Change static PIN

  • Updated on Aug 5, 2025
  • Published on Jan 24, 2025
  • 1 minute(s) read
Prev Next

This article describes the function(s) on which the change static PIN functionality is based. It contains information about parameters and possible return codes, as well as a prototype for each function.

Function prototype (aal2sdk.h)

aat_int32 AAL2ChangeStaticPasswordICSF (
                                    TDigipassBlob*   DPBlob,
                                    TKernelParms*    CallParms,
                                    aat_ascii*       aStorageKeyNameIn,
                                    aat_ascii*       aInitialVectorIn,
                                    aat_ascii*       NewStaticPassword1,
                                    aat_ascii*       NewStaticPassword2);

Description

This function is used with a Digipass authenticator that can use static passwords (e.g. Digipass GO 3). It allows administrators to provide a new static password on a mandatory basis. As this function is critical, only an authenticated user may use it in a regular integration.

Parameters

  Table: Parameters (AAL2ChangeStaticPasswordICSF)
TypeNameUseDescription
TDigipassBlob *DPBlobI/Oauthenticator application BLOB.
TKernelParms * CallParmsIStructure of runtime parameters to use during this function call.
aat_ascii *aStorageKeyNameInI

String of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive authenticator application BLOB data.

aat_ascii *aInitialVectorInIString of 16 or 32 hexadecimal characters, left-justified, null-terminated. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
aat_ascii * NewStaticPassword1I

First entry of the password change trial. Up to 8 printable ASCII-EBCDIC invariant characters. Must be null-terminated.

For a list of the characters that can be used for the new static password, see Supported new static password charset.

aat_ascii *NewStaticPassword2I

Second entry confirmation of the password change trial. Must be identical to NewStaticPassword1.

COBOL calling convention

Entry point: AA2CSPIC

02 W-BLOB                PIC X(248).
02 W-KERNELPARMS.
     03 W-PARMCOUNT      PIC 9(8) USAGE BINARY.
     03 W-PARM01         PIC 9(8) USAGE BINARY.
     . . .
     03 W-PARM19         PIC 9(8) USAGE BINARY.
02 W-STORAGEKEY          PIC X(65).
02 W-INITVECTOR          PIC X(17).
02 W-OLDPIN              PIC X(9).
02 W-NEWPIN              PIC X(9).
02 W-RETURN              PIC S9(8) USAGE BINARY.
02 W-API-NAME            PIC X(8) VALUE 'AA2CSPIC'.

. . .

CALL W-API-NAME USING
       BY REFERENCE W-BLOB
       BY REFERENCE W-KERNELPARMS
       BY REFERENCE W-STORAGEKEY
       BY REFERENCE W-INITVECTOR
       BY REFERENCE W-OLDPIN
       BY REFERENCE W-NEWPIN
       RETURNING W-RETURN.

Return codes

  Table: Return codes (AAL2ChangeStaticPasswordICSF)
CodeMeaningCodeMeaning
0Success805Password not equal
130Invalid response pointer900Invalid session context handle
412Invalid checksum (software)908HSM key not found
413Invalid Base64 format951Invalid HSM key type for HSM decryption
414Invalid checksum (HSM)1000Function does not support EMV-CAP
510Invalid Digipass data pointer1103Unlock Version 2 not supported
801Static password not supported1118Unsupported BLOB
803New password too short-1501Memory allocation failed
804New password too long