Function prototype
aat_int32 AAL2GenSignatureICSF(
TDigipassBlob* DPData,
TKernelParms* CallParms,
aat_ascii* aStorageKeyNameIn,
aat_ascii* aInitialVectorIn,
aat_ascii* Signature,
aat_ascii SignedDataFields[8][20],
aat_int32 FieldCount,
aat_int32 DeferredSignatureDate,
aat_ascii* ConfirmationCode,
aat_int32* ConfirmationCodeLength);
Description
If primary Virtual Mobile Authenticator is supported and activated for the given authenticator application BLOB, this function can be used to generate an e-signature. It is an extension of AAL2GenSignature, with the additional feature of integrating the confirmation code.
Parameters
Table: Parameters (AAL2GenSignatureICSF) | Type | Name | Use | Description |
|---|
| TDigipassBlob * | DPData | I/O | authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes. |
| TKernelParms * | CallParms | I | Structure of runtime parameters to use during this function call. |
| aat_ascii * | aStorageKeyNameIn | I | String of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data. |
| aat_ascii * | aInitialVectorIn | I | String of 16 or 32 hexadecimal characters, left-justified, null-terminated. This is the initial vector used to encrypt the sensitive authenticator application BLOB data. |
| aat_ascii * | Signature | O | String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the dynamic password generated by the library (recommended buffer size is 18 bytes). |
| aat_ascii * | SignedDataFields | I | Array of 8 left-justified, null-terminated, or space-padded strings of max. 20 characters. This parameter holds the 8 possible data fields that are entered into the Digipass authenticator to generate a signature. Digipass data fields are limited to 16 decimal, hexadecimal, or alphabetic characters. |
| aat_int32 | FieldCount | I | Numeric value from 1 to 8 indicating the number of data fields to use from the aSignedDataFieldsIn array. |
| aat_int32 | DeferredSignatureDate | I | - Must be 0 if signature is generated in online mode (OnlineSG=1 or 2).
- If signature is generated in offline mode with OnlineSG=0 or 3, this parameter can receive the date for the signature generation (number of elapsed seconds since January 1st 1970) or 0 (with 0, the current time is used).
|
| aat_ascii * | ConfirmationCode | O | String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the confirmation code generated by Authentication Suite Server SDK (recommended buffer size is 18 bytes). |
| aat_int32 * | ConfirmationCodeLength | O | Pointer to a long integer that indicates the length of the generated confirmation code. |
COBOL calling convention
Entry point: AA2VGSIC
02 W-BLOB PIC X(248).
02 W-KERNELPARMS.
03 W-PARMCOUNT PIC 9(8) USAGE BINARY.
03 W-PARM01 PIC 9(8) USAGE BINARY.
. . .
03 W-PARM19 PIC 9(8) USAGE BINARY.
02 W-CONFCODE PIC X(17).
02 W-CONFCODE-LENGTH PIC 9(8) USAGE BINARY.
02 W-RETURN PIC S9(8) USAGE BINARY.
02 W-SIGNATURE PIC X(17).
02 W-SIGNED-DATA PIC X(20) OCCURS 8.
02 W-FIELDCOUNT PIC 9(8) USAGE BINARY.
02 W-SIGNATUREDATE PIC 9(8) USAGE BINARY.
02 W-STORAGEKEY PIC X(65).
02 W-INITVECTOR PIC X(17).
02 W-API-NAME PIC X(8) VALUE 'AA2VGSIC'.
. . .
CALL W-API-NAME USING
BY REFERENCE W-BLOB
BY REFERENCE W-KERNELPARMS
BY REFERENCE W-STORAGEKEY
BY REFERENCE W-INITVECTOR
BY REFERENCE W-SIGNATURE
BY REFERENCE W-SIGNED-DATA
BY VALUE W-FIELDCOUNT
BY VALUE W-SIGNATUREDATE
BY REFERENCE W-CONFCODE
BY REFERENCE W-CONFCODE-LENGTH
RETURNING W-RETURN
Return codes
Table: Return codes (AAL2GenSignatureICSF) | Code | Meaning | Code | Meaning |
|---|
| 0 | Success | 908 | HSM key not found |
| 130 | Invalid response pointer | 951 | Invalid HSM key type for HSM decryption |
| 131 | Missing required challenge | 1000 | Function does not support EMV-CAP |
| 140 | Challenge corrupted | 1103 | Unlock Version 2 not supported |
| 141 | Invalid field count | 1104 | Virtual token is not a primary token |
| 148 | Invalid data field pointer | 1116 | Response check digit not allowed |
| 203 | Sign error threshold reached | 1117 | Challenge check digit not allowed |
| 208 | Application disabled | 1118 | Unsupported BLOB |
| 209 | Grace period expired | -101 | Challenge too short |
| 210 | Allowed use count reached | -102 | Challenge too long |
| 211 | Virtual token not supported | -103 | Challenge check digit wrong |
| 412 | Invalid checksum | -105 | Challenge minimum length not allowed |
| 413 | Invalid Base64 format | -106 | Challenge maximum length not allowed |
| 414 | Invalid checksum (HSM) | -107 | Challenge number wrong |
| 510 | Invalid Digipass data pointer | -108 | Challenge character invalid |
| 900 | Invalid session context handle | -1501 | Memory allocation failed |