Skip navigation links
  • Detail: 
  • Field | 
  • Constr | 
  • Method
com.pax.dal

Interface IPed

  • All Known Subinterfaces:
    IPedKeyIsolation, IPedKeyIsolationManager

    public interface IPed
    关于 PED的API。 如果开启权限检查,需在AndroidManifest下添加权限:"com.pax.permission.PED"
    API for PED. If permission check is enabled, you need to add permission under AndroidManifest: "com.pax.permission.PED".

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Interface and Description
      static interface  IPed.IPedInputPinListener
      PED 輸入PIN监听器,仅对内置PED有效
      PED input PIN listener,only effective on internal PED

    • Method Summary

      All Methods Instance Methods Abstract Methods Deprecated Methods 
      Modifier and Type Method and Description
      byte[] calcAes(byte keyIdx, byte[] initvector, byte[] dataIn, ECryptOperate operation, ECryptOpt option)
      用AES算法进行加密或者解密 。仅支持EPedType.INTERNAL 类型。
      Use AES algorithm to encrypt or decrypt.
      DUKPTResult calcAesDUKPTData(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, EAlgorithmType algorithmType, byte mode)
      使用 AES DUKPT 的数据加解密密钥,对输入缓存内数据进行加密或解密。仅支持EPedType.INTERNAL 类型。
      Use the AES DUKPT data encryption and decryption key to encrypt or decrypt the data in the input buffer.
      byte[] calcDes(byte keyIndex, byte[] initvector, byte[] dataIn, byte mode)
      使用TDK对DataInLen长度的数据进行DES/TDES运算,使用DES或TDES根据密钥的长度而定。 外置A类PED需要调用setExMode setExMode(int)设置exMode exMode默认为-1,表示TDK长度为16字节,如果TDK长度为16字节则可以使用该默认值 。 支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      To use TDK encrypt or decrypt data by DES/TDES.
      byte[] calcDes(byte keyIndex, byte[] datain, EPedDesMode mode)
      使用TDK对DataInLen长度的数据进行DES/TDES运算,使用DES或TDES根据密钥的长度而定。 外置A类PED需要调用setExMode setExMode(int)设置exMode exMode默认为-1,表示TDK长度为16字节,如果TDK长度为16字节则可以使用该默认值。 支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      To use TDK encrypt or decrypt data by DES/TDES.
      byte[] calcDesData(byte keyIdx, byte[] initVector, byte[] dataIn, byte mode)
      Use TDK to do DES/TDES operation for data with length of DataInLen.
      byte[] calcDesfireAuth(byte keyIndex1, byte keyIndex2, byte[] csn, byte[] dataIn, byte[] initVector, byte mode)
      使用DesfireMasterKey和DiversificationKey来计算认证数据。
      Use DesfireMasterKey and DiversificationKey to calculate authentication data.
      DUKPTResult calcDUKPTData(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, byte mode)
      Deprecated. 
      DUKPTResult calcDUKPTDes(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, EDUKPTDesMode mode)
      Deprecated. 
      byte[] calcHMAC(int keyIndex, byte[] dataIn, int mode)
      用keyIndex指定的Salt密钥以及dataIn,依照指定mode做HMAC运算。仅支持EPedType.INTERNAL 类型。
      Do the HMAC operation in the specified mode with the Salt key specified in keyIndex and dataIn.
      byte[] calcStackUKPT(byte groupIdx, byte keyVarType, byte[] iv, byte[] data, byte mode)
      使用Stack UKPT Key进行数据加解密。
      Use Stack UKPT Key to encrypt and decrypt data.
      void cancelInput()
      PedGetPinBlock 时取消输入。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA,EPedType.EXTERNAL_TYPEC 类型。
      Cancel input when PedGetPinBlock.
      void cancelInputMute()
      getPinBlock 时取消输入,注:取消输入时静音。只支持EPedType.INTERNAL类型。
      Cancel input when getPinBlock,Note: Mute when calling interface to cancel input`.
      byte[] challengeWICKey(byte srcKeyIndex, byte mode, byte[] cardSN, byte[] dataIn)
      WIC卡的密钥验证步骤,根据WIC密钥计算出challenge数据。接口不进行与卡片交互的步骤,仅计算出challenge数据。后续流程需要由应用处理。需要设备中存在WIC密钥(以TDK的方式保存)。仅支持EPedType.INTERNAL 类型。
      WIC card key verification steps, based on the WIC key to calculate the challenge data.The interface does not perform the steps of interacting with the card, only calculating the challenge data.Subsequent processes need to be handled by the application.The WIC key (stored as TDK) is required to be present in the device.EPedType.INTERNAL only is supported.
      void clearScreen()
      该接口仅用于外置密码键盘 清屏
      This interface only be used for external PIN pad Clear screen
      void customInputKey(int keyvalue)
      在调用getPinBlock时,自定义一个输入。
      When calling getPinBlock, customize an input.
      void deriveKeyBySecureData(byte srcKeyType, byte srcKeyIdx, byte dstKeyType, byte dstKeyIdx, byte secureDataIndex, byte[] additionalDataIn, byte derivationMode)
      使用SecureData作为datain发散目的密钥。
      Use SecureData as the datain diverges the destination key.
      DUKPTResult desDukptDataCalc(byte groupIdx, byte keyVarType, byte[] pucIV, byte[] dataIn, byte mode)
      使用DUKPT的Data encryption功能,对输入数据进行加密或解密
      Use DUKPT's Data encryption feature to encrypt or decrypt input data.
      byte[] encSensData(byte keyType, byte keyIndex, byte[] initVector, byte[] dataIn, byte mode)
      Use TCHDK to do TDES/AES encryption for sensitive data with length of DataInLen
      Use TCHDK to do TDES/AES encryption for sensitive data with length of DataInLen
      boolean erase()
      清空TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2等密钥。仅支持EPedType.INTERNAL 类型。
      注:定制密钥不清除;因兼容性问题,不清除RSA密钥
      Clear TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2 keys.
      void eraseKey(byte keyType, byte keyIndex)
      擦除指定的密钥。仅支持EPedType.INTERNAL 类型。
      Erases the specified key.
      void eraseKeyEx(byte mode)
      擦除指定类型的密钥。仅支持EPedType.INTERNAL 类型。
      Erases the key of the specified type.
      void evolveStackUKPT(byte groupIdx)
      Stack UKPT Key演算。
      Stack UKPT Key evolution.
      java.lang.String genCSR(byte pubKeyIndex, byte pvkKeyIndex, java.lang.String dn)
      生成证书签名请求。仅支持EPedType.INTERNAL 类型。
      Generate the Certificate Signing Request.
      void genRSAKey(byte pvtKeyIdx, byte pubKeyIdx, short modLenBit, byte pubExpType)
      生成RSA密钥对并注入PED。仅支持EPedType.INTERNAL 类型。
      Generate RSA key pairs then inject into PED.
      SM2KeyPair genSM2KeyPair(int keyLenBit)
      生成一组 SM2 密钥对。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Generate one SM2 key-pair.EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
      byte[] getAesDUKPTKsn(byte groupIndex)
      读取当前的 KSN,将在下一次计算使用。仅支持EPedType.INTERNAL 类型。
      Read the current KSN, which will be used in the next calculation.
      DUKPTResult getAesDUKPTMac(byte groupIndex, byte[] dataIn, EAlgorithmType algorithmType, byte mode)
      使用 AES DUKPT 的 MAC 密钥计算 MAC。仅支持EPedType.INTERNAL 类型。
      Use AES DUKPT's MAC key to calculate MAC.
      DUKPTResult getAesDUKPTPin(byte groupIndex, java.lang.String exPinLen, byte[] dataIn, EAlgorithmType algorithmType, byte mode, long timeoutMs)
      在 PED 上输入 PIN,并使 AES DUKPT 的 PIN 密钥计算 PINBlock。仅支持EPedType.INTERNAL 类型。
      Enter the PIN on the PED, and use the PIN key of AES DUKPT to calculate the PINBlock.
      byte[] getDUKPTKsn(byte groupIndex)
      获取当前的KSN。仅支持EPedType.INTERNAL 类型。
      Get the current KSN.
      DUKPTResult getDUKPTMac(byte groupIndex, byte[] dataIn, byte mode)
      使用DUKPT的MAC密钥计算MAC。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。 韩国Smartro定制。
      Use MAC Key to calculate MAC.
      DUKPTResult getDUKPTMac(byte groupIndex, byte[] dataIn, EDUKPTMacMode mode)
      使用DUKPT的MAC密钥计算MAC。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Use MAC Key to calculate MAC.
      DUKPTResult getDUKPTPin(byte groupIndex, java.lang.String expPinLen, byte[] dataIn, java.lang.Boolean isByPass, java.lang.String msg1, java.lang.String msg2, int timeoutMs)
      在PED上输入PIN,并使DUKPT的PIN密钥计算PINBlock,仅适用于type-c类外置密码键盘。
      PINBlock Input the PIN on PED,and use the PINkey of DUKPT to calculate the PINBlock.
      DUKPTResult getDUKPTPin(byte groupIndex, java.lang.String expPinLen, byte[] dataIn, EDUKPTPinMode mode, int timeoutMs)
      在PED上输入PIN,并使DUKPT的PIN密钥计算PINBlock。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      PINBlock Input the PIN on PED,and use the PINkey of DUKPT to calculate the PINBlock.
      byte[] getInfoStackUKPT(byte groupIdx, byte mode)
      获取Stack UKPT Key信息。
      Get Stack UKPT Key information.
      byte[] getKCV(EPedKeyType type, byte keyIndex, byte checkMode, byte[] checkBuf)
      获取密钥校验值(KCV)以进行密钥验证。仅支持EPedType.INTERNAL 类型 。
      Getting key check value(KCV) for key verification.
      int getKeyBoardType()
      获取PIN输入的密码键盘类型 。仅支持EPedType.INTERNAL 类型。
      get keyboard type for PIN entry.
      byte[] getMac(byte keyIndex, byte[] dataIn, EPedMacMode mode)
      用KeyIdx指定的MAC密钥对DataIn进行mode指定的算法进行MAC运算,将8字节的MAC结果返回 外置A类PED需要除了设置PinBlockMode外还需要调用setExMode setExMode(int)设置exMode exMode默认为-1,表示TAK长度为16字节,如果TAK长度为16字节则可以使用该默认值 。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      To use KeyIdx MAC key calculate the DataIn following the specified Mode algorithm, return the 8 bytes MAC result.
      byte[] getMacAes(byte keyIdx, byte[] dataIn, byte mode)
      使用AES_TAK对DataIn用Mode指定的算法进行MAC运算,将16字节的MAC结果输出到MacOut MAC运算密钥是主密钥/工作密钥体系或固定密钥体系密钥或DUKPT密钥体系。
      用法:
      1.敏感服务授权:在此接口内部,先进行认证以获取敏感服务授权,若授权失败则退出。
      2.补零规则:将报文数据分割成若干16个字节的BLOCK,最后一个BLOCK不满16个字节则后补0x00。
      Use AES_TAK to perform MAC operation on dataIn with the algorithm specified by Mode, and output the 16-byte MAC result to MacOut.
      byte[] getMacSM(byte keyIdx, byte[] initVector, byte[] input, byte mode)
      使用 SM4 算法计算 MAC。 支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Use SM4 algorithm to calculate MAC.
      byte[] getMacStackUKPT(byte groupIdx, byte keyVarType, byte[] data, byte mode)
      使用Stack UKPT Key进行MAC加密运算。
      Use Stack UKPT Key for MAC encryption operation.
      byte[] getPinBlock(byte keyIndex, int keyLen, byte mode, byte inputMode, int inputMin, int inputMax, byte[] dataIn, int timeoutMs)
      指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持EPedType.EXTERNAL_TYPEA 类型。
      Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.EPedType.EXTERNAL_TYPEA is supported.
      byte[] getPinBlock(byte keyIndex, java.lang.String expPinLen, byte[] dataIn, byte mode, int timeoutMs)
      指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持EPedType.INTERNAL 类型。
      Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.
      byte[] getPinBlock(byte keyIdx, java.lang.String expPinLen, byte[] dataIn, byte mode, int timeoutMs, int controlTime)
      指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持EPedType.INTERNAL 类型。
      Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.
      byte[] getPinBlock(byte keyIndex, java.lang.String expPinLen, byte[] dataIn, EPinBlockMode mode, int timeoutMs)
      指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
      byte[] getPinBlockSM4(byte keyIndex, java.lang.String expPinLen, byte[] dataIn, EPinBlockMode mode, int timeoutMs)
      指定的时限内,扫描键盘上输入的 PIN 并输出采用 SM4 算法生成的 PIN BLOCK 加密数据块。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Scan the keyboard PIN entry and output the PIN BLOCK using SM4_TPK.
      byte[] getPinBlockStackUKPT(byte groupIdx, java.lang.String expPinLen, byte[] data, byte mode, int timeoutMs)
      扫描键盘上输入的PIN并输出由 Mode指定算法加密的 PIN BLOCK,用于Stack UKPT Key。
      Scan the PIN entered on the keyboard and output the PIN BLOCK encrypted by the algorithm specified by Mode for Stack UKPT Key.
      java.lang.String getSN()
      获取外置密码键盘的SN。支持EPedType.EXTERNAL_TYPEA,EPedType.EXTERNAL_TYPEC 类型。
      get External Ped Serial Number.
      java.lang.String getVersion()
      获取PED的版本。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Get the PED version information.
      byte[] idKeyCalc(byte keyId, byte[] initvector, byte[] dataIn, EIdKeycCalcMode mode)
      使用Idkey对机器序列号等身份信息进行加密运算 。仅支持EPedType.INTERNAL 类型。
      Use IdKey encrypt Identity information.
      void incAesDUKPTKsn(byte groupIndex)
      KSN 加 1。对应于KSN的单个DUKPT密钥最多只能使用256次,在达到最大次数后,进一步使用该密钥将返回EPedDevException.PED_ERR_DUKPT_NEED_INC_KSN异常, 所以请在使用钥匙次数超过最大次数之前增加KSN。仅支持EPedType.INTERNAL 类型。
      Add 1 to KSN.
      void incDUKPTKsn(byte groupIndex)
      对应于KSN的单个DUKPT密钥最多只能使用256次,在达到最大次数后,进一步使用该密钥将返回EPedDevException.PED_ERR_DUKPT_NEED_INC_KSN异常, 所以请在使用钥匙次数超过最大次数之前增加KSN。仅支持EPedType.INTERNAL 类型。
      A single DUKPT key corresponding to a KSN can only be used at most 256 times, further use of that key will result in EPedDevException.PED_ERR_DUKPT_NEED_INC_KSN after reaching the maxium times.
      void inputPin(java.lang.String expPinLen, long timeoutMs, byte mode)
      输入PIN的过程,并将PIN保存在PED内部。仅支持EPedType.INTERNAL 类型。
      The process of entering the PIN and saving the PIN inside the PED.
      java.lang.String inputStr(byte mode, byte min, byte max, int timeoutMs)
      该接口仅用于外置密码键盘 超时时间内输入指定长度范围内的字符串。仅支持EPedType.EXTERNAL_TYPEA 类型。
      This interface only be used for external PIN pad Type string with specified length within timeout.
      byte[] keyCalcMac(byte keyType, byte keyIdx, byte[] dataIn, byte mode)
      使用MAC密钥进行MAC运算。
      Use MAC keys for MAC operations.
      void m1AuthorityDiversified(byte type, byte m1KeyIdx, byte m1MasterKeyIdx, byte blkNo, byte[] serialNo)
      通过M1MasterKey去发散M1key,给非接驱动提供秘钥实现M1的认证。
      Distribute M1key through M1MasterKey, and provide secret key to contactless driver to realize M1 authentication.
      byte[] paxCARecover(byte keyIdx, byte pvkPukSelect, byte[] dataIn)
      使用预装PAX CA公钥或者私钥进行签名、加密、解密。
      Use the pre-installed Pax CA for signature, encryption and decryption.
      DUKPTResult pinEndGetAesDukptPin(byte groupIndex, byte[] dataIn, EAlgorithmType eAlgorithmType, byte mode)
      inputPin(String, long, byte)输入完毕后,使用AES DUKPT的PIN密钥计算PinBlock。PIN将被清空。仅支持EPedType.INTERNAL 类型。
      After inputPin(String, long, byte) is entered, calculate the PinBlock using AES DUKPT's Pin key.
      DUKPTResult pinEndGetDukptPin(byte groupIndex, byte[] dataIn, byte mode)
      inputPin(String, long, byte)输入完毕后,使用DUKPT的PIN密钥计算PinBlock。PIN将被清空。仅支持EPedType.INTERNAL 类型。
      After inputPin(String, long, byte) is entered, calculate the PinBlock using DUKPT's Pin key.
      byte[] pinEndGetPinBlock(byte keyIndex, byte[] dataIn, byte mode)
      inputPin(String, long, byte)的输入PIN加密为密文PinBlock。PIN将被清空。仅支持EPedType.INTERNAL 类型。
      Encrypt the inputPin of inputPin(String, long, byte) as ciphertext PinBlock.The PIN will be cleared.
      byte[] pinEndVerifyCipherPin(byte slot, RSAPinKey rsaPinKey, byte mode)
      inputPin(String, long, byte)输入完毕后,进行脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey 对明文PIN按照EMV规范进行加密,然后用应用提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。PIN将被清空。仅支持EPedType.INTERNAL 类型。
      After inputPin(String, long, byte) is entered, verify enciphered PIN offline is performed.
      byte[] pinEndVerifyPlainPin(byte slot, byte mode)
      inputPin(String, long, byte)输入完毕后,进行脱机明文PIN校验功能。 按照应用提供的卡片命令与卡片通道号,将明文PinBlock直接发送给卡片。PIN将被清空。仅支持EPedType.INTERNAL 类型。
      After inputPin(String, long, byte) is entered, offline plaintext PIN validation is performed.
      KeyInfo queryKeyInfo(byte keyType, byte keyIndex)
      查询密钥信息。
      Query key information.
      byte[] readKeyInfo(byte keyType, byte keyIndex, byte infoType)
      读取客户定制TCUSTK密钥信息。
      Read customer customized TCUTK key information.
      byte[] readPaxCA(byte index)
      读取PAX CA证书,不校验证书私钥。
      Read the PAX CA certificate without verifying the private key of the certificate.
      byte[] readRkiInfo(byte item)
      读取RKI信息。
      Read RKI information.
      RSAKeyInfo readRSAKey(byte rsaKeyIndex)
      读取RSA公钥密钥 。仅支持EPedType.INTERNAL 类型。
      Read rsa public key.
      RSARecoverInfo RSARecover(byte rsaKeyIndex, byte[] dataIn)
      用存储在PED的RSA密钥进行数据RSA数据运算。
      注意: 1.该函数对dataIn进行RSA加解密运算,运算结果输出到RSARecoverInfo
      2.当rsaKeyIndex指定的密钥为私钥时,如果dataIn是对应公钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文;
      3.当rsaKeyIndex指定的密钥为公钥时,如果dataIn是对应私钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文;
      4.该方法可实现长度不超过4096bits的RSA运算。
      Using the RSA key stored in PED to do the RSA data operation.
      void setAmount(java.lang.String amount)
      输入Pin时设置总额。 仅支持EPedType.INTERNAL 类型。
      Set amount Text when Input Pin.
      void setDoubleTapKeyboardLanguage(byte language)
      设置盲人输入法语音播报的语言。此接口需在getPinBlock(byte, String, byte[], byte, int)之前设置才有效。仅支持EPedType.INTERNAL 类型。
      Set the language for the voice broadcast of the blind input method.
      void setExMode(int exMode)
      该接口仅用于外置密码键盘,下载密钥,计算pinblock,计算mac,des加解密使用 。仅支持EPedType.EXTERNAL_TYPEA 类型。
      This interface only be used for external PIN pad Use for downloading main key and work key.
      void setFunctionKey(byte ucKey)
      设定某些功能键的功能。PED 上电后,CLEAR 键的默认功能为,持卡人输入 PIN 时,按 CLEAR 键, 清除已输入的 PIN。可以通过该函数来设置 CLEAR 键的不同功能。仅支持EPedType.INTERNAL 类型。
      The function of setting some function keys.
      void setFunctionKey(EFuncKeyMode mode)
      设定某些功能键的功能。 PED上电后,CLEAR键的默认功能为,持卡人输入PIN时,按CLEAR键,清除已输入的PIN。 可以通过该函数来设置CLEAR键的不同功能。 仅支持EPedType.INTERNAL 类型。
      Setting some functions of function key.
      void setInputPinListener(IPed.IPedInputPinListener listener)
      设置输入PIN监听器。仅支持EPedType.INTERNAL 类型
      Set the input PIN listener.
      void setIntervalTime(int tpkIntervalTimeMs, int takIntervalTimeMs)
      设置两次计算PINBlock或者计算MAC之间最小间隔时间 PINBLOCK间隔时间的计算方式:默认为120秒那只能调用4次,即tpkIntervalTimeMs默认值为30秒,调用该函数重新设置后,限制为4* tpkIntervalTimeMs时间内只能调用4次。比如传入的tpkIntervalTimeMs为20000(ms),则80秒内只能调用4次。 MAC间隔时间的计算方式:限制为两次计算MAC的间隔时间必须大于等于TAKIntervalTimeMs;比如传入的TAKIntervalTimeMs为20000(ms),则20秒内只能调用1次。 仅支持EPedType.INTERNAL 类型。
      Set the minimum time interval of calculating the PINBlock or MAC twice.
      void setKeyboard(byte type)
      设置PED密码键盘类型。仅支持EPedType.INTERNAL 类型。
      Set the PED keyboard type.
      byte[] setKeyBoardLayout(boolean isOnce, java.util.LinkedHashMap<android.view.View,java.lang.String> keyboardInputs)
      设置定制的Pin输入键盘布局 ,调用此方法前,需保证传入的View已绘制完成, 如Activity.onWindowFocusChanged(boolean hasFocus),hasFocus=true时,调用此方法。仅支持EPedType.INTERNAL 类型。
      Set the custom Pin input keyboard layout,This method is called before, need to ensure that the incoming View has been mapped, such as Activity.onWindowFocusChanged (Boolean hasFocus), when hasFocus equals true, this method is called.
      byte[] setKeyBoardLayout(boolean isOnce, java.lang.String layoutInfo)
      设置定制的Pin输入键盘布局 。仅支持EPedType.INTERNAL 类型。
      Set the custom Pin input keyboard layout.
      void setKeyboardLayoutLandscape(boolean landscape)
      设置密码键盘横向显示。仅支持EPedType.INTERNAL 类型。
      Set password keyboard horizontal display.
      void setKeyboardRandom(boolean random)
      设置键盘按键显示模式,固定序列或随机序列(默认)。仅支持EPedType.INTERNAL 类型。
      Set keyboard display mode, fixed sequence or random sequence (default).
      void setKeyBoardType(int type)
      设置PIN输入的密码键盘类型。仅支持EPedType.INTERNAL 类型。
      set keyboard type.
      void setOfflinePinMode(byte mode, byte tpkIndex, byte[] pinBlock)
      设置脱机PIN模式,并为外部PINPAD提供一些参数。
      Set offline PIN mode and provide some parameters for external PINPAD.
      void setPinBeep(int freq, int time)
      设置用于改变pin输入按键发声的频率和时间,只支持EPedType.INTERNAL类型
      Set to change the frequency and time of the pin input key sound,EPedType.INTERNAL is supported.
      void setPinMute(boolean mute)
      设置输PIN时是否静音。
      Set whether to mute the PIN input.
      void setPinVolume(int volume)
      设置键盘按键音量值。
      Set keyboard key volume value.
      void setPort(EUartPort port)
      设置外置PED的连接端口。支持EPedType.EXTERNAL_TYPEA,EPedType.EXTERNAL_TYPEC 类型。
      Set connection port of the external PED.
      void showInputBox(boolean flag, java.lang.String title)
      设置输入框密码的显隐 (*) 和提示信息。仅支持EPedType.INTERNAL 类型。
      Show Password * at Keyboard Page when input Pin and Set reminder text when input Pin.
      void showStr(byte x, byte y, java.lang.String str)
      该接口仅用于外置密码键盘 显示英文字符。仅支持EPedType.EXTERNAL_TYPEA 类型。
      This interface only be used for external PIN pad show English character.
      byte[] SM2Recover(byte keyIdx, byte[] input, ECryptOperate operation)
      使用 SM2 公钥加密数据或私钥解密数据 。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Use SM2 public key to encrypt data, or SM2 private key to decrypt data.
      byte[] SM2Sign(byte pubKeyIdx, byte pvtKeyIdx, byte[] uid, byte[] input)
      使用 SM2 算法获得签名信息 。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Use SM2 algorithm to calculate the signature data.
      void SM2Verify(byte pubKeyIdx, byte[] uid, byte[] input, byte[] signature)
      使用 SM2 公钥验证签名。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Use SM2 algorithm to verify the signature data.
      byte[] SM3(byte[] input, byte mode)
      使用 SM3 算法计算哈希值。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Use SM3 algorithm to calculate Hash.
      byte[] SM4(byte keyIdx, byte[] initVector, byte[] input, ECryptOperate operation, ECryptOpt option)
      使用 SM4 算法加密或解密数据 。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Use SM4 algorithm to encrypt or decrypt.
      void tr34Bind(byte[] HostCA, byte[] BindTokenKDH, byte mode)
      Bind the certificate of host, load the new host certificate into device.
      Bind the certificate of host, load the new host certificate into device.
      void tr34DevInit(byte[] DevCACert, byte[] DevCert, byte[] DevPvkBlock)
      Load CA, certificate, private key for device.
      Tr34OutBlock tr34GetCTKRD(byte mode)
      Get certificate of device in the CTKRD format.
      Get certificate of device in the CTKRD format.
      Tr34OutBlock tr34GetRTKRD(byte mode)
      Get Random Number Token of device.
      Get Random Number Token of device.
      Tr34OutBlock tr34InjectKey(byte[] HostCA, byte[] KeyToken, byte Mode)
      Verify and decode the TR-34 Key Token, inject the secret key into device.
      Verify and decode the TR-34 Key Token, inject the secret key into device.
      Tr34ParseDataOffset tr34Parse(byte[] tokenBlock, byte[] kdhInfo)
      Verify the signature and hash.
      void tr34Rebind(byte[] HostCA, byte[] reBindTokenKDH, byte mode)
      Rebind the certificate of host, load the new host certificate into device.
      Rebind the certificate of host, load the new host certificate into device.
      void tr34Unbind(byte[] HostCA, byte[] unBindTokenKDH, byte[] pucKeyList, byte mode)
      Unbind the certificate of host,delete the host certificate and specific keys.
      Unbind the certificate of host,delete the host certificate and specific keys.
      Tr34OutBlock tr34WriteKey(byte[] KeyInfo, byte[] EnvKey)
      Decode TR-34 EnvelopedKey and write secret key into device
      Decode TR-34 EnvelopedKey and write secret key into device.
      byte[] verifyCipherPin(byte slot, java.lang.String expPinLen, RSAPinKey rsaPinKey, byte mode, int timeout)
      实现脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey对明文PIN按照EMV规范进行加密,然后用应用 提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。仅支持EPedType.INTERNAL 类型。
      Verify enciphered PIN offline.
      byte[] verifyCipherPin(byte slot, java.lang.String expPinLen, RSAPinKey rsaPinKey, byte mode, int timeoutMs, int controlTime)
      实现脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey对明文PIN按照EMV规范进行加密,然后用应用提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。仅支持EPedType.INTERNAL 类型。
      Verify enciphered PIN offline.
      byte[] verifyPlainPin(byte slot, java.lang.String expPinLen, byte mode, int timeoutMs)
      实现脱机明文PIN校验功能。获取明文PIN,然后按照应用提供的卡片命令与卡片通道号,将明文PIN BLOCK直接发送给卡片(PIN BLOCK格式在用法部分描述)。 仅支持EPedType.INTERNAL 类型。
      Achieve the function of verifying plaintext offline PIN.
      byte[] verifyPlainPin(byte slot, java.lang.String expPinLen, byte mode, int timeoutMs, int controlTime)
      实现脱机明文PIN校验功能。获取明文PIN,然后按照应用提供的卡片命令与卡片通道号,将明文PIN BLOCK直接发送给卡片(PIN BLOCK格式在用法部分描述)。仅支持EPedType.INTERNAL 类型。
      Achieve the function of verifying plaintext offline PIN.
      void writeAesDUKPTTIK(byte groupIndex, byte srcKeyIndex, byte[] keyValue, byte[] ksn, byte checkMode, byte[] checkBuf)
      写入 AES DUKPT 初始密钥 AESTIK,并可以选择使用 KCV 验证密钥正确性。仅支持EPedType.INTERNAL 类型。
      Write the AES DUKPT initial key AESTIK, and you can choose to use KCV to verify the correctness of the key.
      void writeAesKey(byte srcKeyType, byte srcKeyIndex, byte destKeyType, byte destKeyIndex, byte[] destKeyValue, EAesCheckMode checkMode, byte[] checkBuf)
      写入一个AES密钥,并可以选择使用KCV验证密钥正确性。仅支持EPedType.INTERNAL 类型。
      To write Aes key to PED, and use KCV to check the key correction.
      void writeAesKey(EPedKeyType srcKeyType, byte srcKeyIndex, byte destkeyIndex, byte[] destKeyValue, EAesCheckMode checkMode, byte[] checkBuf)
      写入一个AES密钥,并可以选择使用KCV验证密钥正确性。仅支持TAESK。仅支持EPedType.INTERNAL 类型。
      To write Aes key to PED, and use KCV to check the key correction.only allow TAESK.
      void writeCipherKey(byte srcKeyType, byte srcKeyIndex, byte[] keyInfo, byte[] keyBlock, byte mode)
      写入由源密钥加密的特殊要求的密码密钥。
      Write a specially required cryptographic key encrypted by the source key.
      void writeKey(EPedKeyType srcKeyType, byte srcKeyIndex, EPedKeyType destKeyType, byte destkeyIndex, byte[] destKeyValue, ECheckMode checkMode, byte[] checkBuf)
      写入一个密钥,包括TLK,TMK和TWK的写入、发散,并可以选择使用KCV验证密钥正确性。
      void writeKeyEx(EPedKeyType srcKeyType, byte srcKeyIndex, EPedKeyType destKeyType, byte destkeyIndex, byte[] destKeyValue, ECheckMode checkMode, byte[] checkBuf, byte[] keyVarIn, byte keyVarMode)
      写入一个密钥,包括TLK,TMK和TWK的写入、发散,并可以选择使用KCV验证密钥正确性。Pax Tech Iberia SL客户定制。
      void writeKeyVar(EPedKeyType type, byte srcKeyIndex, byte destKeyIndex, byte[] xorData, ECheckMode checkMode, byte[] checkBuf)
      使用指定密钥类型的密钥索引所在的密钥明文与一串数据进行异或,得到密钥写入到同一类型密钥区的指定索引位置 。仅支持EPedType.INTERNAL 类型。
      Use the plaintext key specified by the source key index and the key type to do exclusive-or with the input data, and write the result to the location specified by the destination key index with the same key type.
      void writeRSAKey(byte rsaKeyIndex, RSAKeyInfo info)
      1.注入RSA密钥到PED
      2.PED最多支持10组RSA密钥,目前最长只支持256字节长的RSA密钥。
      3.存储的RSA密钥是公钥还是私钥由密钥的指数长度决定,当密钥指数和模等长时,是私钥。
      4.PED通过PedWriteRsaKey注入RSA密钥。
      5.通过PedRSARecover使用已注入的密钥进行RSA运算。
      6.任何时候,RSA密钥可以进行重写。
      仅支持EPedType.INTERNAL 类型。
      void writeSaltKey(byte[] salt)
      写入salt密钥。仅支持EPedType.INTERNAL 类型。
      Write salt key.
      void writeSaltKey(byte[] salt, int index)
      将salt写入指定索引位置。仅支持EPedType.INTERNAL 类型。
      Write salt to the specified index.
      void writeSM2CipherKey(EPedKeyType srcKeyType, byte srcKeyIdx, EPedKeyType dstKeyType, byte dstKeyIdx, byte[] keyValue)
      注入 SM2 密钥 。仅支持EPedType.INTERNAL 类型。
      To write SM2 cipher key to PED.
      void writeSM2Key(byte keyIdx, EPedKeyType keyType, byte[] keyValue)
      往PED中写入SM2密钥。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      To write SM2 key to PED.
      void writeStackUKPTKey(byte groupIdx, byte[] tscIdentifier, byte[] tscSeedKey, byte tscSeedKeyDepth, byte mode)
      写入Stack UKPT Key。
      Write Stack UKPT Key.
      void writeTIK(byte groupIndex, byte srcKeyIndex, byte[] keyValue, byte[] ksn, ECheckMode checkMode, byte[] checkBuf)
      写入TIK,并可以选择使用KCV验证密钥正确性。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
      Write in TIK, and can check the key correction by using KCV.
      void writeTIK(byte kbpkType, byte kbpkIndex, byte groupIndex, byte[] TR31keyBlock)
      注入TIK。仅支持EPedType.INTERNAL 类型。
      Injection of TIK.
      void writeTR31Key(byte srcKeyType, byte srcKeyIndex, byte dstKeyIndex, byte[] TR31KeyBlock)
      写入TR31格式的密钥到PED。包括TMK、TWK、TIK、AES_TMK、AES_TWK和AES_TIK。
      To write keys in TR31 format into PED, including TMK,TWK,TIK,AES_TMK,AES_TWK and AES_TIK.

    • Method Detail

      • getPinBlock

        byte[] getPinBlock(byte keyIndex,
                   java.lang.String expPinLen,
                   byte[] dataIn,
                   EPinBlockMode mode,
                   int timeoutMs)
            throws PedDevException
        指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIndex -
        [1~100] TPK的索引
        [1~100] TPK index
        expPinLen -

        当IPed为EPedType.INTERNAL:可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。

        当IPed为EPedType.EXTERNAL_TYPEA:PIN长度在expPinLen中的最小值和最大值区间。如果mode = EPinBlockMode.ISO9564_0时,当最小长度不为0时,允许按"确认"退出 。

        When IPed is EPedType.INTERNAL:The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.

        When IPed is EPedType.EXTERNAL_TYPEA:The PIN length is between the minimum and maximum values in expPinLen. If mode = EPinBlockMode.ISO9564_0, press "ok" to exit when the minimum length is not 0.

        dataIn -
        • When mode=ISO9564_0, DataIn is the 16 bytes primary account number after shifting.
        • When mode=ISO9564_1, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.
        • When mode=ISO9564_3, DataIn is the 16 bytes primary account number after shifting.
        • When mode=HKEPS, dataIn is ISN [6 Bytes, ASCII code]
        mode - EPinBlockMode
        PIN BLOCK的格式
        PIN BLOCK Format
        • ISO9564_0
        • ISO9564_1
        • ISO9564_3
        • HKEPS -EPS PINBLOCK Format
        timeoutMs -

        输入PIN的超时时间,单位:毫秒 最大值为300000ms

        0:表示没有超时时间,PED不做超时控制

        The timeout of PIN entry [unit:ms] Maximum is 300000ms.

        0: No timeout time, not doing timeout control for PED.

        Returns:
        返回pinBlock,如果bypass 返回NULL
        Return pinBlock byte array, if bypass,return NULL.
        Throws:
        PedDevException

      • getMac

        byte[] getMac(byte keyIndex,
              byte[] dataIn,
              EPedMacMode mode)
       throws PedDevException
        用KeyIdx指定的MAC密钥对DataIn进行mode指定的算法进行MAC运算,将8字节的MAC结果返回 外置A类PED需要除了设置PinBlockMode外还需要调用setExMode setExMode(int)设置exMode exMode默认为-1,表示TAK长度为16字节,如果TAK长度为16字节则可以使用该默认值 。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        To use KeyIdx MAC key calculate the DataIn following the specified Mode algorithm, return the 8 bytes MAC result. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIndex -
        [1~100] TAK的索引
        [1~100] TAK index
        dataIn -
        长度<=1024 MAC运算的数据包的长度[输入],长度 不为8字节整除,则自动补"\x00"
        The data length less than or equal to 1024 bytes If the length not multiple by 8, 0x00 will be padding automatically.
        mode -
        • MODE_00 -Doing DES/TDES encryption for BLOCK1 by usingMAC key. Doing DES/TDES encryption again by using TAK when and after bitwise XOR the previous encryption result with BLOCK2. Processing in turn to get the 8 bytes encryption result.
        • MODE_01 -Doing bitwise XOR for BLOCK1 and BLOCK2; Do bitwise XOR again by using previous XOR result with BLOCK3. Do it in turn and finally get the 8 bytes XOR result. Using TAK to process DES/TDES encryption for the result
        • MODE_02 -ANSIX9.19 standard, Do DES encryption for BLOCK1 by using TAK (only take the first 8 bytes of key). The encryption result wills bitwise XOR with BLOCK2,and then doing DES encryption by using TAK again. Do it in turn and get the 8 bytes encryption result. Using DES/TDES to encrypt in the last time.
        • MODE_03 -CMAC algorithm. KSN does not automatically increase by 1.
        • MODE_05 -HMAC-SHA256 algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.
        • MODE_06 -APACS70OWF MAC calculation of mac key.
        Returns:
        返回MAC结果。当mode等于HMAC-SHA256算法是,输出长度为32字节。其他为8字节。
        return the MAC data。When the mode is equal to the HMAC-SHA256 algorithm, the output length is 32 bytes. Others are 8 bytes.
        Throws:
        PedDevException

      • calcDes

        byte[] calcDes(byte keyIndex,
               byte[] datain,
               EPedDesMode mode)
        throws PedDevException
        使用TDK对DataInLen长度的数据进行DES/TDES运算,使用DES或TDES根据密钥的长度而定。 外置A类PED需要调用setExMode setExMode(int)设置exMode exMode默认为-1,表示TDK长度为16字节,如果TDK长度为16字节则可以使用该默认值。 支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        To use TDK encrypt or decrypt data by DES/TDES. Using DES or TDES depends on the key length. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIndex -
        [1~100] TDK或者TXK的索引 。
        [1~100] TDK or TXK index.
        datain -
        待运算的数据,数据长度 <=8k字节, 必须能被8字节整除
        the data to be calculated.The data length <=8k bytes, must be divisible by 8 bytes
        mode - EPedDesMode
        Returns:
        运算后的数据 。
        The data which have been calculated.
        Throws:
        PedDevException

      • calcDes

        byte[] calcDes(byte keyIndex,
               byte[] initvector,
               byte[] dataIn,
               byte mode)
        throws PedDevException
        使用TDK对DataInLen长度的数据进行DES/TDES运算,使用DES或TDES根据密钥的长度而定。 外置A类PED需要调用setExMode setExMode(int)设置exMode exMode默认为-1,表示TDK长度为16字节,如果TDK长度为16字节则可以使用该默认值 。 支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        To use TDK encrypt or decrypt data by DES/TDES. Using DES or TDES depends on the key length. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIndex -
        [1~100] TDK的索引
        [1~100] TDK index
        initvector -
        使用CBC 模式进行加解密运算时需要用到,若InitVector为NULL,则默认为8字节的全0x00。 使用ECB加解密时不需要,可以为NULL。
        ECB mode: init vector is null .CBC mode: init vector, 8 bytes.
        dataIn -
        待运算的数据,数据长度除ECB模式和CBC最大支持8k字节,其他模式最大支持2048字节。 必须能被8字节整除
        the data to be calculated. The data length except the ECB and CBC mode supports a maximum of 8k bytes, and the other modes support a maximum of 2048 bytes. must be divisible by 8 bytes
        mode -
        • 0: ECB模式解密
        • 1: ECB模式加密
        • 2: CBC模式解密
        • 3: CBC模式加密
        • 4: OFB模式解密
        • 5: OFB模式加密
        • 6: CFB8模式解密
        • 7: CFB8模式加密
        • 0: DECRYPT#ECB
        • 1: ENCRYPT#ECB
        • 2: DECRYPT#CBC
        • 3: ENCRYPT#CBC
        • 4: DECRYPT#OFB
        • 5: ENCRYPT#OFB
        • 6: DECRYPT#CFB8
        • 7: ENCRYPT#CFB8
        Returns:
        返回运算后的数据
        the data after calculation.
        Throws:
        PedDevException
        Since:
        V2.04.00

      • getDUKPTPin

        DUKPTResult getDUKPTPin(byte groupIndex,
                        java.lang.String expPinLen,
                        byte[] dataIn,
                        EDUKPTPinMode mode,
                        int timeoutMs)
                 throws PedDevException
        在PED上输入PIN,并使DUKPT的PIN密钥计算PINBlock。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        PINBlock Input the PIN on PED,and use the PINkey of DUKPT to calculate the PINBlock. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        groupIndex -
        [1~100] DUKPT密钥组索引号
        [1~100] DUKPT key group id
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        dataIn -
        mode - EDUKPTPinMode
      • Not used for type-c
        • timeoutMs -

        输入PIN的超时时间,单位:毫秒 最大值为300000ms

        0:表示没有超时时间,PED不做超时控制

        The timeout of PIN entry [unit:ms] Maximum is 300000ms.

        0: No timeout time, not doing timeout control for PED.

        Returns:
        DUKPTResult DUKPTResult
        Throws:
        PedDevException

      • getKCV

        byte[] getKCV(EPedKeyType type,
              byte keyIndex,
              byte checkMode,
              byte[] checkBuf)
       throws PedDevException
        获取密钥校验值(KCV)以进行密钥验证。仅支持EPedType.INTERNAL 类型 。
        Getting key check value(KCV) for key verification. EPedType.INTERNAL only is supported. EPedType.INTERNAL only is supported.
        Parameters:
        type - EPedKeyType support: TMK/ AES_TMK TAK/ AES_TAK TPK/ AES_TPK TDK/ AES_TDK TCHDK/ AES_TCHDK TIK/ AES_TIK SALTKEY TIDK PPAD_TMK/PPAD_TPK SM4_TMK/ SM4_TAK/ SM4_TPK/ SM4_TDK
        keyIndex -
        密钥的索引号
        key index
        checkMode -
        • checkMode=0x00时, 使用该密钥对一段数据进行DES/TDES加密运算,生成的密文的前4个字节即为KCV,该模式适用于PED_TLK/ PED_TMK/ PED_TAK/ PED_TPK/ PED_TDK/ PED_PPAD_TXK。
        • checkMode=0x00时, 返回注入密钥时写入的KCV值。该模式适用于PED_TIK/ PED_AES_TIK。
        • checkMode=0x03时, 使用该密钥对一段数据进行CMAC加密运算,生成的密文的前5个字节即为KCV。该模式适用于PED_TLK/ PED_TMK/ PED_TAK/ PED_TPK/ PED_TDK/ PED_PPAD_TXK/ PED_AES_TLK/ PED_AES_TMK/ PED_AES_TAK/ PED_AES_TPK/ PED_AES_TDK。
        • checkMode=0x04时, 使用该密钥对一段数据进行SM4加密运算,生成的密文的前4个字节即为KCV。该模式适用于PED_SM4_TMK/ PED_SM4_TAK/ PED_SM4_TPK/ PED_ SM4_TDK。
        • When checkMode=0x00, use this key to do TDES entryption for a block of data, the first 4 bytes of the generated ciphertext is KCV. This mode is suitable for TDES key/PED_TIDK/PED_TIK/ PED_AES_TIK. when EPedKeyType is PED_TIK/ PED_AES_TIK, the KCV value written during key injection is returned.
        • when checkMode=0x01, the same with checkMode 0x00, but the checkBuf is not needed, is considered as 8 bytes zero.
        • When checkMode=0x03, use this key to do CMAC encryption operation for a block of data, and the first 5 bytes of the generated ciphertext are KCV. This mode is suitable for TDES/AES key.
        • When checkMode=0x04, use this key to do SM4 encryption operation for a block of data, and the first 4 bytes of the generated ciphertext are KCV. This mode is suitable for SM4 key and PED_TIDK.
        checkBuf -
        • When checkMode=0x00/0x04, The data needing to compute must be a multiple of 8/16. checkBuf is recommended to be 8(checkMode 0)/16(checkMode 4) bytes zero.
        • when checkMode=0x01/0x03, checkBuf is not needed.
        • When checkMode=0x00/0x04, The data needing to compute must be a multiple of 8/16. checkBuf is recommended to be 8(checkMode 0)/16(checkMode 4) bytes zero.
        • when checkMode=0x01/0x03, checkBuf is not needed.
        Returns:
        • 当checkMode = 0x00/0x04时,若KeyType为PED_TIK/PED_AES_TIK,返回的KCV值为pedWriteTIK/pedAesDukptWriteTIK接口写入时的KCV值。 (如果pedWriteTIK注入密钥时不带KCV校验值,将返回对8个字节的0x00进行DES/TDES加密,得到的密文的前4个字节KCV校验值。 如果pedAesDukptWriteTIK注入密钥时不带KCV校验值,将返回对16个字节的0x00进行CMAC加密,得到的密文的前5个字节KCV校验值。) 其他返回4个字节长度的KCV。
        • 当checkMode = 0x03时,将返回对16个字节的0x00进行CMAC加密,得到的密文的前5个字节KCV校验值。
        • When checkMode = 0x00/0x01/0x04, it will return 4 bytes KCV(when KeyType is not PED_TIK/PED_AES_TIK). If KeyType is PED_TIK/PED_AES_TIK, the checkMode must be 0, and return 8 bytes KCV value. the KCV value is written during key injection(TIK is TDES KCV, AES_TIK is CMACAES KCV).
        • When checkMode = 0x03, it will return 5 bytes KCV.
        Throws:
        PedDevException

      • erase

        boolean erase()
       throws PedDevException
        清空TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2等密钥。仅支持EPedType.INTERNAL 类型。
        注:定制密钥不清除;因兼容性问题,不清除RSA密钥
        Clear TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2 keys. EPedType.INTERNAL only is supported.
        Note: Customized keys are not cleared; due to compatibility issues, RSA keys are not cleared
        Returns:
        • true-擦除成功
        • false-擦除失败
        • true -- Clear success
        • false -- Clear failure
        Throws:
        PedDevException

      • setIntervalTime

        void setIntervalTime(int tpkIntervalTimeMs,
                     int takIntervalTimeMs)
              throws PedDevException
        设置两次计算PINBlock或者计算MAC之间最小间隔时间 PINBLOCK间隔时间的计算方式:默认为120秒那只能调用4次,即tpkIntervalTimeMs默认值为30秒,调用该函数重新设置后,限制为4* tpkIntervalTimeMs时间内只能调用4次。比如传入的tpkIntervalTimeMs为20000(ms),则80秒内只能调用4次。 MAC间隔时间的计算方式:限制为两次计算MAC的间隔时间必须大于等于TAKIntervalTimeMs;比如传入的TAKIntervalTimeMs为20000(ms),则20秒内只能调用1次。 仅支持EPedType.INTERNAL 类型。
        Set the minimum time interval of calculating the PINBlock or MAC twice. PINBLOCK interval is calculated as below: When the default time is 120 seconds, it can only be called 4 times, that is, the default value of tpkIntervalTimeMs is 30 seconds, after resetting by calling this function, it is limited to call 4 times during the time of 4* tpkIntervalTimeMs. For example, if the incoming tpkIntervalTimeMs value is 20000(ms), it can be called 4 times within 80 seconds.MAC interval calculation: limit to two calculations, MAC interval time must be greater than or equal to TAKIntervalTimeMs; for example, the incoming TAKIntervalTimeMs is 20000 (MS), then 20 seconds can only call 1 times. EPedType.INTERNAL only is supported.
        Parameters:
        tpkIntervalTimeMs -
        • tpkIntervalTimeMs=0:使用默认值(30000ms)
        • tpkIntervalTimeMs>0:间隔时间(单位:毫秒)
        • tpkIntervalTimeMs=0xffffffff:当前设置不被改变
        • tpkIntervalTimeMs=0:Use the default value(30000 ms)
        • tpkIntervalTimeMs=0xffffffff:No change of current setting.
        takIntervalTimeMs -
        • tpkIntervalTimeMs=0:使用默认值(0ms)
        • tpkIntervalTimeMs>0:间隔时间(单位:毫秒)
        • tpkIntervalTimeMs=0xffffffff:当前设置不被改变
        • tpkIntervalTimeMs=0:Use the default value(0 uint:ms)
        • tpkIntervalTimeMs大于0:Interval time(uint:ms)
        • tpkIntervalTimeMs=0xffffffff:No change of current setting.
        Throws:
        PedDevException

      • setFunctionKey

        void setFunctionKey(EFuncKeyMode mode)
             throws PedDevException
        设定某些功能键的功能。 PED上电后,CLEAR键的默认功能为,持卡人输入PIN时,按CLEAR键,清除已输入的PIN。 可以通过该函数来设置CLEAR键的不同功能。 仅支持EPedType.INTERNAL 类型。
        Setting some functions of function key. When PED is power on, the default function of CLEAR button is when card holder is typing in PIN, pressing the CLEAR button can clear input PIN. It is allowed to set different functions for CLEAR button by using this function. EPedType.INTERNAL only is supported.
        Parameters:
        mode - EFuncKeyMode
        Throws:
        PedDevException

      • writeRSAKey

        void writeRSAKey(byte rsaKeyIndex,
                 RSAKeyInfo info)
          throws PedDevException
        1.注入RSA密钥到PED
        2.PED最多支持10组RSA密钥,目前最长只支持256字节长的RSA密钥。
        3.存储的RSA密钥是公钥还是私钥由密钥的指数长度决定,当密钥指数和模等长时,是私钥。
        4.PED通过PedWriteRsaKey注入RSA密钥。
        5.通过PedRSARecover使用已注入的密钥进行RSA运算。
        6.任何时候,RSA密钥可以进行重写。
        仅支持EPedType.INTERNAL 类型。

        1. Import RSA to the PED

        2. PED can support 10 sets of RSA Key at most, current can supports a maximum length of 256 bytes RSA key.

        3. Whether the stored RSA is the public key or private key will be determined by the exponent length. If the length of key exponent is equal to modulus, it is a private key.

        4. PED uses PedWriteRsaKey to Import RSA key.

        5. Use the imported key to do the RSA operation by calling PedRsaRecover.

        6. RSA key can be rewritten at any time

        EPedType.INTERNAL only is supported.
        Parameters:
        rsaKeyIndex -
        密钥索引[1~10]
        Key Index [1~10]
        info - RSAKeyInfo
        Throws:
        PedDevException

      • RSARecover

        RSARecoverInfo RSARecover(byte rsaKeyIndex,
                          byte[] dataIn)
                   throws PedDevException
        用存储在PED的RSA密钥进行数据RSA数据运算。
        注意: 1.该函数对dataIn进行RSA加解密运算,运算结果输出到RSARecoverInfo
        2.当rsaKeyIndex指定的密钥为私钥时,如果dataIn是对应公钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文;
        3.当rsaKeyIndex指定的密钥为公钥时,如果dataIn是对应私钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文;
        4.该方法可实现长度不超过4096bits的RSA运算。
        Using the RSA key stored in PED to do the RSA data operation.
        Note: 1. This function performs RSA encryption and decryption operation on dataIn, and the operation result is output to RSARecoverInfo
        2. When the key specified by rsaKeyIndex is a private key, if dataIn is the encrypted ciphertext corresponding to the public key, then RSARecoverInfo is the plaintext of dataIn, otherwise RSARecoverInfo is the RSA ciphertext of dataIn;
        3. When the key specified by rsaKeyIndex is a public key, if dataIn is the encrypted ciphertext corresponding to the private key, then RSARecoverInfo is the plaintext of dataIn, otherwise RSARecoverInfo is the RSA ciphertext of dataIn;
        4. This method can realize the RSA operation whose length does not exceed 4096bits.
        Parameters:
        rsaKeyIndex -
        密钥索引[1~10]
        Key Index [1~10]
        dataIn -
        被加解密的数据,和模等长
        The encrypted/decrypted data, which has the same length as the modulus.
        Returns:
        RSARecoverInfo
        Throws:
        PedDevException

      • verifyPlainPin

        byte[] verifyPlainPin(byte slot,
                      java.lang.String expPinLen,
                      byte mode,
                      int timeoutMs)
               throws PedDevException
        实现脱机明文PIN校验功能。获取明文PIN,然后按照应用提供的卡片命令与卡片通道号,将明文PIN BLOCK直接发送给卡片(PIN BLOCK格式在用法部分描述)。 仅支持EPedType.INTERNAL 类型。
        Achieve the function of verifying plaintext offline PIN. Get plaintext PIN and then Send plaintext PIN BLOCK to card according to card command and card slot number (PIN BLOCK format will be provided in operation part.). EPedType.INTERNAL only is supported.
        Parameters:
        slot -
        卡片所在的卡座号
        card slot number
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        mode -
        • 0x00: I C卡命令模式,现支持符合EMV2000的IC卡命令。
        • 0x01: 给WIC使用。
        • 0x00: IC Card Command Mode,Currently support EMV2000.
        • 0x01: For WIC.
        timeoutMs -
        输入PIN的超时时间,单位:毫秒 最大值为300000ms
        The timeout of PIN entry [ms],Maximum is 300000ms.
        Returns:
        卡片响应的状态码 (2字节:SW1+SW2)
        The status code of card response (2 bytes: SW1+SW2).
        Throws:
        PedDevException

      • verifyCipherPin

        byte[] verifyCipherPin(byte slot,
                       java.lang.String expPinLen,
                       RSAPinKey rsaPinKey,
                       byte mode,
                       int timeout)
                throws PedDevException
        实现脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey对明文PIN按照EMV规范进行加密,然后用应用 提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。仅支持EPedType.INTERNAL 类型。
        Verify enciphered PIN offline. Get plain text PIN and then use RsaPinKey provided by application to encrypt plaintext PIN according to EMV standard. Send enciphered PIN to card according to card command and card channel number provided by application. EPedType.INTERNAL only is supported.
        Parameters:
        slot -
        卡片所在的卡座号
        card slot number
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        rsaPinKey - RSAPinKey
        mode -
        0x00 IC卡命令模式,目前支持EMV2000。
        0x00 IC Card Command Mode,Currently support EMV2000.
        timeout -
        输入PIN的超时时间,单位:毫秒 最大值为300000ms
        The timeout of PIN input [unit:ms].Maximum is 300000Ms.
        Returns:
        卡片响应的状态码 (2字节:SW1+SW2)
        The card response code (2 bytes:SW1 and SW2)
        Throws:
        PedDevException

      • setExMode

        void setExMode(int exMode)
        该接口仅用于外置密码键盘,下载密钥,计算pinblock,计算mac,des加解密使用 。仅支持EPedType.EXTERNAL_TYPEA 类型。
        This interface only be used for external PIN pad Use for downloading main key and work key. EPedType.EXTERNAL_TYPEA only is supported.
        Parameters:
        exMode -
          调用writeKey时,如果下载的密钥为主密钥或DES密钥,取值如下:
        • -1,默认值,3倍DES密钥 16字节
        • 0x01 单DES密钥 8字节
        • 0x03 3倍DES密钥 16字节
        • 0x07 3倍DES密钥 24字节
          调用writeKey时,如果下载的密钥为工作密钥(TPK,TAK)则指示最终工作密钥明文的生成运算方式:
        • -1,默认值,主密钥和工作密钥均为3DES/16字节密钥,采用主密钥对工作密钥解密的方式
        • 0x01-- DES加密 0x81-- DES解密 MKeyID 与 WKeyID 均为单DES/ 8字节密钥
        • 0x03-- 3DES加密0x31-- 3DES加密 0x83-- 3DES解密 0xb1-- 3DES解密 0x03-- 3DES加密 MKeyID为3DES/16字节密钥,WKeyID为单DES/8字节密钥
        • 0x07-- 3DES加密 0x87-- 3DES解密 MKeyID为3DES/24字节密钥,WKeyID为单DES/8字节密钥
        • 0x33-- 3DES加密 0xb3-- 3DES解密 MKeyID与WKeyID均为3DES/16字节密钥
        • 0x71-- 3DES加密 0xf1-- 3DES解密 MKeyID为3DES/24字节密钥, WKeyID为单DES/8字节密钥
        • 0x73-- 3DES加密 0xf3-- 3DES解密 MKeyID为3DES/24字节密钥, WKeyID为3DES-16字节密钥
        • 0x77-- 3DES加密 0xf7-- 3DES解密 MKeyID与WKeyID均为3DES/24字节密钥
          调用getPinBlock的时候: 如果mode = EPinBlockMode.ISO9564_0模式
        • -1: 默认值,TPK为16字节密钥
        • 0x01:8字节单DES,按照ANSI X9.8标准,PIN输入时当最小长度不为0时,允许按"确认"退出
        • 0x31:16字节密钥DES按照ANSI X9.8标准,PIN输入时当最小长度不为0时,允许按"确认"退出
        • 0x71:24字节密钥DES按照ANSI X9.8标准,PIN输入时当最小长度不为0时,允许按"确认"退出
        • 0x04 :按照ANSI X9.8标准,采用3DES加密方法
          • 如果mode = EPinBlockMode.HKEPS模式(X3.92)
        • -1: 默认值,TPK为8字节单DES密钥
        • 0x02: des按照ANSI X3.92标准
        • 0x32: 16字节密钥DES按照ANSI X3.92标准,大陆版SP20不支持
        • 0x72: 24字节密钥DES按照ANSI X3.92标准,大陆版SP20不支持
          调用getMac的时候,指定PedMacMode后还需要指定exMode 如果mode = PedMacMode#MODE_00(算法1),exMode的取值如下:
        • -1: 默认值,3DES加密[密钥为16字节]
        • 0x01 DES加密[密钥为8字节]
        • 0x03 3DES加密[密钥为16字节]
        • 0x07 3DES加密[密钥为24字节]
          • 如果mode = PedMacMode#MODE_01(算法2),exMode的取值如下:
        • -1: 默认值,3DES加密[密钥为16字节]
        • 0x01 DES加密[密钥为8字节]
        • 0x03 3DES加密[密钥为16字节]
        • 0x07 3DES加密[密钥为24字节]
          • 如果mode = PedMacMode#MODE_02(算法3),exMode的取值如下:
        • -1: 默认值,3DES加密[密钥为16字节]
        • 0x13: 3DES加密[密钥为16字节]
        • 0x17: 3DES加密[密钥为24字节]
          调用calcDes的时候,需要指定exMode,取值如下:
        • -1: 默认值,[密钥为16字节],加解密由calcDes的EPedDesMode参数指定
        • 0x01 DES加密
        • 0x03 3DES加密 [密钥为16字节]
        • 0x81 DES解密 (EPS无此项)
        • 0x83 3DES解密 (EPS无此项)
        • 0x07 3DES加密 [密钥为24字节]
        • 0x87 3DES解密 [密钥为24字节]
        When call writeKey,if the downloading key is main key or the DES key,then:
        • mode=0x01 -DES key of 8 bytes
        • mode=0x03 -3DES key of 16 bytes
        • mode=0x07 -3DES key of 24 bytes
        When called writeKey,if the downloading key is work key(TPK,TAK), then specify the final generated computation mode:
        • 0x01-- DES encryption 0x81-- DES decryption. MKeyID and WKeyID are both DES/ key of 8 bytes
        • 0x03-- 3DES encryption 0x83-- 3DES decryption 0xb1-- 3DES decreption. MKeyID is 3DES/key of 16 bytes,WKeyID is DES/key of 8 bytes
        • 0x07-- 3DES encryption 0x87-- 3DES decryption. MKeyID is 3DES/key of 24 bytes,WKeyID is DES/key of 8 bytes
        • 0x33-- 3DES encryption 0xb3-- 3DES decryption. MKeyID and WKeyID are both 3DES/key of 16 bytes
        • 0x71-- 3DES encryption 0xf1-- 3DES decryption. MKeyID is 3DES/key of 24 bytes, WKeyID is DES/key of 8 bytes
        • 0x73-- 3DES encryption 0xf3-- 3DES decryption. MKeyID is 3DES/key of 24 bytes, WKeyID is 3DES/key of 16 bytes
        • 0x77-- 3DES encryption 0xf7-- 3DES decryption. MKeyID and WKeyID are both 3DES/key of 24 bytes
        When called getPinBlock,to ANSI X3.92 Standard
        • 0x02: 8 bytes key
        • 0x32: 16 bytes key
        • 0x72: 24 bytes key
        When called getMac,specify PedMacMode and exMode. If mode= PedMacMode#MODE_00, exMode value as follows:
        • 0x01 -DES encryption[8 bytes]
        • 0x03 -3DES encryption[16 bytes]
        • 0x07 -3DES encryption [24 bytes]
        If mode = PedMacMode#MODE_02,exMode value as follows:
        • 0x13: 3DES encryption [16 bytes]
        • 0x17: 3DES encryption [24 bytes]
        If mode = PedMacMode#MODE_01,exMode value as follows:
        • 0x01 -DES encryption [8 bytes]
        • 0x03 -3DES encryption [16 bytes]
        • 0x07 -3DES encryption [24 bytes]
        When called calDes,specify the exMode, value as follows:
        • mode = 0x01 -DES encryption
        • mode = 0x03 -3DES encryption [16 bytes]
        • mode = 0x81 -DES decryption [No this option for EPS]
        • mode = 0x83 -3DES decryption[No this option for EPS]
        • mode=0x07 -3DES encryption [24 bytes]
        • mode=0x87 -3DES decryption [24 bytes]

      • inputStr

        java.lang.String inputStr(byte mode,
                          byte min,
                          byte max,
                          int timeoutMs)
                   throws PedDevException
        该接口仅用于外置密码键盘 超时时间内输入指定长度范围内的字符串。仅支持EPedType.EXTERNAL_TYPEA 类型。
        This interface only be used for external PIN pad Type string with specified length within timeout. EPedType.EXTERNAL_TYPEA only is supported.
        Parameters:
        mode -
        0x00 - 明码显示, 0x01 - 显示*号
        0x00 - show plain code, 0x01 - show * code
        min -
        输入字符串的最小长度
        Min length for typing string
        max -
        输入字符串的最大长度
        Max length for typing string
        timeoutMs -
        超时时间,单位毫秒,最大超时时间为120秒
        Timeout[ms],max timeout is 120 seconds.
        Returns:
        输入的字符串
        typed string
        Throws:
        PedDevException

      • showStr

        void showStr(byte x,
             byte y,
             java.lang.String str)
      throws PedDevException
        该接口仅用于外置密码键盘 显示英文字符。仅支持EPedType.EXTERNAL_TYPEA 类型。
        This interface only be used for external PIN pad show English character. EPedType.EXTERNAL_TYPEA only is supported.
        Parameters:
        x -
        显示字符在LCD上的起始点阵列号(单位:点),0≤x<122;
        Horizontal coordinate which is displayed on LCD.(unit: pixel great than or equal to 0 and less than or equal to 122)
        y -
        y:显示字符在LCD上的行号(单位:行),每行均为16点高的行,0—第一行,1--第二
        Vertical coordinate which is displayed on LCD.(unit:pixel),the height of every row is 16 pixels. 0-1st row, 1-2nd row
        str -
        要显示的字符串
        string to be displayed
        Throws:
        PedDevException

      • showInputBox

        void showInputBox(boolean flag,
                  java.lang.String title)
           throws PedDevException
        设置输入框密码的显隐 (*) 和提示信息。仅支持EPedType.INTERNAL 类型。
        Show Password * at Keyboard Page when input Pin and Set reminder text when input Pin. EPedType.INTERNAL only is supported.
        Parameters:
        flag -
        控制输入框的显隐 ,true:显示 false:隐藏
        display password with * at Keyboard Page when input pin,true:shows false:hidden
        title -
        要显示的提示字符串
        reminder text when input Pin
        Throws:
        PedDevException

      • writeSM2CipherKey

        void writeSM2CipherKey(EPedKeyType srcKeyType,
                       byte srcKeyIdx,
                       EPedKeyType dstKeyType,
                       byte dstKeyIdx,
                       byte[] keyValue)
                throws PedDevException
        注入 SM2 密钥 。仅支持EPedType.INTERNAL 类型。
        To write SM2 cipher key to PED. EPedType.INTERNAL only is supported.
        Parameters:
        srcKeyType - EPedKeyType
        发散SM2秘钥(公/私钥)的源秘钥的类型,支持PED_SM4_TMK。
        Type of the source key to diversify SM2 key(private/public key), support PED_SM4_TMK key.
        srcKeyIdx -
        发散SM2秘钥(公/私钥)的源秘钥的索引
        Index of the source key to diversify SM2 key(private/public key)
        dstKeyType - EPedKeyType
        目标密钥的类型,支持PED_SM2_PVT_KEY或者PED_SM2_PUB_KEY。
        Type of the destination key, support PED_SM2_PVT_KEY or PED_SM2_PUB_KEY.
        dstKeyIdx -
        目标密钥对额索引
        Index of the destination key.
        keyValue -
        SM2公私钥的数据
        SM2 private/public key data.
        Throws:
        PedDevException

      • SM2Recover

        byte[] SM2Recover(byte keyIdx,
                  byte[] input,
                  ECryptOperate operation)
           throws PedDevException
        使用 SM2 公钥加密数据或私钥解密数据 。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        Use SM2 public key to encrypt data, or SM2 private key to decrypt data. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIdx -
        SM2 密钥索引[1~20]
        SM2 key index: 1~20
        input -
        待加密或解密的数据。加密:最大长度(1024-96)字节; 解密:最大长度1024字节。
        Input data to be encrypted or decrypted. Encrypt: max length is (1024-96) bytes. Decrypt: max length is 1024 bytes.
        operation - ECryptOperate
        Returns:
        加密或解密后的数据
        data that after encryption or decryption
        Throws:
        PedDevException

      • SM2Sign

        byte[] SM2Sign(byte pubKeyIdx,
               byte pvtKeyIdx,
               byte[] uid,
               byte[] input)
        throws PedDevException
        使用 SM2 算法获得签名信息 。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        Use SM2 algorithm to calculate the signature data. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        pubKeyIdx -
        SM2 公钥索引[1~20]
        SM2 public key index: 1~20
        pvtKeyIdx -
        SM2 私钥索引[1~20]
        SM2 private key index: 1~20
        uid -
        签名者 ID 无特殊约定的情况下,用户身份的标识 ID 的长度为 16 字节,其默认值为 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38。
        Signer ID, max length is 512 bytes, and default value is {0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38}
        input -
        待签名数据,最大长度1024字节
        Input data, and max length is 1024 bytes.
        Returns:
        64 字节的签名值
        64 bytes signature data.
        Throws:
        PedDevException

      • SM2Verify

        void SM2Verify(byte pubKeyIdx,
               byte[] uid,
               byte[] input,
               byte[] signature)
        throws PedDevException
        使用 SM2 公钥验证签名。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        Use SM2 algorithm to verify the signature data. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        pubKeyIdx -
        SM2 公钥索引[1~20]
        SM2 public key index: 1~20
        uid -
        签名者 ID,最大长度为512字节,无特殊约定的情况下,用户身份的标识 ID 的 长度为 16 字节,其默认值为 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38。
        Signer ID , maximum length is 512 bytes, max length is 512 bytes, and default value is {0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38}
        input -
        被签名数据
        Input data, and max length is 1024 bytes.
        signature -
        64 字节的签名值
        64 bytes signature data.
        Throws:
        PedDevException

      • getMacSM

        byte[] getMacSM(byte keyIdx,
                byte[] initVector,
                byte[] input,
                byte mode)
         throws PedDevException
        使用 SM4 算法计算 MAC。 支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        Use SM4 algorithm to calculate MAC. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIdx -
        SM4_TAK 的密钥索引[1~100]
        SM4_TAK index: 1~100
        initVector -
        16 字节初始化向量
        init vector, 16 bytes
        input -
        待计算 MAC 的数据
        Mode为0时,支持8K,16的倍数
        Mode为1时,支持1024,16的倍数
        Input data.
        Mode = 0: support 8K, multiples of 16.
        Mode = 1: support 1024, multiples of 16.
        mode -
        0x00: 使用 SM4 CBC 算法计算 MAC 值,首先 将初始向量与 BLOCK1 进行异或,并用 SM4 算法使用 TAK 对异或的结果进行加密,然后 获得的密文与 BLOCK2 异或,用 SM4 算法使 用 TAK 对结果加密,按顺序给出 16 字节的 加密结果。MacOut 为 16 字节。 0x01: SM3 Hash Mac,MacOut 为 32 字节。
        0x00: use SM4 CBC algorithm, and MAC has 16 bytes. 0x01: use SM3 algorithm, and MAC has 32 bytes.
        Returns:
        MAC
        Throws:
        PedDevException

      • getPinBlockSM4

        byte[] getPinBlockSM4(byte keyIndex,
                      java.lang.String expPinLen,
                      byte[] dataIn,
                      EPinBlockMode mode,
                      int timeoutMs)
               throws PedDevException
        指定的时限内,扫描键盘上输入的 PIN 并输出采用 SM4 算法生成的 PIN BLOCK 加密数据块。支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。
        Scan the keyboard PIN entry and output the PIN BLOCK using SM4_TPK. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIndex -
        [1~100] SM4_TPK 的索引
        [1~100] SM4_TPK index
        expPinLen -

        当IPed为EPedType.INTERNAL:可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。

        当IPed为EPedType.EXTERNAL_TYPEA:PIN长度在expPinLen中的最小值和最大值区间。如果mode = EPinBlockMode.ISO9564_0时,当最小长度不为0时,允许按"确认"退出 。

        When IPed is EPedType.INTERNAL:The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.

        When IPed is EPedType.EXTERNAL_TYPEA:The PIN length is between the minimum and maximum values in expPinLen. If mode = EPinBlockMode.ISO9564_0, press "ok" to exit when the minimum length is not 0.

        dataIn -
        DataIn 域共占用 16 字节空间,用于存放卡号 移位后生成的 16 位主账号。 当 Mode=0x00 时,DataIn 指向卡号移位后生 成的 16 位主帐号。
        If Mode=0x00, DataIn is the 16 bytes PAN after shifting.
        mode - EPinBlockMode
        选择 PIN BLOCK 的格式, ISO9564 格式 0
        PIN BLOCK format ISO9564 format 0
        timeoutMs -
        输入 PIN 的超时时间,单位:毫秒 最大值为 300000ms 0:表示没有超时时间,PED 不做超时控制。
        The timeout of PIN entry [ms, Input] Maximum is 300000Ms.
        Returns:
        16bytes 生成的密文 PINBlock
        16bytes PINBlock
        Throws:
        PedDevException

      • idKeyCalc

        byte[] idKeyCalc(byte keyId,
                 byte[] initvector,
                 byte[] dataIn,
                 EIdKeycCalcMode mode)
          throws PedDevException
        使用Idkey对机器序列号等身份信息进行加密运算 。仅支持EPedType.INTERNAL 类型。
        Use IdKey encrypt Identity information. EPedType.INTERNAL only is supported.
        Parameters:
        keyId -
        1 (目前只支持索引1)
        1(only support 1 now)
        initvector -
        ECB 模式: 初始向量为 null ; CBC 模式: 初始向量, 16 字节.
        ECB mode: init vector is null; CBC mode: init vector, 16 bytes.
        dataIn -
        输入数据进行加密或解密。 最大长度为1024,16的倍数。
        To encrypt or decrypt incoming data. A maximum length of 1024, a multiple of 16.
        mode - EIdKeycCalcMode
        Returns:
        加密的数据
        Encrypt Result
        Throws:
        PedDevException

      • setKeyboardLayoutLandscape

        void setKeyboardLayoutLandscape(boolean landscape)
                         throws PedDevException
        设置密码键盘横向显示。仅支持EPedType.INTERNAL 类型。
        Set password keyboard horizontal display. EPedType.INTERNAL only is supported.
        Parameters:
        landscape -
        true:横向 false:竖向。 注: 密码键盘横屏显示不支持自定义键盘,跟IPed.setKeyBoardLayout接口不能一起调用。
        true:horizontalfalse:vertical. Note: The horizontal screen display of the password keyboard does not support custom keyboards and cannot be called together with the IPed.setKeyBoardLayout interface.
        Throws:
        PedDevException

      • setKeyBoardLayout

        byte[] setKeyBoardLayout(boolean isOnce,
                         java.lang.String layoutInfo)
                  throws PedDevException
        设置定制的Pin输入键盘布局 。仅支持EPedType.INTERNAL 类型。
        Set the custom Pin input keyboard layout. EPedType.INTERNAL only is supported.
        Parameters:
        isOnce -
        true:单次有效 false:重启机器前有效
        true:single effect false:effective before restarting the device
        layoutInfo -
        定制Pin输入键盘布局 ,json格式的字符串, 模板:{ "areas": [{ "type": "NUM", "geometry": "x,y,w,h" }, { "type": "CANCEL", "geometry": "x,y,w,h" }, { "type": "ENTER", "geometry": "x,y,w,h" }, { "type": "CLEAR", "geometry": "x,y,w,h" } ] } type表示键类型,NUM表示数字键,CLEAR表示清除键,ENTER表示确认件,CANCEL表示取消键 geomentry表示键盘布局,x表示x坐标,y表示y坐标,w表示宽,h表示高
        custom Pin input keyboard layout, json-formatted string, template: { "areas": [{ "type": "NUM", "geometry": "x,y,w,h" }, { "type": "CANCEL", "geometry": "x,y,w,h" }, { "type": "ENTER", "geometry": "x,y,w,h" }, { "type": "CLEAR", "geometry": "x,y,w,h" } ] } type:key type,NUM:number key,CLEAR:clear key,ENTER:enter key,CANCEL:cancel key. geomentry:key layout parameters,x:x-coordinate,y:y-coordinate,w:width,h:height.
        Returns:
        数字键盘的顺序,为10个字节byte数组
        numeric keypad order, 10 byte array
        Throws:
        PedDevException

      • writeAesKey

        void writeAesKey(EPedKeyType srcKeyType,
                 byte srcKeyIndex,
                 byte destkeyIndex,
                 byte[] destKeyValue,
                 EAesCheckMode checkMode,
                 byte[] checkBuf)
          throws PedDevException
        写入一个AES密钥,并可以选择使用KCV验证密钥正确性。仅支持TAESK。仅支持EPedType.INTERNAL 类型。
        To write Aes key to PED, and use KCV to check the key correction.only allow TAESK. EPedType.INTERNAL only is supported.
        Parameters:
        srcKeyType - EPedKeyType

        原密钥类型

        Source Key Type

        srcKeyIndex -

        原密钥索引

        当srcKeyIndex = 0,密钥将以明文形式写入PED。

        Source Key Index

        • when srcKeyType=TLK, srcKeyIndex=1
        • when srcKeyType=TMK, srcKeyIndex=[1~100]
        • when srcKeyType=AES_TMK, srcKeyIndex=[1~100]
        when srcKeyIndex = 0,The key will be written to PED in clear text.
        destkeyIndex -

        目的密钥索引[1-100]

        Destination Key Index[1-100]

        destKeyValue -

        密钥明文或密文,16/24/32bytes

        Cryptograph or Plaintext,16/24/32bytes

        checkMode - EAesCheckMode

        校验模式

        • checkMode=KCV_NONE -无验证.
        • checkMode=KCV_ENCRYPT_0 -对16个字节的0x00进行AES ECB模式加密运算,得到的密文的前4个字节即为KCV值。
        • checkMode=KCV_ENCRYPT_FIX_DATA -首先对密钥明文进行奇校验,再对16字节长度 ―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖进行AES ECB模式的加密运算,得到的密文的前4个字节即为KCV值。
        • checkMode=KCV_MAC_INPUT_DATA -传入一串数据KcvData,使用源密钥对[aucDstKeyValue(密文)+ KcvData]进行指定模式的MAC运算,得到的8个字节的MAC值即为KCV值。

        Check Mode

        • When checkMode=KCV_NONE -No Check
        • When checkMode=KCV_ENCRYPT_0 -Perform AES ECB mode encryption on 16 bytes 0x00, and use first 4 bytes as KCV.
        • When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform AES ECB mode encryption on 16 bytes―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖, and use first 4 bytes as KCV.
        • When checkMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode of MAC on [aucDesKeyValue(ciphertext) +KcvData], and use the 8 bytes result as KCV.
        checkBuf -

        校验数据缓冲区

        Check Data Buffer

        • When checkMode=KCV_NONE -PED won't check KCV, this data is no meaning.
        • When checkMode=KCV_ENCRYPT_0 -4 bytes key check value
        • When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value
        • When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode getMac(byte, byte[], EPedMacMode) checkBuf[2+kcvDataLen]:KCV length checkBuf[3+kcvDataLen]:KCV Value
        Throws:
        PedDevException
        Since:
        V2.00.02

      • calcAes

        byte[] calcAes(byte keyIdx,
               byte[] initvector,
               byte[] dataIn,
               ECryptOperate operation,
               ECryptOpt option)
        throws PedDevException
        用AES算法进行加密或者解密 。仅支持EPedType.INTERNAL 类型。
        Use AES algorithm to encrypt or decrypt. EPedType.INTERNAL only is supported.
        Parameters:
        keyIdx -
        AES_TDK 密钥索引: 1~40
        AES_TDK Key index: 1~40
        initvector -
        使用CBC/OFB 模式进行加解密运算时需要用到,若InitVector为NULL,则默认为16字节的全0x00。 使用ECB加解密时不需要,可以为NULL。
        ECB mode: init vector is null .CBC mode: init vector, 16 bytes.
        dataIn -
        待运算的数据.应小于等于1024字节,且为16的倍数。
        Input data to be encrypted or decrypted. Max length <= 1024, and that is a multiple of 16.
        operation -
        option -
        Returns:
        加密或者解密后的数据
        encrypted or decrypted data
        Throws:
        PedDevException
        Since:
        V2.00.02

      • genRSAKey

        void genRSAKey(byte pvtKeyIdx,
               byte pubKeyIdx,
               short modLenBit,
               byte pubExpType)
        throws PedDevException
        生成RSA密钥对并注入PED。仅支持EPedType.INTERNAL 类型。
        Generate RSA key pairs then inject into PED. EPedType.INTERNAL only is supported.
        Parameters:
        pvtKeyIdx -
        私钥索引1-10
        Private key index 1-10
        pubKeyIdx -
        公钥索引1-10
        Public key index 1-10
        modLenBit -
        模长,支持512,1024,2048。
        Modulus len,support 512,1024,2048.
        pubExpType -
        公共指数类型:0:3 1:65537
        Public exponent type: 0:3 1:65537
        Throws:
        PedDevException
        Since:
        V2.01.00

      • getPinBlock

        byte[] getPinBlock(byte keyIndex,
                   java.lang.String expPinLen,
                   byte[] dataIn,
                   byte mode,
                   int timeoutMs)
            throws PedDevException
        指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持EPedType.INTERNAL 类型。
        Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time. EPedType.INTERNAL only is supported.
        Parameters:
        keyIndex -
        [1~100] TPK的索引
        [1~100] TPK index
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。

        当mode=0x05的时候,该参数为"5"

        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.

        When mode=0x05,it should be "5"

        dataIn -
        • 当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。
        • 当mode=0x01时, DataIn被忽略.接口内部采用随机数填充PINBlock。
        • 当mode=0x02时, DataIn指向位移后的16位PAN。
        • 当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]
        • 当Mode=0x05时, DataIn包含卡账号和CCS数据,格式为PANlen(1个字节) + CCSlen(1个字节) + PAN(PANlen个字节) + CCS(CCSlen个字节)。其中PAN为卡账号(ASCII码),目前限定PANlen必须为18,CCSlen必须为0或者8,CCS为ASCII码格式。
        • 当mode=0x14时,DataIn为原始主帐号。
        • When mode=0x00, DataIn is the 16 bytes primary account number after shifting.
        • When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.
        • When mode=0x02, DataIn is the 16 bytes primary account number after shifting.
        • When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]
        • When Mode=0x05, DataIn contains card account and CCS data. The format is PANlen (1 bytes) + CCSlen (1 bytes) + PAN (PANlen byte) + CCS (CCSlen byte). In which PAN is a card account (ASCII code), the current limited PANlen must be 18, CCSlen must be 0 or 8, CCS is ASCII code format.
        • When mode=0x14, DataIn is the original primary account.
        mode -
        PIN BLOCK的格式
        • 0x00:ISO9564_0
        • 0x01:ISO9564_1
        • 0x02:ISO9564_3
        • 0x03:HK EPS
        • 0x04:预留
        • 0x05:Italy 专用模式
        • 0x06:AS2805 zero length PIN block mode。不会要求输入PIN,不会弹出输PIN窗口,expPinLen必须为0。
        • 0x11:使用AES_TPK加密,pinblock是日本的hit特殊模式
        • 0x12:使用AES_TPK加密,pinblock是日本的PKCS7模式
        • 0x14:使用AES_TPK加密,pinblock是ISO9564 格式4
        • 0x50:3DES-CBC
        PIN BLOCK Format
        • 0x00:ISO9564_0
        • 0x01:ISO9564_1
        • 0x02:ISO9564_3
        • 0x03:HK EPS -EPS PINBLOCK Format
        • 0x04:Reserved
        • 0x05:Italy special mode
        • 0x06:AS2805 zero length PIN block mode。The pin input window will not pop up. expPinLen must be 0.
        • 0x11:Using AES_TPK encryption, pinblock is Japan's hit special mode
        • 0x12:Using AES_TPK encryption, pinblock is Japan's PKCS7 mode
        • 0x14:Using AES_TPK encryption, pinblock is in ISO9564 format 4
        • 0x50:3DES-CBC
        timeoutMs -

        输入PIN的超时时间,单位:毫秒 最大值为300000ms

        0:表示没有超时时间,PED不做超时控制

        The timeout of PIN entry [unit:ms] Maximum is 300000ms.

        0: No timeout time, not doing timeout control for PED.

        Returns:
        返回pinBlock,如果bypass 返回NULL。如果mode=0x11,返回16字节数组。
        Return pinBlock byte array, if bypass,return NULL. If mode=0x11,return 16 byte array.
        Throws:
        PedDevException
        Since:
        V2.02.00

      • setFunctionKey

        void setFunctionKey(byte ucKey)
             throws PedDevException
        设定某些功能键的功能。PED 上电后,CLEAR 键的默认功能为,持卡人输入 PIN 时,按 CLEAR 键, 清除已输入的 PIN。可以通过该函数来设置 CLEAR 键的不同功能。仅支持EPedType.INTERNAL 类型。
        The function of setting some function keys. After the PED is powered on, the default function of the CLEAR key is to press the CLEAR key to clear the incoming PIN when the cardholder enters PIN. This function can be used to set different functions of the CLEAR key. EPedType.INTERNAL only is supported.
        Parameters:
        ucKey -
        • ucKey为0x00时,表示在已输入的PIN已经清空或者没有输入PIN时按CLEAR键的功能,PED退出输入密码状态,并返回PED_RET_ERR_INPUT_CLEAR。
        • ucKey为0x01时,表示调用该函数后,密码输入的接口(PedGetPinBlock、PedGetPinDukpt、PedVerifyPlainPin、PedVerifyCipherPin) 在输入PIN过程中,按下CLEAR键,逐个清除最后输入的PIN,当清空所有已输入的PIN时,不退出输入PIN函数。
        • ucKey为0x02时,表示允许按ATM4键,结束PIN输入,对于无ATM键的机型无效。
        • ucKey为0x03时,表示允许按功能键,结束PIN输入,对于无FN键的机型无效。
        • ucKey为0x04时,表示没有输入PIN时按CLEAR键,PED退出输入密码状态,并返回PED_RET_ERR_INPUT_CLEAR;当有PIN输入时,按CLEAR键逐个清除最后输入的PIN,当清空所有已输入的PIN时,不退出输入PIN函数
        • ucKey为0x05时,表示没有输入PIN时按CLEAR键,PED退出输入密码状态,并返回PED_RET_ERR_INPUT_CLEAR;当有PIN输入时,按CLEAR键会一次性全部清除所有输入的PIN,当清空所有已输入的PIN时再按CLEAR键,不退出输入PIN函数。
        • ucKey为0x07时,表示当PIN输入达到指定个数时,无需用户手动按确认键,自动结束PIN输入。
        • uckey为0x08时,表示当调用密码键盘时先插上IC卡,如果输PIN过程中拔卡,PED退出输入密码状态,并返回PED_RET_ERR_NO_ICC(-316)。
        • ucKey为0xff时,表示恢复功能键默认功能。
        备注:
        (1)ucKey为0x00,0x01,0x04,0x05时,描述的是按CLEAR键的功能,只能选一种。
        (2)ucKey为0x07时,描述的是自动完成PIN输入的功能。
        (3)ucKey为0x02,0x03时,描述的是重新自定义可以结束PIN输入的按键(要看所使用的机型是否有这个按键)。
        (1),(2)和(3)这三种情况是可以同时设置起效的。比如setFunctionKey(0x00)后还可以设置setFunctionKey(0x07)。
        • When ucKey is 0x00, it means that PED exits the input password state and returns to PED_RET_ERR_INPUT_CLEAR when the input PIN is empty or does not enter PIN with the CLEAR key.
        • When ucKey is 0x01, when the function is called, the interface (PedGetPinBlock, PedGetPinDukpt, PedVerifyPlainPin, PedVerifyCipherPin) of the password input is pressed by the CLEAR key in the input PIN process, and the final PIN is removed one by one. When all the entered PIN are emptied, the input PIN function is not exited.
        • When ucKey is 0x02, it means that the ATM4 input is allowed to end the PIN input, which is invalid for the machine without ATM key.
        • When ucKey is 0x03, it means that the PIN input is allowed to press the function key, which is invalid for the FN free key.
        • When ucKey is 0x04, it means pressing CLEAR when PIN is not entered, PED exits the password input state and returns PED_RET_ERR_INPUT_CLEAR; when there is PIN input, press CLEAR key to clear the last PIN one by one, and when all the PIN input is emptied, it does not exit the input PIN function.
        • When ucKey is 0x05, it means pressing CLEAR when PIN is not entered, PED exits the password state and returns to PED_RET_ERR_INPUT_CLEAR; when there is PIN input, pressing CLEAR key clears all input PINs at one time, and then pressing CLEAR key when all input PINs are emptied, and does not exit the input PIN function.
        • When ucKey is 0x07, it means that when the PIN input reaches the specified number, the user does not need to manually press the confirm key, but automatically ends the PIN input.
        • When ucKey is 0x08, the IC card is inserted before the password keyboard is called. If the card is pulled out during PIN input, PED exits the password input state, and PED_RET_ERR_NO_ICC(-316) is returned.
        • When ucKey is 0xff, it means restoring the default function of the function key.
        Notes:
        (1)If ucKey is 0x00, 0x01, 0x04 or 0x05, it describes the function of pressing the CLEAR key. Only one function can be selected.
        (2)If ucKey is 0x07, it describes the function of automatically completing PIN input.
        (3)If ucKey is 0x02 or 0x03, it describes a button that can be re-customized to end the PIN entry (depending on whether the model you are using has this button).
        (1), (2) and (3) can be set to take effect at the same time. For example, you can call setFunctionKey(0x07) after setFunctionKey(0x00).
        Throws:
        PedDevException
        Since:
        V3.00.00

      • getDUKPTPin

        DUKPTResult getDUKPTPin(byte groupIndex,
                        java.lang.String expPinLen,
                        byte[] dataIn,
                        java.lang.Boolean isByPass,
                        java.lang.String msg1,
                        java.lang.String msg2,
                        int timeoutMs)
                 throws PedDevException
        在PED上输入PIN,并使DUKPT的PIN密钥计算PINBlock,仅适用于type-c类外置密码键盘。
        PINBlock Input the PIN on PED,and use the PINkey of DUKPT to calculate the PINBlock. Only for external type-c pinpad
        Parameters:
        groupIndex -
        [1~100]DUKPT引擎索引, 0,1,2
        [1~100] DUKPT key group id, 0,1,2
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        dataIn -
        • dataIn指向卡号移位后生成的16位主帐号
        • dataIn is the 16 bytes primary account number after shifting.
        isByPass -
        • 是否允许不输入密码,true:意味着可以直接按Enter键返回
        • true:means that no PIN is required, and pressing "Enter" will return.
        msg1 -
        提示1。
        Hint 1.
        msg2 -
        提示2。
        Hint 2.
        timeoutMs -

        输入PIN的超时时间,单位:毫秒 最大值为300000ms

        0:表示没有超时时间,PED不做超时控制

        The timeout of PIN entry [unit:ms] Maximum is 300000ms.

        0: No timeout time, not doing timeout control for PED.

        Returns:
        DUKPTResult DUKPTResult
        Throws:
        PedDevException

      • setKeyBoardType

        void setKeyBoardType(int type)
              throws PedDevException
        设置PIN输入的密码键盘类型。仅支持EPedType.INTERNAL 类型。
        set keyboard type. EPedType.INTERNAL only is supported.
        Parameters:
        type -
        • 0:同时开启物理键盘和虚拟键盘输入
        • 1:只开启物理键盘输入
        • 2:只开启虚拟键盘输入
        • 0:Open physical keyboard and virtual keyboard input simultaneously.
        • 1:Only physical keyboard input is enabled.
        • 2:Open virtual keyboard input only
        Throws:
        PedDevException

      • getKeyBoardType

        int getKeyBoardType()
             throws PedDevException
        获取PIN输入的密码键盘类型 。仅支持EPedType.INTERNAL 类型。
        get keyboard type for PIN entry. EPedType.INTERNAL only is supported.
        Returns:
        • 0:同时开启物理键盘和虚拟键盘输入
        • 1:只开启物理键盘输入
        • 2:只开启虚拟键盘输入
        • 0:Open physical keyboard and virtual keyboard input simultaneously.
        • 1:Only physical keyboard input is enabled.
        • 2:Open virtual keyboard input only
        Throws:
        PedDevException

      • getPinBlock

        byte[] getPinBlock(byte keyIdx,
                   java.lang.String expPinLen,
                   byte[] dataIn,
                   byte mode,
                   int timeoutMs,
                   int controlTime)
            throws PedDevException
        指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持EPedType.INTERNAL 类型。
        Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time. EPedType.INTERNAL only is supported.
        Parameters:
        keyIdx -
        [1~100] TPK的索引
        [1~100] TPK index
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。

        当mode=0x05的时候,该参数为"5"

        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.

        When mode=0x05,it should be "5"

        dataIn -
        • 当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。
        • 当mode=0x01时, DataIn被忽略.接口内部采用随机数填充PINBlock。
        • 当mode=0x02时, DataIn指向位移后的16位PAN。
        • 当mode=0x05时, DataIn包含卡账号和CCS数据,格式为PANlen(1个字节) + CCSlen(1个字节) + PAN(PANlen个字节) + CCS(CCSlen个字节)。其中PAN为卡账号(ASCII码),目前限定PANlen必须为18,CCSlen必须为0或者8,CCS为ASCII码格式。
        • 当mode=0x14时,DataIn为原始主帐号。
        • When mode=0x00, DataIn is the 16 bytes primary account number after shifting.
        • When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.
        • When mode=0x02, DataIn is the 16 bytes primary account number after shifting.
        • When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]
        • When mode=0x05, DataIn contains card account and CCS data. The format is PANlen (1 bytes) + CCSlen (1 bytes) + PAN (PANlen byte) + CCS (CCSlen byte). In which PAN is a card account (ASCII code), the current limited PANlen must be 18, CCSlen must be 0 or 8, CCS is ASCII code format.
        • When mode=0x14, DataIn is the original primary account.
        mode -
        PIN BLOCK的格式
        • 0x00:ISO9564_0
        • 0x01:ISO9564_1
        • 0x02:ISO9564_3
        • 0x03:HK EPS
        • 0x04:预留
        • 0x05:Italy 专用模式
        • 0x11:使用AES_TPK加密,pinblock是日本的hit特殊模式
        • 0x12:使用AES_TPK加密,pinblock是日本的PKCS7模式
        • 0x14:使用AES_TPK加密,pinblock是ISO9564 格式4
        • 0x50:3DES-CBC
        PIN BLOCK Format
        • 0x00:ISO9564_0
        • 0x01:ISO9564_1
        • 0x02:ISO9564_3
        • 0x03:HK EPS -EPS PINBLOCK Format
        • 0x04:Reserved
        • 0x05:Italy special mode
        • 0x11:Using AES_TPK encryption, pinblock is Japan's hit special mode
        • 0x12:Using AES_TPK encryption, pinblock is Japan's PKCS7 mode
        • 0x14:Using AES_TPK encryption, pinblock is in ISO9564 format 4
        • 0x50:3DES-CBC
        timeoutMs -

        输入PIN的超时时间,单位:毫秒 最大值为300000ms

        0:表示没有超时时间,PED不做超时控制

        The timeout of PIN entry [unit:ms] Maximum is 300000ms.

        0: No timeout time, not doing timeout control for PED.

        controlTime -
        等待第二个及之后的按键的超时时间,单位:毫秒(超过30s的为30s)
        The time-out for waiting for the second and subsequent keys in milliseconds (30 seconds for more than 30 seconds)
        Returns:
        返回pinBlock,如果bypass 返回NULL。如果mode=0x11,返回16字节数组。
        Return pinBlock byte array, if bypass,return NULL. If mode=0x11,return 16 byte array.
        Throws:
        PedDevException
        Since:
        V3.02.00

      • verifyPlainPin

        byte[] verifyPlainPin(byte slot,
                      java.lang.String expPinLen,
                      byte mode,
                      int timeoutMs,
                      int controlTime)
               throws PedDevException
        实现脱机明文PIN校验功能。获取明文PIN,然后按照应用提供的卡片命令与卡片通道号,将明文PIN BLOCK直接发送给卡片(PIN BLOCK格式在用法部分描述)。仅支持EPedType.INTERNAL 类型。
        Achieve the function of verifying plaintext offline PIN. Get plaintext PIN and then Send plaintext PIN BLOCK to card according to card command and card slot number (PIN BLOCK format will be provided in operation part.). EPedType.INTERNAL only is supported.
        Parameters:
        slot -
        卡片所在的卡座号
        card slot number
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        mode -
        • 0x00: I C卡命令模式,现支持符合EMV2000的IC卡命令。
        • 0x01: 给WIC使用。
        • 0x00: IC Card Command Mode,Currently support EMV2000.
        • 0x01: For WIC.
        timeoutMs -
        输入PIN的超时时间,单位:毫秒 最大值为300000ms
        The timeout of PIN entry [ms],Maximum is 300000ms.
        controlTime -
        等待第二个及之后的按键的超时时间,单位:毫秒(超过30s的为30s)
        The time-out for waiting for the second and subsequent keys in milliseconds (30 seconds for more than 30 seconds)
        Returns:
        卡片响应的状态码 (2字节:SW1+SW2)
        The status code of card response (2 bytes: SW1+SW2).
        Throws:
        PedDevException
        Since:
        V3.02.00

      • verifyCipherPin

        byte[] verifyCipherPin(byte slot,
                       java.lang.String expPinLen,
                       RSAPinKey rsaPinKey,
                       byte mode,
                       int timeoutMs,
                       int controlTime)
                throws PedDevException
        实现脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey对明文PIN按照EMV规范进行加密,然后用应用提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。仅支持EPedType.INTERNAL 类型。
        Verify enciphered PIN offline. Get plain text PIN and then use RsaPinKey provided by application to encrypt plaintext PIN according to EMV standard. Send enciphered PIN to card according to card command and card channel number provided by application. EPedType.INTERNAL only is supported.
        Parameters:
        slot -
        卡片所在的卡座号
        card slot number
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        rsaPinKey - RSAPinKey
        mode -
        0x00 IC卡命令模式,目前支持EMV2000。
        0x00 IC Card Command Mode,Currently support EMV2000.
        timeoutMs -
        输入PIN的超时时间,单位:毫秒 最大值为300000ms
        The timeout of PIN input [unit:ms].Maximum is 300000Ms.
        controlTime -
        等待第二个及之后的按键的超时时间,单位:毫秒(超过30s的为30s)
        The time-out for waiting for the second and subsequent keys in milliseconds (30 seconds for more than 30 seconds)
        Returns:
        卡片响应的状态码 (2字节:SW1+SW2)
        The card response code (2 bytes:SW1 and SW2)
        Throws:
        PedDevException
        Since:
        V3.02.00

      • setKeyBoardLayout

        byte[] setKeyBoardLayout(boolean isOnce,
                         java.util.LinkedHashMap<android.view.View,java.lang.String> keyboardInputs)
                  throws PedDevException
        设置定制的Pin输入键盘布局 ,调用此方法前,需保证传入的View已绘制完成, 如Activity.onWindowFocusChanged(boolean hasFocus),hasFocus=true时,调用此方法。仅支持EPedType.INTERNAL 类型。
        Set the custom Pin input keyboard layout,This method is called before, need to ensure that the incoming View has been mapped, such as Activity.onWindowFocusChanged (Boolean hasFocus), when hasFocus equals true, this method is called. EPedType.INTERNAL only is supported.
        Parameters:
        isOnce -
        true:单次有效 false:重启机器前有效
        true:single effect false:effective before restarting the device
        keyboardInputs -
        键盘集合。注意:数字键必须按照键盘布局从左到右,从上到下的顺序加入Map。不支持传入横屏布局的view. Map.Key:键实例,Map.value:表示键类型,NUM表示数字键,CLEAR表示清除键,ENTER表示确认键,CANCEL表示取消键
        Keyboard set. Note: The numeric keys MUST be added to the map in order(from left to right, top to bottom), according to the keyboard layout. Horizontal layout views are not supported. Map.key: Key instance, Map.value: represents Key type, NUM represents number Key, CLEAR represents CLEAR Key, ENTER represents confirm Key, and CANCEL represents CANCEL Key
        Returns:
        数字键盘的顺序,为10个字节byte数组
        numeric keypad order, 10 byte array
        Throws:
        PedDevException

      • writeTIK

        void writeTIK(byte kbpkType,
              byte kbpkIndex,
              byte groupIndex,
              byte[] TR31keyBlock)
       throws PedDevException
        注入TIK。仅支持EPedType.INTERNAL 类型。
        Injection of TIK. EPedType.INTERNAL only is supported.
        Parameters:
        kbpkType -
        KBPK类型 0x01:TLK,0x02:TMK
        KBPK type. 0x01:TLK,0x02:TMK
        kbpkIndex -
        KBPK索引 当kbpkType=0x01,kbpkIndex=1;当kbpkType=0x02,kbpkIndex=[1-100]
        KBPK index.if kbpkType=0x01,kbpkIndex=1.if kbpkType=0x02,kbpkIndex=[1-100]
        groupIndex -
        DUKPT密钥组索引号 [1~100]
        DUKPT key group index number [1~100]
        TR31keyBlock -
        TR-31 Key Block
        TR-31 Key Block
        Throws:
        PedDevException
        Since:
        V3.06.00

      • writeKeyEx

        void writeKeyEx(EPedKeyType srcKeyType,
                byte srcKeyIndex,
                EPedKeyType destKeyType,
                byte destkeyIndex,
                byte[] destKeyValue,
                ECheckMode checkMode,
                byte[] checkBuf,
                byte[] keyVarIn,
                byte keyVarMode)
         throws PedDevException
        写入一个密钥,包括TLK,TMK和TWK的写入、发散,并可以选择使用KCV验证密钥正确性。Pax Tech Iberia SL客户定制。

        当写入PED_TLK时,PED首先格式化,清除所有已经下载的密钥,再写入PED_TLK。 明文写入密钥时,srcKeyIndex=0 对于外置A类密键只能写入明文的主密钥和DES密钥,且下载密文TPK,TAK时不校验 对于外置A类PED需要调用setExMode设置exMode setExMode(int), exMode默认为-1,表示写入的密钥密钥均为16字节,写入TPK TAK采用主密钥解密的方式 。 支持EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA 类型。

        Write in one key includes write in and divergent of TLK, TMK and TWK. And use KCV to check the key correction. For Pax Tech Iberia SL.

        When write PED_TLK,PED will format ,clear all the key has been downloaded,then write in PED_TLK. Writing the plaintext into a key, when scrKeyIndex=0,need to call function setExMode setExMode(int) for external pad. External srcKeyType A can only write the main key and the DES key of plaintext. And it will not check when downloading cryptograph TPK and TAK. EPedType.INTERNAL,EPedType.EXTERNAL_TYPEA is supported.

        Parameters:
        srcKeyType - EPedKeyType

        原密钥类型

        Source Key Type

        • TLK - Terminal Loading Key
        • TMK - Terminal Master Key
        • TPK -Transaction PIN Key
        • TAK -Transaction Mac Key
        • TDK -Terminal Des Key
        srcKeyIndex -

        原密钥索引

        Source Key Index

        • when srcKeyType=TLK, srcKeyIndex=1
        • when srcKeyType=TMK/SM4_TMK/TPK/TAK/TDK, srcKeyIndex=[1~100]
        destKeyType - EPedKeyType

        目的密钥类型

        Destination Key Type

        reference srcKeyType writeKey(com.pax.dal.entity.EPedKeyType, byte, com.pax.dal.entity.EPedKeyType, byte, byte[], com.pax.dal.entity.ECheckMode, byte[])
        destkeyIndex -

        目的密钥索引

        Destination Key Index

        reference srcKeyIndex writeKey(com.pax.dal.entity.EPedKeyType, byte, com.pax.dal.entity.EPedKeyType, byte, byte[], com.pax.dal.entity.ECheckMode, byte[])
        destKeyValue -

        密钥明文或密文

        Cryptograph or Plaintext

        checkMode - ECheckMode

        校验模式

        Check Mode

        • When checkMode=KCV_NONE -No Check
        • When checkMode=KCV_ENCRYPT_0 -Perform DES/TDES encryption on 8 bytes 0x00, and use first 4 bytes as KCV.
        • When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform DES/TDES encryption on 8 bytes―\x12\x34\x56\x78\x90\x12\x34\x56, and use first 4 bytes as KCV.
        • When iCheckMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode of MAC on [aucDesKeyValue +KcvData], and use the 8 bytes result as KCV.
        • When iCheckMode=KCV_SM4_ENCRYPT_0 -Perform TDES encryption on 16 bytes 0x00 by SM4, and use first 4 bytes as KCV.
        checkBuf -

        校验数据缓冲区

        Check Data Buffer

        • When checkMode=KCV_NONE -PED wont check KCV, this data is no meaning.
        • When checkMode=KCV_ENCRYPT_0 -4 bytes key check value
        • When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value
        • When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode getMac(byte, byte[], EPedMacMode) checkBuf[2+kcvDataLen]:KCV length checkBuf[3+kcvDataLen]:KCV Value
        • When checkMode=KCV_SM4_ENCRYPT_0 -4 bytes key check value
        keyVarIn -
        由keyVarIn生成destKeyValue。
        DestKeyValue is generated by keyVarIn.
        keyVarMode -
        • 0x00:同writeKey(EPedKeyType, byte, EPedKeyType, byte, byte[], ECheckMode, byte[])
        • 0x01:srcKeyIndex密钥和destkeyIndex密钥的长度都必须是16字节。 srcKeyIndex对应密钥表示SrcKey, SrcKey的左8个字节表示为SrcKey-L。SrcKey的右边8个字节表示为SrcKey-R。 keyVarIn的左8个字节表示为keyVarIn-L。右8字节的keyVarIn表示为keyVarIn-R。 K1 = SrcKey-L XOR keyVarIn-L K2 = SrcKey-R XOR keyVarIn-L K3 = SrcKey-L XOR keyVarIn-R K4 = SrcKey-R XOR keyVarIn-R 使用K1K2解密destKeyValue的左8字节,然后使用K3K4解密destKeyValue的右8字节;
        • 0x02:使用OWF2算法对源密钥进行解密,解密结果存储为目标密钥;
        • 0x03:destKeyValue将由源密钥用CBC TDES算法解密并存储为目标密钥;
        • 0x04:destKeyValue将由指定的源密钥用CBC TDES算法加密并存储为目标密钥;
        • 0x05:源密钥通过3DES ECB算法加密destKeyValue得到目的密钥;
        • 0x06:源密钥通过OWF2解密destKeyValue后再异或destKeyValue得到目的密钥;
        • 0x07:源密钥通过GOWF(OWF3)模式解密destKeyValue得到目的密钥;
        • 0x09:源密钥通过APACS70 OWF模式发散destKeyValue得到目的密钥;
        • 0x00:like writeKey(EPedKeyType, byte, EPedKeyType, byte, byte[], ECheckMode, byte[]);
        • 0x01:Both the srcKeyIndex key and destkeyIndex key must be 16 bytes in length. SrcKeyIndex corresponds to the key SrcKey, and the left 8 bytes of the SrcKey are represented as Srckey-L. The 8 bytes to the right of the SrcKey are represented as Srckey-R. The left 8 bytes of keyVarIn are represented as keyvarin-L.The right 8-byte keyVarIn is represented as keyvarin-R. K1 = SrcKey-L XOR keyVarIn-L K2 = SrcKey-R XOR keyVarIn-L K3 = SrcKey-L XOR keyVarIn-R K4 = SrcKey-R XOR keyVarIn-R Decrypt the left 8 bytes of destKeyValue with K1K2, and then decrypt the right 8 bytes of destKeyValue with K3K4;
        • 0x02:The source key is decrypted using the OWF2 algorithm, and the decryption result is stored as the target key;
        • 0x03:The destKeyValue will be decrypted by the source key using the CBC TDES algorithm and stored as the target key;
        • 0x04:The destKeyValue will be encrypted by the specified source key with the CBC TDES algorithm and stored as the target key;
        • 0x05:The source key uses 3DES ECB algorithm to encrypt the destKeyValue to obtain the target key;
        • 0x06:The source key uses OWF2 to decrypt the destKeyValue and then xOR destKeyValue to obtain the target key;
        • 0x07:The source key uses GOWF(OWF3) mode to decrypt the destKeyValue to obtain the target key
        • 0x09:The source key diverges destKeyValue through the APACS70 OWF mode to obtain the destination key
        Throws:
        PedDevException
        Since:
        V3.08.00

      • readPaxCA

        byte[] readPaxCA(byte index)
          throws PedDevException
        读取PAX CA证书,不校验证书私钥。
        Read the PAX CA certificate without verifying the private key of the certificate.
        Parameters:
        index -
        证书索引。
        • 0:PAXCA_RCA_R01_IDX
        • 1:PAXCA_OCADEV01_IDX
        • 2:PAXCA_OCASYS01_IDX
        • 3:PAXCA_RCA_S01_IDX
        • 4:PAXCA_OCASMDEV01_IDX
        • 5:PAXCA_OCASMSYS01_IDX
        • 100:PAXCA_DA_IDX
        • 101:PAXCA_DE_IDX
        • 102:PAXCA_DSIG_IDX
        • 103:PAXCA_DID_IDX
        • 104:PAXCA_DTLS_IDX
        • 105:PAXCA_DC_IDX
        • 200:PAXCA_RKIAK_IDX
        Certificate index.
        • 0:PAXCA_RCA_R01_IDX
        • 1:PAXCA_OCADEV01_IDX
        • 2:PAXCA_OCASYS01_IDX
        • 3:PAXCA_RCA_S01_IDX
        • 4:PAXCA_OCASMDEV01_IDX
        • 5:PAXCA_OCASMSYS01_IDX
        • 100:PAXCA_DA_IDX
        • 101:PAXCA_DE_IDX
        • 102:PAXCA_DSIG_IDX
        • 103:PAXCA_DID_IDX
        • 104:PAXCA_DTLS_IDX
        • 105:PAXCA_DC_IDX
        • 200:PAXCA_RKIAK_IDX
        Returns:
        PAX CA证书。
        Throws:
        PedDevException
        Since:
        V3.08.00

      • writeAesKey

        void writeAesKey(byte srcKeyType,
                 byte srcKeyIndex,
                 byte destKeyType,
                 byte destKeyIndex,
                 byte[] destKeyValue,
                 EAesCheckMode checkMode,
                 byte[] checkBuf)
          throws PedDevException
        写入一个AES密钥,并可以选择使用KCV验证密钥正确性。仅支持EPedType.INTERNAL 类型。
        To write Aes key to PED, and use KCV to check the key correction. EPedType.INTERNAL only is supported.
        Parameters:
        srcKeyType -

        原密钥类型。

        • 0x22:AES_TMK.

        Source Key Type.

        • 0x22:AES_TMK.
        srcKeyIndex -

        原密钥索引

        • srcKeyIndex=[1~100]有效
        当srcKeyIndex = 0,密钥将以明文形式写入PED。

        Source Key Index

        • srcKeyIndex=[1~100]
        when srcKeyIndex = 0,The key will be written to PED in clear text.
        destKeyType -

        目的密钥类型。

        • 0x20:AES_TDK.
        • 0x22:AES_TMK.
        • 0x23:AES_TPK.
        • 0x24:AES_TAK.
        • 0x2A:AES_PPAD_TPK.

        Destination Key Type.

        • 0x20:AES_TDK.
        • 0x22:AES_TMK.
        • 0x23:AES_TPK.
        • 0x24:AES_TAK.
        • 0x2A:AES_PPAD_TPK.
        destKeyIndex -

        目的密钥索引[1-100]

        Destination Key Index[1-100]

        destKeyValue -

        密钥明文或密文,16/24/32bytes

        Cryptograph or Plaintext,16/24/32bytes

        checkMode - EAesCheckMode

        校验模式

        • checkMode=KCV_NONE -无验证.
        • checkMode=KCV_ENCRYPT_0 -对16个字节的0x00进行AES ECB模式加密运算,得到的密文的前4个字节即为KCV值。
        • checkMode=KCV_ENCRYPT_FIX_DATA -首先对密钥明文进行奇校验,再对16字节长度 ―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖进行AES ECB模式的加密运算,得到的密文的前4个字节即为KCV值。
        • checkMode=KCV_MAC_INPUT_DATA -传入一串数据KcvData,使用源密钥对[aucDstKeyValue(密文)+ KcvData]进行指定模式的MAC运算,得到的8个字节的MAC值即为KCV值。

        Check Mode

        • When checkMode=KCV_NONE -No Check
        • When checkMode=KCV_ENCRYPT_0 -Perform AES ECB mode encryption on 16 bytes 0x00, and use first 4 bytes as KCV.
        • When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform AES ECB mode encryption on 16 bytes―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖, and use first 4 bytes as KCV.
        • When checkMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode of MAC on [aucDesKeyValue(ciphertext) +KcvData], and use the 8 bytes result as KCV.
        checkBuf -

        校验数据缓冲区

        Check Data Buffer

        • When checkMode=KCV_NONE -PED won't check KCV, this data is no meaning.
        • When checkMode=KCV_ENCRYPT_0 -4 bytes key check value
        • When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value
        • When checkMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode getMac(byte, byte[], EPedMacMode) checkBuf[2+kcvDataLen]:KCV length checkBuf[3+kcvDataLen]:KCV Value
        Throws:
        PedDevException
        Since:
        V3.08.00

      • calcDUKPTData

        @Deprecated
DUKPTResult calcDUKPTData(byte groupIndex,
                                       byte keyVarType,
                                       byte[] iv,
                                       byte[] dataIn,
                                       byte mode)
                                throws PedDevException
        Deprecated. 
        使用DUKPT的MAC密钥或DES密钥,对输入缓存内数据进行加密或解密。仅支持EPedType.INTERNAL 类型。
        Use MAC key or DES key of DUKPT to encrypt or decrypt the data in the input buffer.EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        [1~100] DUKPT密钥组索引号
        [1~100] DUKPT group ID
        keyVarType -
        • 0x00: 用请求和应答MAC密钥。
        • 0x01: 用DUKPT DES密钥运算。
        • 0x02: 用DUKPT PIN密钥运算,只能做加密(mode的值只能为0x01或者0x13),解密会返回错误。
        • 0x03: 使用应答MAC密钥,仅支持加密模式,即mode值只能为0x01、0x03、0x11、0x13。
        • 0x04: 使用应答DES密钥,仅支持加密模式,即mode值只能为0x01、0x03、0x11、0x13。
        • 0x00:Use request and response MAC key.
        • 0x01:Use DUKPT DES key operation.
        • 0x02:Use DUKPT PIN key operation, only encryption(The value of mode can only be 0x01 or 0x13.), decryption will return error.
        • 0x03:Using the reply MAC key, only the encryption mode is supported, the mode value can only be 0x01, 0x03, 0x011, 0x13.
        • 0x04:Using the reply DES key, only the encryption mode is supported, the mode value can only be 0x01, 0x03, 0x011, 0x13.
        iv -
        8/16字节初始向量,CBC加解密时需要,如果传入NULL,将默认用“\x00\x00\x00\x00\x00\x00\x00\x00”或 “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00”作为初始向量
        8/16 bytes initialization vector, used for CBC encryption or decryption. If set it to NULL, it will use “\x00\x00\x00\x00\x00\x00\x00\x00” or “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00” as the initialization vector by default.
        dataIn -
        指向需要进行运算的数据, 数据长度<=8192,8整除(AES时,16整除)。
        Point to the data which need to be computed.Data length less than or equal to 8192, it is divisible by 8(In AES, 16 is divisible).
        mode -
        • 0x00:ECB 解密。
        • 0x01:ECB 加密。
        • 0x02:CBC 解密。
        • 0x03:CBC 加密。
        • 0x10:AES ECB 解密。
        • 0x11:AES ECB 加密。
        • 0x12:AES CBC 解密。
        • 0x13:AES CBC 加密。
        • 0x00:ECB decryption.
        • 0x01:ECB encryption.
        • 0x02:CBC decryption.
        • 0x03:CBC encryption.
        • 0x10:AES ECB decryption.
        • 0x11:AES ECB encryption.
        • 0x12:AES CBC decryption.
        • 0x13:AES CBC encryption.
        Returns:
        DUKPTResult
        Throws:
        PedDevException
        Since:
        V3.08.00

      • eraseKeyEx

        void eraseKeyEx(byte mode)
         throws PedDevException
        擦除指定类型的密钥。仅支持EPedType.INTERNAL 类型。
        Erases the key of the specified type. EPedType.INTERNAL only is supported.
        Parameters:
        mode -
        • 0:清空TDES MK/SK DUKPT, AES MK/SK DUKPT密钥。
        • 1:清空TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2、RSA密钥。
        • 2:清空 SM2、RSA密钥。
        • 0: Clear TDES MK/SK DUKPT, AES MK/SK DUKPT keys.
        • 1: Clear TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2、RSA keys.
        • 2: Clear SM2、RSA keys.
        Throws:
        PedDevException
        Since:
        V3.11.00

      • challengeWICKey

        byte[] challengeWICKey(byte srcKeyIndex,
                       byte mode,
                       byte[] cardSN,
                       byte[] dataIn)
                throws PedDevException
        WIC卡的密钥验证步骤,根据WIC密钥计算出challenge数据。接口不进行与卡片交互的步骤,仅计算出challenge数据。后续流程需要由应用处理。需要设备中存在WIC密钥(以TDK的方式保存)。仅支持EPedType.INTERNAL 类型。
        WIC card key verification steps, based on the WIC key to calculate the challenge data.The interface does not perform the steps of interacting with the card, only calculating the challenge data.Subsequent processes need to be handled by the application.The WIC key (stored as TDK) is required to be present in the device.EPedType.INTERNAL only is supported.
        Parameters:
        srcKeyIndex -
        WIC key索引。
        WIC key index.
        mode -
        • 0:WIC key为16字节,根据cardSN计算出16字节daughter key,并根据dataIn算出challenge数据。
        • 1:WIC key为8字节,根据cardSN直接算出challenge数据。
        • 2:WIC key为8字节,根据cardSN直接算出challenge数据。
        • 0:The WIC key is 16 bytes. Calculate the 16-byte daughter key according to cardSN, and calculate the challenge data according to dataIn.
        • 1:The WIC key is 8 bytes, and the challenge data is directly calculated according to the cardSN.
        • 2:The WIC key is 8 bytes, and the challenge data is directly calculated according to the cardSN.
        cardSN -
        8字节的Card SN信息。
        8 bytes of Card SN information.
        dataIn -
        输入数据。8字节。仅在mode=0时使用。当mode为其他值时传入任意数据即可。
        Enter data.8 bytes.Used only when mode=0.Pass in any data when the mode is any other value.
        Returns:
        8字节的challenge数据。
        8 bytes of challenge data.
        Throws:
        PedDevException
        Since:
        V3.12.00

      • inputPin

        void inputPin(java.lang.String expPinLen,
              long timeoutMs,
              byte mode)
       throws PedDevException
        输入PIN的过程,并将PIN保存在PED内部。仅支持EPedType.INTERNAL 类型。
        The process of entering the PIN and saving the PIN inside the PED. EPedType.INTERNAL only is supported.
        Parameters:
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        timeoutMs -
        输入PIN的超时时间,单位:毫秒 最大值为300000ms。0:表示没有超时时间,PED不做超时控制。
        The timeout of PIN entry [unit:ms] Maximum is 300000ms.0: No timeout time, not doing timeout control for PED.
        mode -
        保留扩展,目前为0x00。
        Reserved for extension, currently 0x00.
        Throws:
        PedDevException

      • pinEndGetPinBlock

        byte[] pinEndGetPinBlock(byte keyIndex,
                         byte[] dataIn,
                         byte mode)
                  throws PedDevException
        inputPin(String, long, byte)的输入PIN加密为密文PinBlock。PIN将被清空。仅支持EPedType.INTERNAL 类型。
        Encrypt the inputPin of inputPin(String, long, byte) as ciphertext PinBlock.The PIN will be cleared. EPedType.INTERNAL only is supported.
        Parameters:
        keyIndex -
        [1~100] TPK的索引
        [1~100] TPK index
        dataIn -
        • 当mode=0x00时,DataIn指向卡号移位后生成的16位主帐号,不包含校验位。
        • 当mode=0x01时,DataIn被忽略,接口内部采用随机数填充PINBlock。
        • 当mode=0x02时,DataIn指向位移后的16位PAN。
        • 当mode=0x03时,为交易流水号ISN [6 Bytes,ASCII码]。
        • When mode=0x00, DataIn is the 16 bytes primary account number after shifting, excluding the check bit.
        • When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.
        • When mode=0x02, DataIn is the 16 bytes primary account number after shifting.
        • When mode=0x03, is the transaction current number [6 Bytes,ASCII code].
        mode -
        PIN BLOCK的格式。
        • 0x00:ISO9564 格式0。该模式有频度控制,触发频度控制时返回#PED_ERR_WAIT_INTERVAL
        • 0x01:ISO9564 格式1。
        • 0x02:ISO9564 格式3。
        • 0x03:HK EPS 格式。
        PIN BLOCK Format.
        • 0x00:ISO9564 format 0. This mode has frequency control, which returns #PED_ERR_WAIT_INTERVAL when triggered.
        • 0x01:ISO9564 format 1.
        • 0x02:ISO9564 format 3.
        • 0x03:HK EPS format.
        Returns:
        8字节的PinBlock。
        8-byte PinBlock.
        Throws:
        PedDevException
        Since:
        V3.13.00

      • pinEndGetDukptPin

        DUKPTResult pinEndGetDukptPin(byte groupIndex,
                              byte[] dataIn,
                              byte mode)
                       throws PedDevException
        inputPin(String, long, byte)输入完毕后,使用DUKPT的PIN密钥计算PinBlock。PIN将被清空。仅支持EPedType.INTERNAL 类型。
        After inputPin(String, long, byte) is entered, calculate the PinBlock using DUKPT's Pin key. The PIN will be cleared. EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        [1~100] DUKPT密钥组索引号
        [1~100]DUKPT key group id
        dataIn -
        • 当mode=00/20时,DataIn指向卡号移位后生成的16位主帐号,不包含校验位。
        • 当mode=01/21时,DataIn被忽略,接口内部采用随机数填充PINBlock。
        • 当mode=02/22时,DataIn指向位移后的16位PAN。
        • 当mode=03/23时,为交易流水号ISN [6 Bytes,ASCII码]。
        • When mode=00/20, DataIn is the 16 bytes primary account number after shifting, excluding the check bit.
        • When mode=01/21, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.
        • When mode=02/22, DataIn is the 16 bytes primary account number after shifting.
        • When mode=03/23, is the transaction current number [6 Bytes,ASCII code].
        mode -
        • 00:ISO9564 格式0, KSN自动加1。
        • 01:ISO9564 格式1, KSN自动加1。
        • 02:ISO9564 格式3 ,KSN自动加1。
        • 03:HK EPS格式, KSN自动加1。
        • 20:ISO9564 格式0,KSN不自动加1。
        • 21:ISO9564 格式1,KSN不自动加1。
        • 22:ISO9564 格式3,KSN不自动加1。
        • 23:HK EPS格式, KSN不自动加1。
        • 00:ISO9564 format 0, KSN automatically add 1.
        • 01:ISO9564 format 1, KSN automatically add 1.
        • 02:ISO9564 format 3, KSN automatically add 1.
        • 03:HK EPS format, KSN automatically add 1.
        • 20:ISO9564 format 0,KSN doesn't automatically add 1.
        • 21:ISO9564 format 1,KSN doesn't automatically add 1.
        • 22:ISO9564 format 3,KSN doesn't automatically add 1.
        • 23:HK EPS format, KSN doesn't automatically add 1.
        Returns:
        DUKPTResult
        Throws:
        PedDevException
        Since:
        V3.13.00

      • pinEndGetAesDukptPin

        DUKPTResult pinEndGetAesDukptPin(byte groupIndex,
                                 byte[] dataIn,
                                 EAlgorithmType eAlgorithmType,
                                 byte mode)
                          throws PedDevException
        inputPin(String, long, byte)输入完毕后,使用AES DUKPT的PIN密钥计算PinBlock。PIN将被清空。仅支持EPedType.INTERNAL 类型。
        After inputPin(String, long, byte) is entered, calculate the PinBlock using AES DUKPT's Pin key. The PIN will be cleared. EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        [1~40] AES DUKPT密钥组索引号 。
        [1~40] AES DUKPT key group id.
        dataIn -
        • 当mode=0x20时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。
        • 当mode=0x21时,dataIn未使用,但是不能为NULL。
        • 当mode=0x22时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。
        • 当mode=0x23时,为交易流水号ISN [6 Bytes,ASCII码]。
        • 当mode=0x24时,dataIn为主账号。
        • When mode=0x20, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.
        • When mode=0x21, dataIn is not in use, but cannot be NULL.
        • When mode=0x22, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.
        • When mode=0x23, is the transaction current number [6 Bytes,ASCII code].
        • When mode=0x24, dataIn is primary account.
        eAlgorithmType - EAlgorithmType
        mode -
        • 0x20:ISO9564 格式0,KSN不自动加1。
        • 0x21:ISO9564 格式1,KSN不自动加1。
        • 0x22:ISO9564 格式3,KSN不自动加1。
        • 0x23:HK EPS格式, KSN不自动加1。
        • 0x24:ISO9564 格式4,KSN不自动加1。
        • 0x20:ISO9564 format 0,KSN doesn't automatically add 1。
        • 0x21:ISO9564 format 1,KSN doesn't automatically add 1。
        • 0x22:ISO9564 format 3,KSN doesn't automatically add 1。
        • 0x23:HK EPS format, KSN doesn't automatically add 1。
        • 0x24:ISO9564 format 4,KSN doesn't automatically add 1。
        Returns:
        DUKPTResult
        Throws:
        PedDevException
        Since:
        V3.13.00

      • pinEndVerifyPlainPin

        byte[] pinEndVerifyPlainPin(byte slot,
                            byte mode)
                     throws PedDevException
        inputPin(String, long, byte)输入完毕后,进行脱机明文PIN校验功能。 按照应用提供的卡片命令与卡片通道号,将明文PinBlock直接发送给卡片。PIN将被清空。仅支持EPedType.INTERNAL 类型。
        After inputPin(String, long, byte) is entered, offline plaintext PIN validation is performed. Send the clear text PinBlock directly to the card according to the card command and card channel number provided by the application。 The PIN will be cleared. EPedType.INTERNAL only is supported.
        Parameters:
        slot -
        卡片所在的卡座号。
        The card slot number.
        mode -
        • 0x00: I C卡命令模式,现支持符合EMV2000的IC卡命令。
        • 0x01: 给WIC使用。
        • 0x00: IC Card Command Mode,Currently support EMV2000.
        • 0x01: For WIC.
        Returns:
        卡片响应的状态码 (2字节:SW1+SW2)
        The status code of card response (2 bytes: SW1+SW2).
        Throws:
        PedDevException
        Since:
        V3.13.00

      • pinEndVerifyCipherPin

        byte[] pinEndVerifyCipherPin(byte slot,
                             RSAPinKey rsaPinKey,
                             byte mode)
                      throws PedDevException
        inputPin(String, long, byte)输入完毕后,进行脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey 对明文PIN按照EMV规范进行加密,然后用应用提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。PIN将被清空。仅支持EPedType.INTERNAL 类型。
        After inputPin(String, long, byte) is entered, verify enciphered PIN offline is performed. Get plain text PIN and then use RsaPinKey provided by application to encrypt plaintext PIN according to EMV standard. Send enciphered PIN to card according to card command and card channel number provided by application. The PIN will be cleared.EPedType.INTERNAL only is supported.
        Parameters:
        slot -
        卡片所在的卡座号。
        The card slot number.
        rsaPinKey - RSAPinKey
        mode -
        0x00 IC卡命令模式,目前支持EMV2000。
        0x00 IC Card Command Mode,Currently support EMV2000.
        Returns:
        卡片响应的状态码 (2字节:SW1+SW2)
        The status code of card response (2 bytes: SW1+SW2).
        Throws:
        PedDevException
        Since:
        V3.13.00

      • setKeyboard

        void setKeyboard(byte type)
          throws PedDevException
        设置PED密码键盘类型。仅支持EPedType.INTERNAL 类型。
        Set the PED keyboard type. EPedType.INTERNAL only is supported.
        Parameters:
        type -
        • 0x01:翻转PED密码键盘。
        • 0x02:盲人模式PED密码键盘。
        • 0x01:Flip the PED keyboard.
        • 0x02:Blind mode PED keyboard.
        Throws:
        PedDevException
        Since:
        V3.15.00

      • eraseKey

        void eraseKey(byte keyType,
              byte keyIndex)
       throws PedDevException
        擦除指定的密钥。仅支持EPedType.INTERNAL 类型。
        Erases the specified key. EPedType.INTERNAL only is supported.
        Parameters:
        keyType -
        密钥类型。
        • 0x02: TMK[1~100]
        • 0x0A: TWK[1~100]
        • 0x07: TIK[1~100]
        • 0x51: AES_TIK[1~100]
        • 0X0B: RSA[1~20]
        • 0x30: SM2_PVT_KEY[1~20]
        • 0x31: SM2_PUB_KEY[1~20]
        • 0x46: SALT_KEY[1~2]
        Key type.
        • 0x02: TMK[1~100]
        • 0x0A: TWK[1~100]
        • 0x07: TIK[1~100]
        • 0x51: AES_TIK[1~100]
        • 0X0B: RSA[1~20]
        • 0x30: SM2_PVT_KEY[1~20]
        • 0x31: SM2_PUB_KEY[1~20]
        • 0x46: SALT_KEY[1~2]
        keyIndex -
        密钥索引。
        Key index.
        Throws:
        PedDevException
        Since:
        V3.15.00

      • writeTR31Key

        void writeTR31Key(byte srcKeyType,
                  byte srcKeyIndex,
                  byte dstKeyIndex,
                  byte[] TR31KeyBlock)
           throws PedDevException
        写入TR31格式的密钥到PED。包括TMK、TWK、TIK、AES_TMK、AES_TWK和AES_TIK。
        To write keys in TR31 format into PED, including TMK,TWK,TIK,AES_TMK,AES_TWK and AES_TIK.
        Parameters:
        srcKeyType -
        原密钥类型。
        The source key type.
        srcKeyIndex -
        原密钥索引。
        The source key index.
        dstKeyIndex -
        目的密钥索引。
        • 如果dstKeyType等于EPedKeyType.AES_TIK时,索引为[1~40].
        • 其他类型时,索引为[1~100].
        Destination key index.
        • If dstKeyType is equal to EPedKeyType.AES_TIK, the index is [1~40]
        • Other key types, the index is [1~100]
        TR31KeyBlock -
        TR31格式的密钥块。
        • Key Block Version ID (1 byte):
          "B"-TDEA
          "D"-AES
        • Key Block Length (4 bytes):编码后提供密钥块长度的ASCII十进制数字。例如,“0080”
        • Key Usage (2 bytes):
          "P0"-PIN encryption
          "B1"-DUKPT TIK
          "K0"-TMK
          "D0"-TDK
          "Mx"-TAK
          "C1"-TCHDK
        • Algorithm (1 byte):
          "T"-TDEA
          "A"-AES
        • Mode of Use (1 byte):ignore
        • Key Version Number (2 bytes):ignore
        • Exportability (1 byte):ignore
        • Number of Optional Blocks (2 bytes):00/01/02
        • Reserved field (2 bytes):ignore
        • Optional Blocks(密钥块中所有可选块的总长度将是加密块大小的倍数(TDES 为 8,AES 为 16)。 这可能需要填充,如果需要填充,则包含在一个特殊的最终可选块中 填充了适当数量的填充字符。):
          “KS”-(2 bytes option id) + len (2 bytes, hex-ASCII “18”) + 20 hex-ASCII characters KSN, (PED_TIK KSN)
          “IK”-(2 bytes option id) + len (2 bytes, hex-ASCII “14”) + 16 hex-ASCII characters KSN (PED_AES_TIK Initial Key Identifier)
          “PB”-(2 bytes option id) + len (2 bytes, hex-ASCII “0C”) + hex-ASCII characters padding
        • Encryption body:Cipher text (2 bytes len + key + padding)
        • MAC(TDES is 16 bytes, AES is 32 bytes):MAC
        Key blocks in TR31 format.
        • Key Block Version ID (1 byte):
          "B"-TDEA
          "D"-AES
        • Key Block Length (4 bytes):ASCII decimal numeric digits providing key block length after encoding.for example, “0080”
        • Key Usage (2 bytes):
          "P0"-PIN encryption
          "B1"-DUKPT TIK
          "K0"-TMK
          "D0"-TDK
          "Mx"-TAK
          "C1"-TCHDK
        • Algorithm (1 byte):
          "T"-TDEA
          "A"-AES
        • Mode of Use (1 byte):ignore
        • Key Version Number (2 bytes):ignore
        • Exportability (1 byte):ignore
        • Number of Optional Blocks (2 bytes):00/01/02
        • Reserved field (2 bytes):ignore
        • Optional Blocks((The total length of all optional blocks in the key block will be a multiple of the encryption block size (TDES is 8, AES is 16). This may require padding, and if padding is needed it is included in a special final optional block that is filled with an appropriate number of padding characters.):
          “KS”-(2 bytes option id) + len (2 bytes, hex-ASCII “18”) + 20 hex-ASCII characters KSN, (PED_TIK KSN)
          “IK”-(2 bytes option id) + len (2 bytes, hex-ASCII “14”) + 16 hex-ASCII characters KSN (PED_AES_TIK Initial Key Identifier)
          “PB”-(2 bytes option id) + len (2 bytes, hex-ASCII “0C”) + hex-ASCII characters padding
        • Encryption body:Cipher text (2 bytes len + key + padding)
        • MAC(TDES is 16 bytes, AES is 32 bytes):MAC
        Throws:
        PedDevException
        Since:
        V3.17.00

      • genCSR

        java.lang.String genCSR(byte pubKeyIndex,
                        byte pvkKeyIndex,
                        java.lang.String dn)
                 throws PedDevException
        生成证书签名请求。仅支持EPedType.INTERNAL 类型。
        Generate the Certificate Signing Request. EPedType.INTERNAL only is supported.
        Parameters:
        pubKeyIndex -
        RSA公钥索引。
        RSA public key index.
        pvkKeyIndex -
        RSA私钥索引。
        RSA private key index.
        dn -
        证书信息,如:"C=CN,ST=GD,L=SZ,O=PAX,OU=PAX_DEV,CN=paxsz,[email protected]"。常用如下:
        字段 说明 示例
        C Country Name CN
        ST State or Province Name GD
        L Locality Name SZ
        O Organization Name PAX
        OU Organization Unit Name PAX_DEV
        CN Common Name paxsz
        E Email Address [email protected]
        Certificate information, such as: "C=CN,ST=GD,L=SZ,O=PAX,OU=PAX_DEV,CN=paxsz,[email protected]".Commonly used as follows:
        Field Instruction Sample
        C Country Name CN
        ST State or Province Name GD
        L Locality Name SZ
        O Organization Name PAX
        OU Organization Unit Name PAX_DEV
        CN Common Name paxsz
        E Email Address [email protected]
        Returns:
        CSR。
        CSR.
        Throws:
        PedDevException
        Since:
        V3.19.00

      • calcHMAC

        byte[] calcHMAC(int keyIndex,
                byte[] dataIn,
                int mode)
         throws PedDevException
        用keyIndex指定的Salt密钥以及dataIn,依照指定mode做HMAC运算。仅支持EPedType.INTERNAL 类型。
        Do the HMAC operation in the specified mode with the Salt key specified in keyIndex and dataIn. EPedType.INTERNAL only is supported.
        Parameters:
        keyIndex -
        Salt Key的索引。1或2 。
        Index of the Salt 1 or 2.
        dataIn -
        需进行HMAC运算的数据。最长1024字节,Mode=0x03时dataIn的长度是<=32 字节
        Data that require HMAC operations.Maximum 1024 bytes,When Mode=0x03, the length of dataIn is <=32 bytes
        mode -
        • 0x01:HMAC-SHA1.
        • 0x02:HMAC-SHA256.
        • 0x03:hashedPAN.
        • 0x01:HMAC-SHA1.
        • 0x02:HMAC-SHA256.
        • 0x03:hashedPAN.
        Returns:
        HMAC结果。
        HMAC results.
        Throws:
        PedDevException
        Since:
        V3.19.00

      • writeAesDUKPTTIK

        void writeAesDUKPTTIK(byte groupIndex,
                      byte srcKeyIndex,
                      byte[] keyValue,
                      byte[] ksn,
                      byte checkMode,
                      byte[] checkBuf)
               throws PedDevException
        写入 AES DUKPT 初始密钥 AESTIK,并可以选择使用 KCV 验证密钥正确性。仅支持EPedType.INTERNAL 类型。
        Write the AES DUKPT initial key AESTIK, and you can choose to use KCV to verify the correctness of the key. EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        AES DUKPT密钥组索引。范围1~40。
        AES DUKPT key group index. The range is 1~40.
        srcKeyIndex -
        保护密钥的密钥索引。0表示明文写入。目前仅支持明文写入。
        The index of the key protecting the key. 0 means writing in plaintext. Currently only plaintext writing is supported.
        keyValue -
        AESTIK 的明文。目前AES DUKPT 算法支持 16/24/32 字节长度的密钥。
        The plain text of AESTIK. Currently, the AES DUKPT algorithm supports keys with a length of 16/24/32 bytes.
        ksn -
        初始化 KSN。长度10/12 字节,只有在兼容模式才会是 10 字节。
        Initialize KSN. The length is 10/12 bytes, only in compatibility mode will it be 10 bytes.
        checkMode -
        验证模式。
        • 0x00:无校验。
        • 0x05:对16个字节的 0x00进行AES加密,得到的密文的前3个字节即为KCV。
        • 0x06:对16个字节的 0x00进行AES CMAC加密,得到的密文的前3个字节即为KCV。
        Check mode.
        • 0x00: No check.
        • 0x05:Perform AES encryption on the 16 bytes of 0x00, and the first 3 bytes of the ciphertext obtained are KCV.
        • 0x06:Perform AES CMAC encryption on the 16 bytes of 0x00, and the first 3 bytes of the ciphertext obtained are KCV.
        checkBuf -
        • 当checkMode=0x00时,checkBuf的值无效,系统认为不验证KCV。
        • 当checkMode=0x05/0x06时,checkBuf[0]=KCV的长度,checkBuf[1]开始是KCV的值。
        • When checkMode=0x00, the value of checkBuf is invalid, and the system considers that KCV is not verified.
        • When checkMode=0x05/0x06, checkBuf[0]=KCV length, checkBuf[1] starts with the value of KCV.
        Throws:
        PedDevException - PedDevException
        Since:
        V3.22.00

      • getAesDUKPTPin

        DUKPTResult getAesDUKPTPin(byte groupIndex,
                           java.lang.String exPinLen,
                           byte[] dataIn,
                           EAlgorithmType algorithmType,
                           byte mode,
                           long timeoutMs)
                    throws PedDevException
        在 PED 上输入 PIN,并使 AES DUKPT 的 PIN 密钥计算 PINBlock。仅支持EPedType.INTERNAL 类型。
        Enter the PIN on the PED, and use the PIN key of AES DUKPT to calculate the PINBlock. EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        AES DUKPT密钥组索引。范围1~40。
        AES DUKPT key group index. The range is 1~40.
        exPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。
        The valid password length string that can be entered, the application enumerates all the allowable password lengths, and separates each length with a "," sign. The valid value of the password length is 0, 4~12. If 4 or 6-digit passwords are allowed and you can press confirm without a password, the character string should be set to "0, 4, 6". If the length of the enumeration is 0, it means that you can directly press the enter key to return without entering any number. If there are invalid values of length in the enumerated string, such as "2, 6, 7, 10", the invalid value will be ignored.
        dataIn -
        • 当mode=0x20时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。
        • 当mode=0x21时,dataIn未使用,但是不能为NULL。
        • 当mode=0x22时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。
        • 当mode=0x23时,为交易流水号ISN [6 Bytes,ASCII码]。
        • 当mode=0x24时,dataIn为主账号。
        • When mode=0x20, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.
        • When mode=0x21, dataIn is not in use, but cannot be NULL.
        • When mode=0x22, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.
        • When mode=0x23, is the transaction current number [6 Bytes,ASCII code].
        • When mode=0x24, dataIn is primary account.
        algorithmType - EAlgorithmType
        mode -
        • 0x20:ISO9564 格式0,KSN不自动加1。
        • 0x21:ISO9564 格式1,KSN不自动加1。
        • 0x22:ISO9564 格式3,KSN不自动加1。
        • 0x23:HK EPS格式, KSN不自动加1。
        • 0x24:ISO9564 格式4,KSN不自动加1。
        • 上述模式+0x80(0xA0,0xA1,0xA2,0xA3,0xA4),仅将超时时间从两个按键之间的间隔时间调整为整个输PIN过程的总时间,其它功能不变.
        • 0x20:ISO9564 format 0,KSN doesn't automatically add 1。
        • 0x21:ISO9564 format 1,KSN doesn't automatically add 1。
        • 0x22:ISO9564 format 3,KSN doesn't automatically add 1。
        • 0x23:HK EPS format, KSN doesn't automatically add 1。
        • 0x24:ISO9564 format 4,KSN doesn't automatically add 1。
        • The above mode +0x80(0xA0,0xA1,0xA2,0xA3,0xA4) only adjusts the timeout time from the interval between two keys to the total time of the entire PIN input process, and other functions remain unchanged.
        timeoutMs -
        输入 PIN 的超时时间。单位:毫秒,最大值为 300000ms。0表示没有超时时间,PED 不做超时控制。
        Enter the PIN timeout period. Unit: milliseconds, the maximum value is 300000ms. 0 means there is no timeout period, and PED does not do timeout control.
        Returns:
        DUKPTResult
        Throws:
        PedDevException - PedDevException
        Since:
        V3.22.00

      • calcAesDUKPTData

        DUKPTResult calcAesDUKPTData(byte groupIndex,
                             byte keyVarType,
                             byte[] iv,
                             byte[] dataIn,
                             EAlgorithmType algorithmType,
                             byte mode)
                      throws PedDevException
        使用 AES DUKPT 的数据加解密密钥,对输入缓存内数据进行加密或解密。仅支持EPedType.INTERNAL 类型。
        Use the AES DUKPT data encryption and decryption key to encrypt or decrypt the data in the input buffer. EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        AES DUKPT密钥组索引。范围1~40。
        AES DUKPT key group index. The range is 1~40.
        keyVarType -
        • 0x01: 用 AES DUKPT 数据加解密密钥运算。
        • 0x04: 使用应答数据密钥,仅支持加密模式,即mode 值只能为 0x01、0x03。
        • 0x05: 使用请求数据密钥,仅支持解密模式,即mode 值只能为 0x00、0x02。
        • 0x01: Use AES DUKPT data encryption and decryption key operations.
        • 0x04: Using the response data key, only supports the encryption mode, that is, the mode value can only be 0x01, 0x03.
        • 0x05: When using the requested data key, only the decryption mode is supported, that is, the mode value can only be 0x00, 0x02.
        iv -
        8/16字节初始向量,CBC加解密时需要,如果传入NULL,将默认用“\x00\x00\x00\x00\x00\x00\x00\x00”或 “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00”作为初始向量
        8/16 bytes initialization vector, used for CBC encryption or decryption. If set it to NULL, it will use “\x00\x00\x00\x00\x00\x00\x00\x00” or “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00” as the initialization vector by default.
        dataIn -
        需要进行运算的数据。数据长度<=8192,8(TDES)/16(AES)整除。
        The data to be calculated. Data length<=8192, evenly divided by 8(TDES)/16(AES).
        algorithmType -
        mode -
        • 0x00: ECB 解密
        • 0x01: ECB 加密
        • 0x02: CBC 解密
        • 0x03: CBC 加密
        • 0x00: ECB decryption.
        • 0x01: ECB encryption.
        • 0x02: CBC decryption.
        • 0x03: CBC encryption.
        Returns:
        DUKPTResult
        Throws:
        PedDevException - PedDevException
        Since:
        V3.22.00

      • getAesDUKPTMac

        DUKPTResult getAesDUKPTMac(byte groupIndex,
                           byte[] dataIn,
                           EAlgorithmType algorithmType,
                           byte mode)
                    throws PedDevException
        使用 AES DUKPT 的 MAC 密钥计算 MAC。仅支持EPedType.INTERNAL 类型。
        Use AES DUKPT's MAC key to calculate MAC. EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        AES DUKPT密钥组索引。范围1~40。
        AES DUKPT key group index. The range is 1~40.
        dataIn -
        要进行 MAC 运算的数据内容。数据的长度<=2048,长度不能被 8(TDES)/16(AES)整除,则自动补 0x00。
        The data content to be MAC operation. The length of the data <=2048, and the length cannot be divisible by 8(TDES)/16(AES), then 0x00 will be automatically added.
        algorithmType -
        mode -
        请求和应答MAC密钥:
        • 0x20: 根据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。
        • 0x21: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1。
        • 0x22: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。)
        • 0x23: CMAC算法。 KSN不自动加1。其它值保留扩展MAC算法。
        • 0x25: HMAC-SHA256算法。 KSN不自动加1。
        应答MAC密钥:
        • 0x40: 根据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。
        • 0x41: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1 。
        • 0x42: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。)
        • 0x43: CMAC算法。 KSN不自动加1。其它值保留扩展MAC算法。
        • 0x45: HMAC-SHA256算法。 KSN不自动加1。
        请求MAC密钥:
        • 0x60: 据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。
        • 0x61: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1。
        • 0x62: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。)
        • 0x63: CMAC算法。KSN不自动加1。 其它值保留扩展MAC算法。
        • 0x65: HMAC-SHA256算法。 KSN不自动加1。
        0x2x: key usage is _Message_Authentication_both_ways_
        • 0x20: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.
        • 0x21: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.
        • 0x22: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)
        • 0x23: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.
        • 0x25: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.
        0x4x: key usage is _Message_Authentication_verification_
        • 0x40: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.
        • 0x41: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.
        • 0x42: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)
        • 0x43: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.
        • 0x45: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.
        0x6x: key usage is _Message_Authentication_generation_
        • 0x60: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.
        • 0x61: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.
        • 0x62: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)
        • 0x63: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.
        • 0x65: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.
        Returns:
        DUKPTResult
        当mode等于HMAC-SHA256算法时,输出长度为32字节。其他mode输出长度是8(TDES)/16(AES)字节。
        When the mode is equal to the HMAC-SHA256 algorithm, the output length is 32 bytes. Other mode will be 8(TDES)/16(AES) bytes.
        Throws:
        PedDevException - PedDevException
        Since:
        V3.22.00

      • getAesDUKPTKsn

        byte[] getAesDUKPTKsn(byte groupIndex)
               throws PedDevException
        读取当前的 KSN,将在下一次计算使用。仅支持EPedType.INTERNAL 类型。
        Read the current KSN, which will be used in the next calculation. EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        AES DUKPT密钥组索引。范围1~40。
        AES DUKPT key group index. The range is 1~40.
        Returns:
        当前的 KSN 。
        The current KSN.
        Throws:
        PedDevException - PedDevException
        Since:
        V3.22.00

      • incAesDUKPTKsn

        void incAesDUKPTKsn(byte groupIndex)
             throws PedDevException
        KSN 加 1。对应于KSN的单个DUKPT密钥最多只能使用256次,在达到最大次数后,进一步使用该密钥将返回EPedDevException.PED_ERR_DUKPT_NEED_INC_KSN异常, 所以请在使用钥匙次数超过最大次数之前增加KSN。仅支持EPedType.INTERNAL 类型。
        Add 1 to KSN. A single DUKPT key corresponding to KSN can only be used up to 256 times. After the maximum number of times is reached, further use of this key will return EPedDevException.PED_ERR_DUKPT_NEED_INC_KSN exception, so please increase KSN before using the key more than the maximum number of times.EPedType.INTERNAL only is supported.
        Parameters:
        groupIndex -
        AES DUKPT密钥组索引。范围1~40。
        AES DUKPT key group index. The range is 1~40.
        Throws:
        PedDevException - PedDevException
        Since:
        V3.22.00

      • writeCipherKey

        void writeCipherKey(byte srcKeyType,
                    byte srcKeyIndex,
                    byte[] keyInfo,
                    byte[] keyBlock,
                    byte mode)
             throws PedDevException
        写入由源密钥加密的特殊要求的密码密钥。
        Write a specially required cryptographic key encrypted by the source key.
        Parameters:
        srcKeyType -
        源密钥类型。必须是EPedKeyType.TMK
        Source key type. Must be EPedKeyType.TMK.
        srcKeyIndex -
        源密钥索引。
        Source key index.
        keyInfo -
        密钥内容
        • mode = 0时
          keyInfo有3个字节:keyType(1个字节)+ keyIndex(1个字节)+ keyCipherFormat(1个字节)
          keyType必须是PED_RSA
          keyIndex必须是1~10,keyCipherFormat必须是0
        • mode = 1时
          KeyInfo有6个字节:keyType(1个字节)+ keyIndex(1个字节)+ keyCipherFormat(1个字节)+keyTypeInfo(1个字节)+keyVersion(1个字节)+ keyLen(1个字节)
          keyType必须是PED_TCUSTK和PED_AES_TDK
          keyIndex必须是1~100,keyCipherFormat为0(ECB)或1(CBC)
          keyTypeInfo在keyType是PED_TCUSTK情况下,必须是SaltKey/MacKey/TableKey/DesfireMasterKey
          SaltKey 0x00
          MacKey 0x01
          TableKey 0x02
          DesfireMasterKey 0x03
        Key content
        • mode = 0
          keyInfo has three bytes: keyType (1 byte) + keyIndex (1 byte) + keyCipherFormat (1 byte)
          keyType must be PED_RSA
          keyIndex must be 1 ~ 10, keyCipherFormat must cbe 0.
        • mode = 1
          KeyInfo has 6 bytes: keyType (1 byte) + keyIndex (1 byte) + keyCipherFormat (1 byte) + keyTypeInfo (1 byte) + keyVersion (1 byte) + keyLen(1 Bytes)
          keyType must be PED_TCUSTK and PED_AES_TDK
          keyIndex must be 1~100, keyCipherFormat must be 0 (ECB) or 1 (CBC)
          keyTypeInfo must be SaltKey/MacKey/TableKey/DesfireMasterKey when the keyType is PED_TCUSTK
          SaltKey 0x00
          MacKey 0x01
          TableKey 0x02
          DesfireMasterKey 0x03
        keyBlock -
        密码密钥块。
        Cipher key block.
        mode -
        模式
        Mode
        Throws:
        PedDevException - PedDevException
        Since:
        V3.23.00

      • queryKeyInfo

        KeyInfo queryKeyInfo(byte keyType,
                     byte keyIndex)
              throws PedDevException
        查询密钥信息。
        Query key information.
        Parameters:
        keyType -
        密钥类型。
        • 0x01: TLK
        • 0x02: TMK
        • 0x0A: TWK
        • 0x07: TIK
        • 0x20: TAESK
        • 0x0B: RSA
        • 0x0C: AES_TWK
        • 0x22: AES_TMK
        • 0x51: AES_TIK
        key type.
        • 0x01: TLK
        • 0x02: TMK
        • 0x0A: TWK
        • 0x07: TIK
        • 0x20: TAESK
        • 0x0B: RSA
        • 0x0C: AES_TWK
        • 0x22: AES_TMK
        • 0x51: AES_TIK
        keyIndex -
        密钥索引.
        • TLK: 1
        • TMK: 1-100
        • TWK: 1-100
        • TIK: 1-100
        • TAESK: 1-40
        • RSA: 1-10
        • AES_TWK: 1-100
        • AES_TMK: 1-100
        • AES_TIK: 1-40
        key index.
        • TLK: 1
        • TMK: 1-100
        • TWK: 1-100
        • TIK: 1-100
        • TAESK: 1-40
        • RSA: 1-10
        • AES_TWK: 1-100
        • AES_TMK: 1-100
        • AES_TIK: 1-40
        Throws:
        PedDevException - PedDevException
        Since:
        V3.25.00

      • setDoubleTapKeyboardLanguage

        void setDoubleTapKeyboardLanguage(byte language)
                           throws PedDevException
        设置盲人输入法语音播报的语言。此接口需在getPinBlock(byte, String, byte[], byte, int)之前设置才有效。仅支持EPedType.INTERNAL 类型。
        Set the language for the voice broadcast of the blind input method. This interface needs to be set before getPinBlock(byte, String, byte[], byte, int) to be effective. EPedType.INTERNAL only is supported.
        Parameters:
        language -
        语言类型。
        • 0x00: 英语。
        • 0x0A: 波兰语。
        • 0x0B: 法语。
        • 0x0C: 西班牙语。
        • 0x0D: 澳大利亚英语。
        • 0x0E: 意大利语。
        • 0x0F: 英语(意大利客户)。
        • 0x10: 普通话。
        • 0x11: 粤语。
        • 0x12: 葡萄牙语(巴西)。
        • 0x16: 英语(法国CB认证)。
        • 0x17: 法语(法国CB认证)。
        Language type.
        • 0x00: English.
        • 0x0A: Polish.
        • 0x0B: French.
        • 0x0C: Spanish.
        • 0x0D: Australian.
        • 0x0E: Italian.
        • 0x0F: English(for Italian).
        • 0x10: Chinese_Mandarin.
        • 0x11: Chinese_Cantonese.
        • 0x12: Portuguese (Brazil)
        • 0x16: English (French CB Certification)
        • 0x17: French (French CB Certification)
        Throws:
        PedDevException - PedDevException
        Since:
        V3.26.00

      • m1AuthorityDiversified

        void m1AuthorityDiversified(byte type,
                            byte m1KeyIdx,
                            byte m1MasterKeyIdx,
                            byte blkNo,
                            byte[] serialNo)
                     throws PedDevException
        通过M1MasterKey去发散M1key,给非接驱动提供秘钥实现M1的认证。
        Distribute M1key through M1MasterKey, and provide secret key to contactless driver to realize M1 authentication.
        Parameters:
        type -
        'A'或'a': 提交的是A密码
        'B'或'b': 提交的是B密码
        'A' or'a': A password is submitted
        'B' or 'b': B password is submitted
        m1KeyIdx -
        EPedKeyType.PED_TM1K 密钥索引
        EPedKeyType.PED_TM1K key index
        m1MasterKeyIdx -
        PED_TCUSTK密钥索引,密钥信息必须为DesfireMifareMasterKey
        PED_TCUSTK key index, the key information must be DesfireMifareMasterKey
        blkNo -
        要访问的块号
        Block number to be accessed
        serialNo -
        卡片序列号,长度必须为4
        Card serial number, length must be 4
        Throws:
        PedDevException - PedDevException
        Since:
        V3.28.00

      • calcDesfireAuth

        byte[] calcDesfireAuth(byte keyIndex1,
                       byte keyIndex2,
                       byte[] csn,
                       byte[] dataIn,
                       byte[] initVector,
                       byte mode)
                throws PedDevException
        使用DesfireMasterKey和DiversificationKey来计算认证数据。
        Use DesfireMasterKey and DiversificationKey to calculate authentication data.
        Parameters:
        keyIndex1 -
        DesfireMaster Key(PED_TCUSTK) 密钥索引, keyinfo 必须是 DesfireMasterKey。
        DesfireMaster Key(PED_TCUSTK) key index, keyinfo must be DesfireMasterKey.
        keyIndex2 -
        Diversification key(PED_AES_TDK) 密钥索引。
        Diversification key(PED_AES_TDK) key index.
        csn -
        长度为7的序列号
        Serial number of length 7
        dataIn -
        需要进行运算的数据
        Data to be calculated
        initVector -
        向量,仅适用于CBC模式,若传NULL则用0填充,如果ECB模式,该参数被忽略。
        Vector, only applicable to CBC mode. If NULL is passed, it will be filled with 0. If ECB mode, this parameter is ignored.
        mode -
        运算模式
        • 0x00:ECB解密模式
        • 0x01:ECB加密模式
        • 0x02:CBC解密模式
        • 0x03:CBC加密模式
        Operation mode
        • 0x00: ECB decryption mode
        • 0x01: ECB encryption mode
        • 0x02: CBC decryption mode
        • 0x03: CBC encryption mode
        Returns:
        运算后的数据
        Data after calculation
        Throws:
        PedDevException - PedDevException
        Since:
        V3.27.00

      • readKeyInfo

        byte[] readKeyInfo(byte keyType,
                   byte keyIndex,
                   byte infoType)
            throws PedDevException
        读取客户定制TCUSTK密钥信息。
        Read customer customized TCUTK key information.
        Parameters:
        keyType -
        TCUSTK密钥类型。
        TCUSTK key type.
        keyIndex -
        TCUSTK密钥索引。
        TCUSTK key index.
        infoType -
        数据类型
        目前只支持0。
        type of data
        Currently only supports 0.
        Returns:
        密钥信息,根据不同的InfoType输出不同的值,目前只支持0模式(keyTypeInfo + keyVersion)。
        Key information, output different values according to different InfoType, currently only supports 0 mode(keyTypeInfo + keyVersion).
        Throws:
        PedDevException - PedDevException
        Since:
        V3.27.00

      • keyCalcMac

        byte[] keyCalcMac(byte keyType,
                  byte keyIdx,
                  byte[] dataIn,
                  byte mode)
           throws PedDevException
        使用MAC密钥进行MAC运算。
        Use MAC keys for MAC operations.
        Parameters:
        keyType -
        MAC key type. can be TCUSTK(0x4a) or HMAC_TAK(0x4e).
        MAC key type. can be TCUSTK(0x4a) or HMAC_TAK(0x4e).
        keyIdx -
        MAC key index. [1-100]
        MAC key index. [1-100]
        dataIn -
        需要进行运算的数据。
        Data to be calculated.
        mode -
        运算模式
        • CBC(16 bytes) 0x00
        • CMAC(16 bytes) 0x03
        • HMAC-SHA256(32 bytes) 0x05
        • SHA256(32 bytes) 0x06
        • HMAC-SHA1(20 bytes) 0x07
        if keyType is TCUSTK, The valid mode is determined by the key info. if keyType is HMAC_TAK, mode can be HMAC-SHA256/SHA256
        Operation mode
        • CBC(16 bytes) 0x00
        • CMAC(16 bytes) 0x03
        • HMAC-SHA256(32 bytes) 0x05
        • SHA256(32 bytes) 0x06
        • HMAC-SHA1(20 bytes) 0x07
        if keyType is TCUSTK, The valid mode is determined by the key info. if keyType is HMAC_TAK, mode can be HMAC-SHA256/SHA256
        Returns:
        运算后的数据,根据mode不同,输出不同长度的值。
        The calculated data, according to different modes, output values of different lengths.
        Throws:
        PedDevException - PedDevException
        Since:
        V3.27.00

      • paxCARecover

        byte[] paxCARecover(byte keyIdx,
                    byte pvkPukSelect,
                    byte[] dataIn)
             throws PedDevException
        使用预装PAX CA公钥或者私钥进行签名、加密、解密。
        Use the pre-installed Pax CA for signature, encryption and decryption.
        Parameters:
        keyIdx -
        • 102: PAXCA_DSIG_IDX
          当它作为私钥时,只能用于签名, 因此输入数据的首字节必须为0x00
        • 103: PAXCA_DID_IDX 当它作为私钥时,私钥仅用于解密,因此输入数据首字节不能为0x00
        • 104: PAXCA_DTLS_IDX 暂不做限制
        • 105: PAXCA_DC_IDX 暂不做限制
        • 102: PAXCA_DSIG_IDX
          When it is used as a private key, it can only be used for signing, so the first byte of the input data must be 0x00
        • 103: PAXCA_DID_IDX When it is used as a private key, the private key is only used for decryption, so the first byte of input data cannot be 0x00
        • 104: PAXCA_DTLS_IDX No restrictions
        • 105: PAXCA_DC_IDX No restrictions
        pvkPukSelect -
        0: 公钥 1: 私钥。
        0: public key 1: private key.
        dataIn -
        输入的数据,长度必须为256。
        Input data, the length must be 256.
        Returns:
        运算结果
        Result
        Throws:
        PedDevException - PedDevException
        Since:
        V3.27.00

      • getMacAes

        byte[] getMacAes(byte keyIdx,
                 byte[] dataIn,
                 byte mode)
          throws PedDevException
        使用AES_TAK对DataIn用Mode指定的算法进行MAC运算,将16字节的MAC结果输出到MacOut MAC运算密钥是主密钥/工作密钥体系或固定密钥体系密钥或DUKPT密钥体系。
        用法:
        1.敏感服务授权:在此接口内部,先进行认证以获取敏感服务授权,若授权失败则退出。
        2.补零规则:将报文数据分割成若干16个字节的BLOCK,最后一个BLOCK不满16个字节则后补0x00。
        Use AES_TAK to perform MAC operation on dataIn with the algorithm specified by Mode, and output the 16-byte MAC result to MacOut. The MAC operation key is the master key/working key system or fixed key system key or DUKPT key system.
        usage:
        1.Sensitive service authorization: In this interface, first perform authentication to obtain sensitive service authorization, and exit if authorization fails.
        2.Zero-filling rule: divide the message data into 16-byte BLOCKs, and add 0x00 after the last BLOCK is less than 16 bytes.
        Parameters:
        keyIdx -
        AES_TAK 1~100索引
        AES_TAK 1~100 index
        dataIn -
        需进行 MAC 运算的数据包. 长度InLen<=2048,长度不能被16整除时,则自动补0x00
        Data packet that needs MAC operation. Length<=2048, when the length is not divisible by 16, it will automatically add 0x00
        mode -
        • 0x00: 将BLOCK1用MAC密钥做AES加密,加密结果与BLOCK2进行逐位异或后再用MAC密钥做AES加密,依次进行得到16字节的加密结果, KSN不自动加1。
        • 0x01: Hypercom Fast Mode,将BLOCK1和BLOCK2进行逐位异或,异或结果与BLOCK3进行逐位异或,依次进行,最后得到16字节的异或结果,将该结果用MAC密钥进行AES加密运算,KSN不自动加1。
        • 0x03: CMAC算法,KSN不自动加1。
        • 0x05: HMAC-SHA256算法,KSN不自动加1。
        • 0x00: Use MAC key for AES encryption of BLOCK1, and perform bitwise XOR between the encrypted result and BLOCK2 and then use MAC key for AES encryption. The 16-byte encryption result is obtained in sequence, and KSN does not automatically add 1.
        • 0x01: Hypercom Fast Mode, XOR BLOCK1 and BLOCK2 bit by bit, XOR result and BLOCK3 bit by bit XOR, in turn, finally get a 16-byte XOR result, the result is encrypted with MAC key AES Operation, KSN does not automatically increase by 1.
        • 0x03: CMAC algorithm, KSN does not automatically increase by 1.
        • 0x05: HMAC-SHA256 algorithm, KSN does not automatically increase by 1.
        Returns:
        MAC输出,模式5的时候是32字节输出,其他模式16字节输出
        MAC output, 32-byte output in mode 5, 16-byte output in other modes
        Throws:
        PedDevException - PedDevException
        Since:
        V3.28.00

      • readRkiInfo

        byte[] readRkiInfo(byte item)
            throws PedDevException
        读取RKI信息。
        Read RKI information.
        Parameters:
        item -
        • 0x01:当前PED状态(出厂状态、激活状态,个人化状态)
        • 0x02:RKI KMS ID
        • 0x01:Current PED state (factory state, activated state, personalized state)
        • 0x02:RKI KMS ID
        Returns:
        当item是0x01时,返回数组的首位含义如下:
        • 0x00:出厂态
        • 0x01:绑定态/激活态
        • 0x02:个人化状态
        • 0x03:绑定态
        When item is 0x01, the first bit of the returned array has the following meaning:
        • 0x00:Factory state
        • 0x01:Bound state/active state
        • 0x02:Personalized state
        • 0x03:Bound state
        Throws:
        PedDevException - PedDevException
        Since:
        V3.31.00

      • setPinMute

        void setPinMute(boolean mute)
         throws PedDevException
        设置输PIN时是否静音。
        Set whether to mute the PIN input.
        Parameters:
        mute -
        true: 静音 false:非静音。
        true: muted false: unmuted..
        Throws:
        PedDevException - PedDevException
        Since:
        V3.32.00

      • deriveKeyBySecureData

        void deriveKeyBySecureData(byte srcKeyType,
                           byte srcKeyIdx,
                           byte dstKeyType,
                           byte dstKeyIdx,
                           byte secureDataIndex,
                           byte[] additionalDataIn,
                           byte derivationMode)
                    throws PedDevException
        使用SecureData作为datain发散目的密钥。
        Use SecureData as the datain diverges the destination key.
        Parameters:
        srcKeyType -
        source key type, DerivationMode 0: must be TMK(0x02).
        srcKeyIdx -
        source key index, 1-100 in TMK area.
        dstKeyType -
        destination key type, DerivationMode 0: must be TMK(0x02).
        dstKeyIdx -
        destination key, 1-100 in TMK area.
        secureDataIndex -
        SecureData Index, 1-100 in working key area
        additionalDataIn -
        64 bytes Additional Data. DerivationMode 0: if not used, can be null.
        derivationMode -
        only support 0, GOWF algorithm
        Throws:
        PedDevException - PedDevException
        Since:
        V3.33.00

      • writeStackUKPTKey

        void writeStackUKPTKey(byte groupIdx,
                       byte[] tscIdentifier,
                       byte[] tscSeedKey,
                       byte tscSeedKeyDepth,
                       byte mode)
                throws PedDevException
        写入Stack UKPT Key。
        Write Stack UKPT Key.
        Parameters:
        groupIdx -
        [1~10] 密钥组索引号
        [1~10] Key group index
        tscIdentifier -
        TSC标识
        TSC Identifier
        tscSeedKey -
        TSC种子密钥
        TSC seed key
        tscSeedKeyDepth -
        TSC种子密钥深度
        TSC seed key depth
        mode -
        目前只支持0
        Currently only supports 0
        Throws:
        PedDevException - PedDevException
        Since:
        V3.32.00

      • evolveStackUKPT

        void evolveStackUKPT(byte groupIdx)
              throws PedDevException
        Stack UKPT Key演算。
        Stack UKPT Key evolution.
        Parameters:
        groupIdx -
        [1~10] 密钥组索引号
        [1~10] Key group index
        Throws:
        PedDevException - PedDevException
        Since:
        V3.32.00

      • getInfoStackUKPT

        byte[] getInfoStackUKPT(byte groupIdx,
                        byte mode)
                 throws PedDevException
        获取Stack UKPT Key信息。
        Get Stack UKPT Key information.
        Parameters:
        groupIdx -
        [1~10] 密钥组索引号
        [1~10] Key group index
        mode -
        目前只支持0
        Currently only supports 0
        Returns:
        Stack UKPT Key信息, TSC Identifier(6 bytes) + Key Evolution Identifier(5 bytes)
        Stack UKPT Key information, TSC Identifier(6 bytes) + Key Evolution Identifier(5 bytes)
        Throws:
        PedDevException - PedDevException
        Since:
        V3.32.00

      • getMacStackUKPT

        byte[] getMacStackUKPT(byte groupIdx,
                       byte keyVarType,
                       byte[] data,
                       byte mode)
                throws PedDevException
        使用Stack UKPT Key进行MAC加密运算。
        Use Stack UKPT Key for MAC encryption operation.
        Parameters:
        groupIdx -
        [1~10] 密钥组索引号
        [1~10] Key group index
        keyVarType -
        MAC运算的密钥类型
        Key type for MAC
        data -
        需进行 MAC 运算的数据包
        Data packet that needs MAC operation
        mode -
        • 0x00: 将BLOCK1用MAC密钥做DES/TDES加密,加密结果与BLOCK2进行逐位异或后再用TAK做DES/TDES加密, 依次进行得到8字节的加密结果.
        • 0x01: 将BLOCK1和BLOCK2进行逐位异或,异或结果与BLOCK3进行逐位异或,依次进行,最后得到8字节的异或结果, 将该结果用TAK进行DES/TDES加密运算.
        • 0x02: ANSIX9.19规范,将BLOCK1用TAK做DES加密(只取前8个字节的key), 加密结果与BLOCK2进行逐位异或后再用TAK做DES加密,依次进行得到8字节的加密结果,直到最后一次采用DES/TDES加密.
        • 0x03: CMAC算法
        • 0x05: hmac-sha256模式
        • 0x00: Encrypt BLOCK1 with MAC key for DES/TDES, perform bit-by-bit XOR with BLOCK2, and then perform DES/TDES encryption with TAK, and proceed in turn to obtain an 8-byte encryption result.
        • 0x01: The BLOCK1 and BLOCK2 are XOR bit by bit, the XOR result is XOR bit by bit with BLOCK3, and the sequence is performed in turn, and finally an 8-byte XOR result is obtained, and the result is encrypted by DES/TDES with TAK.
        • 0x02: According to the ANSIX9.19 specification, BLOCK1 is encrypted with TAK for DES (only the key of the first 8 bytes is taken), the encryption result is XOR bit by bit with BLOCK2, and then TAK is used for DES encryption, and the encryption result of 8 bytes is obtained in turn, until the last DES/TDES encryption.
        • 0x03: CMAC algorithm
        • 0x05: hmac-sha256 mode
        Returns:
        MAC输出(0x05模式为32字节,其他为8字节)。
        MAC output (32 bytes for 0x05 mode, 8 bytes for others).
        Throws:
        PedDevException - PedDevException
        Since:
        V3.32.00

      • getPinBlockStackUKPT

        byte[] getPinBlockStackUKPT(byte groupIdx,
                            java.lang.String expPinLen,
                            byte[] data,
                            byte mode,
                            int timeoutMs)
                     throws PedDevException
        扫描键盘上输入的PIN并输出由 Mode指定算法加密的 PIN BLOCK,用于Stack UKPT Key。
        Scan the PIN entered on the keyboard and output the PIN BLOCK encrypted by the algorithm specified by Mode for Stack UKPT Key.
        Parameters:
        groupIdx -
        [1~10] 密钥组索引号
        [1~10] Key group index
        expPinLen -
        可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。
        The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.
        data -
        • 当mode=0x00时,dataIn指向卡号移位后生成的16位主帐号。
        • 当mode=0x01时,参考 ISO9564规范。
        • 当mode=0x02时,参考 ISO9564规范。
        • 当mode=0x03时,为交易流水号ISN [6 Bytes,ASCII码]。
        • When mode=0x00, dataIn points to the 16-bit primary account generated after the card number shift.
        • When mode=0x01, Refer to ISO9564 specification.
        • When mode=0x02, Refer to ISO9564 specification.
        • When mode=0x03, is the transaction current number [6 Bytes,ASCII code].
        mode -
        PIN BLOCK的格式。
        • 0x00:ISO9564 格式0。
        • 0x01:ISO9564 格式1。
        • 0x02:ISO9564 格式3。
        • 0x03:HK EPS 格式。
        PIN BLOCK Format.
        • 0x00:ISO9564 format 0.
        • 0x01:ISO9564 format 1.
        • 0x02:ISO9564 format 3.
        • 0x03:HK EPS format.
        timeoutMs -
        输入 PIN 的超时时间,单位:毫秒 最大值为 300000ms
        Timeout time for entering PIN, unit: milliseconds, the maximum value is 300000ms
        Returns:
        8字节的PinBlock。
        8-byte PinBlock.
        Throws:
        PedDevException
        Since:
        V3.32.00

      • calcStackUKPT

        byte[] calcStackUKPT(byte groupIdx,
                     byte keyVarType,
                     byte[] iv,
                     byte[] data,
                     byte mode)
              throws PedDevException
        使用Stack UKPT Key进行数据加解密。
        Use Stack UKPT Key to encrypt and decrypt data.
        Parameters:
        groupIdx -
        [1~10] 密钥组索引号
        [1~10] Key group index
        keyVarType -
        密钥类型,必须为解密/加密类型密钥,且加解密时需使用对应Mode参数。
        Key type. It must be a decryption/encryption type key, and the corresponding Mode parameter must be used.
        iv -
        向量,CBC模式下使用,长度为8字节,若为NULL则用0填充
        Vector, used in CBC mode, the length is 8 bytes, if it is NULL, it will be padded with 0
        data -
        用于运算的数据.输入长度最大支持2048并且能被8整除。
        The data used for the operation. The input length supports a maximum of 2048 and is divisible by 8.
        mode -
        • ECB解密 0x00
        • ECB加密 0x01
        • CBC解密 0x02
        • CBC加密 0x03
        • ECB decryption 0x00
        • ECB encryption 0x01
        • CBC decryption 0x02
        • CBC encryption 0x03
        Returns:
        运算的结果。
        the result of the operation.
        Throws:
        PedDevException - PedDevException
        Since:
        V3.32.00

      • setOfflinePinMode

        void setOfflinePinMode(byte mode,
                       byte tpkIndex,
                       byte[] pinBlock)
                throws PedDevException
        设置脱机PIN模式,并为外部PINPAD提供一些参数。
        Set offline PIN mode and provide some parameters for external PINPAD.
        Parameters:
        mode -
        • 0x00:内部PINPAD,默认模式。
        • 0x01:外部PINPAD。
        • 0x00:Built-in PINPAD, default mode.
        • 0x01:External PINPAD.
        tpkIndex -
        TPK秘钥索引。
        The index of TPK.
        pinBlock -
        8字节ISO9564格式1的加密 PINBLOCK。
        8-byte Cipher PINBLOCK with ISO9564 Format 1.
        Throws:
        PedDevException
        Since:
        V3.33.00

      • getPinBlock

        byte[] getPinBlock(byte keyIndex,
                   int keyLen,
                   byte mode,
                   byte inputMode,
                   int inputMin,
                   int inputMax,
                   byte[] dataIn,
                   int timeoutMs)
            throws PedDevException
        指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持EPedType.EXTERNAL_TYPEA 类型。
        Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.EPedType.EXTERNAL_TYPEA is supported.
        Parameters:
        keyIndex -
        [1~100] TPK的索引
        [1~100] TPK index
        keyLen -
        8、16 或 24,指示 PINBLOCK 是用 DES/TDES 加密
        8, 16, or 24, indicating that PINBLOCK is encrypted with DES/TDES
        mode -
        PIN Block的格式。
        • 0x00:ISO9564 格式 0
        • 0x01:ISO9564 格式 1
        • 0x02:ISO9564 格式 3
        • 0x03:HK EPS 专用格式
        PIN Block format.
        • 0x00:ISO9564 format 0
        • 0x01:ISO9564 format 1
        • 0x02:ISO9564 format 3
        • 0x03:HK EPS -EPS PINBLOCK Format
        inputMode -
        0x01:只输入一次,0x02:输入两次密码,两次输入一致后返回 PINBLOCK
        0x01: Enter the password only once, 0x02: Enter the password twice, and return PINBLOCK if the two inputs are the same
        inputMin -
        允许输入的 PIN 的最小长度(大于等于 0, 为 0 时,按 ENTER 键返回,且输入 长度 Len=0,此时应答数据长度为 0,表示用户没有输入密码)。
        The minimum length of the allowed PIN (when greater than or equal to 0, when it is 0, press the ENTER key to return, and enter the length Len=0, at this time the response data length is 0, which means that the user did not enter a password).
        inputMax -
        允许输入的 PIN 的最大长度(小于等于 14)。
        The maximum length of the PIN that can be entered (less than or equal to 14).
        dataIn -
        • 当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。
        • 当mode=0x01时, DataIn被忽略,接口内部采用随机数填充PINBlock。
        • 当mode=0x02时, DataIn指向位移后的16位PAN。
        • 当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]
        • When mode=0x00, DataIn is the 16 bytes primary account number after shifting.
        • When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.
        • When mode=0x02, DataIn is the 16 bytes primary account number after shifting.
        • When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]
        timeoutMs -

        输入PIN的超时时间,单位:毫秒 最大值为300000ms

        0:表示没有超时时间,PED不做超时控制

        The timeout of PIN entry [unit:ms] Maximum is 300000ms.

        0: No timeout time, not doing timeout control for PED.

        Returns:
        返回pinBlock
        Return pinBlock byte array.
        Throws:
        PedDevException
        Since:
        V3.33.00

      • setPinVolume

        void setPinVolume(int volume)
           throws PedDevException
        设置键盘按键音量值。
        Set keyboard key volume value.
        Parameters:
        volume -
        音量值(0~50)注:A35/A80S的音量值范围为1-50,不支持0.
        Volume value (0~50) Note: The volume value of the A35/A80S ranges from 1 to 50, and 0 is not supported.
        Throws:
        PedDevException
        Since:
        V4.01.00

      • writeSaltKey

        void writeSaltKey(byte[] salt,
                  int index)
           throws PedDevException
        将salt写入指定索引位置。仅支持EPedType.INTERNAL 类型。
        Write salt to the specified index. EPedType.INTERNAL only is supported.
        Parameters:
        salt -
        salt明文密钥。长度最长128字节。
        Salt plaintext key.The maximum length is 128 bytes.
        index -
        索引,1或2
        index, 1 or 2
        Throws:
        PedDevException
        Since:
        V4.03.00

      • setPinBeep

        void setPinBeep(int freq,
                int time)
         throws PedDevException
        设置用于改变pin输入按键发声的频率和时间,只支持EPedType.INTERNAL类型
        Set to change the frequency and time of the pin input key sound,EPedType.INTERNAL is supported.
        Parameters:
        freq -
        频率 1850 ~2750
        frequency 1850 ~2750
        time -
        时间:毫秒
        time:ms
        Throws:
        PedDevException
        Since:
        V4.07.00

      • customInputKey

        void customInputKey(int keyvalue)
             throws PedDevException
        在调用getPinBlock时,自定义一个输入。
        When calling getPinBlock, customize an input.
        Parameters:
        keyvalue -
        KEYCANCEL 0, KEYENTER 1, KEYCLEAR 2
        KEYCANCEL 0, KEYENTER 1, KEYCLEAR 2
        Throws:
        PedDevException
        Since:
        V4.09.00

      • desDukptDataCalc

        DUKPTResult desDukptDataCalc(byte groupIdx,
                             byte keyVarType,
                             byte[] pucIV,
                             byte[] dataIn,
                             byte mode)
                      throws PedDevException
        使用DUKPT的Data encryption功能,对输入数据进行加密或解密
        Use DUKPT's Data encryption feature to encrypt or decrypt input data.
        Parameters:
        groupIdx -
        写入TIK时指定的组索引
        The group index specified when writing to TIK
        keyVarType -
        0x01:request or both ways, 支持加密或者解密 0x04:response,仅支持解密模式
        0x01:request or both ways, encryption or decryption is supported 0x04: response, only decryption mode is supported
        pucIV -
        初始向量,可以为NULL
        The initial vector can be NULL
        dataIn -
        输入数据
        Input data
        mode -
        0x00:EBC 解密 0x01:EBC 加密 0x02:CBC 解密 0x03:CBC 加密 0x04:OFB 解密 0x05:OFB 加密 0x06:CFB8 解密 0x07:CFB8 加密.
        0x00: The EBC is decrypted 0x01:EBC encryption 0x02:CBC decrypts 0x03:CBC encryption 0x04:OFB decrypts 0x05:OFB encryption 0x06:CFB8 Decrypts 0x07:CFB8 encryption.
        Returns:
        DUKPTResult DUKPTResult
        Throws:
        PedDevException
        Since:
        V4.11.00

      • tr34Bind

        void tr34Bind(byte[] HostCA,
              byte[] BindTokenKDH,
              byte mode)
       throws PedDevException
        Bind the certificate of host, load the new host certificate into device.
        Bind the certificate of host, load the new host certificate into device.
        Parameters:
        HostCA -
        The Host CA certificate in X509 DER format.
        The Host CA certificate in X509 DER format.
        BindTokenKDH -
        The value of BindToken.
        The value of BindToken.
        mode -
        0x00: The standard BindToken
        0x00: The standard BindToken
        Throws:
        PedDevException
        Since:
        V4.15.00

      • tr34DevInit

        void tr34DevInit(byte[] DevCACert,
                 byte[] DevCert,
                 byte[] DevPvkBlock)
          throws PedDevException
        Load CA, certificate, private key for device.
        Load CA, certificate, private key for device.
        Parameters:
        DevCACert -
        The value of CA certificate. The certificate is in the X509 DER format.
        The value of CA certificate. The certificate is in the X509 DER format.
        DevCert -
        The value of device certificate. The certificate is in the X509 DER format.
        The value of device certificate. The certificate is in the X509 DER format.
        DevPvkBlock -
        Key Type(1 byte)+Key Index(1 byte)+Key Value Key Type: PED_RSA The type of device private key. Key Index: For PED_RSA, the range is 1~10 The index of the private key Key Value: For PED_RSA, the structure of key value is defined as below: Mod - 2 byte length+n bytes value Exponent - 2 byte length+n bytes value
        Key Type(1 byte)+Key Index(1 byte)+Key Value Key Type: PED_RSA The type of device private key. Key Index: For PED_RSA, the range is 1~10 The index of the private key Key Value: For PED_RSA, the structure of key value is defined as below: Mod - 2 byte length+n bytes value Exponent - 2 byte length+n bytes value
        Throws:
        PedDevException
        Since:
        V4.15.00

      • tr34WriteKey

        Tr34OutBlock tr34WriteKey(byte[] KeyInfo,
                          byte[] EnvKey)
                   throws PedDevException
        Decode TR-34 EnvelopedKey and write secret key into device
        Decode TR-34 EnvelopedKey and write secret key into device.
        Parameters:
        KeyInfo -
        ucFormat(1 byte)+ucSrcKeyType(1 byte)+ucSrcKeyIdx(1 byte)+ucDstKeyIdx(1 byte)+ucIDKRDLen(1 byte)+ucIDKRD(n bytes) +ucIDKDHLen(1byte)+ucIDKDH(n bytes)+ucKBHLen(1byte)+ucKBH(n bytes) Format: 0x00 SrcKeyType: PED_RSA ucSrcKeyIdx: Index of the protection key, When SrcKeyType = PED_RSA, SrcKeyIdx = [1~10]; ucDstKeyIdx: Index of the exchanged key, When DstKeyType = PED_TMK,DstKeyIdx = [1~100]; When DstKeyType = PED_AES_TMK, DstKeyIdx = [1~100]; ucIDKRDLen: It’s value denotes the length of IDKRD ucIDKRD: The same format as defined in the TR-34 ucIDKDHLen: It’s value denotes the length of IDKDH ucIDKDH: The same format as defined in the TR-34 ucKBHLen: It’s value denotes the length of TR-31 key block header(KBH) ucKBH: The TR-31 key block header used in TR-34 key block.
        ucFormat(1 byte)+ucSrcKeyType(1 byte)+ucSrcKeyIdx(1 byte)+ucDstKeyIdx(1 byte)+ucIDKRDLen(1 byte)+ucIDKRD(n bytes) +ucIDKDHLen(1byte)+ucIDKDH(n bytes)+ucKBHLen(1byte)+ucKBH(n bytes) Format: 0x00 SrcKeyType: PED_RSA ucSrcKeyIdx: Index of the protection key, When SrcKeyType = PED_RSA, SrcKeyIdx = [1~10]; ucDstKeyIdx: Index of the exchanged key, When DstKeyType = PED_TMK,DstKeyIdx = [1~100]; When DstKeyType = PED_AES_TMK, DstKeyIdx = [1~100]; ucIDKRDLen: It’s value denotes the length of IDKRD ucIDKRD: The same format as defined in the TR-34 ucIDKDHLen: It’s value denotes the length of IDKDH ucIDKDH: The same format as defined in the TR-34 ucKBHLen: It’s value denotes the length of TR-31 key block header(KBH) ucKBH: The TR-31 key block header used in TR-34 key block.
        EnvKey -
        Format 0x00: The value of EnvelopedData section as defined in the TR-34 standard and errata.The value contains the header(Sequence and length) of the EnvelopedData. The EnvelopedData supports two formats. Standard: The ASN.1 encoded encryptedContent element is a sibling of the contentEncryptionAlgorithm element Errata: The ASN.1 encoded encryptedContent element is a son of the contentEncryptionAlgorithm element.
        Format 0x00: The value of EnvelopedData section as defined in the TR-34 standard and errata.The value contains the header(Sequence and length) of the EnvelopedData. The EnvelopedData supports two formats. Standard: The ASN.1 encoded encryptedContent element is a sibling of the contentEncryptionAlgorithm element Errata: The ASN.1 encoded encryptedContent element is a son of the contentEncryptionAlgorithm element.
        Returns:
        Tr34OutBlock
        Throws:
        PedDevException
        Since:
        V4.15.00

      • tr34Parse

        Tr34ParseDataOffset tr34Parse(byte[] tokenBlock,
                              byte[] kdhInfo)
                       throws PedDevException
        Verify the signature and hash. Decode the EnvelopedData, FreshToken, CRL, KBH of the TR-34 token.
        Verify the signature and hash. Decode the EnvelopedData, FreshToken, CRL, KBH of the TR-34 token.
        Parameters:
        tokenBlock -
        TR-34 Token block, include RebindToken, UnbindToken, KeyToken
        TR-34 Token block, include RebindToken, UnbindToken, KeyToken
        kdhInfo -
        Format 0x00: Format(1 byte) - 0x00 IDKDH - The IDKDH defined in ASC TR-34. KDH Public Key - The value of public key field in X509 Certificate, contains algorithm OID and public key value.
        Format 0x00: Format(1 byte) - 0x00 IDKDH - The IDKDH defined in ASC TR-34. KDH Public Key - The value of public key field in X509 Certificate, contains algorithm OID and public key value.
        Returns:
        Tr34ParseDataOffset
        Throws:
        PedDevException
        Since:
        V4.15.00

      • tr34Rebind

        void tr34Rebind(byte[] HostCA,
                byte[] reBindTokenKDH,
                byte mode)
         throws PedDevException
        Rebind the certificate of host, load the new host certificate into device.
        Rebind the certificate of host, load the new host certificate into device.
        Parameters:
        HostCA -
        The Host CA certificate in X509 DER format.
        The Host CA certificate in X509 DER format.
        reBindTokenKDH -
        The value of ReBindToken .
        The value of ReBindToken .
        mode -
        0x00: The standard ReBindToken
        0x00: The standard ReBindToken
        Throws:
        PedDevException
        Since:
        V4.15.00

      • tr34Unbind

        void tr34Unbind(byte[] HostCA,
                byte[] unBindTokenKDH,
                byte[] pucKeyList,
                byte mode)
         throws PedDevException
        Unbind the certificate of host,delete the host certificate and specific keys.
        Unbind the certificate of host,delete the host certificate and specific keys.
        Parameters:
        HostCA -
        The Host CA certificate in X509 DER format.
        The Host CA certificate in X509 DER format.
        unBindTokenKDH -
        The value of UnBindToken .
        The value of UnBindToken .
        pucKeyList -
        The list of key pair made by 1 byte key type and 1 byte key index.
        The list of key pair made by 1 byte key type and 1 byte key index.
        mode -
        0x00: The standard UnBindToken.
        0x00: The standard UnBindToken.
        Throws:
        PedDevException
        Since:
        V4.15.00

      • tr34GetRTKRD

        Tr34OutBlock tr34GetRTKRD(byte mode)
                   throws PedDevException
        Get Random Number Token of device.
        Get Random Number Token of device.
        Parameters:
        mode -
        • 0x00: Output the RTKRD.
        • 0x01: Output the RTKRD and IDKRD.
        • 0x00: Output the RTKRD.
        • 0x01: Output the RTKRD and IDKRD.
        Returns:
        Tr34OutBlock
        Throws:
        PedDevException
        Since:
        V4.15.00

      • tr34InjectKey

        Tr34OutBlock tr34InjectKey(byte[] HostCA,
                           byte[] KeyToken,
                           byte Mode)
                    throws PedDevException
        Verify and decode the TR-34 Key Token, inject the secret key into device.
        Verify and decode the TR-34 Key Token, inject the secret key into device.
        Parameters:
        HostCA -
        The Host CA certificate in X509 DER format.
        The Host CA certificate in X509 DER format.
        KeyToken -
        1 byte RSA index+1 byte dst key index+ n bytes TR34KTKDH.
        1 byte RSA index+1 byte dst key index+ n bytes TR34KTKDH.
        mode -
        0x00: The standard KeyToken .
        0x00: The standard KeyToken .
        Returns:
        Tr34OutBlock
        Throws:
        PedDevException
        Since:
        V4.15.00

      • calcDesData

        byte[] calcDesData(byte keyIdx,
                   byte[] initVector,
                   byte[] dataIn,
                   byte mode)
            throws PedDevException
        Use TDK to do DES/TDES operation for data with length of DataInLen. The operation method (DES/TDES) depends on the key length
        Use TDK to do DES/TDES operation for data with length of DataInLen. The operation method (DES/TDES) depends on the key length.
        Parameters:
        keyIdx -
        TDK index[1~100]
        TDK index[1~100]
        initVector -
        Initial vector (8 byte), can be any data when not in use
        Initial vector (8 byte), can be any data when not in use
        dataIn -
        Point to the data to be calculated. Data length <=2048, it should be multiple by 8.
        Point to the data to be calculated. Data length <=2048, it should be multiple by 8.
        mode -
        TDK for data encryption and decryption: 0x00: ECB Decryption 0x01: ECB Encryption 0x02: CBC Decryption 0x03: CBC Encryption 0x04: OFB Decryption 0x05: OFB Encryption 0x06: CFB Decryption 0x07: CFB Encryption.
        TDK for data encryption and decryption: 0x00: ECB Decryption 0x01: ECB Encryption 0x02: CBC Decryption 0x03: CBC Encryption 0x04: OFB Decryption 0x05: OFB Encryption 0x06: CFB Decryption 0x07: CFB Encryption.
        Returns:
        Point to the data which have been calculated
        Point to the data which have been calculated
        Throws:
        PedDevException
        Since:
        V4.17.00

      • encSensData

        byte[] encSensData(byte keyType,
                   byte keyIndex,
                   byte[] initVector,
                   byte[] dataIn,
                   byte mode)
            throws PedDevException
        Use TCHDK to do TDES/AES encryption for sensitive data with length of DataInLen
        Use TCHDK to do TDES/AES encryption for sensitive data with length of DataInLen
        Parameters:
        keyType -
        PED_TCHDK or PED_AES_TCHDK
        PED_TCHDK or PED_AES_TCHDK
        keyIndex -
        [1~100] PED_TCHDK index or [1~100] PED_AES_TCHDK index
        [1~100] PED_TCHDK index or [1~100] PED_AES_TCHDK index
        initVector -
        Initial vector (8 byte(PED_TCHDK)/16 byte(PED_AES_TCHDK)), can be null when not in use
        Initial vector (8 byte(PED_TCHDK)/16 byte(PED_AES_TCHDK)), can be null when not in use
        dataIn -
        Point to the data to be calculated. Data length <=2048, it should be multiple by 8(TDES)/16(AES).
        Point to the data to be calculated. Data length <=2048, it should be multiple by 8(TDES)/16(AES).
        mode -
        TCHDK for sensitive encryption: 0x01/0x11/0x21: ECB Encryption 0x03/0x13/0x23: CBC Encryption 0x05/0x15/0x25: OFB Encryption
        TCHDK for sensitive encryption: 0x01/0x11/0x21: ECB Encryption 0x03/0x13/0x23: CBC Encryption 0x05/0x15/0x25: OFB Encryption
        Returns:
        Point to the data which have been calculated
        Point to the data which have been calculated
        Throws:
        PedDevException
        Since:
        V4.17.00
Skip navigation links
  • Detail: 
  • Field | 
  • Constr | 
  • Method