com.pax.dal
Interface IPedNp
-
public interface IPedNp
获取途径:NeptuneLiteUser.getInstance().getDal(getApplicationContext()).getPedNp()Acquisition approach:NeptuneLiteUser.getInstance().getDal(getApplicationContext()).getPedNp()
-
-
Field Summary
Fields Modifier and Type Field and Description static intPED_TSD私密数据Secret Datastatic intPED_TSK种子密钥Seed Key
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method and Description voidasDeriveKey(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, byte[] dataIn, byte[] keyVar, byte[] iv, byte mode)Deprecated.voidasLoadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte ppasnIndex, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKeyIn, byte mode)Deprecated.byte[]asLoadKeyAsym(byte tcuIndex, byte keyIndex, byte[] dataEncrypted, byte mode)Deprecated.voidasRollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte ppasnIndex)Deprecated.byte[]convertPinBlock(byte pinpadTPKIndex, byte[] pinpadPinBlock, byte destTPKIndex, byte destKeyType, byte[] dataIn, byte mode)将PinBlock转为online PINBlock。Translate a pinpad session TPK pin block to online TPK pin block.booleanerase()清除PED里的所有密钥信息Clear all key information of PED.byte[]exportKey(RSAKeyInfo rsaKey, java.lang.String header, int TskIdx, int TsdIdx)使用RsaKey加密指定的数据,数据格式如下: [Header data +TSK+ TSD + Random padded data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为nullUses public key RsaKey to encrypt specified data.byte[]exportKeyEncByRsa(int pubKeyIdx, int keyType, int keyIdx, byte dataOutFormat)通过使用公钥加密密钥来导出密钥export the key encrypt by RSA public keybyte[]exportKeyOAEP(RSAKeyInfo rsaKeyInfo, byte[] header, byte[] trailer, int tskIndex, int tsdIndex)使用RsaKey加密指定的数据,数据格式如下: [header + TSK + TSD + Trailer + OAEP padding data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为null。Uses public key RsaKey to encrypt specified data.byte[]exportKeyOAEP(RSAKeyInfo rsaKeyInfo, byte[] header, int tskIndex, int tsdIndex)使用RsaKey加密指定的数据,数据格式如下: [Header data +TSK+ TSD + Random padded data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为null。Uses public key RsaKey to encrypt specified data.byte[]genPinpadKeyBlock(byte srcKeyIndex, byte srcKeyType, byte destkeyIndex, byte destKeyType, byte keyLen, byte genMode, byte[] dataIn)使用保护密钥加密指定的密钥并输出加密密钥。Use key protection key to encrypt the specified key and output the cipher key block.voidgenRandomKey(int keyIdx, int keyType, int keyLen)生成一个随机密钥Generate a random key.voidgenRsaKey(byte prvKeyIdx, byte pubKeyIdx, int modLenBit, int pubExpType)生成RSA密钥对并注入PEDGenerate RSA key pairs then inject into PEDvoidsetOfflinePinMode(byte mode, byte tpkIndex, byte[] pinBlock)设置脱机PIN模式,并为外部PINPAD提供一些参数。Set offline PIN mode and provide some parameters for external PINPAD.voidwriteKey(byte srcKeyType, byte scrKeyIdx, byte dstKeyType, byte dstKeyIdx, byte dstKeyLen, byte[] dataIn, byte encType, byte[] vector)写入一个由PED_TDK或PED_TAESK派生出的PED_TSD、PED_TDK、PED_TAESK、PED_TIK密钥。Write a PED_TSD, PED_TDK, PED_TAESK, PED_TIK derived by PED_TDK or PED_TAESK.voidwriteKeyEncByRsa(byte[] dataIn, byte prvKeyIdx, byte dstKeyType, byte dstKeyIdx, byte[] ksnIn, ECheckMode checkMode, byte[] checkBuf)注入由RSA公钥加密的密钥。Inject the key which is encrypted by RSA public key.voidwriteKeyHKDF(byte srcKeyType, byte scrKeyIdx, byte dstKeyType, byte dstKeyIdx, byte dstKeyLen, byte[] salt, byte[] info)从源密钥用HKDF方法派生出目的密钥。Derive the destination key from the source key using the HKDF method.voidwriteKeyVar(int srcKeyType, int srcKeyIdx, int dstKeyType, int dstKeyIdx, byte[] keyVar)将srcKeyType指定的源密钥与keyVar异或生成一个新的dstKeyIdx类型的密钥,并将新的密钥保存到dstKeyType。Generate a new dstKeyType key by XOR-ing keyVar using the source key specified by srcKeyType and store the new key to dstKeyIdx.
-
-
-
Field Detail
-
PED_TSK
static final int PED_TSK
种子密钥Seed Key- See Also:
- Constant Field Values
-
PED_TSD
static final int PED_TSD
私密数据Secret Data- See Also:
- Constant Field Values
-
-
Method Detail
-
exportKey
byte[] exportKey(RSAKeyInfo rsaKey, java.lang.String header, int TskIdx, int TsdIdx) throws PedDevException
使用RsaKey加密指定的数据,数据格式如下: [Header data +TSK+ TSD + Random padded data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为nullUses public key RsaKey to encrypt specified data. The specified data format is as followed: [Header data + TSK + TSD + Random padded data]; The specified data to be encrypted should be less than public key modulus; otherwise, the encryption may fail. So the Header data is suggested to be null.- Parameters:
rsaKey-Rsa 公钥RSA public keyheader-头部数据The header dataTskIdx-Tsk索引Tsk slotTsdIdx-Tsd索引Tsd slot- Returns:
- 待输出密文密钥,缓冲区大小为RsaKey的模长return the cipher key, the buffer size is the modulus length of RsaKey
- Throws:
PedDevException
-
genRandomKey
void genRandomKey(int keyIdx, int keyType, int keyLen) throws PedDevException
生成一个随机密钥Generate a random key.- Parameters:
keyIdx-密钥索引[1~100]1~100: Index of key.keyType-PED_TSK:用于发散的密钥种子PED_TSK:Seed key for diversificationkeyLen-8/16/248/16/24- Throws:
PedDevException
-
writeKey
void writeKey(byte srcKeyType, byte scrKeyIdx, byte dstKeyType, byte dstKeyIdx, byte dstKeyLen, byte[] dataIn, byte encType, byte[] vector) throws PedDevException
写入一个由PED_TDK或PED_TAESK派生出的PED_TSD、PED_TDK、PED_TAESK、PED_TIK密钥。Write a PED_TSD, PED_TDK, PED_TAESK, PED_TIK derived by PED_TDK or PED_TAESK.- Parameters:
srcKeyType-Source key type.scrKeyIdx-源秘钥索引[1-100]Source key index, the valid range is 1~100.dstKeyType-Destination key type.dstKeyIdx-目的密钥索引[1-100]Destination key index, the valid range is 1~100.dstKeyLen-目的密钥长度,16/24Destination key length,16/24dataIn-- 当srcKeyType为
EPedKeyType.TAESK时,dataIn的长度为16或者32字节。 - 当dstKeyType为
EPedKeyType.TIK时,dataIn必须是42字节。32字节密码密钥数据(如果密钥数据是16字节,您可以填充任何数据到32字节) + 10字节KSN。 - 否则,dataIn长度为16或24字节。如果解密后数据的长度大于dstKeyLen,解密数据前dstKeyLen字节被用作密钥值。
- When srcKeyType
EPedKeyType.TAESK, the length of the dataIn is 16 or 32 bytes. - When dstKeyType
EPedKeyType.TIK, dataIn byte must be 42 bytes. 32 bytes of key value (if the key value is 16 bytes, you can populate any data up to 32 bytes) + 10 bytes of KSN. - Otherwise, the dataIn is 16 or 24 bytes, if the length of decrypted data is larger than dstKeyLen, only the first dstKeyLen of decrypted data will be used as key value.
- 当srcKeyType为
encType-- 如果encType=0,CBC TDES/AES算法使用源密钥解密密文文本数据,并储存为目的密钥。
- 如果encType=1,则CBC TDES/AES算法使用指定源密钥对普通文本数据进行加密,并将结果储存为目的密钥。
- 如果encType=2,ECB TDES/AES算法使用源密钥解密密文文本数据,并储存为目的密钥。
- 如果encType=3,则ECB TDES/AES算法使用指定源密钥对普通文本数据进行加密,并将结果储存为目的密钥。
- If EncType=0,it is the cipher text data which will be decrypted with CBC TDES/AES algorithm by the source key and stored as destination key.
- If EncType=1, it is the plain text data which will be encrypted with CBC TDES/AES algorithm by a specified source key and stored as destination key.
- If EncType=2, it is the cipher text data which will be decrypted with ECB TDES/AES algorithm by the source key and stored as destination key.
- If EncType=3, it is the plain text data which will be encrypted with ECB TDES/AES algorithm by a specified source key and stored as destination key.
vector-- 当srcKeyType为
EPedKeyType.TAESK时,16字节CBC初始化向量。 - 否则,vector为8字节CBC初始化向量。如果vector被设置为NULL,CBC算法将“\x00\x00\x00\x00\x00\x00\x00\x00”当做初始化向量。
- When srcKeyType
EPedKeyType.TAESK, vector is 16 bytes CBC initialization vector. - Otherwise, the vector is 8 bytes CBC init vector. If the Vector is set to NULL, the CBC algorithm treats "\x00\x00\x00\x00\x00\x00\x00\x00" as the initialization vector.
- 当srcKeyType为
- Throws:
PedDevException
-
writeKeyVar
void writeKeyVar(int srcKeyType, int srcKeyIdx, int dstKeyType, int dstKeyIdx, byte[] keyVar) throws PedDevException
将srcKeyType指定的源密钥与keyVar异或生成一个新的dstKeyIdx类型的密钥,并将新的密钥保存到dstKeyType。Generate a new dstKeyType key by XOR-ing keyVar using the source key specified by srcKeyType and store the new key to dstKeyIdx.- Parameters:
srcKeyType-源密钥类型。PED_TSK。The source key type.PED_TSK.srcKeyIdx-源密钥索引[1~100]The source key index, the valid range is 1~100.dstKeyType-The destination key.dstKeyIdx-目的密钥索引[1~100]The destination key index, the valid range is 1~100.keyVar-与PED_TSK异或的常量值,长度与PED_TSK相同。- 当dstKeyType为
EPedKeyType.TAESK时,PED_TSK的长度为16或者24字节。 - 否则,
PED_TSK的长度为24字节。
The constant value to be XORed byPED_TSK. and length is the same asPED_TSK.- When dstKeyType
EPedKeyType.TAESK,PED_TSKlength is 16 or 24 bytes. - Otherwise,
PED_TSKlength is 24 bytes.
- 当dstKeyType为
- Throws:
PedDevException
-
exportKeyEncByRsa
byte[] exportKeyEncByRsa(int pubKeyIdx, int keyType, int keyIdx, byte dataOutFormat) throws PedDevException
通过使用公钥加密密钥来导出密钥export the key encrypt by RSA public key- Parameters:
pubKeyIdx-RSA公钥索引, 1~10RSA public key index, 1~10keyType-导出秘钥类型,只能是PED_TSKexport key type,only PED_TSKkeyIdx-导出秘钥的索引,1~100export key index,1-100dataOutFormat-只能是0x00only can be 0x00- Returns:
- format: '0x00' + key length (1 bytes)+ key value + (modulus len - 2 - key length) bytes paddingformat: '0x00' + key length (1 bytes)+ key value + (modulus len - 2 - key length) bytes padding
- Throws:
PedDevException
-
genRsaKey
void genRsaKey(byte prvKeyIdx, byte pubKeyIdx, int modLenBit, int pubExpType) throws PedDevException
生成RSA密钥对并注入PEDGenerate RSA key pairs then inject into PED- Parameters:
prvKeyIdx-私钥索引1-10Private key index 1-10pubKeyIdx-公钥索引1-10Public key index 1-10modLenBit-模长,支持512,1024,2048。Modulus len,support 512,1024,2048.pubExpType-公共指数类型:0:3 1:65537Public exponent type: 0:3 1:65537- Throws:
PedDevException- Since:
- V3.06.00
-
writeKeyEncByRsa
void writeKeyEncByRsa(byte[] dataIn, byte prvKeyIdx, byte dstKeyType, byte dstKeyIdx, byte[] ksnIn, ECheckMode checkMode, byte[] checkBuf) throws PedDevException
注入由RSA公钥加密的密钥。Inject the key which is encrypted by RSA public key.- Parameters:
dataIn-由RSA公钥加密的密文,长度为64,128或256 bytesThe ciphertext encrypted with RSA public key is 64,128 or 256 bytesprvKeyIdx-RSA私钥索引。取值范围: 1~10。The index of RSA private key. value Range:1~10dstKeyType-目的密钥类型。PED_TSKDestination key type.PED_TSKdstKeyIdx-目的密钥索引。The destination key index.ksnIn-预留。Reserve.checkMode-ECheckMode校验模式
Check Mode
- When checkMode=KCV_NONE -No Check
- When checkMode=KCV_ENCRYPT_0 -Perform DES/TDES encryption on 8 bytes 0x00, and use first 4 bytes as KCV.
- When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform DES/TDES encryption on 8 bytes―\x12\x34\x56\x78\x90\x12\x34\x56, and use first 4 bytes as KCV.
- When iCheckMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode of MAC on [aucDesKeyValue +KcvData], and use the 8 bytes result as KCV.
- When iCheckMode=KCV_SM4_ENCRYPT_0 -Perform TDES encryption on 16 bytes 0x00 by SM4, and use first 4 bytes as KCV.
checkBuf-校验数据缓冲区
- 当checkMode=
ECheckMode.KCV_NONE时 checkBuf的值无效,系统认为不验证KCV,可以为null - 当checkMode=
ECheckMode.KCV_ENCRYPT_0,4字节的kcv - 当checkMode=
ECheckMode.KCV_ENCRYPT_FIX_DATA,4字节的kcv - 当iCheckMode=
ECheckMode.KCV_MAC_INPUT_DATA时按以下规则提供checkBuf:checkBuf[0]= KcvData长度(KcvDataLen)
checkBuf+1: KcvData
checkBuf[1+KcvDataLen]=MAC运算模式,参考
IPed.getMac(byte, byte[], EPedMacMode)中的mode参数checkBuf[2+KcvDataLen]=KCV长度
checkBuf[3+KcvDataLen]是KCV的值
- 当checkMode=
ECheckMode.KCV_SM4_ENCRYPT_0,4字节的kcv
Check Data Buffer
- When checkMode=KCV_NONE -PED wont check KCV, this data is no meaning.
- When checkMode=KCV_ENCRYPT_0 -4 bytes key check value
- When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value
- When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData
checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode
IPed.getMac(byte, byte[], EPedMacMode)checkBuf[2+kcvDataLen]:KCV length checkBuf[3+kcvDataLen]:KCV Value - When checkMode=KCV_SM4_ENCRYPT_0 -4 bytes key check value
- 当checkMode=
- Throws:
PedDevException- Since:
- V3.06.00
-
erase
boolean erase() throws PedDevException
清除PED里的所有密钥信息Clear all key information of PED.- Returns:
- true-擦除成功
- false-擦除失败
- true -- Clear success
- false -- Clear failure
- Throws:
PedDevException- Since:
- V3.06.00
-
exportKeyOAEP
byte[] exportKeyOAEP(RSAKeyInfo rsaKeyInfo, byte[] header, int tskIndex, int tsdIndex) throws PedDevException
使用RsaKey加密指定的数据,数据格式如下: [Header data +TSK+ TSD + Random padded data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为null。Uses public key RsaKey to encrypt specified data. The specified data format is as followed: [Header data + TSK + TSD + Random padded data]; The specified data to be encrypted should be less than public key modulus; otherwise, the encryption may fail. So the Header data is suggested to be null.- Parameters:
rsaKeyInfo-Rsa 公钥。RSA public key.header-头部数据。The header data.tskIndex-Tsk索引。Tsk slot.tsdIndex-Tsd索引 。Tsd slot.- Returns:
- 待输出密文密钥,缓冲区大小为RsaKey的模长。return the cipher key, the buffer size is the modulus length of RsaKey.
- Throws:
PedDevException- Since:
- V3.08.00
-
asDeriveKey
void asDeriveKey(byte srcKeyType, byte srcKeyIndex, byte dstKeyType, byte dstKeyIndex, byte[] dataIn, byte[] keyVar, byte[] iv, byte mode) throws PedDevException
Deprecated.导出事务密钥和初始mac密钥。Export the transaction key and the original MAC key.- Parameters:
srcKeyType-源密钥类型。- 0x01:KCA(KIA)
- 0x02:KEK
Type of source key.- 0x01:KCA(KIA)
- 0x02:KEK
srcKeyIndex-源密钥索引。Index of source index.dstKeyType-目的密钥类型。- 当srcKeyIndex=0x01,则dstKeyType可以为KCA(KIA)、KEK、TAK、TPK、TDK。
- 当srcKeyIndex=0x02,则dstKeyType可以为KEK、TAK、TPK、TDK。
Type of destination key.- When srcKeyIndex=0x01, dstKeyType can be KCA(KIA), KEK, TAK, TPK, and TDK.
- When srcKeyIndex=0x02, dstKeyType can be KEK, TAK, TPK, and TDK.
dstKeyIndex-目的密钥索引。Index of destination key.dataIn-用于派生16字节数据。Used to derive 16 bytes of data.keyVar-16字节的xor值。如果不存在就设为null,此时无需调用writeKeyVar(int, int, int, int, byte[])。A 16-byte xor value.Set it to null if it doesn't exist, and don't need to callwriteKeyVar(int, int, int, int, byte[]).iv-- 当mode=0时:为null。
- 当mode=1时:8字节的IV值。
- When mode=0: is null.
- When mode=1: 8 bytes of IV value.
mode-- 0:OWF发散。
- 1:CBC发散。
- 0:OWF divergence.
- 1:CBC divergence.
- Throws:
PedDevException- Since:
- V3.11.00
- See Also:
IPedBg.asDeriveKey(byte, byte, byte, byte, byte[], byte[], byte[], byte)
-
asLoadKeyAsym
byte[] asLoadKeyAsym(byte tcuIndex, byte keyIndex, byte[] dataEncrypted, byte mode) throws PedDevException
Deprecated.加载Key到PED。Load the key into the PED.- Parameters:
tcuIndex-tcu RSA私钥索引。Index of tcu RSA private key.keyIndex-Key索引。Index of key.dataEncrypted-用tcu RSA私钥加密的输入数据(256字节)。Input data encrypted with the tcu RSA private key (256 bytes).mode-- 0:keyIndex为KCA索引。
- 1:keyIndex为TAK索引。
- 0:keyIndex is index of KCA.
- 1:keyIndex is index of TAK.
- Returns:
- 输出RNtcu数据,8字节。Output RNtcu data, 8 bytes.
- Throws:
PedDevException- Since:
- V3.11.00
- See Also:
IPedBg.asLoadKeyAsym(byte, byte, byte[], byte)
-
asLoadKEK
void asLoadKEK(byte kiaIndex, byte kek1Index, byte kek2Index, byte ppasnIndex, byte[] keyVar, byte[] fmtAiicBlk, byte[] cipherKeyIn, byte mode) throws PedDevException
Deprecated.将KEK1/KEK2/PPASN加载到PED。Load KEK1/KEK2/PPASN into PED.- Parameters:
kiaIndex-KIA索引[1~10]。Index of KIA [1~10].kek1Index-KEK1索引[1~10]。Index of KEK1 [1~10].kek2Index-KEK2索引[1~10]。Index of KEK2 [1~10].ppasnIndex-PPASN索引[1~5]。Index of PPASN [1~5].keyVar-用于生成KIA变量密钥的变量,16字节,这个变量用于解密PPASN。The variable used to generate the key for the KIA variable, 16 bytes, which is used to decrypt the PPASN.fmtAiicBlk-16字节 AIIC。AIIC, 16 bytes.cipherKeyIn-密文格式。注:mode=1时才有MAC数据Name Contents Length Attribute Bytes eKIA(KEK1) Terminal master key 1 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(KEK2) Terminal master key 2 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(PPASN) PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key. 64 b 8 MAC MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi. 8 n 4 Ciphertext format.Note: MAC data is available only when mode=1Name Contents Length Attribute Bytes eKIA(KEK1) Terminal master key 1 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(KEK2) Terminal master key 2 encrypted by Acquirer Initialisation key. 128 b 16 eKIA(PPASN) PIN Pad assigned secret number encrypted by variant 88 of the Acquirer Initialisation key. 64 b 8 MAC MAC of eKIK(KEK1)||eKIA(KEK2)||eKIA(PPASN)using the acquiers KMACi. 8 n 4 mode-支持0和1。support 0 and 1.- Throws:
PedDevException- Since:
- V3.11.00
- See Also:
IPedBg.asLoadKEK(byte, byte, byte, byte, byte[], byte[], byte[], byte)
-
asRollKeys
void asRollKeys(byte kekFlag, byte kek1Index, byte kek2Index, byte ppasnIndex) throws PedDevException
Deprecated.翻转KEK1/KEK2。Roll KEK1/KEK2.- Parameters:
kekFlag-- 0x31:KEK1。
- 0x32:KEK2。
- 0x31:KEK1.
- 0x32:KEK2.
kek1Index-KEK1索引[1~10]。Index of KEK1 [1~10].kek2Index-KEK2索引[1~10]。Index of KEK2 [1~10].ppasnIndex-PPASN索引[1~5]。Index of PPASN [1~10].- Throws:
PedDevException- Since:
- V3.11.00
- See Also:
IPedBg.asRollKeys(byte, byte, byte, byte)
-
setOfflinePinMode
void setOfflinePinMode(byte mode, byte tpkIndex, byte[] pinBlock) throws PedDevException
设置脱机PIN模式,并为外部PINPAD提供一些参数。Set offline PIN mode and provide some parameters for external PINPAD.- Parameters:
mode-- 0x00:内部PINPAD,默认模式。
- 0x01:外部PINPAD。
- 0x00:Built-in PINPAD, default mode.
- 0x01:External PINPAD.
tpkIndex-TPK秘钥索引。The index of TPK.pinBlock-8字节ISO9564格式1的加密 PINBLOCK。8-byte Cipher PINBLOCK with ISO9564 Format 1.- Throws:
PedDevException- Since:
- V3.17.00
-
genPinpadKeyBlock
byte[] genPinpadKeyBlock(byte srcKeyIndex, byte srcKeyType, byte destkeyIndex, byte destKeyType, byte keyLen, byte genMode, byte[] dataIn) throws PedDevException
使用保护密钥加密指定的密钥并输出加密密钥。Use key protection key to encrypt the specified key and output the cipher key block.- Parameters:
srcKeyIndex-保护密钥索引。取值范围:1~100。The index of key protection key. Value range:1~100.srcKeyType-保护密钥类型。- 0x42:TXK
- 0x43:PPAD_TMK
The key type of key protection key.- 0x42:TXK
- 0x43:PPAD_TMK
destkeyIndex-目的密钥索引。取值范围:1~100。The destination key index.Value range:1~100.destKeyType-目的密钥类型。- 0x43:PPAD_TMK
- 0x44:PPAD_TPK
The destination key type.- 0x43:PPAD_TMK
- 0x44:PPAD_TPK
keyLen-目的密钥长度。现支持8、16、24位长度。Destination key length. 8, 16, and 24 lengths are now supported.genMode-- 0x00:使用已经存在的目的密钥。
- 0x01:生成新的目的密钥。生成一个随机密钥存储在PED中,索引为destkeyIndex。
- 0x00:Using the existed destination key.
- 0x01:Create a destination key.generate a real random key in PED on destkeyIndex.
dataIn-输入密钥块。最长32字节。Input Data for key block. Max 32 bytes.- Returns:
- 目标密钥的加密密钥块。最长32字节。The cipher key block of destination key. Max 32 bytes.
- Throws:
PedDevException- Since:
- V3.17.00
-
convertPinBlock
byte[] convertPinBlock(byte pinpadTPKIndex, byte[] pinpadPinBlock, byte destTPKIndex, byte destKeyType, byte[] dataIn, byte mode) throws PedDevException
将PinBlock转为online PINBlock。Translate a pinpad session TPK pin block to online TPK pin block.- Parameters:
pinpadTPKIndex-PED_PPAD_TPK密钥索引。取值范围:1~100。PinBlock’s TPK, must be the pinpad session TPK(type is PED_PPAD_TPK).Value range:1~100pinpadPinBlock-8字节ISO9564 格式 1的PINBlock。Pin block for Translating from pinpad, must use format 1, 8 bytes.destTPKIndex-目的TPK密钥索引,必须是online TPK。取值范围:1~100。Destination TPK index, must be the online TPK. Value range:1~100.destKeyType-- 0x03:TPK
- 0x07:TIK
- 0x23:AES_TPK
- 0x51:AES_TIK
- 0x03:TPK
- 0x07:TIK
- 0x23:AES_TPK
- 0x51:AES_TIK
dataIn-- 当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。
- 当mode=0x01时, 输入参数为参与PinBlock的格式化,8字节数据(根据ISO9564的规范,该数据可以是随机数、交易流水号或时间戳等)。
- 当mode=0x02时, DataIn指向卡号移位后生成的16位主帐号,DataIn+16指向参与PinBlock格式化的8字节数据(根据ISO9564的规范, ,该数据可以是随机数、交易流水号或时间戳等,但是每个字节的高4位和低4位,均必须在0xA~0xF之间,所以当Mode为0x02时,应用需要将该8字节的数据做此检查,如果不满足要求将返回错误)
- 当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]
- When mode=0x00, DataIn is the 16 bytes primary account number after shifting.
- When mode=0x01, Input parameters for participation in PinBlock formatting, 8 bytes data. (refer to ISO9564 standard, this data can be Random number, the transaction serial number or time stamp, etc.)
- When mode=0x02, DataIn is the 16 bytes primary account number after shifting. DataIn+16 point to the 8 bytes data which has participated in PinBlock formatting. (refer to ISO9564 standard, this data can be Random number, the transaction serial number or time stamp,etc. But the higher 4 bits and lower 4 bits of each byte should between 0xA~0xF. So, if the Mode=0x02, the bottom level will do this check for the 8 bytes data, it will return an error if does not meet the requirement.).
- When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]
mode-PIN Block的格式。- 0x00:ISO9564 格式 0
- 0x01:ISO9564 格式 1
- 0x02:ISO9564 格式 3
- 0x03:HK EPS 专用格式
PIN Block format.- 0x00:ISO9564 format 0
- 0x01:ISO9564 format 1
- 0x02:ISO9564 format 3
- 0x03:HK EPS -EPS PINBLOCK Format
- Returns:
- 16字节的目的PINBlock。16-bytes destination pin block.
- Throws:
PedDevException- Since:
- V3.17.00
-
exportKeyOAEP
byte[] exportKeyOAEP(RSAKeyInfo rsaKeyInfo, byte[] header, byte[] trailer, int tskIndex, int tsdIndex) throws PedDevException
使用RsaKey加密指定的数据,数据格式如下: [header + TSK + TSD + Trailer + OAEP padding data];说明:指定的数据应小于公钥模量;否则,加密可能会失败。所以Header建议为null。Uses public key RsaKey to encrypt specified data. The specified data format is as followed: [header + TSK + TSD + Trailer + OAEP padding data]; The specified data to be encrypted should be less than public key modulus; otherwise, the encryption may fail. So the Header data is suggested to be null.- Parameters:
rsaKeyInfo-Rsa 公钥。RSA public key.header-头部数据。The header data.trailer-用于key export的格式填充,导出的数据为header + TSK+ TSD +Trailer。Format filling for key export. The exported data is header + TSK+ TSD +Trailer.tskIndex-Tsk索引。Tsk slot.tsdIndex-Tsd索引 。Tsd slot.- Returns:
- 导出的密钥格式为header + TSK + TSD + Trailer + OAEP padding。The exported key format is header + TSK + TSD + Trailer + OAEP padding.
- Throws:
PedDevException- Since:
- V4.17.00
-
writeKeyHKDF
void writeKeyHKDF(byte srcKeyType, byte scrKeyIdx, byte dstKeyType, byte dstKeyIdx, byte dstKeyLen, byte[] salt, byte[] info) throws PedDevException
从源密钥用HKDF方法派生出目的密钥。Derive the destination key from the source key using the HKDF method.- Parameters:
srcKeyType-源密钥类型: PED_TSK/PED_HMAC_KDFKSource key type: PED_TSK/PED_HMAC_KDFKscrKeyIdx-源密钥索引[1-100]Source Key Index [1-100]dstKeyType-目的密钥:PED_AES_TPK/PED_AES_TAK /PED_HMAC_TAK /PED_AES_TMK/PED_HMAC_KDFK/PED_TDK/ PED_TAK/ PED_TPK /PED_TMK/PED_TSDDestination key: PED_AES_TPK/PED_AES_TAK /PED_HMAC_TAK /PED_AES_TMK/PED_HMAC_KDFK/PED_TDK/ PED_TAK/ PED_TPK /PED_TMK/PED_TSDdstKeyIdx-目的密钥索引[1-100]Destination Key Index [1-100]dstKeyLen-目的密钥长度,16/24/32Destination key length,16/24/32salt-salt value, 用于HKDFsalt value, for HKDFinfo-info value, 用于HKDFinfo value: used for HKDF- Throws:
PedDevException- Since:
- V4.17.00
-
-