, or alphabetic characters.

aat_int32 FieldCountI

Numeric value from 1 to 8 indicating the number of data fields to use from the SignedDataFields array.

aat_int32 Deferred Signature Data I
  • Must be 0 if signature is validated in online mode (OnlineSG=1 or 2).
  • If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.)

    If this parameter is >0, the filled parameter must be the Digipass time, not the host time.

  • If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.

Return codes

  Table: Return codes (AAL2GenVerifySignatureCmd)
CodeMeaningCodeMeaning
0Success413Invalid Base64 format
139Invalid signature pointer510Invalid Digipass data pointer
141Invalid field count590Invalid command pointerr
148Invalid data field pointer706Invalid data buffer pointer
207Deferred signature not allowed with OnLineSG not Null1018Invalid TLV item pointer
412Invalid checksum (software)1025Data buffer too small