com.pax.dal
Interface IPedBg
-
public interface IPedBg
AS2805 key area distribution table.Name Index area Description AS2805 KTM ZONE NUM 1-10 kia, kca AS2805 KEK ZONE NUM 1-10 kek AS2805 TWK ZONE NUM 1-30 mach, macr, macs, kdr, kds, kpp, kpe AS2805 PPID ZONE NUM 1-5 ppid AS2805 PPASN ZONE NUM 1-5 ppasn
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method and Description voidasDeriveKey(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, byte[] dataIn, byte[] keyVar, byte[] iv, byte mode)导出事务密钥和初始mac密钥。Export the transaction key and the original MAC key.byte[]asGetKi(RSAKeyInfo pstPKsp, byte[] random, byte[] userData, byte[] ppid, byte kiKeyLen, byte mode)使用PKsp生成一个KI和加密KI双倍长度的随机密钥。Generate a random double length Key as KI and encrypt KI with PKsp.byte[]asGetVerifyInfo(byte[] info, byte verifyInfoLen, byte mode)获取验证信息, eKIA(PPID), eKEK(PPASN), OWF(KEK, PPASN).Get verify information, eKIA(PPID), eKEK(PPASN), OWF(KEK, PPASN).voidasLoadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte ppasnIndex, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKeyIn, byte mode)将KEK1/KEK2/PPASN加载到PED。Load KEK1/KEK2/PPASN into PED.byte[]asLoadKeyAsym(byte tcuIndex, byte keyIndex, byte[] dataEncrypted, byte mode)加载Key到PED。Load the key into the PED.byte[]asLoadKeyByKi(byte keyIndex, byte[] key, byte mode)加载由KI加密到PED的密钥。KMACH是由初始化密钥(KI)的变量24加密的。 这个函数必须在getKi(RSAKeyInfo, byte[], byte[], byte[])之后调用。Load the key encrypted by KI to PED.KMACH is encrypted by variable 24, which initializes the key (KI).This function must be called aftergetKi(RSAKeyInfo, byte[], byte[], byte[]).voidasRollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte ppasnIndex)翻转KEK1/KEK2。Roll KEK1/KEK2.byte[]des(byte kdIndex, byte[] dataIn, byte mode, byte[] iv)KDr/KDs来自PED查询,KDr只能用于数据解密,KDs只能用于数据加密KDr/KDs comes from PED query, KDr can only be used for data decryption, KDs can only be used for data encryption.byte[]generateKia(byte kcaIndex, byte kiaIndex, byte[] fmtAiicBlk)从ucKcaIndex指定的KCA生成一个KIAGenerate a KIA from the KCA specified by ucKcaIndexvoidgenerateKPE(byte KPPIndex, byte KPEIndex, byte[] STAN, byte[] amount)从KPPIndex指定的KPP生成KPEGenerating KPE from the KPP specified by KPPIndexbyte[]getKeyKvc(byte keyType, byte keyIdx)获得密钥验证码Obtaining key authentication codebyte[]getKi(RSAKeyInfo pstPKsp, byte[] random, byte[] userData, byte[] ppid)使用PKsp生成一个KI和加密KI双倍长度的随机密钥Generate a random double length Key as KI and encrypt KI with PKspbyte[]getMac(byte kmacsIndex, byte[] data, byte mode)用ucKmacrIndex指定的KMACs来执行MAC运算,这个8字节的MAC结构将被返回。 KMACs来自于PED查询,被PED用来生成MAC,被应用用来验证MACUse KMACs specified by ucKmacsIndex to perform MAC calculation, the 8bytes MAC result will be ouput to pucMacOut.byte[]getPinblock(byte KPEIndex, java.lang.String expPinLen, byte[] dataIn, byte mode, int timeOut)从keypad获得PIN,然后生成PINBLOCKGet PIN from keypad and generate PINBLOCK.byte[]loadKca(byte kcaIndex, byte[] kca)将KCA加载到PED,KCA被KI(Initialization Key)的变量44加密.byte[]loadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKey)将KEK1/KEK2加载到PEDLoad KEK1/KEK2 to PED.voidloadSessionKeys(byte[] keyIndexList, byte[][] keyVarList, byte[] cipherKeyIn)将会话密钥加载到PEDLoad session keys into PED.byte[]readCipherPKtcu(byte RSAKeyIndex)读取SKman(PKtcu),使用SKman签名后的PKtcu密文Read SKman(PKtcu), the cipher of PKtcu which signed by SKmanbyte[]readPpasn(byte kek1Index, byte ppasnIndex)从PED读取PPASNRead PPASN from PED.byte[]readPpid(byte ppidIndex)从PED读取PPIDRead PPID from PED.RSAKeyInforeadRsaKey(byte RSAKeyIndex)从PED读取RSA公钥,只能读取公钥Read RSA public key from the PED Only the public key can be read.voidrollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte[] ppasn)Roll over KEK1/KEK2.voidsetInputPinListener(IPed.IPedInputPinListener inputPinListener)设置输入PIN监听器。Set the input PIN listener.voidverifyMac(byte kmacrIndex, byte[] data, byte mode, byte[] mac)KMACr来自于PED查询,被PED用来验证MAC,被应用用来生成MAC。 用ucKmacrIndex指定的KMACr来验证MACKMACr is from the PED’s view.voidwriteCipherPKtcu(byte RSAKeyIndex, byte[] cipherPKtcu)写入SKman(PKtcu),使用SKman签名后的PKtcu密文WriteSKman(PKtcu), the cipher of PKtcu which signed by SKman.voidwritePpasn(byte ppasnIndex, byte[] ppasn)将PPASN写入到PEDWrite PPASN to PED.voidwritePpid(byte ppidIndex, byte[] ppid)写入PPID到PEDWrite PPID to PED.
-
-
-
Method Detail
-
des
byte[] des(byte kdIndex, byte[] dataIn, byte mode, byte[] iv) throws PedDevException
KDr/KDs来自PED查询,KDr只能用于数据解密,KDs只能用于数据加密KDr/KDs comes from PED query, KDr can only be used for data decryption, KDs can only be used for data encryption.- Parameters:
kdIndex-KDr/KDs的索引,1~30The index of KDr/KDs, 1~30dataIn-将要被加密/解密的数据,DataInLen≤2048 && DataInLen%8==0Data to be encrypted / decrypted, DataInLen < 2048 & & DataInLen%8==0mode-- 0x00:ECB解密
- 0x01:ECB加密
- 0x02:CBC解密
- 0x03:CBC加密
- 0x04:OFB解密
- 0x05:OFB加密
- 0x00:ECB decrypt
- 0x01:ECB encrypt
- 0x02:CBC decrypt
- 0x03:CBC encrypt
- 0x04:OFB decrypt
- 0x05:OFB encrypt
iv-初始向量,8字节。IV不用于ECB加解密,在ECB加解密中可以设置为NULL。 如果IV为NULL,CBC/OFB加解密中IV默认为"\x00\x00\x00\x00\x00\x00\x00\x00"Initial vector, 8 bytes.IV is not used for ECB encryption and decryption. It can be set to NULL in ECB encryption and decryption.If IV is NULL, in CBC/OFB encryption and decryption, IV acquiescence is "\x00\x00\x00\x00\x00\x00\x00\x00".- Returns:
- 输出数据output data
- Throws:
PedDevException
-
generateKia
byte[] generateKia(byte kcaIndex, byte kiaIndex, byte[] fmtAiicBlk) throws PedDevException
从ucKcaIndex指定的KCA生成一个KIAGenerate a KIA from the KCA specified by ucKcaIndex- Parameters:
kcaIndex-KCA索引,1~10KCA index, 1~10kiaIndex-KIA索引,1~10KIA index, 1~10fmtAiicBlk-16字节AIIC16 bytes AIIC- Returns:
- KIA中3字节的KVC3 bytes of KVC in KIA
- Throws:
PedDevException
-
generateKPE
void generateKPE(byte KPPIndex, byte KPEIndex, byte[] STAN, byte[] amount) throws PedDevException
从KPPIndex指定的KPP生成KPEGenerating KPE from the KPP specified by KPPIndex- Parameters:
KPPIndex-KPP索引,1~30KPP index, 1~30KPEIndex-KPE索引,1~30KPE index, 1~30STAN-3字节审核跟踪数字3 byte audit tracking numberamount-6字节交易数6 byte transaction number- Throws:
PedDevException
-
getKeyKvc
byte[] getKeyKvc(byte keyType, byte keyIdx) throws PedDevException
获得密钥验证码Obtaining key authentication code- Parameters:
keyType-- BG_TYPE_KTM 0x01
- BG_TYPE_KEK 0x02
- BG_TYPE_KMACS 0x03
- BG_TYPE_KMACR 0x04
- BG_TYPE_KDR 0x05
- BG_TYPE_KDS 0x06
- BG_TYPE_KPP 0x07
- BG_TYPE_KPE 0x08
- BG_TYPE_KHASH 0x09
- BG_TYPE_KTM 0x01
- BG_TYPE_KEK 0x02
- BG_TYPE_KMACS 0x03
- BG_TYPE_KMACR 0x04
- BG_TYPE_KDR 0x05
- BG_TYPE_KDS 0x06
- BG_TYPE_KPP 0x07
- BG_TYPE_KPE 0x08
- BG_TYPE_KHASH 0x09
keyIdx-密钥索引- KTM[1-10]
- KEK[1-10]
- KMACS/KMACR/KDR/KDS/KPP/KPE[1-30]
- KHASH[1-5]
密钥索引- KTM[1-10]
- KEK[1-10]
- KMACS/KMACR/KDR/KDS/KPP/KPE[1-30]
- KHASH[1-5]
- Returns:
- 密钥验证码,3字节Key verification code, 3 bytes
- Throws:
PedDevException
-
getKi
byte[] getKi(RSAKeyInfo pstPKsp, byte[] random, byte[] userData, byte[] ppid) throws PedDevException
使用PKsp生成一个KI和加密KI双倍长度的随机密钥Generate a random double length Key as KI and encrypt KI with PKsp- Parameters:
pstPKsp-RSA公钥,用来加密KiKeyThe RSA public key, which is used to encrypt the KiKey.random-交换机的随机数Random number from the switch.userData-用户数据User datappid-8字节PPID8 Bytes PPID- Returns:
- KiKey,长度为16字节
ucKiKeyLen+8+5+usRandomLen+usUserDataLen必须小于PKsp’s 模长-5的字节长度Contents Length Attribute Bytes 在PKsp加密之前,以下数据字段将会优先被使用DFormat 1数据块进行编码。最终的密码将会被格式化为一个DFormat1数据块 b var 00-15 KI(奇数位校验调整) 16 B 16 16-23 PPID 8 B 8 24-28 MMDDHHMMSS 10 N 5 29-(29+n-1) 来自交换机的随机数 N B var 29+n 用户数据 M B var KiKey, with a length of 16 bytes
ucKiKeyLen+8+5+usRandomLen+usUserDataLen must be less than the bytes length of PKsp’s modulus-5Contents Length Attribute Bytes Before PKsp is encrypted, the following data fields will be encoded first by using DFormat 1 data blocks. The final password will be formatted as a DFormat1 block. b var 00-15 KI(odd parity adjusted) 16 B 16 16-23 PPID 8 B 8 24-28 MMDDHHMMSS 10 N 5 29-(29+n-1) Random number from the Switch N B var 29+n User Data M B var - Throws:
PedDevException
-
getMac
byte[] getMac(byte kmacsIndex, byte[] data, byte mode) throws PedDevException
用ucKmacrIndex指定的KMACs来执行MAC运算,这个8字节的MAC结构将被返回。 KMACs来自于PED查询,被PED用来生成MAC,被应用用来验证MACUse KMACs specified by ucKmacsIndex to perform MAC calculation, the 8bytes MAC result will be ouput to pucMacOut. KMACs is from the PED’s view. It is used to generate MAC by PED and used to verify MAC by acquirer’s application.- Parameters:
kmacsIndex-KMACs的索引,1~30The index of KMACs[1-30]data-MAC data,长度≤1024.MAC data. Length of MACdata(<=1024)mode-0x00: 输入数据被分解成长度均为8字节的P1, P2 … Pm。如果Pm长度小于8字节,在右侧用0x00填充 输出数据:C1, C2,…,Cm;每一个都是8字节长 C0={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00} FOR i=1,2,…n,do Ci = TDEAmackey(Pi⊕Ci-1); Output Ci Cn is the MAC result. X⊕Y是X和Y的异或操作MAC algorithm 0x00: Algorithm description: Input data is divided into P1, P2 … Pm which are of the same length of 8 bytes.If Pm is less then 8 bytes, It is padded with 0x00 on the right. Output data: C1, C2,…,Cm; each one is 8-byte long. C0={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00} FOR i=1,2,…n,do Ci = TDEAmackey(Pi⊕Ci-1); Output Ci; Cn is the MAC result. X⊕Y is “exclusive or” operation of X and Y.- Returns:
- 8字节MAC结果8Bytes MAC result
- Throws:
PedDevException
-
getPinblock
byte[] getPinblock(byte KPEIndex, java.lang.String expPinLen, byte[] dataIn, byte mode, int timeOut) throws PedDevException
从keypad获得PIN,然后生成PINBLOCKGet PIN from keypad and generate PINBLOCK.- Parameters:
KPEIndex-KPE索引,1~30KPE index[1-30]expPinLen-可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.dataIn-PucDataIn的长度- 当Mode=0x00,DataIn指向位移后的16位PAN
- 当Mode=0x01,DataIn被忽略,接口内部采用随机数填充PINBlock。
- 当Mode=0x02,DataIn指向位移后的16位PAN。
- When Mode=0x00, DataIn points to shifted 16 bits primary account number(PAN).
- When Mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.
- When Mode=0x02, DataIn is the 16 bytes primary account number after shifting.
mode-PINBLOCK格式- 0x00: ISO9564 PIN block格式0
- 0x01: ISO9564 PIN block格式1
- 0x02: ISO9564 PIN block格式3
- 0x06:AS2805 zero length PIN block mode。不会要求输入PIN,不会弹出输PIN窗口,expPinLen必须为0。
- 0x00: ISO9564 PIN block format0
- 0x01: ISO9564 PIN block format1
- 0x02: ISO9564 PIN block format3
- 0x06:AS2805 zero length PIN block mode。The pin input window will not pop up. expPinLen must be 0.
timeOut-PIN数据超时时长,单位:MS。最大值为300000MsTimeout for PIN input, unit: MS. Most significant bit comes first. Maximum value is 300000Ms- Returns:
- 8字节PINBLOCK8 bytes PINBLOCK
- Throws:
PedDevException
-
loadKca
byte[] loadKca(byte kcaIndex, byte[] kca) throws PedDevException
将KCA加载到PED,KCA被KI(Initialization Key)的变量44加密. 这个函数必须getKi后被调用Load KCA to PED,KCA is encrypted by variant 44 of the Initialization key(KI). This function must be called following getKi().- Parameters:
kcaIndex-KCA索引,1~10KCA index[1-10]kca-TCBC被KI v44c0加密的KCA的密文,长度只能是16The cipher text of KCA which is TCBC encrypted by KI v44c0.The length of KCA, 16 only.- Returns:
- KCA的密钥验证码,如果不为NULL,KCA的KVC将被返回The key verification code of KCA, If it is not NULL, the KVC of KCA will output to pucKcaKvc
- Throws:
PedDevException
-
loadKEK
byte[] loadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKey) throws PedDevException
将KEK1/KEK2加载到PEDLoad KEK1/KEK2 to PED.- Parameters:
kiaIndex-KIA索引,1~10The index[1~10] of KIAkek1Index-保存KEK1的索引,1~10The index[1~10] to store KEK1kek2Index-保存KEK2的索引,1~10The index[1~10] to store KEK2keyVar-用于生成KIA变量密钥的变量,这个变量用于解密PPASNThe variant (16Bytes) to generate KIA variant key for decrypting PPASNfmtAiicBlk-16字节的AIIC16 bytesAIICcipherKey-密文格式
Name Contents Length Attribute Bytes eKIA(KEK1) Terminal master key 1 encrypted by Acquirer Initialisation key 128 B 16 eKIA(KEK2) Terminal master key 2 encrypted by Acquirer Initialisation key 128 b 16 eKIA(PPASN) PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key 64 b 8 MAC MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN) using the acquiers KMACi. 8 n 4 KCV(KEK1) KEK1 check value 3 b 3 密文格式
Name Contents Length Attribute Bytes eKIA(KEK1) Terminal master key 1 encrypted by Acquirer Initialisation key 128 B 16 eKIA(KEK2) Terminal master key 2 encrypted by Acquirer Initialisation key 128 b 16 eKIA(PPASN) PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key 64 b 8 MAC MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN) using the acquiers KMACi. 8 n 4 KCV(KEK1) KEK1 check value 3 b 3 - Returns:
- PPASN的普通文本The plain text of PPASN
- Throws:
PedDevException
-
loadSessionKeys
void loadSessionKeys(byte[] keyIndexList, byte[][] keyVarList, byte[] cipherKeyIn) throws PedDevException
将会话密钥加载到PEDLoad session keys into PED.- Parameters:
keyIndexList-pucKeyIndexList[0]:KMACr保存KMACr的索引,1~30 pucKeyIndexList[1]:保存KDr的索引,1~30 pucKeyIndexList[2]:KMACs保存KMACs的索引,1~30 pucKeyIndexList[3]:保存KDs的索引,1~30 pucKeyIndexList[4]:保存KPP的索引,1~30 pucKeyIndexList[5]:保存KEK1的索引pucKeyIndexList[0]: The index[1~30] to store KMACr pucKeyIndexList[1]: The index[1~30] to store KDr pucKeyIndexList[2]: The index[1~30] to store KMACs pucKeyIndexList[3]: The index[1~30] to store KDs pucKeyIndexList[4]: The index[1~30] to store KPP pucKeyIndexList[5]: The index[1~10] of KEK1keyVarList-ppucKeyVarList[0]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KMACr ppucKeyVarList[1]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KDr ppucKeyVarList[2]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KMACs ppucKeyVarList[3]:一个用于生成用于KEK1变量关键字的变量,KDs变量关键字用于解密KDs ppucKeyVarList[4]:一个用于生成用于KEK1变量关键字的变量,KEK1变量关键字用于解密KPPppucKeyVarList[0]: The variant which is used to generate the KEK1 variant key to decrypt KMACr ppucKeyVarList[1]: The variant which is used to generate the KEK1 variant key to decrypt KDr ppucKeyVarList[2]: The variant which is used to generate the KEK1 variant key to decrypt KMACs ppucKeyVarList[3]: The variant which is used to generate the KEK1 variant key to decrypt KDs ppucKeyVarList[4]: The variant which is used to generate the KEK1 variant key to decrypt KPPcipherKeyIn-密文密钥的格式
Format Length Description KEK1 check value B24 3 Encrypted MAC Receive Key (from PED’s view) B128 16 Encrypted using KEK1v24c0 Encrypted Data Receive Key(from PED’s view) B128 16 Encrypted using KEK1v22c0 Encrypted MAC Send Key(from PED’s view) B128 16 Encrypted using KEK1v48c0 Encrypted Data Send Key(from PED’s view) B128 16 Encrypted using KEK1v44c0 Encrypted PIN Key(from PED’s view) B128 16 Encrypted using KEK1v28c0 The format of cipher key
Format Length Description KEK1 check value B24 3 Encrypted MAC Receive Key (from PED’s view) B128 16 Encrypted using KEK1v24c0 Encrypted Data Receive Key(from PED’s view) B128 16 Encrypted using KEK1v22c0 Encrypted MAC Send Key(from PED’s view) B128 16 Encrypted using KEK1v48c0 Encrypted Data Send Key(from PED’s view) B128 16 Encrypted using KEK1v44c0 Encrypted PIN Key(from PED’s view) B128 16 Encrypted using KEK1v28c0 - Throws:
PedDevException
-
readCipherPKtcu
byte[] readCipherPKtcu(byte RSAKeyIndex) throws PedDevException
读取SKman(PKtcu),使用SKman签名后的PKtcu密文Read SKman(PKtcu), the cipher of PKtcu which signed by SKman- Parameters:
RSAKeyIndex-RSA密钥的索引[1~10]the index of RSAKEY, [1~10]- Returns:
- 输出密文PKtcu的缓存The buffer to output the cipher PKtcu.
- Throws:
PedDevException
-
readPpasn
byte[] readPpasn(byte kek1Index, byte ppasnIndex) throws PedDevException
从PED读取PPASNRead PPASN from PED.- Parameters:
kek1Index-用于加密PPASN的KEK1索引,0~10.如果ucKek1Index为0,则返回的为PPASN的普通文本。当返回的是PPASN的密文时,是KEK1加密后的ECB[0-10] the KEK1 index to encrypted PPASN. If ucKek1Index is 0, pucPpasnOut is the plain text of PPASN, while the pucPpasnOut is the cihper text of PPASN which is ECB encrypted with KEK1ppasnIndex-PPASN的索引,1~5The index[1-5] of PPASN- Returns:
- 用于存储PED读取到的PPASN的缓存The buffer to store in PPASN read from PED
- Throws:
PedDevException
-
readPpid
byte[] readPpid(byte ppidIndex) throws PedDevException
从PED读取PPIDRead PPID from PED.- Parameters:
ppidIndex-PPID的索引,1~5The index[1-5] of PPID- Returns:
- 用于存储PED中读取到的PPID的缓存The buffer to store the PPID read from PED
- Throws:
PedDevException
-
readRsaKey
RSAKeyInfo readRsaKey(byte RSAKeyIndex) throws PedDevException
从PED读取RSA公钥,只能读取公钥Read RSA public key from the PED Only the public key can be read.- Parameters:
RSAKeyIndex-RSA密钥的索引[1~10]the index of RSAKEY, [1~10]- Returns:
- RSA密钥RSA key
- Throws:
PedDevException
-
rollKeys
void rollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte[] ppasn) throws PedDevException
Roll over KEK1/KEK2.Roll over KEK1/KEK2.- Parameters:
kekFlag-‘1’ for KEK1; ‘2’ for KEK2;'1' for KEK1; '2' for KEK2;kek1Index-保存KEK1的索引,1~10The index[1~10] to store KEK1kek2Index-保存KEK2的索引,1~10The index[1~10] to store KEK2ppasn-8字节的PPASN8Bytes PPASN- Throws:
PedDevException
-
verifyMac
void verifyMac(byte kmacrIndex, byte[] data, byte mode, byte[] mac) throws PedDevException
KMACr来自于PED查询,被PED用来验证MAC,被应用用来生成MAC。 用ucKmacrIndex指定的KMACr来验证MACKMACr is from the PED’s view. It is used to verify MAC by PED and used to generate MAC by acquirer’s application. Use KMACr specified by ucKmacrIndex to verify MAC.- Parameters:
kmacrIndex-KMACr的索引,1~30The index of KMACr[1-30].data-MAC data,长度≤2048MAC data.Length of MACdata(<=2048)mode-mac-8字节用于验证的MAC结果 如果MAC结果来自主机,可能为8字节或4字节。如果为4字节,右侧被删减的部分用0x00填充8Bytes MAC result for verification. If the MAC result from host maybe 8bytes or 4 bytes, if it is 4 bytes, the right truncated bytes are padded with 0x00.- Throws:
PedDevException
-
writeCipherPKtcu
void writeCipherPKtcu(byte RSAKeyIndex, byte[] cipherPKtcu) throws PedDevException
写入SKman(PKtcu),使用SKman签名后的PKtcu密文WriteSKman(PKtcu), the cipher of PKtcu which signed by SKman.- Parameters:
RSAKeyIndex-RSA密钥的索引[1~10]the index of RSAKEY, [1~10]cipherPKtcu-将要保存到PED的PKtcu密文,长度≤1024The cipher PKtcu to be stored by PED.The length of PKtcu which signed by SKman<=1024.- Throws:
PedDevException
-
writePpasn
void writePpasn(byte ppasnIndex, byte[] ppasn) throws PedDevException
将PPASN写入到PEDWrite PPASN to PED.- Parameters:
ppasnIndex-PPASN的索引,1~5The index[1-5] of PPASNppasn-将要保存到PED的PPASNThe PPASN to be stored in PED- Throws:
PedDevException
-
writePpid
void writePpid(byte ppidIndex, byte[] ppid) throws PedDevException
写入PPID到PEDWrite PPID to PED.- Parameters:
ppidIndex-PPID的索引,1~5.The index[1-5] of PPIDppid-将要保存的PED的PPIDThe PPID to be stored in PED- Throws:
PedDevException
-
setInputPinListener
void setInputPinListener(IPed.IPedInputPinListener inputPinListener)
设置输入PIN监听器。Set the input PIN listener.- Parameters:
inputPinListener-IPed.IPedInputPinListener- Since:
- V3.22.00
-
asDeriveKey
void asDeriveKey(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, byte[] dataIn, byte[] keyVar, byte[] iv, byte mode) throws PedDevException
导出事务密钥和初始mac密钥。Export the transaction key and the original MAC key.- Parameters:
srcKeyType-源密钥类型。- 0x01:KCA(KIA)
- 0x02:KEK
Type of source key.- 0x01:KCA(KIA)
- 0x02:KEK
srcKeyIndex-源密钥索引。Index of source index.dstKeyType-目的密钥类型。- 当srcKeyIndex=0x01,则dstKeyType可以为KCA(KIA)、KEK、TAK、TPK、TDK。
- 当srcKeyIndex=0x02,则dstKeyType可以为KEK、TAK、TPK、TDK。
Type of destination key.- When srcKeyIndex=0x01, dstKeyType can be KCA(KIA), KEK, TAK, TPK, and TDK.
- When srcKeyIndex=0x02, dstKeyType can be KEK, TAK, TPK, and TDK.
dstKeyIndex-目的密钥索引。Index of destination key.dataIn-用于派生16字节数据。Used to derive 16 bytes of data.keyVar-16字节的xor值。如果不存在就设为null,此时无需调用IPedNp.writeKeyVar(int, int, int, int, byte[])。A 16-byte xor value.Set it to null if it doesn't exist, and don't need to callIPedNp.writeKeyVar(int, int, int, int, byte[]).iv-- 当mode=0时:为null。
- 当mode=1时:8字节的IV值。
- When mode=0: is null.
- When mode=1: 8 bytes of IV value.
mode-- 0:OWF发散。
- 1:CBC发散。
- 0:OWF divergence.
- 1:CBC divergence.
- Throws:
PedDevException- PedDevException- Since:
- V3.23.00
-
asLoadKeyAsym
byte[] asLoadKeyAsym(byte tcuIndex, byte keyIndex, byte[] dataEncrypted, byte mode) throws PedDevException
加载Key到PED。Load the key into the PED.- Parameters:
tcuIndex-tcu RSA私钥索引。Index of tcu RSA private key.keyIndex-Key索引。Index of key.dataEncrypted-用tcu RSA私钥加密的输入数据(256字节)。Input data encrypted with the tcu RSA private key (256 bytes).mode-- 0:keyIndex为KCA索引。
- 1:keyIndex为TAK索引。
- 0:keyIndex is index of KCA.
- 1:keyIndex is index of TAK.
- Returns:
- 输出RNtcu数据,8字节。Output RNtcu data, 8 bytes.
- Throws:
PedDevException- PedDevException- Since:
- V3.23.00
-
asLoadKEK
void asLoadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte ppasnIndex, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKeyIn, byte mode) throws PedDevException
将KEK1/KEK2/PPASN加载到PED。Load KEK1/KEK2/PPASN into PED.- Parameters:
kiaIndex-KIA索引[1~10]。Index of KIA [1~10].kek1Index-KEK1索引[1~10]。Index of KEK1 [1~10].kek2Index-KEK2索引[1~10]。Index of KEK2 [1~10].ppasnIndex-PPASN索引[1~5]。Index of PPASN [1~5].keyVar-用于生成KIA变量密钥的变量,16字节,这个变量用于解密PPASN。The variable used to generate the key for the KIA variable, 16 bytes, which is used to decrypt the PPASN.fmtAiicBlk-16字节 AIIC。AIIC, 16 bytes.cipherKeyIn-密文格式。Name Contents Length Attribute Bytes eKIA(KEK1) Terminal master key 1 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(KEK2) Terminal master key 2 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(PPASN) PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key. 64 b 8 MAC MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi. 8 n 4 Ciphertext format.Name Contents Length Attribute Bytes eKIA(KEK1) Terminal master key 1 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(KEK2) Terminal master key 2 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(PPASN) PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key. 64 b 8 MAC MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi. 8 n 4 mode-支持0和1。support 0 and 1.- Throws:
PedDevException- PedDevException- Since:
- V3.23.00
-
asRollKeys
void asRollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte ppasnIndex) throws PedDevException
翻转KEK1/KEK2。Roll KEK1/KEK2.- Parameters:
kekFlag-- 0x31:KEK1。
- 0x32:KEK2。
- 0x31:KEK1.
- 0x32:KEK2.
kek1Index-KEK1索引[1~10]。Index of KEK1 [1~10].kek2Index-KEK2索引[1~10]。Index of KEK2 [1~10].ppasnIndex-PPASN索引[1~5]。Index of PPASN [1~10].- Throws:
PedDevException- PedDevException- Since:
- V3.23.00
-
asGetVerifyInfo
byte[] asGetVerifyInfo(byte[] info, byte verifyInfoLen, byte mode) throws PedDevException
获取验证信息, eKIA(PPID), eKEK(PPASN), OWF(KEK, PPASN).Get verify information, eKIA(PPID), eKEK(PPASN), OWF(KEK, PPASN).- Parameters:
info-密钥索引或其它信息。2字节。- 当mode = 0: PPID index + KIA index 。
- 当mode = 1: PPASN index + KEK index 。
- 当mode = 2: PPASN index + KEK index 。
Key index or other information. 2 bytes.- When mode = 0: PPID index + KIA index .
- When mode = 1: PPASN index + KEK index .
- When mode = 2: PPASN index + KEK index .
verifyInfoLen-验证信息的数据长度。必须是4或8。Verify the data length of the information. It must to be 4 or 8.mode-- 0:eKIA(PPID)
- 1:eKEK(PPASN)
- 2:OWF(KEK, PPASN)
- 0:eKIA(PPID)
- 1:eKEK(PPASN)
- 2:OWF(KEK, PPASN)
- Returns:
- 验证信息, 4个或8个字节。Verification information, 4 or 8 bytes.
- Throws:
PedDevException- PedDevException- Since:
- V3.23.00
-
asLoadKeyByKi
byte[] asLoadKeyByKi(byte keyIndex, byte[] key, byte mode) throws PedDevException
加载由KI加密到PED的密钥。KMACH是由初始化密钥(KI)的变量24加密的。 这个函数必须在getKi(RSAKeyInfo, byte[], byte[], byte[])之后调用。Load the key encrypted by KI to PED.KMACH is encrypted by variable 24, which initializes the key (KI).This function must be called aftergetKi(RSAKeyInfo, byte[], byte[], byte[]).- Parameters:
keyIndex-密钥索引。KMACH 1~30。Key index.KMACH 1 ~ 30.key-密钥的加密文本。The encrypted text of the key.mode-0:KMACH。0:KMACH.- Returns:
- KCA的密钥验证码。3个字节。KCA's key verification code. 3 bytes.
- Throws:
PedDevException- PedDevException
-
asGetKi
byte[] asGetKi(RSAKeyInfo pstPKsp, byte[] random, byte[] userData, byte[] ppid, byte kiKeyLen, byte mode) throws PedDevException
使用PKsp生成一个KI和加密KI双倍长度的随机密钥。Generate a random double length Key as KI and encrypt KI with PKsp.- Parameters:
pstPKsp-RSA公钥,用来加密KiKey。The RSA public key, which is used to encrypt the KiKey.random-交换机的随机数。Random number from the switch.userData-用户数据。User data.ppid-8字节PPID。8 Bytes PPID.kiKeyLen-KiKey长度为16。The KiKey length is 16.mode-必须是0。It must to be 0.- Returns:
- KiKey,长度为16字节。
Contents Length Attribute Bytes 在PKsp加密之前,以下数据字段将会优先被使用DFormat 1数据块进行编码。最终的密码将会被格式化为一个DFormat1数据块 b var 00-15 KI(奇数位校验调整) 16 B 16 16-23 PPID 8 B 8 24-29 YYMMDDHHMMSS 12 N 6 30-(30+n-1) 来自交换机的随机数 N B var 30+n 用户数据 M B var ucKiKeyLen+8+5+usRandomLen+usUserDataLen必须小于PKsp’s 模长-5的字节长度
KiKey, with a length of 16 bytes.
Contents Length Attribute Bytes Before PKsp is encrypted, the following data fields will be encoded first by using DFormat 1 data blocks. The final password will be formatted as a DFormat1 block. b var 00-15 KI(odd parity adjusted) 16 B 16 16-23 PPID 8 B 8 24-29 YYMMDDHHMMSS 12 N 6 30-(30+n-1) Random number from the Switch N B var 30+n User Data M B var ucKiKeyLen+8+5+usRandomLen+usUserDataLen must be less than the bytes length of PKsp’s modulus-5
- Throws:
PedDevException- PedDevException- Since:
- V3.23.00
-
-