com.pax.dal
Interface IPedKeyIsolationManager
-
- All Superinterfaces:
- IPed
public interface IPedKeyIsolationManager extends IPed
PED密钥隔离管理模块。The PED key isolation manager module.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface com.pax.dal.IPed
IPed.IPedInputPinListener
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method and Description voidchangeKeyOwner(byte keyType, int srcKeyIndex, java.lang.String dstPkg, int dstKeyIndex)将应用自身的一个密钥属主更改为别的应用属主。根据keyType, srcKeyIndex找到密钥,改变密钥的属性。 如果目标应用对应的密钥已经存在,返回出错,避免密钥被覆盖。Change the owner of one key of the application to another application.byte[]convertPinBlock(byte pinpadTPKIndex, byte pinpadTPKType, byte[] pinpadPinBlock, byte dstTPKIndex, byte dstKeyType, byte[] dataIn, byte mode)将session TPK转为online TPK。Translate a session TPK to online TPK.voideraseKey(byte keyType, byte keyIdx)清除该应用的一个密钥信息(逻辑ID与物理卡槽的对应关系)。Erases one of the key information for the application (mapping between logical ID and physical card slot)voidgenRandomKeyForNP(int keyIdx, int keyType, int keyLen)生成一个随机密钥Generate a random key.voidincreaseAesDukptKsn(byte groupIdx)KSN 加 1KSN plus 1voidmigratePedKeys()迁移旧的隔离密钥。Migrate the old isolation key.voidshareKey(byte keyType, int srcKeyIndex, java.lang.String dstPkg, int dstKeyIndex)将应用的一个密钥的的使用、更新和删除权限共享给其他应用。根据keyType, srcKeyIndex找到密钥,改变密钥的属性。 如果目标应用对应的密钥已经存在,返回出错,避免密钥被覆盖。Share the use, update, and delete permissions of a key of an application to other applications.voidwriteKeyVarForNP(int srcKeyType, int srcKeyIdx, int dstKeyType, int dstKeyIdx, byte[] keyVar)将srcKeyType指定的源密钥与keyVar异或生成一个新的dstKeyIdx类型的密钥,并将新的密钥保存到dstKeyType。Generate a new dstKeyType key by XOR-ing keyVar using the source key specified by srcKeyType and store the new key to dstKeyIdx.-
Methods inherited from interface com.pax.dal.IPed
calcAes, calcAesDUKPTData, calcDes, calcDes, calcDesData, calcDesfireAuth, calcDUKPTData, calcDUKPTDes, calcHMAC, calcStackUKPT, cancelInput, cancelInputMute, challengeWICKey, clearScreen, customInputKey, deriveKeyBySecureData, desDukptDataCalc, encSensData, erase, eraseKeyEx, evolveStackUKPT, genCSR, genRSAKey, genSM2KeyPair, getAesDUKPTKsn, getAesDUKPTMac, getAesDUKPTPin, getDUKPTKsn, getDUKPTMac, getDUKPTMac, getDUKPTPin, getDUKPTPin, getInfoStackUKPT, getKCV, getKeyBoardType, getMac, getMacAes, getMacSM, getMacStackUKPT, getPinBlock, getPinBlock, getPinBlock, getPinBlock, getPinBlockSM4, getPinBlockStackUKPT, getSN, getVersion, idKeyCalc, incAesDUKPTKsn, incDUKPTKsn, inputPin, inputStr, keyCalcMac, m1AuthorityDiversified, paxCARecover, pinEndGetAesDukptPin, pinEndGetDukptPin, pinEndGetPinBlock, pinEndVerifyCipherPin, pinEndVerifyPlainPin, queryKeyInfo, readKeyInfo, readPaxCA, readRkiInfo, readRSAKey, RSARecover, setAmount, setDoubleTapKeyboardLanguage, setExMode, setFunctionKey, setFunctionKey, setInputPinListener, setIntervalTime, setKeyboard, setKeyBoardLayout, setKeyBoardLayout, setKeyboardLayoutLandscape, setKeyboardRandom, setKeyBoardType, setOfflinePinMode, setPinBeep, setPinMute, setPinVolume, setPort, showInputBox, showStr, SM2Recover, SM2Sign, SM2Verify, SM3, SM4, tr34Bind, tr34DevInit, tr34GetCTKRD, tr34GetRTKRD, tr34InjectKey, tr34Parse, tr34Rebind, tr34Unbind, tr34WriteKey, verifyCipherPin, verifyCipherPin, verifyPlainPin, verifyPlainPin, writeAesDUKPTTIK, writeAesKey, writeAesKey, writeCipherKey, writeKey, writeKeyEx, writeKeyVar, writeRSAKey, writeSaltKey, writeSaltKey, writeSM2CipherKey, writeSM2Key, writeStackUKPTKey, writeTIK, writeTIK, writeTR31Key
-
-
-
-
Method Detail
-
changeKeyOwner
void changeKeyOwner(byte keyType, int srcKeyIndex, java.lang.String dstPkg, int dstKeyIndex) throws PedDevException
将应用自身的一个密钥属主更改为别的应用属主。根据keyType, srcKeyIndex找到密钥,改变密钥的属性。 如果目标应用对应的密钥已经存在,返回出错,避免密钥被覆盖。Change the owner of one key of the application to another application. Find the key according to keyType, srcKeyIndex, and change the properties of the key. If the key corresponding to the target application already exists, return an error to prevent the key from being overwritten.- Parameters:
keyType-密钥类型。EPedKeyType.TMK- PED_PPAD_TMK:0x43
EPedKeyType.SM4_TMK- PED_TWK:0x0A
EPedKeyType.TPKEPedKeyType.TAKEPedKeyType.TDK- PED_FACE_TDK:0x11
- PED_PPAD_TPK:0x44
EPedKeyType.SM4_TPKEPedKeyType.SM4_TAKEPedKeyType.SM4_TDK- PED_SM4_FACE_TDK:0x37
- PED_TSK:0x40
- PED_TSD:0x41
- PED_TM1K:0x49
- PED_RSA:0x0B
EPedKeyType.TIKEPedKeyType.TAESK- PED_AES_TPK:0x23
- PED_AES_TIK:0x51
Key type.EPedKeyType.TMK- PED_PPAD_TMK:0x43
EPedKeyType.SM4_TMK- PED_TWK:0x0A
EPedKeyType.TPKEPedKeyType.TAKEPedKeyType.TDK- PED_FACE_TDK:0x11
- PED_PPAD_TPK:0x44
EPedKeyType.SM4_TPKEPedKeyType.SM4_TAKEPedKeyType.SM4_TDK- PED_SM4_FACE_TDK:0x37
- PED_TSK:0x40
- PED_TSD:0x41
- PED_TM1K:0x49
- PED_RSA:0x0B
EPedKeyType.TIKEPedKeyType.TAESK- PED_AES_TPK:0x23
- PED_AES_TIK:0x51
srcKeyIndex-原属主的密钥索引。The key index of the original owner.dstPkg-目的属主的包名。The package name of the destination owner.dstKeyIndex-目的属主密钥索引。The key index of the destination owner.- Throws:
PedDevException
-
migratePedKeys
void migratePedKeys() throws PedDevException
迁移旧的隔离密钥。Migrate the old isolation key.- Throws:
PedDevException
-
shareKey
void shareKey(byte keyType, int srcKeyIndex, java.lang.String dstPkg, int dstKeyIndex) throws PedDevException
将应用的一个密钥的的使用、更新和删除权限共享给其他应用。根据keyType, srcKeyIndex找到密钥,改变密钥的属性。 如果目标应用对应的密钥已经存在,返回出错,避免密钥被覆盖。Share the use, update, and delete permissions of a key of an application to other applications. Find the key according to keyType, srcKeyIndex, and change the properties of the key. If the key corresponding to the target application already exists, return an error to prevent the key from being overwritten.- Parameters:
keyType-密钥类型。EPedKeyType.TMK- PED_PPAD_TMK:0x43
EPedKeyType.SM4_TMK- PED_TWK:0x0A
EPedKeyType.TPKEPedKeyType.TAKEPedKeyType.TDK- PED_FACE_TDK:0x11
- PED_PPAD_TPK:0x44
EPedKeyType.SM4_TPKEPedKeyType.SM4_TAKEPedKeyType.SM4_TDK- PED_SM4_FACE_TDK:0x37
- PED_TSK:0x40
- PED_TSD:0x41
- PED_TM1K:0x49
- PED_RSA:0x0B
EPedKeyType.TIKEPedKeyType.TAESK- PED_AES_TPK:0x23
- PED_AES_TIK:0x51
Key type.EPedKeyType.TMK- PED_PPAD_TMK:0x43
EPedKeyType.SM4_TMK- PED_TWK:0x0A
EPedKeyType.TPKEPedKeyType.TAKEPedKeyType.TDK- PED_FACE_TDK:0x11
- PED_PPAD_TPK:0x44
EPedKeyType.SM4_TPKEPedKeyType.SM4_TAKEPedKeyType.SM4_TDK- PED_SM4_FACE_TDK:0x37
- PED_TSK:0x40
- PED_TSD:0x41
- PED_TM1K:0x49
- PED_RSA:0x0B
EPedKeyType.TIKEPedKeyType.TAESK- PED_AES_TPK:0x23
- PED_AES_TIK:0x51
srcKeyIndex-原属主的密钥索引。The key index of the original owner.dstPkg-目的应用包名。The package name of the destination application.dstKeyIndex-目的应用的密钥索引。The key index of the destination application.- Throws:
PedDevException
-
eraseKey
void eraseKey(byte keyType, byte keyIdx) throws PedDevException
清除该应用的一个密钥信息(逻辑ID与物理卡槽的对应关系)。Erases one of the key information for the application (mapping between logical ID and physical card slot)- Specified by:
eraseKeyin interfaceIPed- Parameters:
keyType-密钥类型。keyIdx-密钥逻辑索引Key logical index- Throws:
PedDevException- Since:
- V4.00.00
-
convertPinBlock
byte[] convertPinBlock(byte pinpadTPKIndex, byte pinpadTPKType, byte[] pinpadPinBlock, byte dstTPKIndex, byte dstKeyType, byte[] dataIn, byte mode) throws PedDevException
将session TPK转为online TPK。Translate a session TPK to online TPK.- Parameters:
pinpadTPKIndex-上位机与PINPAD的约定秘钥PED_PPAD_TPK,取值范围:1~100。Session TPK(type is PED_PPAD_TPK).Value range:1~100pinpadTPKType-pinpadTPKindex的类型(PED_PPAD_TPK\PED_AES_PPAD_TPK)Type of pinpadTPKindex (PED_PPAD_TPK\PED_AES_PPAD_TPK)pinpadPinBlock-8字节,从pinpad转换的pinblock,必须使用ISO9564 格式 1。8 bytes, pinblock converted from pinpad, must use ISO9564 format 1dstTPKIndex-必须是online TPK。类型是PED_TPK或PED_TIK,索引1-100 。Must be an online TPK. Type is PED_TPK or PED_TIK, index 1-100.dstKeyType-- 0x03:TPK
- 0x07:TIK
- 0x23:AES_TPK
- 0x51:AES_TIK
- 0x03:TPK
- 0x07:TIK
- 0x23:AES_TPK
- 0x51:AES_TIK
dataIn-- 当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。
- 当mode=0x01时, 参考 ISO9564规范。
- 当mode=0x02时, 参考 ISO9564规范
- 当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]
- When mode=0x00, DataIn is the 16 bytes primary account number after shifting.
- When mode=0x01, Reference ISO9564 specification.
- When mode=0x02, Reference ISO9564 specification.
- When mode=0x03, dataIn is ISN [6 Bytes, ASCII code].
mode-PIN Block的格式。- 0x00:ISO9564 格式 0
- 0x01:ISO9564 格式 1
- 0x02:ISO9564 格式 3
- 0x03:HK EPS 专用格式
PIN Block format.- 0x00:ISO9564 format 0
- 0x01:ISO9564 format 1
- 0x02:ISO9564 format 3
- 0x03:HK EPS -EPS PINBLOCK Format
- Returns:
- 16字节的目的PINBlock。16-bytes pin block.
- Throws:
PedDevException- Since:
- V4.03.00
-
genRandomKeyForNP
void genRandomKeyForNP(int keyIdx, int keyType, int keyLen) throws PedDevException
生成一个随机密钥Generate a random key.- Parameters:
keyIdx-密钥索引[1~100]1~100: Index of key.keyType-PED_TSK(0x40):用于发散的密钥种子PED_TSK(0x40):Seed key for diversificationkeyLen-8/16/248/16/24- Throws:
PedDevException
-
writeKeyVarForNP
void writeKeyVarForNP(int srcKeyType, int srcKeyIdx, int dstKeyType, int dstKeyIdx, byte[] keyVar) throws PedDevException
将srcKeyType指定的源密钥与keyVar异或生成一个新的dstKeyIdx类型的密钥,并将新的密钥保存到dstKeyType。Generate a new dstKeyType key by XOR-ing keyVar using the source key specified by srcKeyType and store the new key to dstKeyIdx.- Parameters:
srcKeyType-源密钥类型。PED_TSK(0x40)。The source key type. PED_TSK(0x40).srcKeyIdx-源密钥索引[1~100]The source key index, the valid range is 1~100.dstKeyType-The destination key.dstKeyIdx-目的密钥索引[1~100]The destination key index, the valid range is 1~100.keyVar-与PED_TSK异或的常量值,长度与PED_TSK相同。- 当dstKeyType为
EPedKeyType.TAESK时,PED_TSK的长度为16或者24字节。 - 否则,PED_TSK的长度为24字节。
The constant value to be XORed by PED_TSK. and length is the same as PED_TSK.- When dstKeyType
EPedKeyType.TAESK, PED_TSK length is 16 or 24 bytes. - Otherwise, PED_TSK length is 24 bytes.
- 当dstKeyType为
- Throws:
PedDevException
-
increaseAesDukptKsn
void increaseAesDukptKsn(byte groupIdx) throws PedDevException
KSN 加 1KSN plus 1- Parameters:
groupIdx-[1~40]AES DUKPT密钥组索引号。每个 KSN 对应的 AES DUKPT 密钥, 每次使用DUKPT后,建议调用该接口,给ksn加1,保证一次一密[1~40]AES DUKPT key group index. AES DUKPT key corresponding to each KSN. After each DUKPT is used, you are advised to call this interface and add 1 to the ksn to ensure one password at a time- Throws:
PedDevException
-
-