001/* 002 * =========================================================================================== 003 * = COPYRIGHT 004 * PAX Computer Technology (Shenzhen) Co., Ltd. PROPRIETARY INFORMATION 005 * This software is supplied under the terms of a license agreement or nondisclosure 006 * agreement with PAX Computer Technology (Shenzhen) Co., Ltd. and may not be copied or 007 * disclosed except in accordance with the terms in that agreement. 008 * Copyright (C) 2017-2023 PAX Computer Technology (Shenzhen) Co., Ltd. All rights reserved. 009 * Description: // Detail description about the function of this module, 010 * // interfaces with the other modules, and dependencies. 011 * Revision History: 012 * Date Author Action 013 * 2017/04/01 PAX Create/Add/Modify/Delete 014 * =========================================================================================== 015 */ 016 017package com.pax.dal; 018 019import android.view.View; 020 021import com.pax.dal.entity.DUKPTResult; 022import com.pax.dal.entity.EAesCheckMode; 023import com.pax.dal.entity.EAlgorithmType; 024import com.pax.dal.entity.ECheckMode; 025import com.pax.dal.entity.ECryptOperate; 026import com.pax.dal.entity.ECryptOpt; 027import com.pax.dal.entity.EDUKPTDesMode; 028import com.pax.dal.entity.EDUKPTMacMode; 029import com.pax.dal.entity.EDUKPTPinMode; 030import com.pax.dal.entity.EFuncKeyMode; 031import com.pax.dal.entity.EIdKeycCalcMode; 032import com.pax.dal.entity.EKeyCode; 033import com.pax.dal.entity.EPedDesMode; 034import com.pax.dal.entity.EPedKeyType; 035import com.pax.dal.entity.EPedMacMode; 036import com.pax.dal.entity.EPedType; 037import com.pax.dal.entity.EPinBlockMode; 038import com.pax.dal.entity.EUartPort; 039import com.pax.dal.entity.KeyInfo; 040import com.pax.dal.entity.RSAKeyInfo; 041import com.pax.dal.entity.RSAPinKey; 042import com.pax.dal.entity.RSARecoverInfo; 043import com.pax.dal.entity.SM2KeyPair; 044import com.pax.dal.exceptions.EPedDevException; 045import com.pax.dal.exceptions.PedDevException; 046import com.pax.dal.entity.Tr34OutBlock; 047import com.pax.dal.entity.Tr34ParseDataOffset; 048 049import java.util.LinkedHashMap; 050 051/** 052 * <div class="zh">关于 PED的API。 如果开启权限检查,需在AndroidManifest下添加权限:"com.pax.permission.PED"</div> 053 * <div class="en">API for PED. If permission check is enabled, you need to add permission under AndroidManifest: "com.pax.permission.PED".</div> 054 */ 055public interface IPed { 056 057 /** 058 * <div class="zh"> 设置输入PIN监听器。仅支持{@link EPedType#INTERNAL} 类型 </div> 059 * <div class="en"> Set the input PIN listener. {@link EPedType#INTERNAL} only is supported </div> 060 * @param listener 061 * {@link IPedInputPinListener} 062 * 063 */ 064 public void setInputPinListener(IPedInputPinListener listener); 065 066 /** 067 * <div class="zh"> 写入一个密钥,包括TLK,TMK和TWK的写入、发散,并可以选择使用KCV验证密钥正确性。 068 * <p> 069 * 当写入PED_TLK时,PED首先格式化,清除所有已经下载的密钥,再写入PED_TLK。 当明文写入密钥时,srcKeyIndex=0。 070 * 对于{@link EPedType#EXTERNAL_TYPEA}需要调用{@link IPed#setExMode}设置exMode。TMK和TDK只能以明文方式写入。TPK、TAK可以以明文或者密文的方式写入,但写入密文时不校验。 071 * 支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 072 * </p> 073 * </div> 074 * <div class="en"> Write in one key includes write in and divergent of TLK, TMK and TWK. And use KCV to check the 075 * key correction. 076 * <p> 077 * When write PED_TLK,PED will format ,clear all the key has been downloaded,then write in PED_TLK. 078 * When srckeyindex = 0, the plaintext key is written. For {@link EPedType#EXTERNAL_TYPEA}, you need to call {@link IPed#setExMode} to setExMode. 079 * TMK and TDK can only be written in plaintext. TPK and TAK can be written in plaintext or ciphertext, but the ciphertext is not checked. 080 * {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported. 081 * </p> 082 * </div> 083 * 084 * @param srcKeyType 085 * {@link EPedKeyType} <div class="zh"> 086 * <p> 087 * 原密钥类型 088 * </p> 089 * <ul> 090 * <li>{@link EPedKeyType#TLK}</li> 091 * <li>{@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}</li> 092 * <li>{@link EPedKeyType#TPK}</li> 093 * <li>{@link EPedKeyType#TAK}</li> 094 * <li>{@link EPedKeyType#TDK}</li> 095 * </ul> 096 * </div> <div class="en"> 097 * <p> 098 * Source Key Type 099 * </p> 100 * <ul> 101 * <li>TLK - Terminal Loading Key</li> 102 * <li>TMK - Terminal Master Key</li> 103 * <li>TPK -Transaction PIN Key</li> 104 * <li>TAK -Transaction Mac Key</li> 105 * <li>TDK -Terminal Des Key</li> 106 * </ul> 107 * </div> 108 * 109 * 110 * @param srcKeyIndex 111 * <div class="zh"> 112 * <p> 113 * 原密钥索引 114 * </p> 115 * <ul> 116 * <li>如果srcKeyType={@link EPedKeyType#TLK}时, srcKeyIndex=1有效</li> 117 * <li>如果srcKeyType={@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}/{@link EPedKeyType#TPK}/ 118 * {@link EPedKeyType#TAK}/ {@link EPedKeyType#TDK}时, srcKeyIndex=[1~100]有效</li> 119 * </ul> 120 * </div> <div class="en"> 121 * <p> 122 * Source Key Index 123 * </p> 124 * <ul> 125 * <li>when srcKeyType=TLK, srcKeyIndex=1</li> 126 * <li>when srcKeyType=TMK/SM4_TMK/TPK/TAK/TDK, srcKeyIndex=[1~100]</li> 127 * </ul> 128 * </div> 129 * 130 * @param destKeyType 131 * {@link EPedKeyType} <div class="zh"> 132 * <p> 133 * 目的密钥类型 134 * </p> 135 * <ul> 136 * <li>{@link EPedKeyType#TLK}</li> 137 * <li>{@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}</li> 138 * <li>{@link EPedKeyType#TPK}/{@link EPedKeyType#SM4_TPK}</li> 139 * <li>{@link EPedKeyType#TAK}/{@link EPedKeyType#SM4_TAK}</li> 140 * <li>{@link EPedKeyType#TDK}/{@link EPedKeyType#SM4_TDK}</li> 141 * <li>{@link EPedKeyType#PPAD_TPK},仅支持明文写入。</li> 142 * </ul> 143 * </div> <div class="en"> 144 * <p> 145 * Destination Key Type 146 * </p> 147 * <li>{@link EPedKeyType#TLK}</li> 148 * <li>{@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}</li> 149 * <li>{@link EPedKeyType#TPK}/{@link EPedKeyType#SM4_TPK}</li> 150 * <li>{@link EPedKeyType#TAK}/{@link EPedKeyType#SM4_TAK}</li> 151 * <li>{@link EPedKeyType#TDK}/{@link EPedKeyType#SM4_TDK}</li> 152 * <li>{@link EPedKeyType#PPAD_TPK}, Only supports plain text writing.</li> 153 * </div> 154 * 155 * @param destkeyIndex 156 * <div class="zh"> 157 * <p> 158 * 目的密钥索引 159 * </p> 160 * <ul> 161 * <li>如果srcKeyType={@link EPedKeyType#TLK}时, destkeyIndex=1有效</li> 162 * <li>如果srcKeyType={@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}/{@link EPedKeyType#TPK}/ 163 * {@link EPedKeyType#SM4_TPK}/{@link EPedKeyType#TAK}/{@link EPedKeyType#SM4_TAK}/ 164 * {@link EPedKeyType#TDK}/{@link EPedKeyType#SM4_TDK}时, destkeyIndex=[1~100]有效</li> 165 * </ul> 166 * </div> <div class="en"> 167 * <p> 168 * Destination Key Index 169 * </p> 170 * reference srcKeyIndex {@link IPed#writeKey} </div> 171 * 172 * @param destKeyValue 173 * <div class="zh"> 174 * <p> 175 * 密钥明文或密文 176 * </p> 177 * </div> <div class="en"> 178 * <p> 179 * Cryptograph or Plaintext 180 * </p> 181 * </div> 182 * 183 * @param checkMode 184 * {@link ECheckMode} <div class="zh"> 185 * <p> 186 * 校验模式 187 * </p> 188 * <ul> 189 * <li>{@link ECheckMode#KCV_NONE}</li> 190 * <li>{@link ECheckMode#KCV_ENCRYPT_0}</li> 191 * <li>{@link ECheckMode#KCV_ENCRYPT_FIX_DATA}</li> 192 * <li>{@link ECheckMode#KCV_MAC_INPUT_DATA}</li> 193 * <li>{@link ECheckMode#KCV_SM4_ENCRYPT_0}</li> 194 * </ul> 195 * </div> <div class="en"> 196 * <p> 197 * Check Mode 198 * </p> 199 * <ul> 200 * <li>When checkMode=KCV_NONE -No Check</li> 201 * <li>When checkMode=KCV_ENCRYPT_0 -Perform DES/TDES encryption on 8 bytes 0x00, and use first 4 bytes 202 * as KCV.</li> 203 * 204 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform DES/TDES encryption 205 * on 8 bytes―\x12\x34\x56\x78\x90\x12\x34\x56, and use first 4 bytes as KCV.</li> 206 * 207 * <li>When iCheckMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode 208 * of MAC on [aucDesKeyValue +KcvData], and use the 8 bytes result as KCV.</li> 209 * 210 * <li>When iCheckMode=KCV_SM4_ENCRYPT_0 -Perform TDES encryption on 16 bytes 0x00 by SM4, and use first 211 * 4 bytes as KCV.</li> </ul> </div> 212 * 213 * @param checkBuf 214 * <div class="zh"> 215 * <p> 216 * 校验数据缓冲区 217 * </p> 218 * <ul> 219 * <li>当checkMode={@link ECheckMode#KCV_NONE}时 checkBuf的值无效,系统认为不验证KCV,可以为null</li> 220 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_0},4字节的kcv</li> 221 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_FIX_DATA},4字节的kcv</li> 222 * <li>当iCheckMode={@link ECheckMode#KCV_MAC_INPUT_DATA}时按以下规则提供checkBuf: 223 * <p> 224 * checkBuf[0]= KcvData长度(KcvDataLen) 225 * </p> 226 * <p> 227 * checkBuf+1: KcvData 228 * </p> 229 * <p> 230 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link #getMac(byte, byte[], EPedMacMode)}中的mode参数 231 * </p> 232 * <p> 233 * checkBuf[2+KcvDataLen]=KCV长度 234 * </p> 235 * <p> 236 * checkBuf[3+KcvDataLen]是KCV的值 237 * </p> 238 * </li> 239 * <li>当checkMode={@link ECheckMode#KCV_SM4_ENCRYPT_0},4字节的kcv</li> 240 * </ul> 241 * </div> <div class="en"> 242 * <p> 243 * Check Data Buffer 244 * </p> 245 * <ul> 246 * <li>When checkMode=KCV_NONE -PED wont check KCV, this data is no meaning.</li> 247 * <li>When checkMode=KCV_ENCRYPT_0 -4 bytes key check value</li> 248 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value</li> 249 * <li>When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData 250 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 251 * {@link #getMac(byte, byte[], EPedMacMode)} checkBuf[2+kcvDataLen]:KCV length 252 * checkBuf[3+kcvDataLen]:KCV Value</li> 253 * <li>When checkMode=KCV_SM4_ENCRYPT_0 -4 bytes key check value</li> 254 * </ul> 255 * </div> 256 * 257 * @throws PedDevException 258 */ 259 public void writeKey(EPedKeyType srcKeyType, byte srcKeyIndex, EPedKeyType destKeyType, byte destkeyIndex, 260 byte[] destKeyValue, ECheckMode checkMode, byte[] checkBuf) throws PedDevException; 261 262 /** 263 * <div class="zh"> 写入TIK,并可以选择使用KCV验证密钥正确性。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 264 * <div class="en"> Write in TIK, and can check the key correction by using KCV. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 265 * 266 * @param groupIndex 267 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100]DUKPT key group id </div> 268 * 269 * @param srcKeyIndex 270 * <div class="zh"> [0~1] 保护密钥的密钥索引。0表示明文写入。 </div> <div class="en"> [0~1] The index of the key protecting the key. 0 means writing in plaintext. 271 * </div> 272 * 273 * @param keyValue 274 * <div class="zh"> TIK的明文或者密文。srcKeyIdx为0时表示明文写入。DUKPT算法支持8/16字节长度的密钥。</div> 275 * <div class="en"> The plaintext or ciphertext of TIK. When srcKeyIdx is 0, it means writing plain text. The DUKPT algorithm supports keys with a length of 8/16 bytes. </div> 276 * 277 * @param ksn 278 * <div class="zh"> 指向初始化KSN </div> <div class="en"> Point to KSN initialization. </div> 279 * 280 * @param checkMode 281 * <div class="zh"> {@link ECheckMode} </div> <div class="en"> reference {@link IPed#writeKey} checkMode 282 * </div> 283 * @param checkBuf 284 * <div class="zh"> 参考{@link IPed#writeKey}关于checkBuf说明 </div> <div class="en"> reference 285 * {@link IPed#writeKey} the information about checkBuf </div> 286 * 287 * @throws PedDevException 288 */ 289 public void writeTIK(byte groupIndex, byte srcKeyIndex, byte[] keyValue, byte[] ksn, ECheckMode checkMode, 290 byte[] checkBuf) throws PedDevException; 291 292 /** 293 * <div class="zh"> 指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 294 * <div class="en"> Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported. </div> 295 * 296 * 297 * @param keyIndex 298 * <div class="zh"> [1~100] TPK的索引 </div> <div class="en"> [1~100] TPK index </div> 299 * 300 * @param expPinLen 301 * <div class="zh"> <p>当IPed为{@link EPedType#INTERNAL}:可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 302 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。</p> <p>当IPed为{@link EPedType#EXTERNAL_TYPEA}:PIN长度在expPinLen中的最小值和最大值区间。如果mode = EPinBlockMode.ISO9564_0时,当最小长度不为0时,允许按"确认"退出 。</p> </div> 303 * <div class="en"><p>When IPed is {@link EPedType#INTERNAL}:The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 304 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.<p> 305 * <p>When IPed is {@link EPedType#EXTERNAL_TYPEA}:The PIN length is between the minimum and maximum values in expPinLen. If mode = EPinBlockMode.ISO9564_0, press "ok" to exit when the minimum length is not 0.</p> </div> 306 * 307 * @param dataIn 308 * <div class="zh"> 309 * <ul> 310 * <li>当mode={@link EPinBlockMode#ISO9564_0}时, DataIn指向卡号移位后生成的16位主帐号。</li> 311 * <li>当mode={@link EPinBlockMode#ISO9564_1}时, DataIn被忽略.接口内部采用随机数填充PINBlock。</li> 312 * <li>当mode={@link EPinBlockMode#ISO9564_3}时, DataIn指向位移后的16位PAN。</li> 313 * <li>当mode={@link EPinBlockMode#HKEPS}时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 314 * </ul> 315 * </div> <div class="en"> 316 * <ul> 317 * <li>When mode=ISO9564_0, DataIn is the 16 bytes primary account number after shifting.</li> 318 * <li>When mode=ISO9564_1, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 319 * <li>When mode=ISO9564_3, DataIn is the 16 bytes primary account number after shifting.</li> 320 * <li>When mode=HKEPS, dataIn is ISN [6 Bytes, ASCII code]</li> 321 * </ul> 322 * </div> 323 * 324 * @param mode 325 * {@link EPinBlockMode} <div class="zh"> PIN BLOCK的格式 326 * <ul> 327 * <li>{@link EPinBlockMode#ISO9564_0}</li> 328 * <li>{@link EPinBlockMode#ISO9564_1}</li> 329 * <li>{@link EPinBlockMode#ISO9564_3}</li> 330 * <li>{@link EPinBlockMode#HKEPS}</li> 331 * </ul> 332 * </div> <div class="en"> PIN BLOCK Format 333 * <ul> 334 * <li>ISO9564_0</li> 335 * <li>ISO9564_1</li> 336 * <li>ISO9564_3</li> 337 * <li>HKEPS -EPS PINBLOCK Format</li> 338 * </ul> 339 * </div> 340 * 341 * @param timeoutMs 342 * <div class="zh"> 343 * <p> 344 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 345 * </p> 346 * <p> 347 * 0:表示没有超时时间,PED不做超时控制 348 * </p> 349 * </div> <div class="en"> 350 * <p> 351 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 352 * </p> 353 * <p> 354 * 0: No timeout time, not doing timeout control for PED. 355 * </p> 356 * </div> 357 * 358 * @return <div class="zh"> 返回pinBlock,如果bypass 返回NULL </div> <div class="en"> Return pinBlock byte array, if 359 * bypass,return NULL. </div> 360 * 361 * @throws PedDevException 362 */ 363 public byte[] getPinBlock(byte keyIndex, String expPinLen, byte[] dataIn, EPinBlockMode mode, int timeoutMs) 364 throws PedDevException; 365 366 /** 367 * <div class="zh"> 用KeyIdx指定的MAC密钥对DataIn进行mode指定的算法进行MAC运算,将8字节的MAC结果返回 外置A类PED需要除了设置PinBlockMode外还需要调用setExMode 368 * {@link IPed#setExMode}设置exMode exMode默认为-1,表示TAK长度为16字节,如果TAK长度为16字节则可以使用该默认值 。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。</div> 369 * <div class="en"> To use KeyIdx MAC key calculate the DataIn following the specified Mode algorithm, return the 8 bytes MAC result. 370 * {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 371 * 372 * @param keyIndex 373 * <div class="zh"> [1~100] TAK的索引 </div> <div class="en"> [1~100] TAK index </div> 374 * 375 * @param dataIn 376 * <div class="zh"> 长度<=1024 MAC运算的数据包的长度[输入],长度 不为8字节整除,则自动补"\x00" </div> <div class="en"> The data 377 * length less than or equal to 1024 bytes If the length not multiple by 8, 0x00 will be padding 378 * automatically. </div> 379 * 380 * @param mode 381 * <div class="zh"> 382 * <ul> 383 * <li>{@link EPedMacMode#MODE_00}</li> 384 * <li>{@link EPedMacMode#MODE_01}</li> 385 * <li>{@link EPedMacMode#MODE_02}</li> 386 * <li>{@link EPedMacMode#MODE_03}</li> 387 * <li>{@link EPedMacMode#MODE_05}</li> 388 * <li>{@link EPedMacMode#MODE_06}</li> 389 * </ul> 390 * </div> <div class="en"> 391 * <ul> 392 * <li>MODE_00 -Doing DES/TDES encryption for BLOCK1 by usingMAC key. Doing DES/TDES encryption again by 393 * using TAK when and after bitwise XOR the previous encryption result with BLOCK2. Processing in turn to 394 * get the 8 bytes encryption result.</li> 395 * <li>MODE_01 -Doing bitwise XOR for BLOCK1 and BLOCK2; Do bitwise XOR again by using previous XOR 396 * result with BLOCK3. Do it in turn and finally get the 8 bytes XOR result. Using TAK to process 397 * DES/TDES encryption for the result</li> 398 * <li>MODE_02 -ANSIX9.19 standard, Do DES encryption for BLOCK1 by using TAK (only take the first 8 399 * bytes of key). The encryption result wills bitwise XOR with BLOCK2,and then doing DES encryption by 400 * using TAK again. Do it in turn and get the 8 bytes encryption result. Using DES/TDES to encrypt in the 401 * last time.</li> 402 * <li>MODE_03 -CMAC algorithm. KSN does not automatically increase by 1.</li> 403 * <li>MODE_05 -HMAC-SHA256 algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.</li> 404 * <li>MODE_06 -APACS70OWF MAC calculation of mac key.</li> 405 * </ul> 406 * </div> 407 * 408 * @return <div class="zh"> 返回MAC结果。当mode等于HMAC-SHA256算法是,输出长度为32字节。其他为8字节。</div> 409 * <div class="en"> return the MAC data。When the mode is equal to the HMAC-SHA256 algorithm, the output length is 32 bytes. Others are 8 bytes.</div> 410 * 411 * @throws PedDevException 412 */ 413 414 public byte[] getMac(byte keyIndex, byte[] dataIn, EPedMacMode mode) throws PedDevException; 415 416 /** 417 * <div class="zh"> 使用TDK对DataInLen长度的数据进行DES/TDES运算,使用DES或TDES根据密钥的长度而定。 418 * 外置A类PED需要调用setExMode {@link IPed#setExMode}设置exMode exMode默认为-1,表示TDK长度为16字节,如果TDK长度为16字节则可以使用该默认值。 419 * 支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 420 * <div class="en"> To use TDK encrypt or decrypt data by DES/TDES. Using DES or TDES depends on the key length. 421 * {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 422 * 423 * @param keyIndex 424 * <div class="zh"> [1~100] TDK或者TXK的索引 。</div> <div class="en"> [1~100] TDK or TXK index.</div> 425 * 426 * @param datain 427 * <div class="zh"> 待运算的数据,数据长度 <=8k字节, 必须能被8字节整除 </div> <div class="en"> the data to be calculated.The 428 * data length <=8k bytes, must be divisible by 8 bytes </div> 429 * 430 * @param mode 431 * {@link EPedDesMode} 432 * 433 * @return <div class="zh"> 运算后的数据 。</div> <div class="en"> The data which have been calculated. </div> 434 * 435 * @throws PedDevException 436 */ 437 public byte[] calcDes(byte keyIndex, byte[] datain, EPedDesMode mode) throws PedDevException; 438 439 /** 440 * <div class="zh"> 使用TDK对DataInLen长度的数据进行DES/TDES运算,使用DES或TDES根据密钥的长度而定。 441 * 外置A类PED需要调用setExMode {@link IPed#setExMode}设置exMode exMode默认为-1,表示TDK长度为16字节,如果TDK长度为16字节则可以使用该默认值 。 442 * 支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。</div> 443 * <div class="en"> To use TDK encrypt or decrypt data by DES/TDES. Using DES or TDES depends on the key length. 444 * {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported. </div> 445 * 446 * @param keyIndex 447 * <div class="zh"> [1~100] TDK的索引 </div> <div class="en"> [1~100] TDK index </div> 448 * 449 * @param initvector 450 * <div class="zh">使用CBC 模式进行加解密运算时需要用到,若InitVector为NULL,则默认为8字节的全0x00。 使用ECB加解密时不需要,可以为NULL。 </div> <div 451 * class="en"> ECB mode: init vector is null .CBC mode: init vector, 8 bytes. </div> 452 * 453 * @param dataIn 454 * <div class="zh"> 待运算的数据,数据长度除ECB模式和CBC最大支持8k字节,其他模式最大支持2048字节。 必须能被8字节整除 </div> <div class="en"> the data to be calculated. 455 * The data length except the ECB and CBC mode supports a maximum of 8k bytes, and the other modes support a maximum of 2048 bytes. must be divisible by 8 bytes </div> 456 * 457 * @param mode 458 * <div class="zh"> 459 * <ul> 460 * <li>0: ECB模式解密</li> 461 * <li>1: ECB模式加密</li> 462 * <li>2: CBC模式解密</li> 463 * <li>3: CBC模式加密</li> 464 * <li>4: OFB模式解密</li> 465 * <li>5: OFB模式加密</li> 466 * <li>6: CFB8模式解密</li> 467 * <li>7: CFB8模式加密</li> 468 * </ul> 469 * </div> <div class="en"> 470 * <ul> 471 * <li>0: DECRYPT#ECB</li> 472 * <li>1: ENCRYPT#ECB</li> 473 * <li>2: DECRYPT#CBC</li> 474 * <li>3: ENCRYPT#CBC</li> 475 * <li>4: DECRYPT#OFB</li> 476 * <li>5: ENCRYPT#OFB</li> 477 * <li>6: DECRYPT#CFB8</li> 478 * <li>7: ENCRYPT#CFB8</li> 479 * </ul> 480 * </div> 481 * 482 * @return <div class="zh"> 返回运算后的数据 </div> <div class="en"> the data after calculation. </div> 483 * 484 * @throws PedDevException 485 * @since V2.04.00 486 */ 487 public byte[] calcDes(byte keyIndex, byte[] initvector, byte[] dataIn, byte mode) throws PedDevException; 488 489 /** 490 * <div class="zh"> 在PED上输入PIN,并使DUKPT的PIN密钥计算PINBlock。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。</div> 491 * <div class="en"> PINBlock Input the PIN on PED,and use the PINkey of DUKPT to calculate the PINBlock. 492 * {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 493 * 494 * @param groupIndex 495 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT key group id </div> 496 * 497 * @param expPinLen 498 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 499 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。 </div> <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 500 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.</div> 501 * 502 * @param dataIn 503 * <div class="zh"> 504 * <ul> 505 * <li>当mode={@link EDUKPTPinMode#ISO9564_0_INC}时, DataIn指向卡号移位后生成的16位主帐号。</li> 506 * <li>当mode={@link EDUKPTPinMode#ISO9564_1_INC}/{@link EDUKPTPinMode#ISO9564_1}时, 507 * DataIn被忽略,接口内部采用随机数填充PINBlock。</li> 508 * <li>当mode={@link EDUKPTPinMode#ISO9564_2_INC}/{@link EDUKPTPinMode#ISO9564_2}时, 509 * DataIn指向位移后的16位PAN</li> 510 * <li>当mode={@link EDUKPTPinMode#HKEPS_INC}时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 511 * <li>对于type-c密码键盘,dataIn指向卡号移位后生成的16位主帐号</li> 512 * 513 * </ul> 514 * </div> <div class="en"> 515 * <ul> 516 * <li>When mode={@link EDUKPTPinMode#ISO9564_0_INC}, DataIn is the 16 bytes primary account number after shifting.</li> 517 * <li>When mode={@link EDUKPTPinMode#ISO9564_1_INC}/{@link EDUKPTPinMode#ISO9564_1},DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 518 * <li>When mode={@link EDUKPTPinMode#ISO9564_2_INC}/{@link EDUKPTPinMode#ISO9564_2},DataIn is the 16 bytes primary account number after shifting.</li> 519 * <li>When mode={@link EDUKPTPinMode#HKEPS_INC}, dataIn is ISN [6 Bytes, ASCII code]</li> 520 * <li>For type-c, dataIn is the 16 bytes primary account number after shifting.</li> 521 * </ul> 522 * </div> 523 * 524 * @param mode 525 * {@link EDUKPTPinMode} 526 * <li>Not used for type-c</li> 527 * @param timeoutMs 528 * <div class="zh"> 529 * <p> 530 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 531 * </p> 532 * <p> 533 * 0:表示没有超时时间,PED不做超时控制 534 * </p> 535 * </div> <div class="en"> 536 * <p> 537 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 538 * </p> 539 * <p> 540 * 0: No timeout time, not doing timeout control for PED. 541 * </p> 542 * </div> 543 * 544 * @return DUKPTResult {@link DUKPTResult} 545 * @throws PedDevException 546 */ 547 public DUKPTResult getDUKPTPin(byte groupIndex, String expPinLen, byte[] dataIn, EDUKPTPinMode mode, int timeoutMs) 548 throws PedDevException; 549 550 /** 551 * <div class="zh"> 使用DUKPT的MAC密钥计算MAC。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 552 * <div class="en"> Use MAC Key to calculate MAC. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 553 * 554 * @param groupIndex 555 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT key group index id </div> 556 * 557 * @param dataIn 558 * <div class="zh"> 指向需要计算MAC的数据内容</div> <div class="en"> The MAC data content needs to be calculated</div> 559 * 560 * @param mode 561 * {@link EDUKPTMacMode} 562 * <div class="zh">备注:20,22,40,42模式可以支持最大输入8k大小的输入数据,其他模式维持原来最大1k的输入数据</div> 563 * <div class="en">Note: In 20, 22, 40, and 42 modes, the maximum size of input data can be 8 KB. In other modes, the maximum size of input data can be 1 KB</div> 564 * @return {@link DUKPTResult} 565 * @throws PedDevException 566 */ 567 public DUKPTResult getDUKPTMac(byte groupIndex, byte[] dataIn, EDUKPTMacMode mode) throws PedDevException; 568 569 /** 570 * <div class="zh"> 获取密钥校验值(KCV)以进行密钥验证。仅支持{@link EPedType#INTERNAL} 类型 。</div> 571 * <div class="en"> Getting key check value(KCV) for key verification. EPedType.INTERNAL only is supported. 572 * {@link EPedType#INTERNAL} only is supported. </div> 573 * 574 * @param type 575 * {@link EPedKeyType} 576 * support: 577 * TMK/ AES_TMK 578 * TAK/ AES_TAK 579 * TPK/ AES_TPK 580 * TDK/ AES_TDK 581 * TCHDK/ AES_TCHDK 582 * TIK/ AES_TIK 583 * SALTKEY 584 * TIDK 585 * PPAD_TMK/PPAD_TPK 586 * SM4_TMK/ SM4_TAK/ SM4_TPK/ SM4_TDK 587 * @param keyIndex 588 * <div class="zh"> 密钥的索引号 </div> 589 * <div class="en"> key index </div> 590 * 591 * @param checkMode 592 * <div class="zh"> 593 * <ul> 594 * <li>checkMode=0x00时, 使用该密钥对一段数据进行DES/TDES加密运算,生成的密文的前4个字节即为KCV,该模式适用于PED_TLK/ PED_TMK/ PED_TAK/ PED_TPK/ PED_TDK/ PED_PPAD_TXK。</li> 595 * <li>checkMode=0x00时, 返回注入密钥时写入的KCV值。该模式适用于PED_TIK/ PED_AES_TIK。</li> 596 * <li>checkMode=0x03时, 使用该密钥对一段数据进行CMAC加密运算,生成的密文的前5个字节即为KCV。该模式适用于PED_TLK/ PED_TMK/ PED_TAK/ PED_TPK/ PED_TDK/ PED_PPAD_TXK/ PED_AES_TLK/ PED_AES_TMK/ PED_AES_TAK/ PED_AES_TPK/ PED_AES_TDK。</li> 597 * <li>checkMode=0x04时, 使用该密钥对一段数据进行SM4加密运算,生成的密文的前4个字节即为KCV。该模式适用于PED_SM4_TMK/ PED_SM4_TAK/ PED_SM4_TPK/ PED_ SM4_TDK。</li> 598 * </ul> 599 * </div> <div class="en"> 600 * <ul> 601 * <li>When checkMode=0x00, use this key to do TDES entryption for a block of data, the first 4 bytes of the generated ciphertext is KCV. This mode is suitable for TDES key/PED_TIDK/PED_TIK/ PED_AES_TIK. when EPedKeyType is PED_TIK/ PED_AES_TIK, the KCV value written during key injection is returned. </li> 602 * <li>when checkMode=0x01, the same with checkMode 0x00, but the checkBuf is not needed, is considered as 8 bytes zero.</li> 603 * <li>When checkMode=0x03, use this key to do CMAC encryption operation for a block of data, and the first 5 bytes of the generated ciphertext are KCV. This mode is suitable for TDES/AES key.</li> 604 * <li>When checkMode=0x04, use this key to do SM4 encryption operation for a block of data, and the first 4 bytes of the generated ciphertext are KCV. This mode is suitable for SM4 key and PED_TIDK.</li> 605 * </ul> 606 * </div> 607 * 608 * @param checkBuf 609 * <div class="zh"> 610 * <ul> 611 * <li>When checkMode=0x00/0x04, The data needing to compute must be a multiple of 8/16. checkBuf is recommended to be 8(checkMode 0)/16(checkMode 4) bytes zero.</li> 612 * <li>when checkMode=0x01/0x03, checkBuf is not needed.</li> 613 * </ul> 614 * </div> <div class="en"> 615 * <ul> 616 * <li>When checkMode=0x00/0x04, The data needing to compute must be a multiple of 8/16. checkBuf is recommended to be 8(checkMode 0)/16(checkMode 4) bytes zero.</li> 617 * <li>when checkMode=0x01/0x03, checkBuf is not needed.</li> 618 * </ul> 619 * </div> 620 * 621 * @return <div class="zh"> 622 * <ul> 623 * <li>当checkMode = 0x00/0x04时,若KeyType为PED_TIK/PED_AES_TIK,返回的KCV值为pedWriteTIK/pedAesDukptWriteTIK接口写入时的KCV值。 624 * (如果pedWriteTIK注入密钥时不带KCV校验值,将返回对8个字节的0x00进行DES/TDES加密,得到的密文的前4个字节KCV校验值。 625 * 如果pedAesDukptWriteTIK注入密钥时不带KCV校验值,将返回对16个字节的0x00进行CMAC加密,得到的密文的前5个字节KCV校验值。) 626 * 其他返回4个字节长度的KCV。</li> 627 * <li>当checkMode = 0x03时,将返回对16个字节的0x00进行CMAC加密,得到的密文的前5个字节KCV校验值。</li> 628 * </ul> 629 * </div> <div class="en"> 630 * <ul> 631 * <li>When checkMode = 0x00/0x01/0x04, it will return 4 bytes KCV(when KeyType is not PED_TIK/PED_AES_TIK). 632 * If KeyType is PED_TIK/PED_AES_TIK, the checkMode must be 0, and return 8 bytes KCV value. the KCV value is written during key injection(TIK is TDES KCV, AES_TIK is CMACAES KCV).</li> 633 * <li>When checkMode = 0x03, it will return 5 bytes KCV.</li> 634 * </ul> 635 * </div> 636 * 637 * @throws PedDevException 638 */ 639 public byte[] getKCV(EPedKeyType type, byte keyIndex, byte checkMode, byte[] checkBuf) throws PedDevException; 640 641 /** 642 * <div class="zh"> 使用指定密钥类型的密钥索引所在的密钥明文与一串数据进行异或,得到密钥写入到同一类型密钥区的指定索引位置 。仅支持{@link EPedType#INTERNAL} 类型。</div> 643 * <div class="en"> Use the plaintext key specified by the source key index and the key type to do exclusive-or with the input data, and write the 644 * result to the location specified by the destination key index with the same key type. {@link EPedType#INTERNAL} only is supported.</div> 645 * 646 * @param type 647 * <div class="zh"> 648 * <ul> 649 * <li>{@link EPedKeyType#TMK}</li> 650 * <li>{@link EPedKeyType#TPK}</li> 651 * <li>{@link EPedKeyType#TAK}</li> 652 * <li>{@link EPedKeyType#TDK}</li> 653 * </ul> 654 * </div> <div class="en"> {@link EPedKeyType} Reference {@link IPed#writeKey} srcKeyType,but not 655 * applicative for TIK/TLK. </div> 656 * 657 * @param srcKeyIndex 658 * <div class="zh"> 源密钥索引号 </div> <div class="en"> The source key index </div> 659 * 660 * @param destKeyIndex 661 * <div class="zh"> 目的密钥索引号 </div> <div class="en"> The destination key index </div> 662 * 663 * @param xorData 664 * <div class="zh"> 需要异或的字符串,长度与密钥长度一致 </div> <div class="en"> The input data to be used in exclusive-or, 665 * length of it is same as the key. </div> 666 * 667 * @param checkMode 668 * <div class="zh"> {@link ECheckMode} 保留扩展,应用程序可以设置为空 </div> <div class="en"> {@link ECheckMode} 669 * reserved for extension ,application can set it as null </div> 670 * 671 * @param checkBuf 672 * <div class="zh"> 保留扩展,应用程序可以设置为空 </div> <div class="en"> reserved for extension ,application can set 673 * it as null </div> 674 * 675 * @throws PedDevException 676 */ 677 public void writeKeyVar(EPedKeyType type, byte srcKeyIndex, byte destKeyIndex, byte[] xorData, 678 ECheckMode checkMode, byte[] checkBuf) throws PedDevException; 679 680 /** 681 * <div class="zh"> 获取PED的版本。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 682 * <div class="en"> Get the PED version information. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 683 * 684 * 685 * @return <div class="zh"> PED 版本 </div> <div class="en"> PED Version </div> 686 * 687 * @throws PedDevException 688 */ 689 public String getVersion() throws PedDevException; 690 691 /** 692 * <div class="zh"> 清空TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2等密钥。仅支持{@link EPedType#INTERNAL} 类型。<br/> 693 * 注:定制密钥不清除;因兼容性问题,不清除RSA密钥</div> 694 * <div class="en">Clear TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2 keys. {@link EPedType#INTERNAL} only is supported.<br/> 695 * Note: Customized keys are not cleared; due to compatibility issues, RSA keys are not cleared</div> 696 * 697 * @return <div class="zh"> 698 * <ul> 699 * <li>true-擦除成功</li> 700 * <li>false-擦除失败</li> 701 * </ul> 702 * </div> <div class="en"> 703 * <ul> 704 * <li>true -- Clear success</li> 705 * <li>false -- Clear failure</li> 706 * </ul> 707 * </div> 708 * 709 * @throws PedDevException 710 */ 711 public boolean erase() throws PedDevException; 712 713 /** 714 * <div class="zh"> 设置两次计算PINBlock或者计算MAC之间最小间隔时间 715 * PINBLOCK间隔时间的计算方式:默认为120秒那只能调用4次,即tpkIntervalTimeMs默认值为30秒,调用该函数重新设置后,限制为4* 716 * tpkIntervalTimeMs时间内只能调用4次。比如传入的tpkIntervalTimeMs为20000(ms),则80秒内只能调用4次。 717 * MAC间隔时间的计算方式:限制为两次计算MAC的间隔时间必须大于等于TAKIntervalTimeMs;比如传入的TAKIntervalTimeMs为20000(ms),则20秒内只能调用1次。 718 * 仅支持{@link EPedType#INTERNAL} 类型。</div> 719 * <div class="en"> Set the minimum time interval of calculating the PINBlock or MAC twice. PINBLOCK interval is 720 * calculated as below: When the default time is 120 seconds, it can only be called 4 times, that is, the default 721 * value of tpkIntervalTimeMs is 30 seconds, after resetting by calling this function, it is limited to call 4 times 722 * during the time of 4* tpkIntervalTimeMs. For example, if the incoming tpkIntervalTimeMs value is 20000(ms), it 723 * can be called 4 times within 80 seconds.MAC interval calculation: limit to two calculations, MAC interval time 724 * must be greater than or equal to TAKIntervalTimeMs; for example, the incoming TAKIntervalTimeMs is 20000 (MS), 725 * then 20 seconds can only call 1 times. {@link EPedType#INTERNAL} only is supported.</div> 726 * 727 * 728 * @param tpkIntervalTimeMs 729 * <div class="zh"> 730 * <ul> 731 * <li>tpkIntervalTimeMs=0:使用默认值(30000ms)</li> 732 * <li>tpkIntervalTimeMs>0:间隔时间(单位:毫秒)</li> 733 * <li>tpkIntervalTimeMs=0xffffffff:当前设置不被改变</li> 734 * </ul> 735 * </div> <div class="en"> 736 * <ul> 737 * <li>tpkIntervalTimeMs=0:Use the default value(30000 ms)</li> 738 * <li>tpkIntervalTimeMs=0xffffffff:No change of current setting.</li> 739 * </ul> 740 * </div> 741 * 742 * @param takIntervalTimeMs 743 * <div class="zh"> 744 * <ul> 745 * <li>tpkIntervalTimeMs=0:使用默认值(0ms)</li> 746 * <li>tpkIntervalTimeMs>0:间隔时间(单位:毫秒)</li> 747 * <li>tpkIntervalTimeMs=0xffffffff:当前设置不被改变</li> 748 * </ul> 749 * </div> <div class="en"> 750 * <ul> 751 * <li>tpkIntervalTimeMs=0:Use the default value(0 uint:ms)</li> 752 * <li>tpkIntervalTimeMs大于0:Interval time(uint:ms)</li> 753 * <li>tpkIntervalTimeMs=0xffffffff:No change of current setting.</li> 754 * </ul> 755 * </div> 756 * 757 * @throws PedDevException 758 */ 759 public void setIntervalTime(int tpkIntervalTimeMs, int takIntervalTimeMs) throws PedDevException; 760 761 /** 762 * <div class="zh"> 设定某些功能键的功能。 PED上电后,CLEAR键的默认功能为,持卡人输入PIN时,按CLEAR键,清除已输入的PIN。 可以通过该函数来设置CLEAR键的不同功能。 763 * 仅支持{@link EPedType#INTERNAL} 类型。 </div> 764 * <div class="en"> Setting some functions of function key. When PED is power on, the default function of CLEAR button is 765 * when card holder is typing in PIN, pressing the CLEAR button can clear input PIN. It is allowed to set different 766 * functions for CLEAR button by using this function. {@link EPedType#INTERNAL} only is supported. </div> 767 * 768 * @param mode 769 * {@link EFuncKeyMode} 770 * @throws PedDevException 771 */ 772 public void setFunctionKey(EFuncKeyMode mode) throws PedDevException; 773 774 /** 775 * <div class="zh"> 1.注入RSA密钥到PED <br/> 776 * 2.PED最多支持10组RSA密钥,目前最长只支持256字节长的RSA密钥。 <br/> 777 * 3.存储的RSA密钥是公钥还是私钥由密钥的指数长度决定,当密钥指数和模等长时,是私钥。 <br/> 778 * 4.PED通过PedWriteRsaKey注入RSA密钥。 <br/> 779 * 5.通过PedRSARecover使用已注入的密钥进行RSA运算。 <br/> 780 * 6.任何时候,RSA密钥可以进行重写。 <br/> 781 * 仅支持{@link EPedType#INTERNAL} 类型。 782 * </div> <div class="en"> 783 * <p> 784 * 1. Import RSA to the PED 785 * </p> 786 * <p> 787 * 2. PED can support 10 sets of RSA Key at most, current can supports a maximum length of 256 bytes RSA key. 788 * </p> 789 * <p> 790 * 3. Whether the stored RSA is the public key or private key will be determined by the exponent length. If the 791 * length of key exponent is equal to modulus, it is a private key. 792 * </p> 793 * <p> 794 * 4. PED uses PedWriteRsaKey to Import RSA key. 795 * </p> 796 * <p> 797 * 5. Use the imported key to do the RSA operation by calling PedRsaRecover. 798 * </p> 799 * <p> 800 * 6. RSA key can be rewritten at any time 801 * </p> 802 * {@link EPedType#INTERNAL} only is supported. 803 * </div> 804 * 805 * @param rsaKeyIndex 806 * <div class="zh"> 密钥索引[1~10] </div> <div class="en"> Key Index [1~10] </div> 807 * 808 * @param info 809 * {@link RSAKeyInfo} 810 * @throws PedDevException 811 */ 812 public void writeRSAKey(byte rsaKeyIndex, RSAKeyInfo info) throws PedDevException; 813 814 /** 815 * <div class="zh"> 用存储在PED的RSA密钥进行数据RSA数据运算。 816 * <br>注意: 1.该函数对dataIn进行RSA加解密运算,运算结果输出到RSARecoverInfo 817 * <br>2.当rsaKeyIndex指定的密钥为私钥时,如果dataIn是对应公钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文; 818 * <br>3.当rsaKeyIndex指定的密钥为公钥时,如果dataIn是对应私钥的加密密文,则RSARecoverInfo为dataIn的明文,否则RSARecoverInfo为dataIn的RSA密文; 819 * <br>4.该方法可实现长度不超过4096bits的RSA运算。</div> 820 * <div class="en"> Using the RSA key stored in PED to do the RSA data operation. 821 * <br>Note: 1. This function performs RSA encryption and decryption operation on dataIn, and the operation result is output to RSARecoverInfo 822 * <br>2. When the key specified by rsaKeyIndex is a private key, if dataIn is the encrypted ciphertext corresponding to the public key, then RSARecoverInfo is the plaintext of dataIn, otherwise RSARecoverInfo is the RSA ciphertext of dataIn; 823 * <br>3. When the key specified by rsaKeyIndex is a public key, if dataIn is the encrypted ciphertext corresponding to the private key, then RSARecoverInfo is the plaintext of dataIn, otherwise RSARecoverInfo is the RSA ciphertext of dataIn; 824 * <br>4. This method can realize the RSA operation whose length does not exceed 4096bits.</div> 825 * 826 * @param rsaKeyIndex 827 * <div class="zh"> 密钥索引[1~10] </div> <div class="en"> Key Index [1~10] </div> 828 * 829 * @param dataIn 830 * <div class="zh"> 被加解密的数据,和模等长 </div> <div class="en"> The encrypted/decrypted data, which has the same 831 * length as the modulus. </div> 832 * 833 * @return {@link RSARecoverInfo} 834 * @throws PedDevException 835 */ 836 public RSARecoverInfo RSARecover(byte rsaKeyIndex, byte[] dataIn) throws PedDevException; 837 838 /** 839 * <div class="zh"> 使用DUKPT的MAC密钥或DES密钥,对输入缓存内数据进行加密或解密。 仅支持{@link EPedType#INTERNAL} 类型。</div> 840 * <div class="en"> Use MAC key or DES key of DUKPT to encrypt or decrypt the data in the input buffer. {@link EPedType#INTERNAL} only is supported. </div> 841 * 842 * @param groupIndex 843 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT group ID </div> 844 * 845 * @param keyVarType 846 * <div class="zh"> 847 * <ul> 848 * <li>0x00: 使用请求和应答MAC密钥。</li> 849 * <li>0x01: 使用DUKPT DES密钥运算。</li> 850 * <li>0x02: 使用DUKPT PIN密钥做ECB加密。mode只能为{@link EDUKPTDesMode#ECB_ENCRYPTION}。</li> 851 * <li>0x03: 使用应答 MAC 密钥。仅支持加密模式,mode只能为{@link EDUKPTDesMode#ECB_ENCRYPTION}或{@link EDUKPTDesMode#CBC_ENCRYPTION}。</li> 852 * <li>0x04: 使用应答 DES 密钥。仅支持加密模式,mode只能为{@link EDUKPTDesMode#ECB_ENCRYPTION}或{@link EDUKPTDesMode#CBC_ENCRYPTION}。</li> 853 * </ul> 854 * </div> 855 * <div class="en"> 856 * <ul> 857 * <li>0x00: Use request and response MAC key.</li> 858 * <li>0x01: Use DUKPT DES key operation.</li> 859 * <li>0x02: Use DUKPT PIN key to do the ECB encryption. mode can only be {@link EDUKPTDesMode#ECB_ENCRYPTION}.</li> 860 * <li>0x03: Use the response MAC key. Only encryption mode is supported, mode can only be {@link EDUKPTDesMode#ECB_ENCRYPTION} or {@link EDUKPTDesMode#CBC_ENCRYPTION}.</li> 861 * <li>0x04: Use the response DES key. Only encryption mode is supported, mode can only be {@link EDUKPTDesMode#ECB_ENCRYPTION} or {@link EDUKPTDesMode#CBC_ENCRYPTION}.</li> 862 * </ul> 863 * </div> 864 * 865 * @param iv 866 * <div class="zh"> 8字节初始向量,CBC加解密时需要,如果传入NULL,将默认用“\x00\x00\x00\x00\x00\x00\x00\x00”作为初始向量 </div> <div 867 * class="en"> 8 bytes initialization vector, used for CBC encryption or decryption. If set it to NULL, 868 * it will use “\x00\x00\x00\x00\x00\x00\x00\x00” as the initialization vector by default. </div> 869 * 870 * @param dataIn 871 * <div class="zh"> 指向需要进行运算的数据, 数据长度<=8192,8整除 </div> <div class="en"> Point to the data which need to 872 * be computed.Data length less than or equal to 8192, it is divisible by 8. </div> 873 * 874 * @param mode 875 * {@link EDUKPTDesMode} 876 * @return {@link DUKPTResult} 877 * @throws PedDevException 878 */ 879 @Deprecated 880 public DUKPTResult calcDUKPTDes(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, EDUKPTDesMode mode) 881 throws PedDevException; 882 883 /** 884 * <div class="zh"> 获取当前的KSN。仅支持{@link EPedType#INTERNAL} 类型。</div> 885 * <div class="en"> Get the current KSN. {@link EPedType#INTERNAL} only is supported.</div> 886 * 887 * @param groupIndex 888 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT group index ID </div> 889 * 890 * @return <div class="zh"> 10 bytes ,KSN currently </div> <div class="en"> 10 bytes ,KSN currently. </div> 891 * 892 * @throws PedDevException 893 */ 894 public byte[] getDUKPTKsn(byte groupIndex) throws PedDevException; 895 896 /** 897 * <div class="zh"> 对应于KSN的单个DUKPT密钥最多只能使用256次,在达到最大次数后,进一步使用该密钥将返回{@link EPedDevException#PED_ERR_DUKPT_NEED_INC_KSN}异常, 898 * 所以请在使用钥匙次数超过最大次数之前增加KSN。仅支持{@link EPedType#INTERNAL} 类型。 </div> 899 * <div class="en"> A single DUKPT key corresponding to a KSN can only be used at most 256 times, further use of that key will result in 900 * {@link EPedDevException#PED_ERR_DUKPT_NEED_INC_KSN} after reaching the maxium times. So please increase KSN before number of use of the key 901 * exceeding the maximum times. {@link EPedType#INTERNAL} only is supported.</div> 902 * 903 * @param groupIndex 904 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT group ID </div> 905 * 906 * @throws PedDevException 907 */ 908 public void incDUKPTKsn(byte groupIndex) throws PedDevException; 909 910 /** 911 * <div class="zh"> 实现脱机明文PIN校验功能。获取明文PIN,然后按照应用提供的卡片命令与卡片通道号,将明文PIN BLOCK直接发送给卡片(PIN BLOCK格式在用法部分描述)。 912 * 仅支持{@link EPedType#INTERNAL} 类型。 </div> 913 * <div class="en"> Achieve the function of verifying plaintext offline PIN. Get plaintext PIN and then Send plaintext 914 * PIN BLOCK to card according to card command and card slot number (PIN BLOCK format will be provided in operation 915 * part.). {@link EPedType#INTERNAL} only is supported.</div> 916 * 917 * @param slot 918 * <div class="zh"> 卡片所在的卡座号 </div> <div class="en"> card slot number </div> 919 * 920 * @param expPinLen 921 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 922 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。 </div> <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 923 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.</div> 924 * 925 * @param mode <div class="zh"> 926 * <ul> 927 * <li>0x00: I C卡命令模式,现支持符合EMV2000的IC卡命令。</li> 928 * <li>0x01: 给WIC使用。</li> 929 * </ul> 930 * </div> 931 * <div class="en"> 932 * <ul> 933 * <li>0x00: IC Card Command Mode,Currently support EMV2000.</li> 934 * <li>0x01: For WIC.</li> 935 * </ul> 936 * </div> 937 * 938 * @param timeoutMs 939 * <div class="zh"> 输入PIN的超时时间,单位:毫秒 最大值为300000ms </div> <div class="en"> The timeout of PIN entry 940 * [ms],Maximum is 300000ms. </div> 941 * 942 * @return <div class="zh"> 卡片响应的状态码 (2字节:SW1+SW2) </div> <div class="en"> The status code of card response (2 943 * bytes: SW1+SW2). </div> 944 * 945 * @throws PedDevException 946 */ 947 public byte[] verifyPlainPin(byte slot, String expPinLen, byte mode, int timeoutMs) throws PedDevException; 948 949 /** 950 * <div class="zh"> 实现脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey对明文PIN按照EMV规范进行加密,然后用应用 951 * 提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。仅支持{@link EPedType#INTERNAL} 类型。</div> 952 * <div class="en"> Verify enciphered PIN offline. Get plain text PIN and then use RsaPinKey provided by application 953 * to encrypt plaintext PIN according to EMV standard. Send enciphered PIN to card according to card command and 954 * card channel number provided by application. {@link EPedType#INTERNAL} only is supported. </div> 955 * 956 * @param slot 957 * <div class="zh"> 卡片所在的卡座号 </div> <div class="en"> card slot number </div> 958 * 959 * @param expPinLen 960 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 961 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。 </div> <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 962 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.</div> 963 * 964 * @param rsaPinKey 965 * {@link RSAPinKey} 966 * @param mode 967 * <div class="zh"> 0x00 IC卡命令模式,目前支持EMV2000。 </div> <div class="en"> 0x00 IC Card Command Mode,Currently 968 * support EMV2000. </div> 969 * 970 * @param timeout 971 * <div class="zh"> 输入PIN的超时时间,单位:毫秒 最大值为300000ms </div> <div class="en"> The timeout of PIN input 972 * [unit:ms].Maximum is 300000Ms. </div> 973 * 974 * @return <div class="zh"> 卡片响应的状态码 (2字节:SW1+SW2) </div> <div class="en"> The card response code (2 bytes:SW1 and 975 * SW2) </div> 976 * 977 * @throws PedDevException 978 */ 979 public byte[] verifyCipherPin(byte slot, String expPinLen, RSAPinKey rsaPinKey, byte mode, int timeout) 980 throws PedDevException; 981 982 /** 983 * <div class="zh"> 该接口仅用于外置密码键盘,下载密钥,计算pinblock,计算mac,des加解密使用 。仅支持{@link EPedType#EXTERNAL_TYPEA} 类型。</div> <div class="en"> This interface only be used 984 * for external PIN pad Use for downloading main key and work key. {@link EPedType#EXTERNAL_TYPEA} only is supported.</div> 985 * 986 * @param exMode 987 * <div class="zh"> 988 * <ul> 989 * 调用writeKey时,如果下载的密钥为主密钥或DES密钥,取值如下: 990 * <li>-1,默认值,3倍DES密钥 16字节</li> 991 * <li>0x01 单DES密钥 8字节</li> 992 * <li>0x03 3倍DES密钥 16字节</li> 993 * <li>0x07 3倍DES密钥 24字节</li> 994 * 995 * </ul> 996 * 997 * <ul> 998 * 调用writeKey时,如果下载的密钥为工作密钥(TPK,TAK)则指示最终工作密钥明文的生成运算方式: 999 * <li>-1,默认值,主密钥和工作密钥均为3DES/16字节密钥,采用主密钥对工作密钥解密的方式</li> 1000 * <li>0x01-- DES加密 0x81-- DES解密 MKeyID 与 WKeyID 均为单DES/ 8字节密钥</li> 1001 * <li>0x03-- 3DES加密0x31-- 3DES加密 0x83-- 3DES解密 0xb1-- 3DES解密 0x03-- 3DES加密 1002 * MKeyID为3DES/16字节密钥,WKeyID为单DES/8字节密钥</li> 1003 * <li>0x07-- 3DES加密 0x87-- 3DES解密 MKeyID为3DES/24字节密钥,WKeyID为单DES/8字节密钥</li> 1004 * <li>0x33-- 3DES加密 0xb3-- 3DES解密 MKeyID与WKeyID均为3DES/16字节密钥</li> 1005 * <li>0x71-- 3DES加密 0xf1-- 3DES解密 MKeyID为3DES/24字节密钥, WKeyID为单DES/8字节密钥</li> 1006 * <li>0x73-- 3DES加密 0xf3-- 3DES解密 MKeyID为3DES/24字节密钥, WKeyID为3DES-16字节密钥</li> 1007 * <li>0x77-- 3DES加密 0xf7-- 3DES解密 MKeyID与WKeyID均为3DES/24字节密钥</li> 1008 * </ul> 1009 * 1010 * <ul> 1011 * 调用getPinBlock的时候: 如果mode = EPinBlockMode.ISO9564_0模式 1012 * <li>-1: 默认值,TPK为16字节密钥</li> 1013 * <li>0x01:8字节单DES,按照ANSI X9.8标准,PIN输入时当最小长度不为0时,允许按"确认"退出</li> 1014 * <li>0x31:16字节密钥DES按照ANSI X9.8标准,PIN输入时当最小长度不为0时,允许按"确认"退出</li> 1015 * <li>0x71:24字节密钥DES按照ANSI X9.8标准,PIN输入时当最小长度不为0时,允许按"确认"退出</li> 1016 * <li>0x04 :按照ANSI X9.8标准,采用3DES加密方法</li> 1017 * 1018 * 如果mode = EPinBlockMode.HKEPS模式(X3.92) 1019 * <li>-1: 默认值,TPK为8字节单DES密钥</li> 1020 * <li>0x02: des按照ANSI X3.92标准</li> 1021 * <li>0x32: 16字节密钥DES按照ANSI X3.92标准,大陆版SP20不支持</li> 1022 * <li>0x72: 24字节密钥DES按照ANSI X3.92标准,大陆版SP20不支持</li> 1023 * </ul> 1024 * 1025 * <ul> 1026 * 调用getMac的时候,指定PedMacMode后还需要指定exMode 如果mode = PedMacMode#MODE_00(算法1),exMode的取值如下: 1027 * <li>-1: 默认值,3DES加密[密钥为16字节]</li> 1028 * <li>0x01 DES加密[密钥为8字节]</li> 1029 * <li>0x03 3DES加密[密钥为16字节]</li> 1030 * <li>0x07 3DES加密[密钥为24字节]</li> 1031 * 1032 * 如果mode = PedMacMode#MODE_01(算法2),exMode的取值如下: 1033 * <li>-1: 默认值,3DES加密[密钥为16字节]</li> 1034 * <li>0x01 DES加密[密钥为8字节]</li> 1035 * <li>0x03 3DES加密[密钥为16字节]</li> 1036 * <li>0x07 3DES加密[密钥为24字节]</li> 1037 * 1038 * 如果mode = PedMacMode#MODE_02(算法3),exMode的取值如下: 1039 * <li>-1: 默认值,3DES加密[密钥为16字节]</li> 1040 * <li>0x13: 3DES加密[密钥为16字节]</li> 1041 * <li>0x17: 3DES加密[密钥为24字节]</li> 1042 * 1043 * </ul> 1044 * 1045 * <ul> 1046 * 调用calcDes的时候,需要指定exMode,取值如下: 1047 * <li>-1: 默认值,[密钥为16字节],加解密由calcDes的EPedDesMode参数指定</li> 1048 * <li>0x01 DES加密</li> 1049 * <li>0x03 3DES加密 [密钥为16字节]</li> 1050 * <li>0x81 DES解密 (EPS无此项)</li> 1051 * <li>0x83 3DES解密 (EPS无此项)</li> 1052 * <li>0x07 3DES加密 [密钥为24字节]</li> 1053 * <li>0x87 3DES解密 [密钥为24字节]</li> 1054 * 1055 * </ul> 1056 * </div> <div class="en"> When call writeKey,if the downloading key is main key or the DES key,then: 1057 * <ul> 1058 * <li>mode=0x01 -DES key of 8 bytes</li> 1059 * <li>mode=0x03 -3DES key of 16 bytes</li> 1060 * <li>mode=0x07 -3DES key of 24 bytes</li> 1061 * </ul> 1062 * When called writeKey,if the downloading key is work key(TPK,TAK), then specify the final generated 1063 * computation mode: 1064 * <ul> 1065 * <li>0x01-- DES encryption 0x81-- DES decryption. MKeyID and WKeyID are both DES/ key of 8 bytes</li> 1066 * <li>0x03-- 3DES encryption 0x83-- 3DES decryption 0xb1-- 3DES decreption. MKeyID is 3DES/key of 16 1067 * bytes,WKeyID is DES/key of 8 bytes</li> 1068 * <li>0x07-- 3DES encryption 0x87-- 3DES decryption. MKeyID is 3DES/key of 24 bytes,WKeyID is DES/key of 1069 * 8 bytes</li> 1070 * <li>0x33-- 3DES encryption 0xb3-- 3DES decryption. MKeyID and WKeyID are both 3DES/key of 16 bytes</li> 1071 * <li>0x71-- 3DES encryption 0xf1-- 3DES decryption. MKeyID is 3DES/key of 24 bytes, WKeyID is DES/key 1072 * of 8 bytes</li> 1073 * <li>0x73-- 3DES encryption 0xf3-- 3DES decryption. MKeyID is 3DES/key of 24 bytes, WKeyID is 3DES/key 1074 * of 16 bytes</li> 1075 * <li>0x77-- 3DES encryption 0xf7-- 3DES decryption. MKeyID and WKeyID are both 3DES/key of 24 bytes</li> 1076 * </ul> 1077 * When called getPinBlock,to ANSI X3.92 Standard 1078 * <ul> 1079 * <li>0x02: 8 bytes key</li> 1080 * <li>0x32: 16 bytes key</li> 1081 * <li>0x72: 24 bytes key</li> 1082 * </ul> 1083 * When called getMac,specify PedMacMode and exMode. If mode= PedMacMode#MODE_00, exMode value as 1084 * follows: 1085 * <ul> 1086 * <li>0x01 -DES encryption[8 bytes]</li> 1087 * <li>0x03 -3DES encryption[16 bytes]</li> 1088 * <li>0x07 -3DES encryption [24 bytes]</li> 1089 * </ul> 1090 * If mode = PedMacMode#MODE_02,exMode value as follows: 1091 * <ul> 1092 * <li>0x13: 3DES encryption [16 bytes]</li> 1093 * <li>0x17: 3DES encryption [24 bytes]</li> 1094 * </ul> 1095 * If mode = PedMacMode#MODE_01,exMode value as follows: 1096 * <ul> 1097 * <li>0x01 -DES encryption [8 bytes]</li> 1098 * <li>0x03 -3DES encryption [16 bytes]</li> 1099 * <li>0x07 -3DES encryption [24 bytes]</li> 1100 * </ul> 1101 * When called calDes,specify the exMode, value as follows: 1102 * <ul> 1103 * <li>mode = 0x01 -DES encryption</li> 1104 * <li>mode = 0x03 -3DES encryption [16 bytes]</li> 1105 * <li>mode = 0x81 -DES decryption [No this option for EPS]</li> 1106 * <li>mode = 0x83 -3DES decryption[No this option for EPS]</li> 1107 * <li>mode=0x07 -3DES encryption [24 bytes]</li> 1108 * <li>mode=0x87 -3DES decryption [24 bytes]</li> 1109 * </ul> 1110 * </div> 1111 * 1112 * 1113 */ 1114 public void setExMode(int exMode); 1115 1116 /** 1117 * <div class="zh"> 该接口仅用于外置密码键盘 1118 * 1119 * 清屏 </div> <div class="en"> This interface only be used for external PIN pad Clear screen </div> 1120 * 1121 * @throws PedDevException 1122 */ 1123 public void clearScreen() throws PedDevException; 1124 1125 /** 1126 * <div class="zh"> 该接口仅用于外置密码键盘 1127 * 1128 * 超时时间内输入指定长度范围内的字符串。仅支持{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> <div class="en"> This interface only be used for external PIN pad Type string with 1129 * specified length within timeout. {@link EPedType#EXTERNAL_TYPEA} only is supported.</div> 1130 * 1131 * 1132 * @param mode 1133 * <div class="zh"> 0x00 - 明码显示, 0x01 - 显示*号 </div> <div class="en"> 0x00 - show plain code, 0x01 - show 1134 * * code </div> 1135 * 1136 * @param min 1137 * <div class="zh"> 输入字符串的最小长度 </div> <div class="en"> Min length for typing string </div> 1138 * 1139 * @param max 1140 * <div class="zh"> 输入字符串的最大长度 </div> <div class="en"> Max length for typing string </div> 1141 * 1142 * @param timeoutMs 1143 * <div class="zh"> 超时时间,单位毫秒,最大超时时间为120秒 </div> <div class="en"> Timeout[ms],max timeout is 120 seconds. 1144 * </div> 1145 * 1146 * @return <div class="zh"> 输入的字符串 </div> <div class="en"> typed string </div> 1147 * 1148 * @throws PedDevException 1149 */ 1150 public String inputStr(byte mode, byte min, byte max, int timeoutMs) throws PedDevException; 1151 1152 /** 1153 * <div class="zh"> 该接口仅用于外置密码键盘 显示英文字符。仅支持{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> <div class="en"> This interface only be used for external PIN pad 1154 * show English character. {@link EPedType#EXTERNAL_TYPEA} only is supported.</div> 1155 * 1156 * @param x 1157 * <div class="zh"> 显示字符在LCD上的起始点阵列号(单位:点),0≤x<122; </div> <div class="en"> Horizontal coordinate which 1158 * is displayed on LCD.(unit: pixel great than or equal to 0 and less than or equal to 122) </div> 1159 * 1160 * @param y 1161 * <div class="zh"> y:显示字符在LCD上的行号(单位:行),每行均为16点高的行,0—第一行,1--第二 </div> <div class="en"> Vertical 1162 * coordinate which is displayed on LCD.(unit:pixel),the height of every row is 16 pixels. 0-1st row, 1163 * 1-2nd row </div> 1164 * 1165 * @param str 1166 * <div class="zh"> 要显示的字符串 </div> <div class="en"> string to be displayed </div> 1167 * 1168 * @throws PedDevException 1169 */ 1170 public void showStr(byte x, byte y, String str) throws PedDevException; 1171 1172 /** 1173 * <div class="zh"> 获取外置密码键盘的SN。支持{@link EPedType#EXTERNAL_TYPEA},{@link EPedType#EXTERNAL_TYPEC} 类型。</div> 1174 * <div class="en"> get External Ped Serial Number. {@link EPedType#EXTERNAL_TYPEA},{@link EPedType#EXTERNAL_TYPEC} is supported.</div> 1175 * 1176 * @return <div class="zh"> 序列号 </div> <div class="en"> serial number </div> 1177 * 1178 * @throws PedDevException 1179 */ 1180 public String getSN() throws PedDevException; 1181 1182 /** 1183 * <div class="zh"> 设置输入框密码的显隐 (*) 和提示信息。仅支持{@link EPedType#INTERNAL} 类型。 </div> <div class="en"> Show Password * at Keyboard Page when input Pin and 1184 * Set reminder text when input Pin. {@link EPedType#INTERNAL} only is supported.</div> 1185 * 1186 * @param flag 1187 * <div class="zh"> 控制输入框的显隐 ,true:显示 false:隐藏</div> <div class="en"> display password with * at Keyboard 1188 * Page when input pin,true:shows false:hidden </div> 1189 * 1190 * @param title 1191 * <div class="zh"> 要显示的提示字符串 </div> <div class="en"> reminder text when input Pin </div> 1192 * 1193 * @throws PedDevException 1194 */ 1195 public void showInputBox(boolean flag, String title) throws PedDevException; 1196 1197 /** 1198 * <div class="zh"> 生成一组 SM2 密钥对。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 1199 * <div class="en"> Generate one SM2 key-pair.{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported. </div> 1200 * 1201 * @param keyLenBit 1202 * <div class="zh"> 私钥位数,支持256bit </div> <div class="en"> bits of private key, only support 256 bits. 1203 * </div> 1204 * 1205 * @return {@link SM2KeyPair} 1206 * @throws PedDevException 1207 */ 1208 public SM2KeyPair genSM2KeyPair(int keyLenBit) throws PedDevException; 1209 1210 /** 1211 * <div class="zh"> 注入 SM2 密钥 。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en"> To write SM2 cipher key to PED. {@link EPedType#INTERNAL} only is supported.</div> 1212 * 1213 * @param srcKeyType 1214 * {@link EPedKeyType} <div class="zh"> 发散SM2秘钥(公/私钥)的源秘钥的类型,支持PED_SM4_TMK。 </div> <div class="en"> Type 1215 * of the source key to diversify SM2 key(private/public key), support PED_SM4_TMK key. </div> 1216 * 1217 * @param srcKeyIdx 1218 * <div class="zh"> 发散SM2秘钥(公/私钥)的源秘钥的索引 </div> <div class="en"> Index of the source key to diversify SM2 1219 * key(private/public key) </div> 1220 * 1221 * @param dstKeyType 1222 * {@link EPedKeyType} <div class="zh"> 目标密钥的类型,支持PED_SM2_PVT_KEY或者PED_SM2_PUB_KEY。 </div> <div 1223 * class="en"> Type of the destination key, support PED_SM2_PVT_KEY or PED_SM2_PUB_KEY. </div> 1224 * 1225 * @param dstKeyIdx 1226 * <div class="zh"> 目标密钥对额索引 </div> <div class="en"> Index of the destination key. </div> 1227 * 1228 * @param keyValue 1229 * <div class="zh"> SM2公私钥的数据 </div> <div class="en"> SM2 private/public key data. </div> 1230 * 1231 * @throws PedDevException 1232 */ 1233 public void writeSM2CipherKey(EPedKeyType srcKeyType, byte srcKeyIdx, EPedKeyType dstKeyType, byte dstKeyIdx, 1234 byte[] keyValue) throws PedDevException; 1235 1236 /** 1237 * <div class="zh"> 往PED中写入SM2密钥。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 1238 * <div class="en"> To write SM2 key to PED. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 1239 * 1240 * @param keyIdx 1241 * <div class="zh"> SM2 密钥索引[1~20] </div> <div class="en"> SM2 key index: 1~20 </div> 1242 * 1243 * @param keyType 1244 * <div class="zh"> SM2_PVT_KEY:私钥 SM2_PUB_KEY:公钥 </div> <div class="en"> private key: SM2_PVT_KEY public 1245 * key:SM2_PUB_KEY </div> 1246 * 1247 * @param keyValue 1248 * <div class="zh"> 私钥, KeyValue 长度是 32 bytes 公钥, KeyValue 长度是 64 bytes </div> <div class="en"> private 1249 * key data: 32 bytes public key data: 64 bytes </div> 1250 * 1251 * @throws PedDevException 1252 */ 1253 public void writeSM2Key(byte keyIdx, EPedKeyType keyType, byte[] keyValue) throws PedDevException; 1254 1255 /** 1256 * <div class="zh"> 使用 SM2 公钥加密数据或私钥解密数据 。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。</div> <div class="en"> Use SM2 public key to encrypt data, or SM2 private 1257 * key to decrypt data. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 1258 * 1259 * @param keyIdx 1260 * <div class="zh"> SM2 密钥索引[1~20] </div> <div class="en"> SM2 key index: 1~20 </div> 1261 * 1262 * @param input 1263 * <div class="zh"> 待加密或解密的数据。加密:最大长度(1024-96)字节; 解密:最大长度1024字节。 </div> <div class="en"> Input data to be 1264 * encrypted or decrypted. Encrypt: max length is (1024-96) bytes. Decrypt: max length is 1024 bytes. 1265 * </div> 1266 * 1267 * @param operation 1268 * {@link ECryptOperate} 1269 * @return <div class="zh"> 加密或解密后的数据 </div> <div class="en"> data that after encryption or decryption </div> 1270 * 1271 * @throws PedDevException 1272 */ 1273 public byte[] SM2Recover(byte keyIdx, byte[] input, ECryptOperate operation) throws PedDevException; 1274 1275 /** 1276 * <div class="zh"> 使用 SM2 算法获得签名信息 。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。</div> 1277 * <div class="en"> Use SM2 algorithm to calculate the signature data. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported. 1278 * </div> 1279 * 1280 * @param pubKeyIdx 1281 * <div class="zh"> SM2 公钥索引[1~20] </div> <div class="en"> SM2 public key index: 1~20 </div> 1282 * 1283 * @param pvtKeyIdx 1284 * <div class="zh"> SM2 私钥索引[1~20] </div> <div class="en"> SM2 private key index: 1~20 </div> 1285 * 1286 * @param uid 1287 * <div class="zh"> 签名者 ID 无特殊约定的情况下,用户身份的标识 ID 的长度为 16 字节,其默认值为 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 1288 * 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38。 </div> <div class="en"> Signer ID, max 1289 * length is 512 bytes, and default value is {0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 1290 * 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38} </div> 1291 * 1292 * @param input 1293 * <div class="zh"> 待签名数据,最大长度1024字节 </div> <div class="en"> Input data, and max length is 1024 bytes. 1294 * </div> 1295 * 1296 * @return <div class="zh"> 64 字节的签名值 </div> <div class="en"> 64 bytes signature data. </div> 1297 * 1298 * @throws PedDevException 1299 */ 1300 public byte[] SM2Sign(byte pubKeyIdx, byte pvtKeyIdx, byte[] uid, byte[] input) throws PedDevException; 1301 1302 /** 1303 * <div class="zh"> 使用 SM2 公钥验证签名。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 1304 * <div class="en"> Use SM2 algorithm to verify the signature data. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 1305 * 1306 * @param pubKeyIdx 1307 * <div class="zh"> SM2 公钥索引[1~20] </div> <div class="en"> SM2 public key index: 1~20 </div> 1308 * @param uid 1309 * <div class="zh"> 签名者 ID,最大长度为512字节,无特殊约定的情况下,用户身份的标识 ID 的 长度为 16 字节,其默认值为 0x31, 0x32, 0x33, 0x34, 1310 * 0x35, 0x36, 0x37, 0x38, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38。 </div> <div class="en"> Signer 1311 * ID , maximum length is 512 bytes, max length is 512 bytes, and default value is 1312 * {0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38} </div> 1313 * @param input 1314 * <div class="zh"> 被签名数据 </div> <div class="en"> Input data, and max length is 1024 bytes. </div> 1315 * @param signature 1316 * <div class="zh"> 64 字节的签名值 </div> <div class="en"> 64 bytes signature data. </div> 1317 * @throws PedDevException 1318 */ 1319 public void SM2Verify(byte pubKeyIdx, byte[] uid, byte[] input, byte[] signature) throws PedDevException; 1320 1321 /** 1322 * <div class="zh"> 使用 SM3 算法计算哈希值。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 1323 * <div class="en"> Use SM3 algorithm to calculate Hash. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 1324 * 1325 * @param input 1326 * <div class="zh"> 输入数据 </div> <div class="en"> Input data. </div> 1327 * @param mode 1328 * <div class="zh"> 目前支持 0x00,其它值保留 </div> <div class="en"> Only support 0x00. </div> 1329 * @return <div class="zh"> 32 字节哈希值 </div> <div class="en"> Hash, 32 bytes. </div> 1330 * @throws PedDevException 1331 */ 1332 public byte[] SM3(byte[] input, byte mode) throws PedDevException;// 目前mode均为0; 1333 1334 /** 1335 * <div class="zh"> 使用 SM4 算法加密或解密数据 。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。</div> 1336 * <div class="en"> Use SM4 algorithm to encrypt or decrypt. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 1337 * 1338 * @param keyIdx 1339 * <div class="zh"> SM4_TDK 的索引[1~100] </div> <div class="en"> SM4_TDK index: 1~100 </div> 1340 * 1341 * @param initVector 1342 * <div class="zh">CBC mode:16 字节初始化向量; 对于 ECB 模式该域为 NULL。 </div> <div class="en"> ECB mode: init vector 1343 * is null CBC mode: init vector, 16 bytes. </div> 1344 * @param input 1345 * <div class="zh"> 待加密或解密的数据.最大长度为8K,并且为16倍数。 </div> <div class="en"> Input data to be encrypted or 1346 * decrypted. Maximum length is 8K, and that is a multiple of 16. </div> 1347 * @param operation 1348 * <ul> 1349 * <li>{@link ECryptOperate#ENCRYPT}</li> 1350 * <li>{@link ECryptOperate#DECRYPT}</li> 1351 * </ul> 1352 * @param option 1353 * <ul> 1354 * <li>{@link ECryptOpt#ECB}</li> 1355 * <li>{@link ECryptOpt#CBC}</li> 1356 * </ul> 1357 * 1358 * @return <div class="zh"> 加密或解密后的数据 </div> <div class="en"> data that after encryption or decryption </div> 1359 * @throws PedDevException 1360 */ 1361 public byte[] SM4(byte keyIdx, byte[] initVector, byte[] input, ECryptOperate operation, ECryptOpt option) 1362 throws PedDevException; 1363 1364 /** 1365 * <div class="zh"> 使用 SM4 算法计算 MAC。 支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。</div> 1366 * <div class="en"> Use SM4 algorithm to calculate MAC. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 1367 * 1368 * @param keyIdx 1369 * <div class="zh"> SM4_TAK 的密钥索引[1~100] </div> <div class="en"> SM4_TAK index: 1~100 </div> 1370 * @param initVector 1371 * <div class="zh"> 16 字节初始化向量 </div> <div class="en"> init vector, 16 bytes </div> 1372 * @param input 1373 * <div class="zh"> 待计算 MAC 的数据 1374 * <br/>Mode为0时,支持8K,16的倍数 1375 * <br/>Mode为1时,支持1024,16的倍数</div> 1376 * <div class="en"> Input data. 1377 * <br/>Mode = 0: support 8K, multiples of 16. 1378 * <br/>Mode = 1: support 1024, multiples of 16.</div> 1379 * @param mode 1380 * <div class="zh"> 0x00: 使用 SM4 CBC 算法计算 MAC 值,首先 将初始向量与 BLOCK1 进行异或,并用 SM4 算法使用 TAK 对异或的结果进行加密,然后 1381 * 获得的密文与 BLOCK2 异或,用 SM4 算法使 用 TAK 对结果加密,按顺序给出 16 字节的 加密结果。MacOut 为 16 字节。 0x01: SM3 Hash Mac,MacOut 为 1382 * 32 字节。 </div> <div class="en"> 0x00: use SM4 CBC algorithm, and MAC has 16 bytes. 0x01: use SM3 1383 * algorithm, and MAC has 32 bytes. </div> 1384 * @return MAC 1385 * @throws PedDevException 1386 */ 1387 public byte[] getMacSM(byte keyIdx, byte[] initVector, byte[] input, byte mode) throws PedDevException;// 当mode选择0x01时,参数initVector没用到可以为null. 1388 1389 /** 1390 * <div class="zh"> 指定的时限内,扫描键盘上输入的 PIN 并输出采用 SM4 算法生成的 PIN BLOCK 加密数据块。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> <div class="en"> Scan the keyboard 1391 * PIN entry and output the PIN BLOCK using SM4_TPK. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported.</div> 1392 * 1393 * @param keyIndex 1394 * <div class="zh"> [1~100] SM4_TPK 的索引 </div> <div class="en"> [1~100] SM4_TPK index </div> 1395 * 1396 * @param expPinLen 1397 * <div class="zh"> <p>当IPed为{@link EPedType#INTERNAL}:可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 1398 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。</p> <p>当IPed为{@link EPedType#EXTERNAL_TYPEA}:PIN长度在expPinLen中的最小值和最大值区间。如果mode = EPinBlockMode.ISO9564_0时,当最小长度不为0时,允许按"确认"退出 。</p> </div> 1399 * <div class="en"><p>When IPed is {@link EPedType#INTERNAL}:The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 1400 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.<p> 1401 * <p>When IPed is {@link EPedType#EXTERNAL_TYPEA}:The PIN length is between the minimum and maximum values in expPinLen. If mode = EPinBlockMode.ISO9564_0, press "ok" to exit when the minimum length is not 0.</p> </div> 1402 * @param dataIn 1403 * <div class="zh"> DataIn 域共占用 16 字节空间,用于存放卡号 移位后生成的 16 位主账号。 当 Mode=0x00 时,DataIn 指向卡号移位后生 成的 16 位主帐号。 1404 * </div> <div class="en"> If Mode=0x00, DataIn is the 16 bytes PAN after shifting. </div> 1405 * @param mode 1406 * {@link EPinBlockMode} <div class="zh"> 选择 PIN BLOCK 的格式, ISO9564 格式 0 </div> <div class="en"> PIN 1407 * BLOCK format ISO9564 format 0 </div> 1408 * 1409 * @param timeoutMs 1410 * <div class="zh"> 输入 PIN 的超时时间,单位:毫秒 最大值为 300000ms 0:表示没有超时时间,PED 不做超时控制。 </div> <div class="en"> The 1411 * timeout of PIN entry [ms, Input] Maximum is 300000Ms. </div> 1412 * 1413 * @return <div class="zh"> 16bytes 生成的密文 PINBlock </div> <div class="en"> 16bytes PINBlock </div> 1414 * @throws PedDevException 1415 */ 1416 public byte[] getPinBlockSM4(byte keyIndex, String expPinLen, byte[] dataIn, EPinBlockMode mode/* MODE仅为0 */, 1417 int timeoutMs) throws PedDevException; 1418 1419 /** 1420 * <div class="zh"> PedGetPinBlock 时取消输入。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA},{@link EPedType#EXTERNAL_TYPEC} 类型。 </div> 1421 * <div class="en"> Cancel input when PedGetPinBlock. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA},{@link EPedType#EXTERNAL_TYPEC} is supported.</div> 1422 * 1423 * @throws PedDevException 1424 */ 1425 public void cancelInput() throws PedDevException; 1426 1427 /** 1428 * <div class="zh"> 输入Pin时设置总额。 仅支持{@link EPedType#INTERNAL} 类型。</div> 1429 * <div class="en"> Set amount Text when Input Pin. {@link EPedType#INTERNAL} only is supported.</div> 1430 * 1431 * @param amount 1432 * <div class="zh"> 总额 </div> <div class="en"> consumption amount need be shown </div> 1433 * @throws PedDevException 1434 */ 1435 public void setAmount(String amount) throws PedDevException; 1436 1437 /** 1438 * <div class="zh"> 使用Idkey对机器序列号等身份信息进行加密运算 。仅支持{@link EPedType#INTERNAL} 类型。</div> 1439 * <div class="en"> Use IdKey encrypt Identity information. {@link EPedType#INTERNAL} only is supported.</div> 1440 * 1441 * @param keyId 1442 * <div class="zh"> 1 (目前只支持索引1) </div> <div class="en"> 1(only support 1 now) </div> 1443 * @param initvector 1444 * <div class="zh"> ECB 模式: 初始向量为 null ; CBC 模式: 初始向量, 16 字节.</div> <div class="en"> ECB mode: init 1445 * vector is null; CBC mode: init vector, 16 bytes. </div> 1446 * @param dataIn 1447 * <div class="zh"> 输入数据进行加密或解密。 最大长度为1024,16的倍数。 </div> <div class="en">To encrypt or decrypt incoming 1448 * data. A maximum length of 1024, a multiple of 16.</div> 1449 * @param mode 1450 * {@link EIdKeycCalcMode} 1451 * @return <div class="zh"> 加密的数据 </div> <div class="en">Encrypt Result </div> 1452 */ 1453 public byte[] idKeyCalc(byte keyId, byte[] initvector, byte[] dataIn, EIdKeycCalcMode mode) throws PedDevException; 1454 1455 /** 1456 * <div class="zh"> 设置密码键盘横向显示。仅支持{@link EPedType#INTERNAL} 类型。 </div> 1457 * <div class="en">Set password keyboard horizontal display. {@link EPedType#INTERNAL} only is supported.</div> 1458 * 1459 * @param landscape 1460 * <div class="zh"> true:横向 false:竖向。 注: 密码键盘横屏显示不支持自定义键盘,跟IPed.setKeyBoardLayout接口不能一起调用。 </div> 1461 * <div class="en">true:horizontalfalse:vertical. Note: The horizontal screen display of the password keyboard does not support custom keyboards and 1462 * cannot be called together with the IPed.setKeyBoardLayout interface.</div> 1463 * @throws PedDevException 1464 */ 1465 public void setKeyboardLayoutLandscape(boolean landscape) throws PedDevException; 1466 1467 /** 1468 * <div class="zh"> 设置定制的Pin输入键盘布局 。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Set the custom Pin input keyboard layout. {@link EPedType#INTERNAL} only is supported.</div> 1469 * 1470 * @param isOnce 1471 * <div class="zh"> true:单次有效 false:重启机器前有效 </div> <div class="en">true:single effect false:effective before restarting the device</div> 1472 * @param layoutInfo 1473 * <div class="zh"> 定制Pin输入键盘布局 ,json格式的字符串, 1474 * 模板:{ 1475 * "areas": [{ 1476 * "type": "NUM", 1477 * "geometry": "x,y,w,h" 1478 * }, 1479 * { 1480 * "type": "CANCEL", 1481 * "geometry": "x,y,w,h" 1482 * }, 1483 * { 1484 * "type": "ENTER", 1485 * "geometry": "x,y,w,h" 1486 * }, 1487 * { 1488 * "type": "CLEAR", 1489 * "geometry": "x,y,w,h" 1490 * } 1491 * ] 1492 * } 1493 * type表示键类型,NUM表示数字键,CLEAR表示清除键,ENTER表示确认件,CANCEL表示取消键 1494 * geomentry表示键盘布局,x表示x坐标,y表示y坐标,w表示宽,h表示高</div> 1495 * <div class="en">custom Pin input keyboard layout, json-formatted string, 1496 * template: 1497 * { 1498 * "areas": [{ 1499 * "type": "NUM", 1500 * "geometry": "x,y,w,h" 1501 * }, 1502 * { 1503 * "type": "CANCEL", 1504 * "geometry": "x,y,w,h" 1505 * }, 1506 * { 1507 * "type": "ENTER", 1508 * "geometry": "x,y,w,h" 1509 * }, 1510 * { 1511 * "type": "CLEAR", 1512 * "geometry": "x,y,w,h" 1513 * } 1514 * ] 1515 * } 1516 * type:key type,NUM:number key,CLEAR:clear key,ENTER:enter key,CANCEL:cancel key. 1517 * geomentry:key layout parameters,x:x-coordinate,y:y-coordinate,w:width,h:height. 1518 * </div> 1519 * @return <div class="zh"> 数字键盘的顺序,为10个字节byte数组 </div> <div class="en">numeric keypad order, 10 byte array</div> 1520 * 1521 * @throws PedDevException 1522 */ 1523 public byte[] setKeyBoardLayout(boolean isOnce, String layoutInfo) throws PedDevException; 1524 1525 /** 1526 * <div class="zh"> PED 輸入PIN监听器,仅对内置PED有效 </div> <div class="en"> PED input PIN listener,only effective on internal 1527 * PED </div> 1528 * 1529 */ 1530 public interface IPedInputPinListener { 1531 1532 /** 1533 * <div class="zh"> 按键事件。 </div> <div class="en"> key event </div> 1534 * 1535 * @param keyCode 1536 * {@link EKeyCode} 1537 * 1538 */ 1539 public void onKeyEvent(EKeyCode keyCode); 1540 1541 } 1542 1543 /** 1544 * <div class="zh">写入一个AES密钥,并可以选择使用KCV验证密钥正确性。仅支持TAESK。仅支持{@link EPedType#INTERNAL} 类型。 </div> <div class="en"> To write Aes key to PED, and use KCV to check the 1545 * key correction.only allow TAESK. {@link EPedType#INTERNAL} only is supported.</div> 1546 * 1547 * @param srcKeyType 1548 * {@link EPedKeyType} <div class="zh"> 1549 * <p> 1550 * 原密钥类型 1551 * </p> 1552 * <ul> 1553 * <li>{@link EPedKeyType#TLK}</li> 1554 * <li>{@link EPedKeyType#TMK}</li> 1555 * <li>{@link EPedKeyType#AES_TMK}</li> 1556 * </ul> 1557 * </div> <div class="en"> 1558 * <p> 1559 * Source Key Type 1560 * </p> 1561 * <ul> 1562 * <li>{@link EPedKeyType#TLK}</li> 1563 * <li>{@link EPedKeyType#TMK}</li> 1564 * <li>{@link EPedKeyType#AES_TMK}</li> 1565 * </ul> 1566 * </div> 1567 * 1568 * 1569 * @param srcKeyIndex 1570 * <div class="zh"> 1571 * <p> 1572 * 原密钥索引 1573 * </p> 1574 * <ul> 1575 * <li>如果srcKeyType={@link EPedKeyType#TLK}时, srcKeyIndex=1有效</li> 1576 * <li>如果srcKeyType={@link EPedKeyType#TMK}时, srcKeyIndex=[1~100]有效</li> 1577 * <li>如果srcKeyType={@link EPedKeyType#AES_TMK}时, srcKeyIndex=[1~100]有效</li> 1578 * </ul> 1579 * 当srcKeyIndex = 0,密钥将以明文形式写入PED。 </div> <div class="en"> 1580 * <p> 1581 * Source Key Index 1582 * </p> 1583 * <ul> 1584 * <li>when srcKeyType=TLK, srcKeyIndex=1</li> 1585 * <li>when srcKeyType=TMK, srcKeyIndex=[1~100]</li> 1586 * <li>when srcKeyType=AES_TMK, srcKeyIndex=[1~100]</li> 1587 * </ul> 1588 * when srcKeyIndex = 0,The key will be written to PED in clear text. </div> 1589 * 1590 * @param destkeyIndex 1591 * <div class="zh"> 1592 * <p> 1593 * 目的密钥索引[1-100] 1594 * </p> 1595 * </div> <div class="en"> 1596 * <p> 1597 * Destination Key Index[1-100] 1598 * </p> 1599 * </div> 1600 * 1601 * @param destKeyValue 1602 * <div class="zh"> 1603 * <p> 1604 * 密钥明文或密文,16/24/32bytes 1605 * </p> 1606 * </div> <div class="en"> 1607 * <p> 1608 * Cryptograph or Plaintext,16/24/32bytes 1609 * </p> 1610 * </div> 1611 * 1612 * @param checkMode 1613 * {@link EAesCheckMode} <div class="zh"> 1614 * <p> 1615 * 校验模式 1616 * </p> 1617 * <ul> 1618 * <li>checkMode=KCV_NONE -无验证.</li> 1619 * <li>checkMode=KCV_ENCRYPT_0 -对16个字节的0x00进行AES ECB模式加密运算,得到的密文的前4个字节即为KCV值。</li> 1620 * <li>checkMode=KCV_ENCRYPT_FIX_DATA -首先对密钥明文进行奇校验,再对16字节长度 1621 * ―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖进行AES ECB模式的加密运算,得到的密文的前4个字节即为KCV值。</li> 1622 * <li>checkMode=KCV_MAC_INPUT_DATA -传入一串数据KcvData,使用源密钥对[aucDstKeyValue(密文)+ 1623 * KcvData]进行指定模式的MAC运算,得到的8个字节的MAC值即为KCV值。</li> 1624 * </ul> 1625 * </div> <div class="en"> 1626 * <p> 1627 * Check Mode 1628 * </p> 1629 * <ul> 1630 * <li>When checkMode=KCV_NONE -No Check</li> 1631 * <li>When checkMode=KCV_ENCRYPT_0 -Perform AES ECB mode encryption on 16 bytes 0x00, and use first 4 1632 * bytes as KCV.</li> 1633 * 1634 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform AES ECB mode 1635 * encryption on 16 bytes―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖, and use 1636 * first 4 bytes as KCV.</li> 1637 * 1638 * <li>When checkMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode 1639 * of MAC on [aucDesKeyValue(ciphertext) +KcvData], and use the 8 bytes result as KCV.</li> 1640 * </ul> 1641 * </div> 1642 * 1643 * @param checkBuf 1644 * <div class="zh"> 1645 * <p> 1646 * 校验数据缓冲区 1647 * </p> 1648 * <ul> 1649 * <li>当checkMode={@link ECheckMode#KCV_NONE}时 checkBuf的值无效,系统认为不验证KCV,可以为null</li> 1650 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_0}时checkBuf为KCV的值</li> 1651 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_FIX_DATA}时checkBuf为KCV的值</li> 1652 * <li>当iCheckMode={@link ECheckMode#KCV_MAC_INPUT_DATA}时按以下规则提供checkBuf: 1653 * <p> 1654 * checkBuf[0]= KcvData长度(KcvDataLen) 1655 * </p> 1656 * <p> 1657 * checkBuf+1: KcvData 1658 * </p> 1659 * <p> 1660 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link #getMac(byte, byte[], EPedMacMode)}中的mode参数 1661 * </p> 1662 * <p> 1663 * checkBuf[2+KcvDataLen]=KCV长度 1664 * </p> 1665 * <p> 1666 * checkBuf[3+KcvDataLen]是KCV的值 1667 * </p> 1668 * </li> 1669 * </ul> 1670 * </div> <div class="en"> 1671 * <p> 1672 * Check Data Buffer 1673 * </p> 1674 * <ul> 1675 * <li>When checkMode=KCV_NONE -PED won't check KCV, this data is no meaning.</li> 1676 * <li>When checkMode=KCV_ENCRYPT_0 -4 bytes key check value</li> 1677 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value</li> 1678 * <li>When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData 1679 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 1680 * {@link #getMac(byte, byte[], EPedMacMode)} checkBuf[2+kcvDataLen]:KCV length 1681 * checkBuf[3+kcvDataLen]:KCV Value</li> 1682 * </ul> 1683 * </div> 1684 * @since V2.00.02 1685 * @throws PedDevException 1686 */ 1687 public void writeAesKey(EPedKeyType srcKeyType, byte srcKeyIndex, byte destkeyIndex, byte[] destKeyValue, 1688 EAesCheckMode checkMode, byte[] checkBuf) throws PedDevException; 1689 1690 /** 1691 * <div class="zh"> 用AES算法进行加密或者解密 。仅支持{@link EPedType#INTERNAL} 类型。</div> 1692 * <div class="en"> Use AES algorithm to encrypt or decrypt. {@link EPedType#INTERNAL} only is supported.</div> 1693 * 1694 * @param keyIdx 1695 * <div class="zh"> AES_TDK 密钥索引: 1~40</div> <div class="en"> AES_TDK Key index: 1~40 </div> 1696 * @param initvector 1697 * <div class="zh">使用CBC/OFB 模式进行加解密运算时需要用到,若InitVector为NULL,则默认为16字节的全0x00。 使用ECB加解密时不需要,可以为NULL。 </div> 1698 * <div class="en"> ECB mode: init vector is null .CBC mode: init vector, 16 bytes. </div> 1699 * @param dataIn 1700 * <div class="zh">待运算的数据.应小于等于1024字节,且为16的倍数。 </div> <div class="en"> Input data to be encrypted or 1701 * decrypted. Max length <= 1024, and that is a multiple of 16.</div> 1702 * @param operation 1703 * <ul> 1704 * <li>{@link ECryptOperate#ENCRYPT}</li> 1705 * <li>{@link ECryptOperate#DECRYPT}</li> 1706 * </ul> 1707 * @param option 1708 * <ul> 1709 * <li>{@link ECryptOpt#ECB}</li> 1710 * <li>{@link ECryptOpt#CBC}</li> 1711 * <li>{@link ECryptOpt#OFB}</li> 1712 * </ul> 1713 * @return <div class="zh"> 加密或者解密后的数据 </div> <div class="en"> encrypted or decrypted data </div> 1714 * @since V2.00.02 1715 * @throws PedDevException 1716 */ 1717 public byte[] calcAes(byte keyIdx, byte[] initvector, byte[] dataIn, ECryptOperate operation, ECryptOpt option) 1718 throws PedDevException; 1719 1720 /** 1721 * <div class="zh">设置键盘按键显示模式,固定序列或随机序列(默认)。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Set keyboard display mode, fixed sequence or 1722 * random sequence (default). {@link EPedType#INTERNAL} only is supported.</div> 1723 * 1724 * @param random 1725 * true:random false:fixed sequence 1726 * @since V2.00.03 1727 * @throws PedDevException 1728 */ 1729 public void setKeyboardRandom(boolean random) throws PedDevException; 1730 1731 /** 1732 * <div class="zh"> 生成RSA密钥对并注入PED。仅支持{@link EPedType#INTERNAL} 类型。 </div> 1733 * <div class="en"> Generate RSA key pairs then inject into PED. {@link EPedType#INTERNAL} only is supported.</div> 1734 * 1735 * @param pvtKeyIdx 1736 * <div class="zh">私钥索引1-10</div> <div class="en"> Private key index 1-10 </div> 1737 * @param pubKeyIdx 1738 * <div class="zh">公钥索引1-10</div> <div class="en">Public key index 1-10</div> 1739 * @param modLenBit 1740 * <div class="zh"> 模长,支持512,1024,2048。 </div> <div class="en"> Modulus len,support 512,1024,2048. </div> 1741 * @param pubExpType 1742 * <div class="zh"> 公共指数类型:0:3 1:65537 </div> <div class="en"> Public exponent type: 0:3 1:65537 </div> 1743 * @throws PedDevException 1744 * @since V2.01.00 1745 */ 1746 public void genRSAKey(byte pvtKeyIdx, byte pubKeyIdx, short modLenBit, byte pubExpType) throws PedDevException; 1747 1748 /** 1749 * <div class="zh"> 设置外置PED的连接端口。支持{@link EPedType#EXTERNAL_TYPEA},{@link EPedType#EXTERNAL_TYPEC} 类型。</div> 1750 * <div class="en"> Set connection port of the external PED. {@link EPedType#EXTERNAL_TYPEA},{@link EPedType#EXTERNAL_TYPEC} is supported.</div> 1751 * 1752 * @param port 1753 * {@link EUartPort} 1754 * @since V2.02.00 1755 */ 1756 void setPort(EUartPort port); 1757 1758 /** 1759 * <div class="zh"> 指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持{@link EPedType#INTERNAL} 类型。 </div> <div class="en"> Scan the keyboard PIN entry and 1760 * output the PIN BLOCK encrypted data block in a specific time. {@link EPedType#INTERNAL} only is supported.</div> 1761 * 1762 * 1763 * @param keyIndex 1764 * <div class="zh"> [1~100] TPK的索引 </div> <div class="en"> [1~100] TPK index </div> 1765 * 1766 * @param expPinLen 1767 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 1768 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。 1769 * <p> 1770 * 当mode=0x05的时候,该参数为"5" 1771 * </p> 1772 * </div> <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 1773 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. 1774 * <p> 1775 * When mode=0x05,it should be "5" 1776 * </p> 1777 * </div> 1778 * 1779 * @param dataIn 1780 * <div class="zh"> 1781 * <ul> 1782 * <li>当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。</li> 1783 * <li>当mode=0x01时, DataIn被忽略.接口内部采用随机数填充PINBlock。</li> 1784 * <li>当mode=0x02时, DataIn指向位移后的16位PAN。</li> 1785 * <li>当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 1786 * <li>当Mode=0x05时, DataIn包含卡账号和CCS数据,格式为PANlen(1个字节) + CCSlen(1个字节) + PAN(PANlen个字节) + 1787 * CCS(CCSlen个字节)。其中PAN为卡账号(ASCII码),目前限定PANlen必须为18,CCSlen必须为0或者8,CCS为ASCII码格式。</li> 1788 * <li>当mode=0x14时,DataIn为原始主帐号。</li> 1789 * </ul> 1790 * </div> <div class="en"> 1791 * <ul> 1792 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting.</li> 1793 * <li>When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 1794 * <li>When mode=0x02, DataIn is the 16 bytes primary account number after shifting.</li> 1795 * <li>When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]</li> 1796 * <li>When Mode=0x05, DataIn contains card account and CCS data. The format is PANlen (1 bytes) + CCSlen 1797 * (1 bytes) + PAN (PANlen byte) + CCS (CCSlen byte). In which PAN is a card account (ASCII code), the 1798 * current limited PANlen must be 18, CCSlen must be 0 or 8, CCS is ASCII code format.</li> 1799 * <li>When mode=0x14, DataIn is the original primary account.</li> 1800 * </ul> 1801 * </div> 1802 * 1803 * @param mode 1804 * <div class="zh"> PIN BLOCK的格式 1805 * <ul> 1806 * <li>0x00:ISO9564_0</li> 1807 * <li>0x01:ISO9564_1</li> 1808 * <li>0x02:ISO9564_3</li> 1809 * <li>0x03:HK EPS</li> 1810 * <li>0x04:预留</li> 1811 * <li>0x05:Italy 专用模式</li> 1812 * <li>0x06:AS2805 zero length PIN block mode。不会要求输入PIN,不会弹出输PIN窗口,expPinLen必须为0。</li> 1813 * <li>0x11:使用AES_TPK加密,pinblock是日本的hit特殊模式</li> 1814 * <li>0x12:使用AES_TPK加密,pinblock是日本的PKCS7模式</li> 1815 * <li>0x14:使用AES_TPK加密,pinblock是ISO9564 格式4</li> 1816 * <li>0x50:3DES-CBC</li> 1817 * </ul> 1818 * </div> <div class="en"> PIN BLOCK Format 1819 * <ul> 1820 * <li>0x00:ISO9564_0</li> 1821 * <li>0x01:ISO9564_1</li> 1822 * <li>0x02:ISO9564_3</li> 1823 * <li>0x03:HK EPS -EPS PINBLOCK Format</li> 1824 * <li>0x04:Reserved</li> 1825 * <li>0x05:Italy special mode</li> 1826 * <li>0x06:AS2805 zero length PIN block mode。The pin input window will not pop up. expPinLen must be 0.</li> 1827 * <li>0x11:Using AES_TPK encryption, pinblock is Japan's hit special mode</li> 1828 * <li>0x12:Using AES_TPK encryption, pinblock is Japan's PKCS7 mode</li> 1829 * <li>0x14:Using AES_TPK encryption, pinblock is in ISO9564 format 4</li> 1830 * <li>0x50:3DES-CBC</li> 1831 * </ul> 1832 * </div> 1833 * 1834 * @param timeoutMs 1835 * <div class="zh"> 1836 * <p> 1837 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 1838 * </p> 1839 * <p> 1840 * 0:表示没有超时时间,PED不做超时控制 1841 * </p> 1842 * </div> <div class="en"> 1843 * <p> 1844 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 1845 * </p> 1846 * <p> 1847 * 0: No timeout time, not doing timeout control for PED. 1848 * </p> 1849 * </div> 1850 * 1851 * @return <div class="zh"> 返回pinBlock,如果bypass 返回NULL。如果mode=0x11,返回16字节数组。 </div> <div class="en"> Return pinBlock byte array, if 1852 * bypass,return NULL. If mode=0x11,return 16 byte array.</div> 1853 * 1854 * @throws PedDevException 1855 * @since V2.02.00 1856 */ 1857 public byte[] getPinBlock(byte keyIndex, String expPinLen, byte[] dataIn, byte mode, int timeoutMs) 1858 throws PedDevException; 1859 1860 /** 1861 * <div class="zh"> 读取RSA公钥密钥 。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en"> Read rsa public key. {@link EPedType#INTERNAL} only is supported.</div> 1862 * 1863 * @param rsaKeyIndex 1864 * <div class="zh"> RSA公钥索引[1-10] </div> <div class="en"> RSA public key index [1-10] </div> 1865 * @return <div class="zh"> {@link RSAKeyInfo} </div> <div class="en"> {@link RSAKeyInfo}</div> 1866 * @throws PedDevException 1867 * @since V2.03.00 1868 */ 1869 RSAKeyInfo readRSAKey(byte rsaKeyIndex) throws PedDevException; 1870 1871 /** 1872 * <div class="zh"> 设定某些功能键的功能。PED 上电后,CLEAR 键的默认功能为,持卡人输入 PIN 时,按 CLEAR 键, 清除已输入的 PIN。可以通过该函数来设置 CLEAR 键的不同功能。仅支持{@link EPedType#INTERNAL} 类型。 1873 * </div> <div class="en">The function of setting some function keys. After the PED is powered on, the default 1874 * function of the CLEAR key is to press the CLEAR key to clear the incoming PIN when the cardholder enters PIN. 1875 * This function can be used to set different functions of the CLEAR key. {@link EPedType#INTERNAL} only is supported.</div> 1876 * 1877 * @param ucKey 1878 * <div class="zh"> 1879 * <ul> 1880 * <li>ucKey为0x00时,表示在已输入的PIN已经清空或者没有输入PIN时按CLEAR键的功能,PED退出输入密码状态,并返回PED_RET_ERR_INPUT_CLEAR。</li> 1881 * <li> 1882 * ucKey为0x01时,表示调用该函数后,密码输入的接口(PedGetPinBlock、PedGetPinDukpt、PedVerifyPlainPin、PedVerifyCipherPin) 1883 * 在输入PIN过程中,按下CLEAR键,逐个清除最后输入的PIN,当清空所有已输入的PIN时,不退出输入PIN函数。</li> 1884 * <li>ucKey为0x02时,表示允许按ATM4键,结束PIN输入,对于无ATM键的机型无效。</li> 1885 * <li>ucKey为0x03时,表示允许按功能键,结束PIN输入,对于无FN键的机型无效。</li> 1886 * <li>ucKey为0x04时,表示没有输入PIN时按CLEAR键,PED退出输入密码状态,并返回PED_RET_ERR_INPUT_CLEAR;当有PIN输入时,按CLEAR键逐个清除最后输入的PIN,当清空所有已输入的PIN时,不退出输入PIN函数</li> 1887 * <li>ucKey为0x05时,表示没有输入PIN时按CLEAR键,PED退出输入密码状态,并返回PED_RET_ERR_INPUT_CLEAR;当有PIN输入时,按CLEAR键会一次性全部清除所有输入的PIN,当清空所有已输入的PIN时再按CLEAR键,不退出输入PIN函数。</li> 1888 * <li>ucKey为0x07时,表示当PIN输入达到指定个数时,无需用户手动按确认键,自动结束PIN输入。</li> 1889 * <li>uckey为0x08时,表示当调用密码键盘时先插上IC卡,如果输PIN过程中拔卡,PED退出输入密码状态,并返回PED_RET_ERR_NO_ICC(-316)。</li> 1890 * <li>ucKey为0xff时,表示恢复功能键默认功能。</li> 1891 * </ul> 1892 * 备注:<br> 1893 * (1)ucKey为0x00,0x01,0x04,0x05时,描述的是按CLEAR键的功能,只能选一种。<br> 1894 * (2)ucKey为0x07时,描述的是自动完成PIN输入的功能。<br> 1895 * (3)ucKey为0x02,0x03时,描述的是重新自定义可以结束PIN输入的按键(要看所使用的机型是否有这个按键)。<br> 1896 * (1),(2)和(3)这三种情况是可以同时设置起效的。比如setFunctionKey(0x00)后还可以设置setFunctionKey(0x07)。 1897 * </div> <div class="en"> 1898 * <ul> 1899 * <li>When ucKey is 0x00, it means that PED exits the input password state and returns to 1900 * PED_RET_ERR_INPUT_CLEAR when the input PIN is empty or does not enter PIN with the CLEAR key.</li> 1901 * <li> 1902 * When ucKey is 0x01, when the function is called, the interface (PedGetPinBlock, PedGetPinDukpt, 1903 * PedVerifyPlainPin, PedVerifyCipherPin) of the password input is pressed by the CLEAR key in the input 1904 * PIN process, and the final PIN is removed one by one. When all the entered PIN are emptied, the input 1905 * PIN function is not exited.</li> 1906 * <li>When ucKey is 0x02, it means that the ATM4 input is allowed to end the PIN input, which is invalid 1907 * for the machine without ATM key.</li> 1908 * <li>When ucKey is 0x03, it means that the PIN input is allowed to press the function key, which is 1909 * invalid for the FN free key.</li> 1910 * <li>When ucKey is 0x04, it means pressing CLEAR when PIN is not entered, PED exits the password input state and returns PED_RET_ERR_INPUT_CLEAR; when there is PIN input, press CLEAR key to clear the last PIN one by one, and when all the PIN input is emptied, it does not exit the input PIN function.</li> 1911 * <li>When ucKey is 0x05, it means pressing CLEAR when PIN is not entered, PED exits the password state and returns to PED_RET_ERR_INPUT_CLEAR; when there is PIN input, pressing CLEAR key clears all input PINs at one time, and then pressing CLEAR key when all input PINs are emptied, and does not exit the input PIN function.</li> 1912 * <li>When ucKey is 0x07, it means that when the PIN input reaches the specified number, the user does not need to manually press the confirm key, but automatically ends the PIN input.</li> 1913 * <li>When ucKey is 0x08, the IC card is inserted before the password keyboard is called. If the card is pulled out during PIN input, PED exits the password input state, and PED_RET_ERR_NO_ICC(-316) is returned.</li> 1914 * <li>When ucKey is 0xff, it means restoring the default function of the function key.</li> 1915 * </ul> 1916 * Notes:<br> 1917 * (1)If ucKey is 0x00, 0x01, 0x04 or 0x05, it describes the function of pressing the CLEAR key. Only one function can be selected.<br> 1918 * (2)If ucKey is 0x07, it describes the function of automatically completing PIN input.<br> 1919 * (3)If ucKey is 0x02 or 0x03, it describes a button that can be re-customized to end the PIN entry (depending on whether the model you are using has this button).<br> 1920 * (1), (2) and (3) can be set to take effect at the same time. For example, you can call setFunctionKey(0x07) after setFunctionKey(0x00). 1921 * </div> 1922 * @throws PedDevException 1923 * @since V3.00.00 1924 */ 1925 void setFunctionKey(byte ucKey) throws PedDevException; 1926 /** 1927 * <div class="zh"> 在PED上输入PIN,并使DUKPT的PIN密钥计算PINBlock,仅适用于type-c类外置密码键盘。</div> <div class="en"> PINBlock Input the PIN on PED,and use 1928 * the PINkey of DUKPT to calculate the PINBlock. Only for external type-c pinpad</div> 1929 * 1930 * @param groupIndex 1931 * <div class="zh"> [1~100]DUKPT引擎索引, 0,1,2 </div> <div class="en"> [1~100] DUKPT key group id, 0,1,2</div> 1932 * 1933 * @param expPinLen 1934 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 1935 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。</div> 1936 * <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 1937 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. </div> 1938 * 1939 * @param dataIn 1940 * <div class="zh"> 1941 * <ul> 1942 * <li>dataIn指向卡号移位后生成的16位主帐号</li> 1943 * 1944 * </ul> 1945 * </div> <div class="en"> 1946 * <ul> 1947 * <li>dataIn is the 16 bytes primary account number after shifting.</li> 1948 * </ul> 1949 * </div> 1950 * 1951 * @param isByPass 1952 * <div class="zh"> 1953 * <ul> 1954 * <li>是否允许不输入密码,true:意味着可以直接按Enter键返回</li> 1955 * </ul> 1956 * </div> <div class="en"> 1957 * <ul> 1958 * <li>true:means that no PIN is required, and pressing "Enter" will return.</li> 1959 * </ul> 1960 * </div> 1961 * 1962 * @param msg1 <div class="zh">提示1。</div> <div class="en">Hint 1.</div> 1963 * 1964 * @param msg2 <div class="zh">提示2。</div> <div class="en">Hint 2.</div> 1965 * 1966 * @param timeoutMs 1967 * <div class="zh"> 1968 * <p> 1969 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 1970 * </p> 1971 * <p> 1972 * 0:表示没有超时时间,PED不做超时控制 1973 * </p> 1974 * </div> <div class="en"> 1975 * <p> 1976 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 1977 * </p> 1978 * <p> 1979 * 0: No timeout time, not doing timeout control for PED. 1980 * </p> 1981 * </div> 1982 * 1983 * @return DUKPTResult {@link DUKPTResult} 1984 * @throws PedDevException 1985 */ 1986 public DUKPTResult getDUKPTPin(byte groupIndex, String expPinLen, byte[] dataIn, Boolean isByPass, String msg1, String msg2, int timeoutMs) 1987 throws PedDevException; 1988 1989 /** 1990 * <div class="zh"> 设置PIN输入的密码键盘类型。仅支持{@link EPedType#INTERNAL} 类型。 </div> <div class="en"> set keyboard type. {@link EPedType#INTERNAL} only is supported.</div> 1991 * 1992 * @param type 1993 * <div class="zh"> 1994 * <ul> 1995 * <li>0:同时开启物理键盘和虚拟键盘输入</li> 1996 * <li>1:只开启物理键盘输入</li> 1997 * <li>2:只开启虚拟键盘输入</li> 1998 * </ul> 1999 * </div> <div class="en"> 2000 * <ul> 2001 * <li>0:Open physical keyboard and virtual keyboard input simultaneously.</li> 2002 * <li>1:Only physical keyboard input is enabled.</li> 2003 * <li>2:Open virtual keyboard input only</li> 2004 * </ul> 2005 * </div> 2006 * @throws PedDevException 2007 */ 2008 void setKeyBoardType(int type) throws PedDevException; 2009 2010 /** 2011 * <div class="zh"> 获取PIN输入的密码键盘类型 。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en"> get keyboard type for PIN entry. {@link EPedType#INTERNAL} only is supported.</div> 2012 * 2013 * @return <div class="zh"> 2014 * <ul> 2015 * <li>0:同时开启物理键盘和虚拟键盘输入</li> 2016 * <li>1:只开启物理键盘输入</li> 2017 * <li>2:只开启虚拟键盘输入</li> 2018 * </ul> 2019 * </div> <div class="en"> 2020 * <ul> 2021 * <li>0:Open physical keyboard and virtual keyboard input simultaneously.</li> 2022 * <li>1:Only physical keyboard input is enabled.</li> 2023 * <li>2:Open virtual keyboard input only</li> 2024 * </ul> 2025 * </div> 2026 * @throws PedDevException 2027 */ 2028 int getKeyBoardType() throws PedDevException; 2029 2030 /** 2031 * <div class="zh"> 指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持{@link EPedType#INTERNAL} 类型。 </div> <div class="en"> Scan the keyboard PIN entry and 2032 * output the PIN BLOCK encrypted data block in a specific time. {@link EPedType#INTERNAL} only is supported.</div> 2033 * 2034 * 2035 * @param keyIdx 2036 * <div class="zh"> [1~100] TPK的索引 </div> <div class="en"> [1~100] TPK index </div> 2037 * 2038 * @param expPinLen 2039 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 2040 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。 2041 * <p> 2042 * 当mode=0x05的时候,该参数为"5" 2043 * </p> 2044 * </div> <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 2045 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. 2046 * <p> 2047 * When mode=0x05,it should be "5" 2048 * </p> 2049 * </div> 2050 * 2051 * @param dataIn 2052 * <div class="zh"> 2053 * <ul> 2054 * <li>当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。</li> 2055 * <li>当mode=0x01时, DataIn被忽略.接口内部采用随机数填充PINBlock。</li> 2056 * <li>当mode=0x02时, DataIn指向位移后的16位PAN。</li> 2057 * <li>当mode=0x05时, DataIn包含卡账号和CCS数据,格式为PANlen(1个字节) + CCSlen(1个字节) + PAN(PANlen个字节) + 2058 * CCS(CCSlen个字节)。其中PAN为卡账号(ASCII码),目前限定PANlen必须为18,CCSlen必须为0或者8,CCS为ASCII码格式。</li> 2059 * <li>当mode=0x14时,DataIn为原始主帐号。</li> 2060 * </ul> 2061 * </div> <div class="en"> 2062 * <ul> 2063 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting.</li> 2064 * <li>When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 2065 * <li>When mode=0x02, DataIn is the 16 bytes primary account number after shifting.</li> 2066 * <li>When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]</li> 2067 * <li>When mode=0x05, DataIn contains card account and CCS data. The format is PANlen (1 bytes) + CCSlen 2068 * (1 bytes) + PAN (PANlen byte) + CCS (CCSlen byte). In which PAN is a card account (ASCII code), the 2069 * current limited PANlen must be 18, CCSlen must be 0 or 8, CCS is ASCII code format.</li> 2070 * <li>When mode=0x14, DataIn is the original primary account.</li> 2071 * </ul> 2072 * </div> 2073 * 2074 * @param mode 2075 * <div class="zh"> PIN BLOCK的格式 2076 * <ul> 2077 * <li>0x00:ISO9564_0</li> 2078 * <li>0x01:ISO9564_1</li> 2079 * <li>0x02:ISO9564_3</li> 2080 * <li>0x03:HK EPS</li> 2081 * <li>0x04:预留</li> 2082 * <li>0x05:Italy 专用模式</li> 2083 * <li>0x11:使用AES_TPK加密,pinblock是日本的hit特殊模式</li> 2084 * <li>0x12:使用AES_TPK加密,pinblock是日本的PKCS7模式</li> 2085 * <li>0x14:使用AES_TPK加密,pinblock是ISO9564 格式4</li> 2086 * <li>0x50:3DES-CBC</li> 2087 * </ul> 2088 * </div> <div class="en"> PIN BLOCK Format 2089 * <ul> 2090 * <li>0x00:ISO9564_0</li> 2091 * <li>0x01:ISO9564_1</li> 2092 * <li>0x02:ISO9564_3</li> 2093 * <li>0x03:HK EPS -EPS PINBLOCK Format</li> 2094 * <li>0x04:Reserved</li> 2095 * <li>0x05:Italy special mode</li> 2096 * <li>0x11:Using AES_TPK encryption, pinblock is Japan's hit special mode</li> 2097 * <li>0x12:Using AES_TPK encryption, pinblock is Japan's PKCS7 mode</li> 2098 * <li>0x14:Using AES_TPK encryption, pinblock is in ISO9564 format 4</li> 2099 * <li>0x50:3DES-CBC</li> 2100 * </ul> 2101 * </div> 2102 * 2103 * @param timeoutMs 2104 * <div class="zh"> 2105 * <p> 2106 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 2107 * </p> 2108 * <p> 2109 * 0:表示没有超时时间,PED不做超时控制 2110 * </p> 2111 * </div> <div class="en"> 2112 * <p> 2113 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 2114 * </p> 2115 * <p> 2116 * 0: No timeout time, not doing timeout control for PED. 2117 * </p> 2118 * </div> 2119 * 2120 * @param controlTime <div class="zh"> 等待第二个及之后的按键的超时时间,单位:毫秒(超过30s的为30s) </div> 2121 * <div class="en"> The time-out for waiting for the second and subsequent keys in milliseconds (30 seconds for more than 30 seconds) </div> 2122 * 2123 * @return <div class="zh"> 返回pinBlock,如果bypass 返回NULL。如果mode=0x11,返回16字节数组。 </div> <div class="en"> Return pinBlock byte array, if 2124 * bypass,return NULL. If mode=0x11,return 16 byte array.</div> 2125 * 2126 * @throws PedDevException 2127 * @since V3.02.00 2128 */ 2129 byte[] getPinBlock(byte keyIdx, String expPinLen, byte[] dataIn, byte mode, int timeoutMs, int controlTime)throws PedDevException; 2130 2131 /** 2132 * <div class="zh"> 实现脱机明文PIN校验功能。获取明文PIN,然后按照应用提供的卡片命令与卡片通道号,将明文PIN BLOCK直接发送给卡片(PIN BLOCK格式在用法部分描述)。仅支持{@link EPedType#INTERNAL} 类型。 </div> <div 2133 * class="en"> Achieve the function of verifying plaintext offline PIN. Get plaintext PIN and then Send plaintext 2134 * PIN BLOCK to card according to card command and card slot number (PIN BLOCK format will be provided in operation 2135 * part.). {@link EPedType#INTERNAL} only is supported. </div> 2136 * 2137 * @param slot 2138 * <div class="zh"> 卡片所在的卡座号 </div> <div class="en"> card slot number </div> 2139 * 2140 * @param expPinLen 2141 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 2142 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。 </div> 2143 * <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 2144 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. </div> 2145 * 2146 * @param mode <div class="zh"> 2147 * <ul> 2148 * <li>0x00: I C卡命令模式,现支持符合EMV2000的IC卡命令。</li> 2149 * <li>0x01: 给WIC使用。</li> 2150 * </ul> 2151 * </div> 2152 * <div class="en"> 2153 * <ul> 2154 * <li>0x00: IC Card Command Mode,Currently support EMV2000.</li> 2155 * <li>0x01: For WIC.</li> 2156 * </ul> 2157 * </div> 2158 * 2159 * @param timeoutMs 2160 * <div class="zh"> 输入PIN的超时时间,单位:毫秒 最大值为300000ms </div> <div class="en"> The timeout of PIN entry 2161 * [ms],Maximum is 300000ms. </div> 2162 * 2163 * @param controlTime <div class="zh"> 等待第二个及之后的按键的超时时间,单位:毫秒(超过30s的为30s) </div> 2164 * <div class="en"> The time-out for waiting for the second and subsequent keys in milliseconds (30 seconds for more than 30 seconds) </div> 2165 * 2166 * @return <div class="zh"> 卡片响应的状态码 (2字节:SW1+SW2) </div> <div class="en"> The status code of card response (2 2167 * bytes: SW1+SW2). </div> 2168 * 2169 * @throws PedDevException 2170 * 2171 * @since V3.02.00 2172 */ 2173 byte[] verifyPlainPin(byte slot, String expPinLen, byte mode, int timeoutMs, int controlTime)throws PedDevException; 2174 2175 /** 2176 * <div class="zh"> 实现脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey对明文PIN按照EMV规范进行加密,然后用应用提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。仅支持{@link EPedType#INTERNAL} 类型。</div> 2177 * <div class="en"> Verify enciphered PIN offline. Get plain text PIN and then use RsaPinKey provided by application 2178 * to encrypt plaintext PIN according to EMV standard. Send enciphered PIN to card according to card command and 2179 * card channel number provided by application. {@link EPedType#INTERNAL} only is supported.</div> 2180 * 2181 * @param slot 2182 * <div class="zh"> 卡片所在的卡座号 </div> <div class="en"> card slot number </div> 2183 * 2184 * @param expPinLen 2185 * <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 2186 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。 </div> 2187 * <div class="en"> The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 2188 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. </div> 2189 * 2190 * 2191 * @param rsaPinKey 2192 * {@link RSAPinKey} 2193 * @param mode 2194 * <div class="zh"> 0x00 IC卡命令模式,目前支持EMV2000。 </div> <div class="en"> 0x00 IC Card Command Mode,Currently 2195 * support EMV2000. </div> 2196 * 2197 * @param timeoutMs 2198 * <div class="zh"> 输入PIN的超时时间,单位:毫秒 最大值为300000ms </div> <div class="en"> The timeout of PIN input 2199 * [unit:ms].Maximum is 300000Ms. </div> 2200 * 2201 * @param controlTime <div class="zh"> 等待第二个及之后的按键的超时时间,单位:毫秒(超过30s的为30s) </div> 2202 * <div class="en"> The time-out for waiting for the second and subsequent keys in milliseconds (30 seconds for more than 30 seconds) </div> 2203 * 2204 * @return <div class="zh"> 卡片响应的状态码 (2字节:SW1+SW2) </div> <div class="en"> The card response code (2 bytes:SW1 and 2205 * SW2) </div> 2206 * 2207 * @throws PedDevException 2208 * 2209 * @since V3.02.00 2210 */ 2211 byte[] verifyCipherPin(byte slot, String expPinLen, RSAPinKey rsaPinKey, byte mode, int timeoutMs, int controlTime)throws PedDevException; 2212 2213 /** 2214 * <div class="zh"> 设置定制的Pin输入键盘布局 ,调用此方法前,需保证传入的View已绘制完成, 2215 * 如Activity.onWindowFocusChanged(boolean hasFocus),hasFocus=true时,调用此方法。仅支持{@link EPedType#INTERNAL} 类型。</div> 2216 * <div class="en">Set the custom Pin input keyboard layout,This method is called before, 2217 * need to ensure that the incoming View has been mapped, such as Activity.onWindowFocusChanged (Boolean hasFocus), 2218 * when hasFocus equals true, this method is called. {@link EPedType#INTERNAL} only is supported.</div> 2219 * 2220 * @param isOnce 2221 * <div class="zh"> true:单次有效 false:重启机器前有效 </div> 2222 * <div class="en">true:single effect false:effective before restarting the device</div> 2223 * 2224 * @param keyboardInputs <div class="zh">键盘集合。注意:数字键必须按照键盘布局从左到右,从上到下的顺序加入Map。不支持传入横屏布局的view. 2225 * Map.Key:键实例,Map.value:表示键类型,NUM表示数字键,CLEAR表示清除键,ENTER表示确认键,CANCEL表示取消键</div> 2226 * <div class="en">Keyboard set. Note: The numeric keys MUST be added to the map in order(from left to right, top to bottom), 2227 * according to the keyboard layout. Horizontal layout views are not supported. Map.key: Key instance, Map.value: represents Key type, NUM represents number Key, 2228 * CLEAR represents CLEAR Key, ENTER represents confirm Key, and CANCEL represents CANCEL Key</div> 2229 * 2230 * @return <div class="zh"> 数字键盘的顺序,为10个字节byte数组 </div> <div class="en">numeric keypad order, 10 byte array</div> 2231 * 2232 * @throws PedDevException 2233 */ 2234 public byte[] setKeyBoardLayout(boolean isOnce, LinkedHashMap<View, String> keyboardInputs) throws PedDevException; 2235 2236 /** 2237 * <div class="zh">注入TIK。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Injection of TIK. {@link EPedType#INTERNAL} only is supported.</div> 2238 * 2239 * @param kbpkType <div class="zh">KBPK类型 0x01:TLK,0x02:TMK</div> <div class="en">KBPK type. 0x01:TLK,0x02:TMK</div> 2240 * 2241 * @param kbpkIndex <div class="zh">KBPK索引 当kbpkType=0x01,kbpkIndex=1;当kbpkType=0x02,kbpkIndex=[1-100]</div> 2242 * <div class="en">KBPK index.if kbpkType=0x01,kbpkIndex=1.if kbpkType=0x02,kbpkIndex=[1-100]</div> 2243 * 2244 * @param groupIndex <div class="zh">DUKPT密钥组索引号 [1~100]</div> <div class="en">DUKPT key group index number [1~100]</div> 2245 * 2246 * @param TR31keyBlock <div class="zh">TR-31 Key Block</div> <div class="en">TR-31 Key Block</div> 2247 * 2248 * @throws PedDevException 2249 * 2250 * @since V3.06.00 2251 */ 2252 void writeTIK(byte kbpkType, byte kbpkIndex, byte groupIndex, byte[] TR31keyBlock) throws PedDevException; 2253 2254 /** 2255 * <div class="zh"> 写入一个密钥,包括TLK,TMK和TWK的写入、发散,并可以选择使用KCV验证密钥正确性。Pax Tech Iberia SL客户定制。 2256 * <p> 2257 * 当写入PED_TLK时,PED首先格式化,清除所有已经下载的密钥,再写入PED_TLK。 明文写入密钥时,srcKeyIndex=0 对于外置A类密键只能写入明文的主密钥和DES密钥,且下载密文TPK,TAK时不校验 2258 * 对于外置A类PED需要调用setExMode设置exMode {@link IPed#setExMode}, exMode默认为-1,表示写入的密钥密钥均为16字节,写入TPK TAK采用主密钥解密的方式 。 2259 * 支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 2260 * </p> 2261 * </div> 2262 * <div class="en"> Write in one key includes write in and divergent of TLK, TMK and TWK. And use KCV to check the 2263 * key correction. For Pax Tech Iberia SL. 2264 * <p> 2265 * When write PED_TLK,PED will format ,clear all the key has been downloaded,then write in PED_TLK. Writing the 2266 * plaintext into a key, when scrKeyIndex=0,need to call function setExMode {@link IPed#setExMode} for external pad. 2267 * External srcKeyType A can only write the main key and the DES key of plaintext. And it will not check when 2268 * downloading cryptograph TPK and TAK. 2269 * {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported. 2270 * </p> 2271 * </div> 2272 * 2273 * @param srcKeyType 2274 * {@link EPedKeyType} <div class="zh"> 2275 * <p> 2276 * 原密钥类型 2277 * </p> 2278 * <ul> 2279 * <li>{@link EPedKeyType#TLK}</li> 2280 * <li>{@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}</li> 2281 * <li>{@link EPedKeyType#TPK}</li> 2282 * <li>{@link EPedKeyType#TAK}</li> 2283 * <li>{@link EPedKeyType#TDK}</li> 2284 * </ul> 2285 * </div> <div class="en"> 2286 * <p> 2287 * Source Key Type 2288 * </p> 2289 * <ul> 2290 * <li>TLK - Terminal Loading Key</li> 2291 * <li>TMK - Terminal Master Key</li> 2292 * <li>TPK -Transaction PIN Key</li> 2293 * <li>TAK -Transaction Mac Key</li> 2294 * <li>TDK -Terminal Des Key</li> 2295 * </ul> 2296 * </div> 2297 * 2298 * @param srcKeyIndex 2299 * <div class="zh"> 2300 * <p> 2301 * 原密钥索引 2302 * </p> 2303 * <ul> 2304 * <li>如果srcKeyType={@link EPedKeyType#TLK}时, srcKeyIndex=1有效</li> 2305 * <li>如果srcKeyType={@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}/{@link EPedKeyType#TPK} 2306 * /{@link EPedKeyType#TAK}/{@link EPedKeyType#TDK}时, srcKeyIndex=[1~100]有效</li> 2307 * </ul> 2308 * </div> <div class="en"> 2309 * <p> 2310 * Source Key Index 2311 * </p> 2312 * <ul> 2313 * <li>when srcKeyType=TLK, srcKeyIndex=1</li> 2314 * <li>when srcKeyType=TMK/SM4_TMK/TPK/TAK/TDK, srcKeyIndex=[1~100]</li> 2315 * </ul> 2316 * </div> 2317 * 2318 * @param destKeyType 2319 * {@link EPedKeyType} <div class="zh"> 2320 * <p> 2321 * 目的密钥类型 2322 * </p> 2323 * <ul> 2324 * <li>{@link EPedKeyType#TLK}</li> 2325 * <li>{@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}</li> 2326 * <li>{@link EPedKeyType#TPK}/{@link EPedKeyType#SM4_TPK}</li> 2327 * <li>{@link EPedKeyType#TAK}/{@link EPedKeyType#SM4_TAK}</li> 2328 * <li>{@link EPedKeyType#TDK}/{@link EPedKeyType#SM4_TDK}</li> 2329 * </ul> 2330 * </div> <div class="en"> 2331 * <p> 2332 * Destination Key Type 2333 * </p> 2334 * reference srcKeyType {@link IPed#writeKey} </div> 2335 * 2336 * @param destkeyIndex 2337 * <div class="zh"> 2338 * <p> 2339 * 目的密钥索引 2340 * </p> 2341 * <ul> 2342 * <li>如果srcKeyType={@link EPedKeyType#TLK}时, destkeyIndex=1有效</li> 2343 * <li>如果srcKeyType={@link EPedKeyType#TMK}/{@link EPedKeyType#SM4_TMK}/{@link EPedKeyType#TPK}/ 2344 * {@link EPedKeyType#SM4_TPK}/{@link EPedKeyType#TAK}/{@link EPedKeyType#SM4_TAK}/ 2345 * {@link EPedKeyType#TDK}/{@link EPedKeyType#SM4_TDK}时, destkeyIndex=[1~100]有效</li> 2346 * </ul> 2347 * </div> <div class="en"> 2348 * <p> 2349 * Destination Key Index 2350 * </p> 2351 * reference srcKeyIndex {@link IPed#writeKey} </div> 2352 * 2353 * @param destKeyValue 2354 * <div class="zh"> 2355 * <p> 2356 * 密钥明文或密文 2357 * </p> 2358 * </div> <div class="en"> 2359 * <p> 2360 * Cryptograph or Plaintext 2361 * </p> 2362 * </div> 2363 * 2364 * @param checkMode 2365 * {@link ECheckMode} <div class="zh"> 2366 * <p> 2367 * 校验模式 2368 * </p> 2369 * <ul> 2370 * <li>{@link ECheckMode#KCV_NONE}</li> 2371 * <li>{@link ECheckMode#KCV_ENCRYPT_0}</li> 2372 * <li>{@link ECheckMode#KCV_ENCRYPT_FIX_DATA}</li> 2373 * <li>{@link ECheckMode#KCV_MAC_INPUT_DATA}</li> 2374 * <li>{@link ECheckMode#KCV_SM4_ENCRYPT_0}</li> 2375 * </ul> 2376 * </div> <div class="en"> 2377 * <p> 2378 * Check Mode 2379 * </p> 2380 * <ul> 2381 * <li>When checkMode=KCV_NONE -No Check</li> 2382 * <li>When checkMode=KCV_ENCRYPT_0 -Perform DES/TDES encryption on 8 bytes 0x00, and use first 4 bytes 2383 * as KCV.</li> 2384 * 2385 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform DES/TDES encryption 2386 * on 8 bytes―\x12\x34\x56\x78\x90\x12\x34\x56, and use first 4 bytes as KCV.</li> 2387 * 2388 * <li>When iCheckMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode 2389 * of MAC on [aucDesKeyValue +KcvData], and use the 8 bytes result as KCV.</li> 2390 * 2391 * <li>When iCheckMode=KCV_SM4_ENCRYPT_0 -Perform TDES encryption on 16 bytes 0x00 by SM4, and use first 2392 * 4 bytes as KCV.</li> </ul> </div> 2393 * 2394 * @param checkBuf 2395 * <div class="zh"> 2396 * <p> 2397 * 校验数据缓冲区 2398 * </p> 2399 * <ul> 2400 * <li>当checkMode={@link ECheckMode#KCV_NONE}时 checkBuf的值无效,系统认为不验证KCV,可以为null</li> 2401 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_0},4字节的kcv</li> 2402 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_FIX_DATA},4字节的kcv</li> 2403 * <li>当iCheckMode={@link ECheckMode#KCV_MAC_INPUT_DATA}时按以下规则提供checkBuf: 2404 * <p> 2405 * checkBuf[0]= KcvData长度(KcvDataLen) 2406 * </p> 2407 * <p> 2408 * checkBuf+1: KcvData 2409 * </p> 2410 * <p> 2411 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link #getMac(byte, byte[], EPedMacMode)}中的mode参数 2412 * </p> 2413 * <p> 2414 * checkBuf[2+KcvDataLen]=KCV长度 2415 * </p> 2416 * <p> 2417 * checkBuf[3+KcvDataLen]是KCV的值 2418 * </p> 2419 * </li> 2420 * <li>当checkMode={@link ECheckMode#KCV_SM4_ENCRYPT_0},4字节的kcv</li> 2421 * </ul> 2422 * </div> <div class="en"> 2423 * <p> 2424 * Check Data Buffer 2425 * </p> 2426 * <ul> 2427 * <li>When checkMode=KCV_NONE -PED wont check KCV, this data is no meaning.</li> 2428 * <li>When checkMode=KCV_ENCRYPT_0 -4 bytes key check value</li> 2429 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value</li> 2430 * <li>When iCheckMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData 2431 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 2432 * {@link #getMac(byte, byte[], EPedMacMode)} checkBuf[2+kcvDataLen]:KCV length 2433 * checkBuf[3+kcvDataLen]:KCV Value</li> 2434 * <li>When checkMode=KCV_SM4_ENCRYPT_0 -4 bytes key check value</li> 2435 * </ul> 2436 * </div> 2437 * 2438 * @param keyVarIn <div class="zh">由keyVarIn生成destKeyValue。</div> <div class="en">DestKeyValue is generated by keyVarIn.</div> 2439 * 2440 * @param keyVarMode <div class="zh"> 2441 * <ul> 2442 * <li>0x00:同{@link IPed#writeKey(EPedKeyType, byte, EPedKeyType, byte, byte[], ECheckMode, byte[])};</li> 2443 * <li>0x01:srcKeyIndex密钥和destkeyIndex密钥的长度都必须是16字节。 2444 * srcKeyIndex对应密钥表示SrcKey, 2445 * SrcKey的左8个字节表示为SrcKey-L。SrcKey的右边8个字节表示为SrcKey-R。 2446 * keyVarIn的左8个字节表示为keyVarIn-L。右8字节的keyVarIn表示为keyVarIn-R。 2447 * K1 = SrcKey-L XOR keyVarIn-L 2448 * K2 = SrcKey-R XOR keyVarIn-L 2449 * K3 = SrcKey-L XOR keyVarIn-R 2450 * K4 = SrcKey-R XOR keyVarIn-R 2451 * 使用K1K2解密destKeyValue的左8字节,然后使用K3K4解密destKeyValue的右8字节;</li> 2452 * <li>0x02:使用OWF2算法对源密钥进行解密,解密结果存储为目标密钥; </li> 2453 * <li>0x03:destKeyValue将由源密钥用CBC TDES算法解密并存储为目标密钥;</li> 2454 * <li>0x04:destKeyValue将由指定的源密钥用CBC TDES算法加密并存储为目标密钥;</li> 2455 * <li>0x05:源密钥通过3DES ECB算法加密destKeyValue得到目的密钥; </li> 2456 * <li>0x06:源密钥通过OWF2解密destKeyValue后再异或destKeyValue得到目的密钥;</li> 2457 * <li>0x07:源密钥通过GOWF(OWF3)模式解密destKeyValue得到目的密钥;</li> 2458 * <li>0x09:源密钥通过APACS70 OWF模式发散destKeyValue得到目的密钥;</li> 2459 * </ul> 2460 * </div> <div class="en"> 2461 * <ul> 2462 * <li>0x00:like {@link IPed#writeKey(EPedKeyType, byte, EPedKeyType, byte, byte[], ECheckMode, byte[])};</li> 2463 * <li>0x01:Both the srcKeyIndex key and destkeyIndex key must be 16 bytes in length. 2464 * SrcKeyIndex corresponds to the key SrcKey, and the left 8 bytes of the SrcKey are represented as Srckey-L. 2465 * The 8 bytes to the right of the SrcKey are represented as Srckey-R. 2466 * The left 8 bytes of keyVarIn are represented as keyvarin-L.The right 8-byte keyVarIn is represented as keyvarin-R. 2467 * K1 = SrcKey-L XOR keyVarIn-L 2468 * K2 = SrcKey-R XOR keyVarIn-L 2469 * K3 = SrcKey-L XOR keyVarIn-R 2470 * K4 = SrcKey-R XOR keyVarIn-R 2471 * Decrypt the left 8 bytes of destKeyValue with K1K2, and then decrypt the right 8 bytes of destKeyValue with K3K4;</li> 2472 * <li>0x02:The source key is decrypted using the OWF2 algorithm, and the decryption result is stored as the target key;</li> 2473 * <li>0x03:The destKeyValue will be decrypted by the source key using the CBC TDES algorithm and stored as the target key;</li> 2474 * <li>0x04:The destKeyValue will be encrypted by the specified source key with the CBC TDES algorithm and stored as the target key;</li> 2475 * <li>0x05:The source key uses 3DES ECB algorithm to encrypt the destKeyValue to obtain the target key;</li> 2476 * <li>0x06:The source key uses OWF2 to decrypt the destKeyValue and then xOR destKeyValue to obtain the target key;</li> 2477 * <li>0x07:The source key uses GOWF(OWF3) mode to decrypt the destKeyValue to obtain the target key</li> 2478 * <li>0x09:The source key diverges destKeyValue through the APACS70 OWF mode to obtain the destination key</li> 2479 * </ul> 2480 * </div> 2481 * 2482 * @throws PedDevException 2483 * @since V3.08.00 2484 */ 2485 void writeKeyEx(EPedKeyType srcKeyType, byte srcKeyIndex, EPedKeyType destKeyType, byte destkeyIndex, 2486 byte[] destKeyValue, ECheckMode checkMode, byte[] checkBuf, byte[] keyVarIn, byte keyVarMode) throws PedDevException; 2487 /** 2488 * <div class="zh">读取PAX CA证书,不校验证书私钥。</div> 2489 * <div class="en">Read the PAX CA certificate without verifying the private key of the certificate.</div> 2490 * 2491 * @param index <div class="zh">证书索引。 2492 * <ul> 2493 * <li>0:PAXCA_RCA_R01_IDX </li> 2494 * <li>1:PAXCA_OCADEV01_IDX </li> 2495 * <li>2:PAXCA_OCASYS01_IDX </li> 2496 * <li>3:PAXCA_RCA_S01_IDX </li> 2497 * <li>4:PAXCA_OCASMDEV01_IDX </li> 2498 * <li>5:PAXCA_OCASMSYS01_IDX </li> 2499 * <li>100:PAXCA_DA_IDX </li> 2500 * <li>101:PAXCA_DE_IDX </li> 2501 * <li>102:PAXCA_DSIG_IDX </li> 2502 * <li>103:PAXCA_DID_IDX </li> 2503 * <li>104:PAXCA_DTLS_IDX </li> 2504 * <li>105:PAXCA_DC_IDX </li> 2505 * <li>200:PAXCA_RKIAK_IDX </li> 2506 * </ul> 2507 * </div> 2508 * <div class="en">Certificate index. 2509 * <ul> 2510 * <li>0:PAXCA_RCA_R01_IDX </li> 2511 * <li>1:PAXCA_OCADEV01_IDX </li> 2512 * <li>2:PAXCA_OCASYS01_IDX </li> 2513 * <li>3:PAXCA_RCA_S01_IDX </li> 2514 * <li>4:PAXCA_OCASMDEV01_IDX </li> 2515 * <li>5:PAXCA_OCASMSYS01_IDX </li> 2516 * <li>100:PAXCA_DA_IDX </li> 2517 * <li>101:PAXCA_DE_IDX </li> 2518 * <li>102:PAXCA_DSIG_IDX </li> 2519 * <li>103:PAXCA_DID_IDX </li> 2520 * <li>104:PAXCA_DTLS_IDX </li> 2521 * <li>105:PAXCA_DC_IDX </li> 2522 * <li>200:PAXCA_RKIAK_IDX </li> 2523 * </ul> 2524 * </div> 2525 * 2526 * @return <div class="zh">PAX CA证书。</div> <div class="en"></div> 2527 * 2528 * @throws PedDevException 2529 * @since V3.08.00 2530 */ 2531 byte[] readPaxCA(byte index) throws PedDevException; 2532 2533 /** 2534 * <div class="zh">写入一个AES密钥,并可以选择使用KCV验证密钥正确性。仅支持{@link EPedType#INTERNAL} 类型。 </div> <div class="en"> To write Aes key to PED, and use KCV to check the 2535 * key correction. {@link EPedType#INTERNAL} only is supported.</div> 2536 * 2537 * @param srcKeyType 2538 * <div class="zh"> 2539 * <p> 2540 * 原密钥类型。 2541 * </p> 2542 * <ul> 2543 * <li>0x22:AES_TMK.</li> 2544 * </ul> 2545 * </div> <div class="en"> 2546 * <p> 2547 * Source Key Type. 2548 * </p> 2549 * <ul> 2550 * <li>0x22:AES_TMK.</li> 2551 * </ul> 2552 * </div> 2553 * 2554 * 2555 * @param srcKeyIndex 2556 * <div class="zh"> 2557 * <p> 2558 * 原密钥索引 2559 * </p> 2560 * <ul> 2561 * <li>srcKeyIndex=[1~100]有效</li> 2562 * </ul> 2563 * 当srcKeyIndex = 0,密钥将以明文形式写入PED。 </div> <div class="en"> 2564 * <p> 2565 * Source Key Index 2566 * </p> 2567 * <ul> 2568 * <li>srcKeyIndex=[1~100]</li> 2569 * </ul> 2570 * when srcKeyIndex = 0,The key will be written to PED in clear text. </div> 2571 * @param destKeyType <div class="zh"> 2572 * <p> 2573 * 目的密钥类型。 2574 * </p> 2575 * <ul> 2576 * <li>0x20:AES_TDK.</li> 2577 * <li>0x22:AES_TMK.</li> 2578 * <li>0x23:AES_TPK.</li> 2579 * <li>0x24:AES_TAK.</li> 2580 * <li>0x2A:AES_PPAD_TPK.</li> 2581 * </ul> 2582 * </div> <div class="en"> 2583 * <p> 2584 * Destination Key Type. 2585 * </p> 2586 * <ul> 2587 * <li>0x20:AES_TDK.</li> 2588 * <li>0x22:AES_TMK.</li> 2589 * <li>0x23:AES_TPK.</li> 2590 * <li>0x24:AES_TAK.</li> 2591 * <li>0x2A:AES_PPAD_TPK.</li> 2592 * </ul> </div> 2593 * 2594 * @param destKeyIndex 2595 * <div class="zh"> 2596 * <p> 2597 * 目的密钥索引[1-100] 2598 * </p> 2599 * </div> <div class="en"> 2600 * <p> 2601 * Destination Key Index[1-100] 2602 * </p> 2603 * </div> 2604 * 2605 * @param destKeyValue 2606 * <div class="zh"> 2607 * <p> 2608 * 密钥明文或密文,16/24/32bytes 2609 * </p> 2610 * </div> <div class="en"> 2611 * <p> 2612 * Cryptograph or Plaintext,16/24/32bytes 2613 * </p> 2614 * </div> 2615 * 2616 * @param checkMode 2617 * {@link EAesCheckMode} <div class="zh"> 2618 * <p> 2619 * 校验模式 2620 * </p> 2621 * <ul> 2622 * <li>checkMode=KCV_NONE -无验证.</li> 2623 * <li>checkMode=KCV_ENCRYPT_0 -对16个字节的0x00进行AES ECB模式加密运算,得到的密文的前4个字节即为KCV值。</li> 2624 * <li>checkMode=KCV_ENCRYPT_FIX_DATA -首先对密钥明文进行奇校验,再对16字节长度 2625 * ―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖进行AES ECB模式的加密运算,得到的密文的前4个字节即为KCV值。</li> 2626 * <li>checkMode=KCV_MAC_INPUT_DATA -传入一串数据KcvData,使用源密钥对[aucDstKeyValue(密文)+ 2627 * KcvData]进行指定模式的MAC运算,得到的8个字节的MAC值即为KCV值。</li> 2628 * </ul> 2629 * </div> <div class="en"> 2630 * <p> 2631 * Check Mode 2632 * </p> 2633 * <ul> 2634 * <li>When checkMode=KCV_NONE -No Check</li> 2635 * <li>When checkMode=KCV_ENCRYPT_0 -Perform AES ECB mode encryption on 16 bytes 0x00, and use first 4 2636 * bytes as KCV.</li> 2637 * 2638 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -Perform parity check first, then perform AES ECB mode 2639 * encryption on 16 bytes―\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56‖, and use 2640 * first 4 bytes as KCV.</li> 2641 * 2642 * <li>When checkMode=KCV_MAC_INPUT_DATA -Send in data KcvData, use source key to perform specified mode 2643 * of MAC on [aucDesKeyValue(ciphertext) +KcvData], and use the 8 bytes result as KCV.</li> 2644 * </ul> 2645 * </div> 2646 * 2647 * @param checkBuf 2648 * <div class="zh"> 2649 * <p> 2650 * 校验数据缓冲区 2651 * </p> 2652 * <ul> 2653 * <li>当checkMode={@link ECheckMode#KCV_NONE}时 checkBuf的值无效,系统认为不验证KCV,可以为null</li> 2654 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_0}时checkBuf为KCV的值</li> 2655 * <li>当checkMode={@link ECheckMode#KCV_ENCRYPT_FIX_DATA}时checkBuf为KCV的值</li> 2656 * <li>当checkMode={@link ECheckMode#KCV_MAC_INPUT_DATA}时按以下规则提供checkBuf: 2657 * <p> 2658 * checkBuf[0]= KcvData长度(KcvDataLen) 2659 * </p> 2660 * <p> 2661 * checkBuf+1: KcvData 2662 * </p> 2663 * <p> 2664 * checkBuf[1+KcvDataLen]=MAC运算模式,参考{@link #getMac(byte, byte[], EPedMacMode)}中的mode参数 2665 * </p> 2666 * <p> 2667 * checkBuf[2+KcvDataLen]=KCV长度 2668 * </p> 2669 * <p> 2670 * checkBuf[3+KcvDataLen]是KCV的值 2671 * </p> 2672 * </li> 2673 * </ul> 2674 * </div> <div class="en"> 2675 * <p> 2676 * Check Data Buffer 2677 * </p> 2678 * <ul> 2679 * <li>When checkMode=KCV_NONE -PED won't check KCV, this data is no meaning.</li> 2680 * <li>When checkMode=KCV_ENCRYPT_0 -4 bytes key check value</li> 2681 * <li>When checkMode=KCV_ENCRYPT_FIX_DATA -4 bytes key check value</li> 2682 * <li>When checkMode=KCV_MAC_INPUT_DATA - checkBuf as follows: checkBuf[0] = length of KcvData 2683 * checkBuf+1: kcvData checkBuf[1+kcvDataLen]: MAC computation mode 2684 * {@link #getMac(byte, byte[], EPedMacMode)} checkBuf[2+kcvDataLen]:KCV length 2685 * checkBuf[3+kcvDataLen]:KCV Value</li> 2686 * </ul> 2687 * </div> 2688 * 2689 * @throws PedDevException 2690 * @since V3.08.00 2691 */ 2692 public void writeAesKey(byte srcKeyType, byte srcKeyIndex, byte destKeyType, byte destKeyIndex, byte[] destKeyValue, 2693 EAesCheckMode checkMode, byte[] checkBuf) throws PedDevException; 2694 2695 /** 2696 * <div class="zh"> 使用DUKPT的MAC密钥或DES密钥,对输入缓存内数据进行加密或解密。仅支持{@link EPedType#INTERNAL} 类型。</div> 2697 * <div class="en"> Use MAC key or DES key of DUKPT to encrypt or decrypt the data in the input buffer.{@link EPedType#INTERNAL} only is supported. </div> 2698 * 2699 * @param groupIndex 2700 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT group ID </div> 2701 * 2702 * @param keyVarType 2703 * <div class="zh"> 2704 * <ul> 2705 * <li>0x00: 用请求和应答MAC密钥。</li> 2706 * <li>0x01: 用DUKPT DES密钥运算。</li> 2707 * <li>0x02: 用DUKPT PIN密钥运算,只能做加密(mode的值只能为0x01或者0x13),解密会返回错误。</li> 2708 * <li>0x03: 使用应答MAC密钥,仅支持加密模式,即mode值只能为0x01、0x03、0x11、0x13。</li> 2709 * <li>0x04: 使用应答DES密钥,仅支持加密模式,即mode值只能为0x01、0x03、0x11、0x13。</li> 2710 * </ul> 2711 * </div> <div class="en"> 2712 * <ul> 2713 * <li>0x00:Use request and response MAC key.</li> 2714 * <li>0x01:Use DUKPT DES key operation.</li> 2715 * <li>0x02:Use DUKPT PIN key operation, only encryption(The value of mode can only be 0x01 or 0x13.), decryption will return error.</li> 2716 * <li>0x03:Using the reply MAC key, only the encryption mode is supported, the mode value can only be 0x01, 0x03, 0x011, 0x13.</li> 2717 * <li>0x04:Using the reply DES key, only the encryption mode is supported, the mode value can only be 0x01, 0x03, 0x011, 0x13.</li> 2718 * </ul> 2719 * </div> 2720 * 2721 * @param iv 2722 * <div class="zh"> 8/16字节初始向量,CBC加解密时需要,如果传入NULL,将默认用“\x00\x00\x00\x00\x00\x00\x00\x00”或 2723 * “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00”作为初始向量 </div> 2724 * <div class="en"> 8/16 bytes initialization vector, used for CBC encryption or decryption. If set it to NULL, 2725 * it will use “\x00\x00\x00\x00\x00\x00\x00\x00” or “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00” 2726 * as the initialization vector by default. </div> 2727 * 2728 * @param dataIn 2729 * <div class="zh"> 指向需要进行运算的数据, 数据长度<=8192,8整除(AES时,16整除)。</div> <div class="en"> Point to the data which need to 2730 * be computed.Data length less than or equal to 8192, it is divisible by 8(In AES, 16 is divisible). </div> 2731 * 2732 * @param mode <div class="zh"> 2733 * <ul> 2734 * <li>0x00:ECB 解密。</li> 2735 * <li>0x01:ECB 加密。</li> 2736 * <li>0x02:CBC 解密。</li> 2737 * <li>0x03:CBC 加密。</li> 2738 * <li>0x10:AES ECB 解密。</li> 2739 * <li>0x11:AES ECB 加密。</li> 2740 * <li>0x12:AES CBC 解密。</li> 2741 * <li>0x13:AES CBC 加密。</li> 2742 * </ul> 2743 * </div> 2744 * <div class="en"> 2745 * <ul> 2746 * <li>0x00:ECB decryption.</li> 2747 * <li>0x01:ECB encryption.</li> 2748 * <li>0x02:CBC decryption.</li> 2749 * <li>0x03:CBC encryption.</li> 2750 * <li>0x10:AES ECB decryption.</li> 2751 * <li>0x11:AES ECB encryption.</li> 2752 * <li>0x12:AES CBC decryption.</li> 2753 * <li>0x13:AES CBC encryption.</li> 2754 * </ul> 2755 * </div> 2756 * 2757 * @return {@link DUKPTResult} 2758 * @throws PedDevException 2759 * @since V3.08.00 2760 */ 2761 @Deprecated 2762 public DUKPTResult calcDUKPTData(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, byte mode) 2763 throws PedDevException; 2764 2765 /** 2766 * <div class="zh"> 使用DUKPT的MAC密钥计算MAC。支持{@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} 类型。 韩国Smartro定制。</div> 2767 * <div class="en"> Use MAC Key to calculate MAC. {@link EPedType#INTERNAL},{@link EPedType#EXTERNAL_TYPEA} is supported. For Korea Smartro.</div> 2768 * 2769 * @param groupIndex 2770 * <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100] DUKPT key group index id </div> 2771 * 2772 * @param dataIn 2773 * <div class="zh"> 指向需要计算MAC的数据内容 </div> <div class="en"> The MAC data content needs to be calculated</div> 2774 * 2775 * @param mode <div class="zh"> 2776 * <ul> 2777 * <li>0:{@link EDUKPTMacMode#MODE_00}</li> 2778 * <li>1:{@link EDUKPTMacMode#MODE_01}</li> 2779 * <li>2:{@link EDUKPTMacMode#MODE_02}</li> 2780 * <li>5:{@link EDUKPTMacMode#MODE_05}</li> 2781 * <li>20:{@link EDUKPTMacMode#MODE_20}</li> 2782 * <li>21:{@link EDUKPTMacMode#MODE_21}</li> 2783 * <li>22:{@link EDUKPTMacMode#MODE_22}</li> 2784 * <li>25:{@link EDUKPTMacMode#MODE_25}</li> 2785 * <li>40:{@link EDUKPTMacMode#MODE_40}</li> 2786 * <li>41:{@link EDUKPTMacMode#MODE_41}</li> 2787 * <li>42:{@link EDUKPTMacMode#MODE_42}</li> 2788 * <li>45:{@link EDUKPTMacMode#MODE_45}</li> 2789 * </ul> 2790 * 备注:20,22,40,42模式可以支持最大输入8k大小的输入数据,其他模式维持原来最大1k的输入数据 2791 * </div> 2792 * <div class="en"> 2793 * <ul> 2794 * <li>0:{@link EDUKPTMacMode#MODE_00}</li> 2795 * <li>1:{@link EDUKPTMacMode#MODE_01}</li> 2796 * <li>2:{@link EDUKPTMacMode#MODE_02}</li> 2797 * <li>5:{@link EDUKPTMacMode#MODE_05}</li> 2798 * <li>20:{@link EDUKPTMacMode#MODE_20}</li> 2799 * <li>21:{@link EDUKPTMacMode#MODE_21}</li> 2800 * <li>22:{@link EDUKPTMacMode#MODE_22}</li> 2801 * <li>25:{@link EDUKPTMacMode#MODE_25}</li> 2802 * <li>40:{@link EDUKPTMacMode#MODE_40}</li> 2803 * <li>41:{@link EDUKPTMacMode#MODE_41}</li> 2804 * <li>42:{@link EDUKPTMacMode#MODE_42}</li> 2805 * <li>45:{@link EDUKPTMacMode#MODE_45}</li> 2806 * </ul> 2807 * Note: In 20, 22, 40, and 42 modes, the maximum size of input data can be 8 KB. In other modes, the maximum size of input data can be 1 KB 2808 * </div> 2809 * 2810 * @return {@link DUKPTResult} 2811 * @throws PedDevException 2812 * @since V3.09.00 2813 */ 2814 DUKPTResult getDUKPTMac(byte groupIndex, byte[] dataIn, byte mode) throws PedDevException; 2815 2816 /** 2817 * <div class="zh">擦除指定类型的密钥。仅支持{@link EPedType#INTERNAL} 类型。</div> 2818 * <div class="en">Erases the key of the specified type. {@link EPedType#INTERNAL} only is supported.</div> 2819 * 2820 * @param mode <div class="zh"> 2821 * <ul> 2822 * <li>0:清空TDES MK/SK DUKPT, AES MK/SK DUKPT密钥。</li> 2823 * <li>1:清空TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2、RSA密钥。</li> 2824 * <li>2:清空 SM2、RSA密钥。</li> 2825 * </ul></div> 2826 * <div class="en"> 2827 * <ul> 2828 * <li>0: Clear TDES MK/SK DUKPT, AES MK/SK DUKPT keys.</li> 2829 * <li>1: Clear TDES MK/SK DUKPT, AES MK/SK DUKPT, SM2、RSA keys.</li> 2830 * <li>2: Clear SM2、RSA keys.</li> 2831 * </ul></div> 2832 * @throws PedDevException 2833 * @since V3.11.00 2834 */ 2835 void eraseKeyEx(byte mode) throws PedDevException; 2836 2837 /** 2838 * <div class="zh">WIC卡的密钥验证步骤,根据WIC密钥计算出challenge数据。接口不进行与卡片交互的步骤,仅计算出challenge数据。后续流程需要由应用处理。需要设备中存在WIC密钥(以TDK的方式保存)。仅支持{@link EPedType#INTERNAL} 类型。</div> 2839 * <div class="en">WIC card key verification steps, based on the WIC key to calculate the challenge data.The interface does not perform the steps of interacting with the card, 2840 * only calculating the challenge data.Subsequent processes need to be handled by the application.The WIC key (stored as TDK) is required to be present in the device.{@link EPedType#INTERNAL} only is supported.</div> 2841 * 2842 * @param srcKeyIndex <div class="zh">WIC key索引。</div> <div class="en">WIC key index.</div> 2843 * 2844 * @param mode <div class="zh"> 2845 * <ul> 2846 * <li>0:WIC key为16字节,根据cardSN计算出16字节daughter key,并根据dataIn算出challenge数据。</li> 2847 * <li>1:WIC key为8字节,根据cardSN直接算出challenge数据。</li> 2848 * <li>2:WIC key为8字节,根据cardSN直接算出challenge数据。</li> 2849 * </ul></div> <div class="en"> 2850 * <ul> 2851 * <li>0:The WIC key is 16 bytes. Calculate the 16-byte daughter key according to cardSN, and calculate the challenge data according to dataIn.</li> 2852 * <li>1:The WIC key is 8 bytes, and the challenge data is directly calculated according to the cardSN.</li> 2853 * <li>2:The WIC key is 8 bytes, and the challenge data is directly calculated according to the cardSN.</li> 2854 * </ul></div> 2855 * 2856 * @param cardSN <div class="zh">8字节的Card SN信息。</div> <div class="en">8 bytes of Card SN information.</div> 2857 * 2858 * @param dataIn <div class="zh">输入数据。8字节。仅在mode=0时使用。当mode为其他值时传入任意数据即可。</div> 2859 * <div class="en">Enter data.8 bytes.Used only when mode=0.Pass in any data when the mode is any other value.</div> 2860 * 2861 * @return <div class="zh">8字节的challenge数据。</div> <div class="en">8 bytes of challenge data.</div> 2862 * 2863 * @throws PedDevException 2864 * @since V3.12.00 2865 */ 2866 byte[] challengeWICKey(byte srcKeyIndex, byte mode, byte[] cardSN, byte[] dataIn) throws PedDevException; 2867 2868 /** 2869 * <div class="zh">输入PIN的过程,并将PIN保存在PED内部。仅支持{@link EPedType#INTERNAL} 类型。</div> 2870 * <div class="en">The process of entering the PIN and saving the PIN inside the PED. {@link EPedType#INTERNAL} only is supported.</div> 2871 * 2872 * @param expPinLen <div class="zh">可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 2873 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略.。</div> 2874 * <div class="en">The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 2875 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored.</div> 2876 * 2877 * @param timeoutMs <div class="zh">输入PIN的超时时间,单位:毫秒 最大值为300000ms。0:表示没有超时时间,PED不做超时控制。</div> 2878 * <div class="en">The timeout of PIN entry [unit:ms] Maximum is 300000ms.0: No timeout time, not doing timeout control for PED.</div> 2879 * 2880 * @param mode <div class="zh">保留扩展,目前为0x00。</div> <div class="en">Reserved for extension, currently 0x00.</div> 2881 * 2882 * @throws PedDevException 2883 */ 2884 void inputPin(String expPinLen, long timeoutMs, byte mode) throws PedDevException; 2885 2886 /** 2887 * <div class="zh">将{@link #inputPin(String, long, byte)}的输入PIN加密为密文PinBlock。PIN将被清空。仅支持{@link EPedType#INTERNAL} 类型。</div> 2888 * <div class="en">Encrypt the inputPin of {@link #inputPin(String, long, byte)} as ciphertext PinBlock.The PIN will be cleared. {@link EPedType#INTERNAL} only is supported.</div> 2889 * 2890 * @param keyIndex <div class="zh"> [1~100] TPK的索引 </div> <div class="en"> [1~100] TPK index </div> 2891 * 2892 * @param dataIn <div class="zh"> 2893 * <ul> 2894 * <li>当mode=0x00时,DataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 2895 * <li>当mode=0x01时,DataIn被忽略,接口内部采用随机数填充PINBlock。 </li> 2896 * <li>当mode=0x02时,DataIn指向位移后的16位PAN。</li> 2897 * <li>当mode=0x03时,为交易流水号ISN [6 Bytes,ASCII码]。</li> 2898 * </ul></div> 2899 * <div class="en"> 2900 * <ul> 2901 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting, excluding the check bit.</li> 2902 * <li>When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 2903 * <li>When mode=0x02, DataIn is the 16 bytes primary account number after shifting.</li> 2904 * <li>When mode=0x03, is the transaction current number [6 Bytes,ASCII code].</li> 2905 * </ul></div> 2906 * @param mode <div class="zh"> PIN BLOCK的格式。 2907 * <ul> 2908 * <li>0x00:ISO9564 格式0。该模式有频度控制,触发频度控制时返回{@link EPedDevException #PED_ERR_WAIT_INTERVAL}。</li> 2909 * <li>0x01:ISO9564 格式1。</li> 2910 * <li>0x02:ISO9564 格式3。</li> 2911 * <li>0x03:HK EPS 格式。</li> 2912 * </ul></div> 2913 * <div class="en"> PIN BLOCK Format. 2914 * <ul> 2915 * <li>0x00:ISO9564 format 0. This mode has frequency control, which returns {@link EPedDevException #PED_ERR_WAIT_INTERVAL} when triggered.</li> 2916 * <li>0x01:ISO9564 format 1.</li> 2917 * <li>0x02:ISO9564 format 3.</li> 2918 * <li>0x03:HK EPS format.</li> 2919 * </ul></div> 2920 * 2921 * @return <div class="zh">8字节的PinBlock。</div> <div class="en">8-byte PinBlock.</div> 2922 * 2923 * @throws PedDevException 2924 * @since V3.13.00 2925 */ 2926 byte[] pinEndGetPinBlock(byte keyIndex, byte[] dataIn, byte mode) throws PedDevException; 2927 2928 /** 2929 * <div class="zh">在{@link #inputPin(String, long, byte)}输入完毕后,使用DUKPT的PIN密钥计算PinBlock。PIN将被清空。仅支持{@link EPedType#INTERNAL} 类型。 </div> 2930 * <div class="en">After {@link #inputPin(String, long, byte)} is entered, calculate the PinBlock using DUKPT's Pin key. 2931 * The PIN will be cleared. {@link EPedType#INTERNAL} only is supported.</div> 2932 * 2933 * @param groupIndex <div class="zh"> [1~100] DUKPT密钥组索引号 </div> <div class="en"> [1~100]DUKPT key group id </div> 2934 * 2935 * @param dataIn <div class="zh"> 2936 * <ul> 2937 * <li>当mode=00/20时,DataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 2938 * <li>当mode=01/21时,DataIn被忽略,接口内部采用随机数填充PINBlock。 </li> 2939 * <li>当mode=02/22时,DataIn指向位移后的16位PAN。</li> 2940 * <li>当mode=03/23时,为交易流水号ISN [6 Bytes,ASCII码]。</li> 2941 * </ul></div> 2942 * <div class="en"> 2943 * <ul> 2944 * <li>When mode=00/20, DataIn is the 16 bytes primary account number after shifting, excluding the check bit.</li> 2945 * <li>When mode=01/21, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 2946 * <li>When mode=02/22, DataIn is the 16 bytes primary account number after shifting.</li> 2947 * <li>When mode=03/23, is the transaction current number [6 Bytes,ASCII code].</li> 2948 * </ul></div> 2949 * 2950 * @param mode <div class="zh"> 2951 * <ul> 2952 * <li>00:ISO9564 格式0, KSN自动加1。</li> 2953 * <li>01:ISO9564 格式1, KSN自动加1。</li> 2954 * <li>02:ISO9564 格式3 ,KSN自动加1。</li> 2955 * <li>03:HK EPS格式, KSN自动加1。</li> 2956 * <li>20:ISO9564 格式0,KSN不自动加1。</li> 2957 * <li>21:ISO9564 格式1,KSN不自动加1。</li> 2958 * <li>22:ISO9564 格式3,KSN不自动加1。</li> 2959 * <li>23:HK EPS格式, KSN不自动加1。</li> 2960 * </ul></div> 2961 * <div class="en"> 2962 * <ul> 2963 * <li>00:ISO9564 format 0, KSN automatically add 1.</li> 2964 * <li>01:ISO9564 format 1, KSN automatically add 1.</li> 2965 * <li>02:ISO9564 format 3, KSN automatically add 1.</li> 2966 * <li>03:HK EPS format, KSN automatically add 1.</li> 2967 * <li>20:ISO9564 format 0,KSN doesn't automatically add 1.</li> 2968 * <li>21:ISO9564 format 1,KSN doesn't automatically add 1.</li> 2969 * <li>22:ISO9564 format 3,KSN doesn't automatically add 1.</li> 2970 * <li>23:HK EPS format, KSN doesn't automatically add 1.</li> 2971 * </ul></div> 2972 * 2973 * @return {@link DUKPTResult} 2974 * 2975 * @throws PedDevException 2976 * @since V3.13.00 2977 */ 2978 DUKPTResult pinEndGetDukptPin(byte groupIndex, byte[] dataIn, byte mode) throws PedDevException; 2979 2980 /** 2981 * <div class="zh">在{@link #inputPin(String, long, byte)}输入完毕后,使用AES DUKPT的PIN密钥计算PinBlock。PIN将被清空。仅支持{@link EPedType#INTERNAL} 类型。 </div> 2982 * <div class="en">After {@link #inputPin(String, long, byte)} is entered, calculate the PinBlock using AES DUKPT's Pin key. 2983 * The PIN will be cleared. {@link EPedType#INTERNAL} only is supported.</div> 2984 * 2985 * @param groupIndex <div class="zh">[1~40] AES DUKPT密钥组索引号 。</div> <div class="en"> [1~40] AES DUKPT key group id. </div> 2986 * 2987 * @param dataIn <div class="zh"> 2988 * <ul> 2989 * <li>当mode=0x20时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 2990 * <li>当mode=0x21时,dataIn未使用,但是不能为NULL。 </li> 2991 * <li>当mode=0x22时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 2992 * <li>当mode=0x23时,为交易流水号ISN [6 Bytes,ASCII码]。</li> 2993 * <li>当mode=0x24时,dataIn为主账号。</li> 2994 * </ul></div> 2995 * <div class="en"> 2996 * <ul> 2997 * <li>When mode=0x20, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.</li> 2998 * <li>When mode=0x21, dataIn is not in use, but cannot be NULL.</li> 2999 * <li>When mode=0x22, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.</li> 3000 * <li>When mode=0x23, is the transaction current number [6 Bytes,ASCII code].</li> 3001 * <li>When mode=0x24, dataIn is primary account.</li> 3002 * </ul></div> 3003 * 3004 * @param eAlgorithmType {@link EAlgorithmType} 3005 * 3006 * @param mode <div class="zh"> 3007 * <ul> 3008 * <li>0x20:ISO9564 格式0,KSN不自动加1。</li> 3009 * <li>0x21:ISO9564 格式1,KSN不自动加1。</li> 3010 * <li>0x22:ISO9564 格式3,KSN不自动加1。</li> 3011 * <li>0x23:HK EPS格式, KSN不自动加1。</li> 3012 * <li>0x24:ISO9564 格式4,KSN不自动加1。</li> 3013 * </ul></div> 3014 * <div class="en"> 3015 * <ul> 3016 * <li>0x20:ISO9564 format 0,KSN doesn't automatically add 1。</li> 3017 * <li>0x21:ISO9564 format 1,KSN doesn't automatically add 1。</li> 3018 * <li>0x22:ISO9564 format 3,KSN doesn't automatically add 1。</li> 3019 * <li>0x23:HK EPS format, KSN doesn't automatically add 1。</li> 3020 * <li>0x24:ISO9564 format 4,KSN doesn't automatically add 1。</li> 3021 * </ul></div> 3022 * 3023 * @return {@link DUKPTResult} 3024 * 3025 * @throws PedDevException 3026 * @since V3.13.00 3027 */ 3028 DUKPTResult pinEndGetAesDukptPin(byte groupIndex, byte[] dataIn, EAlgorithmType eAlgorithmType, byte mode) throws PedDevException; 3029 3030 /** 3031 * <div class="zh">在{@link #inputPin(String, long, byte)}输入完毕后,进行脱机明文PIN校验功能。 3032 * 按照应用提供的卡片命令与卡片通道号,将明文PinBlock直接发送给卡片。PIN将被清空。仅支持{@link EPedType#INTERNAL} 类型。</div> 3033 * <div class="en">After {@link #inputPin(String, long, byte)} is entered, offline plaintext PIN validation is performed. 3034 * Send the clear text PinBlock directly to the card according to the card command and card channel number provided by 3035 * the application。 The PIN will be cleared. {@link EPedType#INTERNAL} only is supported.</div> 3036 * 3037 * @param slot <div class="zh"> 卡片所在的卡座号。 </div> <div class="en">The card slot number. </div> 3038 * 3039 * @param mode <div class="zh"> 3040 * <ul> 3041 * <li>0x00: I C卡命令模式,现支持符合EMV2000的IC卡命令。</li> 3042 * <li>0x01: 给WIC使用。</li> 3043 * </ul> 3044 * </div> 3045 * <div class="en"> 3046 * <ul> 3047 * <li>0x00: IC Card Command Mode,Currently support EMV2000.</li> 3048 * <li>0x01: For WIC.</li> 3049 * </ul> 3050 * </div> 3051 * 3052 * @return <div class="zh"> 卡片响应的状态码 (2字节:SW1+SW2) </div> 3053 * <div class="en"> The status code of card response (2 bytes: SW1+SW2). </div> 3054 * 3055 * @throws PedDevException 3056 * @since V3.13.00 3057 */ 3058 byte[] pinEndVerifyPlainPin(byte slot, byte mode) throws PedDevException; 3059 3060 /** 3061 * <div class="zh"> 在{@link #inputPin(String, long, byte)}输入完毕后,进行脱机密文PIN校验功能。先获取明文PIN,再用应用提供的RsaPinKey 3062 * 对明文PIN按照EMV规范进行加密,然后用应用提供的卡片命令与卡片通道号,将密文PIN直接发送给卡片 。PIN将被清空。仅支持{@link EPedType#INTERNAL} 类型。</div> 3063 * <div class="en">After {@link #inputPin(String, long, byte)} is entered, verify enciphered PIN offline is performed. Get plain text PIN and then 3064 * use RsaPinKey provided by application to encrypt plaintext PIN according to EMV standard. Send enciphered PIN to card according to card command 3065 * and card channel number provided by application. The PIN will be cleared.{@link EPedType#INTERNAL} only is supported. </div> 3066 * 3067 * @param slot <div class="zh"> 卡片所在的卡座号。 </div> <div class="en">The card slot number. </div> 3068 * 3069 * @param rsaPinKey {@link RSAPinKey} 3070 * 3071 * @param mode <div class="zh"> 0x00 IC卡命令模式,目前支持EMV2000。 </div> <div class="en"> 0x00 IC Card Command Mode,Currently support EMV2000. </div> 3072 * 3073 * @return <div class="zh"> 卡片响应的状态码 (2字节:SW1+SW2) </div> 3074 * <div class="en"> The status code of card response (2 bytes: SW1+SW2). </div> 3075 * 3076 * @throws PedDevException 3077 * @since V3.13.00 3078 */ 3079 byte[] pinEndVerifyCipherPin(byte slot, RSAPinKey rsaPinKey, byte mode) throws PedDevException; 3080 3081 /** 3082 * <div class="zh">设置PED密码键盘类型。仅支持{@link EPedType#INTERNAL} 类型。</div> 3083 * <div class="en">Set the PED keyboard type. {@link EPedType#INTERNAL} only is supported.</div> 3084 * 3085 * @param type <div class="zh"> 3086 * <ul> 3087 * <li>0x01:翻转PED密码键盘。</li> 3088 * <li>0x02:盲人模式PED密码键盘。</li> 3089 * </ul></div> 3090 * <div class="en"> 3091 * <ul> 3092 * <li>0x01:Flip the PED keyboard.</li> 3093 * <li>0x02:Blind mode PED keyboard.</li> 3094 * </ul></div> 3095 * @throws PedDevException 3096 * @since V3.15.00 3097 */ 3098 void setKeyboard(byte type) throws PedDevException; 3099 3100 /** 3101 * <div class="zh">擦除指定的密钥。仅支持{@link EPedType#INTERNAL} 类型。</div> 3102 * <div class="en">Erases the specified key. {@link EPedType#INTERNAL} only is supported.</div> 3103 * 3104 * @param keyType <div class="zh">密钥类型。 3105 * <ul> 3106 * <li>0x02: TMK[1~100]</li> 3107 * <li>0x0A: TWK[1~100]</li> 3108 * <li>0x07: TIK[1~100]</li> 3109 * <li>0x51: AES_TIK[1~100]</li> 3110 * <li>0X0B: RSA[1~20]</li> 3111 * <li>0x30: SM2_PVT_KEY[1~20]</li> 3112 * <li>0x31: SM2_PUB_KEY[1~20]</li> 3113 * <li>0x46: SALT_KEY[1~2]</li> 3114 * </ul> 3115 * </div> 3116 * <div class="en">Key type. 3117 * <ul> 3118 * <li>0x02: TMK[1~100]</li> 3119 * <li>0x0A: TWK[1~100]</li> 3120 * <li>0x07: TIK[1~100]</li> 3121 * <li>0x51: AES_TIK[1~100]</li> 3122 * <li>0X0B: RSA[1~20]</li> 3123 * <li>0x30: SM2_PVT_KEY[1~20]</li> 3124 * <li>0x31: SM2_PUB_KEY[1~20]</li> 3125 * <li>0x46: SALT_KEY[1~2]</li> 3126 * </ul></div> 3127 * @param keyIndex <div class="zh">密钥索引。</div> <div class="en">Key index.</div> 3128 * @throws PedDevException 3129 * @since V3.15.00 3130 */ 3131 void eraseKey(byte keyType, byte keyIndex) throws PedDevException; 3132 3133 /** 3134 * <div class="zh">写入TR31格式的密钥到PED。包括TMK、TWK、TIK、AES_TMK、AES_TWK和AES_TIK。</div><div class="en">To write keys in TR31 format into PED, including TMK,TWK,TIK,AES_TMK,AES_TWK and AES_TIK.</div> 3135 * 3136 * @param srcKeyType <div class="zh">原密钥类型。 3137 * <ul> 3138 * <li>0x01:{@link EPedKeyType#TLK}</li> 3139 * <li>0x02:{@link EPedKeyType#TMK}</li> 3140 * <li>0x22:{@link EPedKeyType#AES_TMK}</li> 3141 * </ul></div> 3142 * <div class="en">The source key type. 3143 * <ul> 3144 * <li>0x01:{@link EPedKeyType#TLK}</li> 3145 * <li>0x02:{@link EPedKeyType#TMK}</li> 3146 * <li>0x22:{@link EPedKeyType#AES_TMK}</li> 3147 * </ul></div> 3148 * @param srcKeyIndex <div class="zh">原密钥索引。 3149 * <ul> 3150 * <li>如果srcKeyType等于{@link EPedKeyType#TLK}时,索引为1.</li> 3151 * <li>如果srcKeyType等于{@link EPedKeyType#TMK}时,索引为[1~100].</li> 3152 * <li>如果srcKeyType等于{@link EPedKeyType#AES_TMK}时,索引为[1~100].</li> 3153 * </ul></div> 3154 * <div class="en">The source key index. 3155 * <ul> 3156 * <li>If srcKeyType is equal to {@link EPedKeyType#TLK}, the index is 1.</li> 3157 * <li>If srcKeyType is equal to {@link EPedKeyType#TMK}, the index is [1~100].</li> 3158 * <li>If srcKeyType is equal to {@link EPedKeyType#AES_TMK}, the index is [1~100].</li> 3159 * </ul></div> 3160 * @param dstKeyIndex <div class="zh">目的密钥索引。 3161 * <ul> 3162 * <li>如果dstKeyType等于{@link EPedKeyType#AES_TIK}时,索引为[1~40].</li> 3163 * <li>其他类型时,索引为[1~100].</li> 3164 * </ul></div> 3165 * <div class="en">Destination key index. 3166 * <ul> 3167 * <li>If dstKeyType is equal to {@link EPedKeyType#AES_TIK}, the index is [1~40]</li> 3168 * <li>Other key types, the index is [1~100]</li> 3169 * </ul></div> 3170 * @param TR31KeyBlock <div class="zh">TR31格式的密钥块。 3171 * <ul> 3172 * <li>Key Block Version ID (1 byte): 3173 * <br>"B"-TDEA 3174 * <br>"D"-AES</li> 3175 * <li>Key Block Length (4 bytes):编码后提供密钥块长度的ASCII十进制数字。例如,“0080”</li> 3176 * <li>Key Usage (2 bytes): 3177 * <br>"P0"-PIN encryption 3178 * <br>"B1"-DUKPT TIK 3179 * <br>"K0"-TMK 3180 * <br>"D0"-TDK 3181 * <br>"Mx"-TAK 3182 * <br>"C1"-TCHDK</li> 3183 * <li>Algorithm (1 byte): 3184 * <br>"T"-TDEA 3185 * <br>"A"-AES</li> 3186 * <li>Mode of Use (1 byte):ignore</li> 3187 * <li>Key Version Number (2 bytes):ignore</li> 3188 * <li>Exportability (1 byte):ignore</li> 3189 * <li>Number of Optional Blocks (2 bytes):00/01/02</li> 3190 * <li>Reserved field (2 bytes):ignore</li> 3191 * <li>Optional Blocks(密钥块中所有可选块的总长度将是加密块大小的倍数(TDES 为 8,AES 为 16)。 3192 * 这可能需要填充,如果需要填充,则包含在一个特殊的最终可选块中 填充了适当数量的填充字符。): 3193 * <br>“KS”-(2 bytes option id) + len (2 bytes, hex-ASCII “18”) + 20 hex-ASCII characters KSN, (PED_TIK KSN) 3194 * <br>“IK”-(2 bytes option id) + len (2 bytes, hex-ASCII “14”) + 16 hex-ASCII characters KSN (PED_AES_TIK Initial Key Identifier) 3195 * <br>“PB”-(2 bytes option id) + len (2 bytes, hex-ASCII “0C”) + hex-ASCII characters padding</li> 3196 * <li>Encryption body:Cipher text (2 bytes len + key + padding)</li> 3197 * <li>MAC(TDES is 16 bytes, AES is 32 bytes):MAC</li> 3198 * </ul></div> 3199 * <div class="en">Key blocks in TR31 format. 3200 * <ul> 3201 * <li>Key Block Version ID (1 byte): 3202 * <br>"B"-TDEA 3203 * <br>"D"-AES</li> 3204 * <li>Key Block Length (4 bytes):ASCII decimal numeric digits providing key block length after encoding.for example, “0080”</li> 3205 * <li>Key Usage (2 bytes): 3206 * <br>"P0"-PIN encryption 3207 * <br>"B1"-DUKPT TIK 3208 * <br>"K0"-TMK 3209 * <br>"D0"-TDK 3210 * <br>"Mx"-TAK 3211 * <br>"C1"-TCHDK</li> 3212 * <li>Algorithm (1 byte): 3213 * <br>"T"-TDEA 3214 * <br>"A"-AES</li> 3215 * <li>Mode of Use (1 byte):ignore</li> 3216 * <li>Key Version Number (2 bytes):ignore</li> 3217 * <li>Exportability (1 byte):ignore</li> 3218 * <li>Number of Optional Blocks (2 bytes):00/01/02</li> 3219 * <li>Reserved field (2 bytes):ignore</li> 3220 * <li>Optional Blocks((The total length of all optional blocks in the key block will be a multiple of the encryption block size (TDES is 8, AES is 16). This may require padding, and if padding is needed it is included in a special final optional block that is filled with an appropriate number of padding characters.): 3221 * <br>“KS”-(2 bytes option id) + len (2 bytes, hex-ASCII “18”) + 20 hex-ASCII characters KSN, (PED_TIK KSN) 3222 * <br>“IK”-(2 bytes option id) + len (2 bytes, hex-ASCII “14”) + 16 hex-ASCII characters KSN (PED_AES_TIK Initial Key Identifier) 3223 * <br>“PB”-(2 bytes option id) + len (2 bytes, hex-ASCII “0C”) + hex-ASCII characters padding</li> 3224 * <li>Encryption body:Cipher text (2 bytes len + key + padding)</li> 3225 * <li>MAC(TDES is 16 bytes, AES is 32 bytes):MAC</li> 3226 * </ul></div> 3227 * @throws PedDevException 3228 * @since V3.17.00 3229 */ 3230 void writeTR31Key(byte srcKeyType, byte srcKeyIndex, byte dstKeyIndex, byte[] TR31KeyBlock) throws PedDevException; 3231 3232 /** 3233 * <div class="zh">生成证书签名请求。仅支持{@link EPedType#INTERNAL} 类型。</div> 3234 * <div class="en">Generate the Certificate Signing Request. {@link EPedType#INTERNAL} only is supported.</div> 3235 * 3236 * @param pubKeyIndex <div class="zh">RSA公钥索引。</div> <div class="en">RSA public key index.</div> 3237 * 3238 * @param pvkKeyIndex <div class="zh">RSA私钥索引。</div> <div class="en">RSA private key index.</div> 3239 * 3240 * @param dn <div class="zh">证书信息,如:"C=CN,ST=GD,L=SZ,O=PAX,OU=PAX_DEV,CN=paxsz,[email protected]"。常用如下: 3241 * <table border="1"> 3242 * <tr> 3243 * <th>字段</th> 3244 * <th>说明</th> 3245 * <th>示例</th> 3246 * </tr> 3247 * <tr> 3248 * <td>C</td> 3249 * <td>Country Name</td> 3250 * <td>CN</td> 3251 * </tr> 3252 * <tr> 3253 * <td>ST</td> 3254 * <td>State or Province Name</td> 3255 * <td>GD</td> 3256 * </tr> 3257 * <tr> 3258 * <td>L</td> 3259 * <td>Locality Name</td> 3260 * <td>SZ</td> 3261 * </tr> 3262 * <tr> 3263 * <td>O</td> 3264 * <td>Organization Name</td> 3265 * <td>PAX</td> 3266 * </tr> 3267 * <tr> 3268 * <td>OU</td> 3269 * <td>Organization Unit Name</td> 3270 * <td>PAX_DEV</td> 3271 * </tr> 3272 * <tr> 3273 * <td>CN</td> 3274 * <td>Common Name</td> 3275 * <td>paxsz</td> 3276 * </tr> 3277 * <tr> 3278 * <td>E</td> 3279 * <td>Email Address</td> 3280 * <td>[email protected]</td> 3281 * </tr> 3282 * </table> 3283 * </div> 3284 * <div class="en">Certificate information, such as: "C=CN,ST=GD,L=SZ,O=PAX,OU=PAX_DEV,CN=paxsz,[email protected]".Commonly used as follows: 3285 * <table border="1"> 3286 * <tr> 3287 * <th>Field</th> 3288 * <th>Instruction</th> 3289 * <th>Sample</th> 3290 * </tr> 3291 * <tr> 3292 * <td>C</td> 3293 * <td>Country Name</td> 3294 * <td>CN</td> 3295 * </tr> 3296 * <tr> 3297 * <td>ST</td> 3298 * <td>State or Province Name</td> 3299 * <td>GD</td> 3300 * </tr> 3301 * <tr> 3302 * <td>L</td> 3303 * <td>Locality Name</td> 3304 * <td>SZ</td> 3305 * </tr> 3306 * <tr> 3307 * <td>O</td> 3308 * <td>Organization Name</td> 3309 * <td>PAX</td> 3310 * </tr> 3311 * <tr> 3312 * <td>OU</td> 3313 * <td>Organization Unit Name</td> 3314 * <td>PAX_DEV</td> 3315 * </tr> 3316 * <tr> 3317 * <td>CN</td> 3318 * <td>Common Name</td> 3319 * <td>paxsz</td> 3320 * </tr> 3321 * <tr> 3322 * <td>E</td> 3323 * <td>Email Address</td> 3324 * <td>[email protected]</td> 3325 * </tr> 3326 * </table> 3327 * </div> 3328 * 3329 * @return <div class="zh">CSR。</div> <div class="en">CSR.</div> 3330 * 3331 * @throws PedDevException 3332 * @since V3.19.00 3333 */ 3334 String genCSR(byte pubKeyIndex, byte pvkKeyIndex, String dn) throws PedDevException; 3335 3336 /** 3337 * <div class="zh">用keyIndex指定的Salt密钥以及dataIn,依照指定mode做HMAC运算。仅支持{@link EPedType#INTERNAL} 类型。</div> 3338 * <div class="en">Do the HMAC operation in the specified mode with the Salt key specified in keyIndex and dataIn. {@link EPedType#INTERNAL} only is supported.</div> 3339 * 3340 * @param keyIndex <div class="zh">Salt Key的索引。1或2 。</div> <div class="en">Index of the Salt 1 or 2.</div> 3341 * @param dataIn <div class="zh">需进行HMAC运算的数据。最长1024字节,Mode=0x03时dataIn的长度是<=32 字节</div> 3342 * <div class="en">Data that require HMAC operations.Maximum 1024 bytes,When Mode=0x03, the length of dataIn is <=32 bytes</div> 3343 * @param mode <div class="zh"> 3344 * <ul> 3345 * <li>0x01:HMAC-SHA1.</li> 3346 * <li>0x02:HMAC-SHA256.</li> 3347 * <li>0x03:hashedPAN.</li> 3348 * </ul> 3349 * </div> 3350 * <div class="en"> 3351 * <ul> 3352 * <li>0x01:HMAC-SHA1.</li> 3353 * <li>0x02:HMAC-SHA256.</li> 3354 * <li>0x03:hashedPAN.</li> 3355 * </ul> 3356 * </div> 3357 * @return <div class="zh">HMAC结果。</div> <div class="en">HMAC results.</div> 3358 * @throws PedDevException 3359 * @since V3.19.00 3360 */ 3361 byte[] calcHMAC(int keyIndex, byte[] dataIn, int mode) throws PedDevException; 3362 3363 /** 3364 * <div class="zh">写入salt密钥。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Write salt key. {@link EPedType#INTERNAL} only is supported.</div> 3365 * 3366 * @param salt <div class="zh">salt明文密钥。长度最长128字节。</div> <div class="en">Salt plaintext key.The maximum length is 128 bytes.</div> 3367 * @throws PedDevException 3368 * @since V3.19.00 3369 */ 3370 void writeSaltKey(byte[] salt) throws PedDevException; 3371 3372 /** 3373 * <div class="zh">写入 AES DUKPT 初始密钥 AESTIK,并可以选择使用 KCV 验证密钥正确性。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Write the AES DUKPT initial key AESTIK, and you can choose to use KCV to verify the correctness of the key. {@link EPedType#INTERNAL} only is supported.</div> 3374 * 3375 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 3376 * @param srcKeyIndex <div class="zh">保护密钥的密钥索引。0表示明文写入。目前仅支持明文写入。</div> 3377 * <div class="en">The index of the key protecting the key. 0 means writing in plaintext. Currently only plaintext writing is supported.</div> 3378 * @param keyValue <div class="zh">AESTIK 的明文。目前AES DUKPT 算法支持 16/24/32 字节长度的密钥。</div> <div class="en">The plain text of AESTIK. Currently, the AES DUKPT algorithm supports keys with a length of 16/24/32 bytes.</div> 3379 * @param ksn <div class="zh">初始化 KSN。长度10/12 字节,只有在兼容模式才会是 10 字节。</div> <div class="en">Initialize KSN. The length is 10/12 bytes, only in compatibility mode will it be 10 bytes.</div> 3380 * @param checkMode <div class="zh">验证模式。 3381 * <ul> 3382 * <li>0x00:无校验。</li> 3383 * <li>0x05:对16个字节的 0x00进行AES加密,得到的密文的前3个字节即为KCV。</li> 3384 * <li>0x06:对16个字节的 0x00进行AES CMAC加密,得到的密文的前3个字节即为KCV。</li> 3385 * </ul> 3386 * </div> <div class="en">Check mode. 3387 * <ul> 3388 * <li>0x00: No check.</li> 3389 * <li>0x05:Perform AES encryption on the 16 bytes of 0x00, and the first 3 bytes of the ciphertext obtained are KCV.</li> 3390 * <li>0x06:Perform AES CMAC encryption on the 16 bytes of 0x00, and the first 3 bytes of the ciphertext obtained are KCV.</li> 3391 * </ul> </div> 3392 * @param checkBuf <div class="zh"> 3393 * <ul> 3394 * <li>当checkMode=0x00时,checkBuf的值无效,系统认为不验证KCV。</li> 3395 * <li>当checkMode=0x05/0x06时,checkBuf[0]=KCV的长度,checkBuf[1]开始是KCV的值。</li> 3396 * </ul> 3397 * </div> <div class="en"> 3398 * <ul> 3399 * <li>When checkMode=0x00, the value of checkBuf is invalid, and the system considers that KCV is not verified.</li> 3400 * <li>When checkMode=0x05/0x06, checkBuf[0]=KCV length, checkBuf[1] starts with the value of KCV.</li> 3401 * </ul> 3402 * </div> 3403 * @throws PedDevException PedDevException 3404 * @since V3.22.00 3405 */ 3406 void writeAesDUKPTTIK(byte groupIndex, byte srcKeyIndex, byte[] keyValue, byte[] ksn, byte checkMode, 3407 byte[] checkBuf) throws PedDevException; 3408 3409 /** 3410 * <div class="zh">在 PED 上输入 PIN,并使 AES DUKPT 的 PIN 密钥计算 PINBlock。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Enter the PIN on the PED, and use the PIN key of AES DUKPT to calculate the PINBlock. {@link EPedType#INTERNAL} only is supported.</div> 3411 * 3412 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 3413 * @param exPinLen <div class="zh">可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 3414 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。</div> <div class="en">The valid password length string that can be entered, the application enumerates all the allowable password lengths, 3415 * and separates each length with a "," sign. The valid value of the password length is 0, 4~12. If 4 or 6-digit passwords are allowed and you can press confirm without a password, the character string should be set to "0, 4, 6". 3416 * If the length of the enumeration is 0, it means that you can directly press the enter key to return without entering any number. If there are invalid values of length in the enumerated string, such as "2, 6, 7, 10", the invalid value will be ignored.</div> 3417 * @param dataIn <div class="zh"> 3418 * <ul> 3419 * <li>当mode=0x20时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 3420 * <li>当mode=0x21时,dataIn未使用,但是不能为NULL。 </li> 3421 * <li>当mode=0x22时,dataIn指向卡号移位后生成的16位主帐号,不包含校验位。</li> 3422 * <li>当mode=0x23时,为交易流水号ISN [6 Bytes,ASCII码]。</li> 3423 * <li>当mode=0x24时,dataIn为主账号。</li> 3424 * </ul></div> 3425 * <div class="en"> 3426 * <ul> 3427 * <li>When mode=0x20, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.</li> 3428 * <li>When mode=0x21, dataIn is not in use, but cannot be NULL.</li> 3429 * <li>When mode=0x22, dataIn points to the 16-bit primary account generated after the card number shift, excluding the check bit.</li> 3430 * <li>When mode=0x23, is the transaction current number [6 Bytes,ASCII code].</li> 3431 * <li>When mode=0x24, dataIn is primary account.</li> 3432 * </ul></div> 3433 * @param algorithmType {@link EAlgorithmType} <div class="zh"> 3434 * <ul> 3435 * <li>为{@link EAlgorithmType#_2TDEA_}或者{@link EAlgorithmType#_3TDEA_}时,使用 TDES算法计算(mode不能为0x24\0xA4)。</li> 3436 * <li>为{@link EAlgorithmType#_AES128_}或者{@link EAlgorithmType#_AES192_}或者{@link EAlgorithmType#_AES256_}时,使用 AES 算法计算(mode只能为0x24\0xA4)。</li> 3437 * </ul> 3438 * </div> <div class="en"> 3439 * <ul> 3440 * <li>When it is {@link EAlgorithmType#_2TDEA_} or {@link EAlgorithmType#_3TDEA_}, use the TDES algorithm for calculation (mode cannot be 0x24\0xA4).</li> 3441 * <li>When it is {@link EAlgorithmType#_AES128_} or {@link EAlgorithmType#_AES192_} or {@link EAlgorithmType#_AES256_}, use the AES algorithm for calculation (mode can only be 0x24\0xA4).</li> 3442 * </ul> 3443 * </div> 3444 * @param mode <div class="zh"> 3445 * <ul> 3446 * <li>0x20:ISO9564 格式0,KSN不自动加1。</li> 3447 * <li>0x21:ISO9564 格式1,KSN不自动加1。</li> 3448 * <li>0x22:ISO9564 格式3,KSN不自动加1。</li> 3449 * <li>0x23:HK EPS格式, KSN不自动加1。</li> 3450 * <li>0x24:ISO9564 格式4,KSN不自动加1。</li> 3451 * <li>上述模式+0x80(0xA0,0xA1,0xA2,0xA3,0xA4),仅将超时时间从两个按键之间的间隔时间调整为整个输PIN过程的总时间,其它功能不变.</li> 3452 * </ul></div> 3453 * <div class="en"> 3454 * <ul> 3455 * <li>0x20:ISO9564 format 0,KSN doesn't automatically add 1。</li> 3456 * <li>0x21:ISO9564 format 1,KSN doesn't automatically add 1。</li> 3457 * <li>0x22:ISO9564 format 3,KSN doesn't automatically add 1。</li> 3458 * <li>0x23:HK EPS format, KSN doesn't automatically add 1。</li> 3459 * <li>0x24:ISO9564 format 4,KSN doesn't automatically add 1。</li> 3460 * <li>The above mode +0x80(0xA0,0xA1,0xA2,0xA3,0xA4) only adjusts the timeout time from the interval between two keys to the total time of the entire PIN input process, and other functions remain unchanged.</li> 3461 * </ul></div> 3462 * @param timeoutMs 3463 * <div class="zh">输入 PIN 的超时时间。单位:毫秒,最大值为 300000ms。0表示没有超时时间,PED 不做超时控制。</div> 3464 * <div class="en">Enter the PIN timeout period. Unit: milliseconds, the maximum value is 300000ms. 0 means there is no timeout period, and PED does not do timeout control.</div> 3465 * 3466 * @return {@link DUKPTResult} 3467 * 3468 * @throws PedDevException PedDevException 3469 * @since V3.22.00 3470 */ 3471 DUKPTResult getAesDUKPTPin(byte groupIndex, String exPinLen, byte[] dataIn, EAlgorithmType algorithmType, byte mode, 3472 long timeoutMs) throws PedDevException; 3473 3474 /** 3475 * <div class="zh">使用 AES DUKPT 的数据加解密密钥,对输入缓存内数据进行加密或解密。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Use the AES DUKPT data encryption and decryption key to encrypt or decrypt the data in the input buffer. {@link EPedType#INTERNAL} only is supported.</div> 3476 * 3477 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 3478 * @param keyVarType <div class="zh"> 3479 * <ul> 3480 * <li>0x01: 用 AES DUKPT 数据加解密密钥运算。</li> 3481 * <li>0x04: 使用应答数据密钥,仅支持加密模式,即mode 值只能为 0x01、0x03。</li> 3482 * <li>0x05: 使用请求数据密钥,仅支持解密模式,即mode 值只能为 0x00、0x02。</li> 3483 * </ul> 3484 * </div> <div class="en"> 3485 * <ul> 3486 * <li>0x01: Use AES DUKPT data encryption and decryption key operations.</li> 3487 * <li>0x04: Using the response data key, only supports the encryption mode, that is, the mode value can only be 0x01, 0x03.</li> 3488 * <li>0x05: When using the requested data key, only the decryption mode is supported, that is, the mode value can only be 0x00, 0x02.</li> 3489 * </ul> 3490 * </div> 3491 * @param iv <div class="zh"> 8/16字节初始向量,CBC加解密时需要,如果传入NULL,将默认用“\x00\x00\x00\x00\x00\x00\x00\x00”或 3492 * “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00”作为初始向量 </div> 3493 * <div class="en"> 8/16 bytes initialization vector, used for CBC encryption or decryption. If set it to NULL, 3494 * it will use “\x00\x00\x00\x00\x00\x00\x00\x00” or “\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00” 3495 * as the initialization vector by default. </div> 3496 * @param dataIn <div class="zh">需要进行运算的数据。数据长度<=8192,8(TDES)/16(AES)整除。</div> <div class="en">The data to be calculated. Data length<=8192, evenly divided by 8(TDES)/16(AES).</div> 3497 * @param algorithmType <div class="zh"> 3498 * <ul> 3499 * <li>为{@link EAlgorithmType#_2TDEA_}或{@link EAlgorithmType#_3TDEA_}时,使用TDES算法计算。</li> 3500 * <li>为{@link EAlgorithmType#_AES128_}或{@link EAlgorithmType#_AES192_}或{@link EAlgorithmType#_AES256_}时,使用AES算法计算。</li> 3501 * </ul> 3502 * </div> <div class="en"> 3503 * <ul> 3504 * <li>When it is {@link EAlgorithmType#_2TDEA_} or {@link EAlgorithmType#_3TDEA_}, use the TDES algorithm for calculation.</li> 3505 * <li>When it is {@link EAlgorithmType#_AES128_} or {@link EAlgorithmType#_AES192_} or {@link EAlgorithmType#_AES256_}, use the AES algorithm for calculation.</li> 3506 * </ul> 3507 * </div> 3508 * @param mode <div class="zh"> 3509 * <ul> 3510 * <li>0x00: ECB 解密</li> 3511 * <li>0x01: ECB 加密</li> 3512 * <li>0x02: CBC 解密</li> 3513 * <li>0x03: CBC 加密</li> 3514 * </ul> 3515 * </div> <div class="en"> 3516 * <ul> 3517 * <li>0x00: ECB decryption.</li> 3518 * <li>0x01: ECB encryption.</li> 3519 * <li>0x02: CBC decryption.</li> 3520 * <li>0x03: CBC encryption.</li> 3521 * </ul> 3522 * </div> 3523 * @return {@link DUKPTResult} 3524 * @throws PedDevException PedDevException 3525 * @since V3.22.00 3526 */ 3527 DUKPTResult calcAesDUKPTData(byte groupIndex, byte keyVarType, byte[] iv, byte[] dataIn, 3528 EAlgorithmType algorithmType, byte mode) throws PedDevException; 3529 3530 /** 3531 * <div class="zh">使用 AES DUKPT 的 MAC 密钥计算 MAC。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Use AES DUKPT's MAC key to calculate MAC. {@link EPedType#INTERNAL} only is supported.</div> 3532 * 3533 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 3534 * @param dataIn <div class="zh">要进行 MAC 运算的数据内容。数据的长度<=2048,长度不能被 8(TDES)/16(AES)整除,则自动补 0x00。</div> <div class="en">The data content to be MAC operation. The length of the data <=2048, and the length cannot be divisible by 8(TDES)/16(AES), then 0x00 will be automatically added.</div> 3535 * @param algorithmType <div class="zh"> 3536 * <ul> 3537 * <li>为{@link EAlgorithmType#_2TDEA_}或{@link EAlgorithmType#_3TDEA_}时,使用TDES算法计算。</li> 3538 * <li>为{@link EAlgorithmType#_AES128_}或{@link EAlgorithmType#_AES192_}或{@link EAlgorithmType#_AES256_}时,使用AES算法计算。</li> 3539 * <li>为{@link EAlgorithmType#_HMAC128_}或{@link EAlgorithmType#_HMAC192_}或{@link EAlgorithmType#_HMAC256_}时,仅支持HMAC-SHA256算法计算。即mode为0x25/0x45/0x65。</li> 3540 * </ul> 3541 * </div> <div class="en"> 3542 * <ul> 3543 * <li>When it is {@link EAlgorithmType#_2TDEA_} or {@link EAlgorithmType#_3TDEA_}, use the TDES algorithm for calculation.</li> 3544 * <li>When it is {@link EAlgorithmType#_AES128_} or {@link EAlgorithmType#_AES192_} or {@link EAlgorithmType#_AES256_}, use the AES algorithm for calculation.</li> 3545 * <li>When it is {@link EAlgorithmType#_HMAC128_} or {@link EAlgorithmType#_HMAC192_} or {@link EAlgorithmType#_HMAC256_}, only HMAC-SHA256 algorithm calculation is supported. That is, the mode is 0x25/0x45/0x65.</li> 3546 * </ul> 3547 * </div> 3548 * @param mode <div class="zh"> 3549 * 请求和应答MAC密钥: 3550 * <ul> 3551 * <li>0x20: 根据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。</li> 3552 * <li>0x21: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1。</li> 3553 * <li>0x22: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。)</li> 3554 * <li>0x23: CMAC算法。 KSN不自动加1。其它值保留扩展MAC算法。</li> 3555 * <li>0x25: HMAC-SHA256算法。 KSN不自动加1。</li></ul> 3556 * 应答MAC密钥: 3557 * <ul> 3558 * <li>0x40: 根据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。</li> 3559 * <li>0x41: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1 。</li> 3560 * <li>0x42: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。) </li> 3561 * <li>0x43: CMAC算法。 KSN不自动加1。其它值保留扩展MAC算法。</li> 3562 * <li>0x45: HMAC-SHA256算法。 KSN不自动加1。</li></ul> 3563 * 请求MAC密钥: 3564 * <ul> 3565 * <li>0x60: 据ANSI X9.9规范,将 BLOCK1 用 MAC密钥做 TDES/AES 加密,加密结果与 BLOCK2进行逐位异或后再用MAC密钥做 TDES/AES加密,依次进行得到 8(TDES)/16(AES)字节的加密结果。 KSN 不自动加 1。</li> 3566 * <li>0x61: Hypercom Fast Mode,将 BLOCK1 和BLOCK2 进行逐位异或,异或结果与 BLOCK3进 行 逐 位 异 或 , 依 次 进 行 , 最 后 得 到8(TDES)/16(AES)字节的异或结果,将该结果用MAC 密钥进行 TDES/AES 加密运算。KSN 不自动加 1。</li> 3567 * <li>0x62: 根据 ANSIX9.19 规范,将 BLOCK1 用MAC密钥做DES 加密(只取前8个字节的key),加密结果与 BLOCK2 进行逐位异或后再用MAC 密钥做 DES 加密,依次进行得到 8 字节的加密结果,直到最后一次采用 TDES 加密。 KSN不自动加 1。 (不支持 AES 算法。) </li> 3568 * <li>0x63: CMAC算法。KSN不自动加1。 其它值保留扩展MAC算法。</li> 3569 * <li>0x65: HMAC-SHA256算法。 KSN不自动加1。</li> 3570 * </ul> 3571 * </div> <div class="en"> 3572 * 0x2x: key usage is _Message_Authentication_both_ways_ 3573 * <ul> 3574 * <li>0x20: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.</li> 3575 * <li>0x21: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.</li> 3576 * <li>0x22: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)</li> 3577 * <li>0x23: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.</li> 3578 * <li>0x25: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.</li> </ul> 3579 * 0x4x: key usage is _Message_Authentication_verification_ 3580 * <ul> 3581 * <li>0x40: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.</li> 3582 * <li>0x41: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.</li> 3583 * <li>0x42: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)</li> 3584 * <li>0x43: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.</li> 3585 * <li>0x45: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.</li></ul> 3586 * 0x6x: key usage is _Message_Authentication_generation_ 3587 * <ul> 3588 * <li>0x60: According to the ANSI X9.9 specification, BLOCK1 is encrypted with MAC key for TDES/AES, the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for TDES/AES encryption, and then proceed to get 8(TDES)/16( AES) byte encryption result. KSN does not automatically increase by 1.</li> 3589 * <li>0x61: In Hypercom Fast Mode, BLOCK1 and BLOCK2 are XORed bit by bit, and the XOR result is XORed bit by bit with BLOCK3, and then proceeded in sequence. Finally, an XOR result of 8 (TDES)/16 (AES) bytes is obtained. Use this result The MAC key performs TDES/AES encryption operations. KSN does not automatically increase by 1.</li> 3590 * <li>0x62: According to the ANSIX9.19 specification, BLOCK1 is encrypted with MAC key for DES (only the key of the first 8 bytes is taken), and the encrypted result is XORed with BLOCK2 bit by bit, and then the MAC key is used for DES encryption, and then proceed to get 8 The result of byte encryption until the last TDES encryption. KSN does not automatically increase by 1. (The AES algorithm is not supported.)</li> 3591 * <li>0x63: CMAC algorithm. KSN does not automatically increase by 1. Other values retain the extended MAC algorithm.</li> 3592 * <li>0x65: HMAC-SHA256 algorithm. KSN does not automatically increase by 1.</li> 3593 * </ul> 3594 * </div> 3595 * @return {@link DUKPTResult} <div class="zh">当mode等于HMAC-SHA256算法时,输出长度为32字节。其他mode输出长度是8(TDES)/16(AES)字节。</div> 3596 * <div class="en">When the mode is equal to the HMAC-SHA256 algorithm, the output length is 32 bytes. Other mode will be 8(TDES)/16(AES) bytes.</div> 3597 * @throws PedDevException PedDevException 3598 * @since V3.22.00 3599 */ 3600 DUKPTResult getAesDUKPTMac(byte groupIndex, byte[] dataIn, EAlgorithmType algorithmType, byte mode) throws 3601 PedDevException; 3602 3603 /** 3604 * <div class="zh">读取当前的 KSN,将在下一次计算使用。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Read the current KSN, which will be used in the next calculation. {@link EPedType#INTERNAL} only is supported.</div> 3605 * 3606 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 3607 * @return <div class="zh">当前的 KSN 。</div> <div class="en">The current KSN.</div> 3608 * @throws PedDevException PedDevException 3609 * @since V3.22.00 3610 */ 3611 byte[] getAesDUKPTKsn(byte groupIndex) throws PedDevException; 3612 3613 /** 3614 * <div class="zh">KSN 加 1。对应于KSN的单个DUKPT密钥最多只能使用256次,在达到最大次数后,进一步使用该密钥将返回{@link EPedDevException#PED_ERR_DUKPT_NEED_INC_KSN}异常, 3615 * 所以请在使用钥匙次数超过最大次数之前增加KSN。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Add 1 to KSN. A single DUKPT key corresponding to KSN can only be used up to 256 times. After the maximum number of times is reached, further use of this key will return {@link EPedDevException#PED_ERR_DUKPT_NEED_INC_KSN} exception, so please increase KSN before using the key more than the maximum number of times.{@link EPedType#INTERNAL} only is supported.</div> 3616 * 3617 * @param groupIndex <div class="zh">AES DUKPT密钥组索引。范围1~40。</div> <div class="en">AES DUKPT key group index. The range is 1~40.</div> 3618 * @throws PedDevException PedDevException 3619 * @since V3.22.00 3620 */ 3621 void incAesDUKPTKsn(byte groupIndex) throws PedDevException; 3622 3623 /** 3624 * <div class="zh">写入由源密钥加密的特殊要求的密码密钥。</div> 3625 * <div class="en">Write a specially required cryptographic key encrypted by the source key.</div> 3626 * 3627 * @param srcKeyType <div class="zh">源密钥类型。必须是{@link com.pax.dal.entity.EPedKeyType#TMK}。</div> 3628 * <div class="en">Source key type. Must be {@link com.pax.dal.entity.EPedKeyType#TMK}.</div> 3629 * @param srcKeyIndex <div class="zh">源密钥索引。</div> <div class="en">Source key index.</div> 3630 * @param keyInfo <div class="zh">密钥内容 3631 * <ul> 3632 * <li>mode = 0时 3633 * <br>keyInfo有3个字节:keyType(1个字节)+ keyIndex(1个字节)+ keyCipherFormat(1个字节) 3634 * <br>keyType必须是PED_RSA 3635 * <br>keyIndex必须是1~10,keyCipherFormat必须是0</li> 3636 * <li>mode = 1时 3637 * <br>KeyInfo有6个字节:keyType(1个字节)+ keyIndex(1个字节)+ keyCipherFormat(1个字节)+keyTypeInfo(1个字节)+keyVersion(1个字节)+ keyLen(1个字节) 3638 * <br>keyType必须是PED_TCUSTK和PED_AES_TDK 3639 * <br>keyIndex必须是1~100,keyCipherFormat为0(ECB)或1(CBC) 3640 * <br>keyTypeInfo在keyType是PED_TCUSTK情况下,必须是SaltKey/MacKey/TableKey/DesfireMasterKey 3641 * <br>SaltKey 0x00 3642 * <br>MacKey 0x01 3643 * <br>TableKey 0x02 3644 * <br>DesfireMasterKey 0x03 </li> 3645 * </ul></div> 3646 * <div class="en">Key content 3647 * <ul> 3648 * <li>mode = 0 3649 * <br>keyInfo has three bytes: keyType (1 byte) + keyIndex (1 byte) + keyCipherFormat (1 byte) 3650 * <br>keyType must be PED_RSA 3651 * <br>keyIndex must be 1 ~ 10, keyCipherFormat must cbe 0.</li> 3652 * <li>mode = 1 3653 * <br>KeyInfo has 6 bytes: keyType (1 byte) + keyIndex (1 byte) + keyCipherFormat (1 byte) + keyTypeInfo (1 byte) + keyVersion (1 byte) + keyLen(1 Bytes) 3654 * <br>keyType must be PED_TCUSTK and PED_AES_TDK 3655 * <br>keyIndex must be 1~100, keyCipherFormat must be 0 (ECB) or 1 (CBC) 3656 * <br>keyTypeInfo must be SaltKey/MacKey/TableKey/DesfireMasterKey when the keyType is PED_TCUSTK 3657 * <br>SaltKey 0x00 3658 * <br>MacKey 0x01 3659 * <br>TableKey 0x02 3660 * <br>DesfireMasterKey 0x03 </li> 3661 * </ul></div> 3662 * @param keyBlock <div class="zh">密码密钥块。</div> <div class="en">Cipher key block.</div> 3663 * @param mode <div class="zh">模式 3664 * <ul> 3665 * <li>0,写入由{@link com.pax.dal.entity.EPedKeyType#TMK}加密的TCU RSA。</li> 3666 * <li>1,写入由{@link com.pax.dal.entity.EPedKeyType#TMK}加密的PED_TCUSTK和PED_AES_TDK。</li> 3667 * </ul></div> 3668 * <div class="en">Mode 3669 * <ul> 3670 * <li>0, Writt TCU RSA encrypted by {@link com.pax.dal.entity.EPedKeyType#TMK}.</li> 3671 * <li>1, Write PED_TCUSTK and PED_AES_TDK encrypted by {@link com.pax.dal.entity.EPedKeyType#TMK}.</li> 3672 * </ul></div> 3673 * @throws PedDevException PedDevException 3674 * @since V3.23.00 3675 */ 3676 void writeCipherKey(byte srcKeyType, byte srcKeyIndex, byte[] keyInfo, byte[] keyBlock, byte mode) throws PedDevException; 3677 3678 3679 /** 3680 * <div class="zh">查询密钥信息。</div> 3681 * <div class="en">Query key information.</div> 3682 * 3683 * @param keyType <div class="zh">密钥类型。 3684 * <ul> 3685 * <li>0x01: TLK</li> 3686 * <li>0x02: TMK</li> 3687 * <li>0x0A: TWK</li> 3688 * <li>0x07: TIK</li> 3689 * <li>0x20: TAESK</li> 3690 * <li>0x0B: RSA</li> 3691 * <li>0x0C: AES_TWK</li> 3692 * <li>0x22: AES_TMK</li> 3693 * <li>0x51: AES_TIK</li> 3694 * </ul></div> 3695 * <div class="en">key type. 3696 * <ul> 3697 * <li>0x01: TLK</li> 3698 * <li>0x02: TMK</li> 3699 * <li>0x0A: TWK</li> 3700 * <li>0x07: TIK</li> 3701 * <li>0x20: TAESK</li> 3702 * <li>0x0B: RSA</li> 3703 * <li>0x0C: AES_TWK</li> 3704 * <li>0x22: AES_TMK</li> 3705 * <li>0x51: AES_TIK</li> 3706 * </ul></div> 3707 * @param keyIndex <div class="zh">密钥索引. 3708 * <ul> 3709 * <li>TLK: 1</li> 3710 * <li>TMK: 1-100</li> 3711 * <li>TWK: 1-100</li> 3712 * <li>TIK: 1-100</li> 3713 * <li>TAESK: 1-40</li> 3714 * <li>RSA: 1-10</li> 3715 * <li>AES_TWK: 1-100</li> 3716 * <li>AES_TMK: 1-100</li> 3717 * <li>AES_TIK: 1-40</li> 3718 * </ul></div> 3719 * <div class="en">key index. 3720 * <ul> 3721 * <li>TLK: 1</li> 3722 * <li>TMK: 1-100</li> 3723 * <li>TWK: 1-100</li> 3724 * <li>TIK: 1-100</li> 3725 * <li>TAESK: 1-40</li> 3726 * <li>RSA: 1-10</li> 3727 * <li>AES_TWK: 1-100</li> 3728 * <li>AES_TMK: 1-100</li> 3729 * <li>AES_TIK: 1-40</li> 3730 * </ul></div> 3731 * @throws PedDevException PedDevException 3732 * @since V3.25.00 3733 */ 3734 KeyInfo queryKeyInfo(byte keyType, byte keyIndex) throws PedDevException; 3735 3736 /** 3737 * <div class="zh">设置盲人输入法语音播报的语言。此接口需在{@link #getPinBlock(byte, String, byte[], byte, int)}之前设置才有效。仅支持{@link EPedType#INTERNAL} 类型。</div> 3738 * <div class="en">Set the language for the voice broadcast of the blind input method. This interface needs to be set before 3739 * {@link #getPinBlock(byte, String, byte[], byte, int)} to be effective. {@link EPedType#INTERNAL} only is supported.</div> 3740 * 3741 * @param language <div class="zh">语言类型。 3742 * <ul> 3743 * <li>0x00: 英语。</li> 3744 * <li>0x0A: 波兰语。</li> 3745 * <li>0x0B: 法语。</li> 3746 * <li>0x0C: 西班牙语。</li> 3747 * <li>0x0D: 澳大利亚英语。</li> 3748 * <li>0x0E: 意大利语。</li> 3749 * <li>0x0F: 英语(意大利客户)。</li> 3750 * <li>0x10: 普通话。</li> 3751 * <li>0x11: 粤语。</li> 3752 * <li>0x12: 葡萄牙语(巴西)。</li> 3753 * <li>0x16: 英语(法国CB认证)。</li> 3754 * <li>0x17: 法语(法国CB认证)。</li> 3755 * </ul> 3756 * </div> 3757 * <div class="en">Language type. 3758 * <ul> 3759 * <li>0x00: English.</li> 3760 * <li>0x0A: Polish.</li> 3761 * <li>0x0B: French.</li> 3762 * <li>0x0C: Spanish.</li> 3763 * <li>0x0D: Australian.</li> 3764 * <li>0x0E: Italian.</li> 3765 * <li>0x0F: English(for Italian).</li> 3766 * <li>0x10: Chinese_Mandarin.</li> 3767 * <li>0x11: Chinese_Cantonese.</li> 3768 * <li>0x12: Portuguese (Brazil)</li> 3769 * <li>0x16: English (French CB Certification)</li> 3770 * <li>0x17: French (French CB Certification)</li> 3771 * </ul> 3772 * </div> 3773 * @throws PedDevException PedDevException 3774 * @since V3.26.00 3775 */ 3776 void setDoubleTapKeyboardLanguage(byte language) throws PedDevException; 3777 3778 3779 /** 3780 * <div class="zh">通过M1MasterKey去发散M1key,给非接驱动提供秘钥实现M1的认证。</div> 3781 * <div class="en">Distribute M1key through M1MasterKey, and provide secret key to contactless driver to realize M1 authentication.</div> 3782 * 3783 * @param type <div class="zh">'A'或'a': 提交的是A密码<br/> 3784 * 'B'或'b': 提交的是B密码 3785 * </div> 3786 * <div class="en">'A' or'a': A password is submitted<br/> 3787 * 'B' or 'b': B password is submitted 3788 * </div> 3789 * @param m1KeyIdx <div class="zh">{@link EPedKeyType#PED_TM1K} 密钥索引</div> 3790 * <div class="en">{@link EPedKeyType#PED_TM1K} key index</div> 3791 * @param m1MasterKeyIdx <div class="zh">PED_TCUSTK密钥索引,密钥信息必须为DesfireMifareMasterKey</div> 3792 * <div class="en">PED_TCUSTK key index, the key information must be DesfireMifareMasterKey</div> 3793 * @param blkNo <div class="zh">要访问的块号 </div> 3794 * <div class="en">Block number to be accessed</div> 3795 * @param serialNo <div class="zh">卡片序列号,长度必须为4 </div> 3796 * <div class="en">Card serial number, length must be 4</div> 3797 * @throws PedDevException PedDevException 3798 * @since V3.28.00 3799 */ 3800 void m1AuthorityDiversified(byte type, byte m1KeyIdx, byte m1MasterKeyIdx, byte blkNo, byte[] serialNo) throws PedDevException; 3801 3802 /** 3803 * <div class="zh">使用DesfireMasterKey和DiversificationKey来计算认证数据。</div> 3804 * <div class="en">Use DesfireMasterKey and DiversificationKey to calculate authentication data.</div> 3805 * 3806 * @param keyIndex1 <div class="zh">DesfireMaster Key(PED_TCUSTK) 密钥索引, keyinfo 必须是 DesfireMasterKey。</div> 3807 * <div class="en">DesfireMaster Key(PED_TCUSTK) key index, keyinfo must be DesfireMasterKey.</div> 3808 * @param keyIndex2 <div class="zh">Diversification key(PED_AES_TDK) 密钥索引。</div> 3809 * <div class="en">Diversification key(PED_AES_TDK) key index.</div> 3810 * @param csn <div class="zh">长度为7的序列号</div> 3811 * <div class="en">Serial number of length 7</div> 3812 * @param dataIn <div class="zh">需要进行运算的数据</div> 3813 * <div class="en">Data to be calculated</div> 3814 * @param initVector <div class="zh">向量,仅适用于CBC模式,若传NULL则用0填充,如果ECB模式,该参数被忽略。</div> 3815 * <div class="en">Vector, only applicable to CBC mode. If NULL is passed, it will be filled with 0. If ECB mode, this parameter is ignored.</div> 3816 * @param mode <div class="zh">运算模式 3817 * <ul> 3818 * <li>0x00:ECB解密模式</li> 3819 * <li>0x01:ECB加密模式</li> 3820 * <li>0x02:CBC解密模式</li> 3821 * <li>0x03:CBC加密模式</li> 3822 * </ul></div> 3823 * <div class="en">Operation mode 3824 * <ul> 3825 * <li>0x00: ECB decryption mode</li> 3826 * <li>0x01: ECB encryption mode</li> 3827 * <li>0x02: CBC decryption mode</li> 3828 * <li>0x03: CBC encryption mode</li> 3829 * </ul></div> 3830 * @return <div class="zh">运算后的数据</div> 3831 * <div class="en">Data after calculation</div> 3832 * @throws PedDevException PedDevException 3833 * @since V3.27.00 3834 */ 3835 byte[] calcDesfireAuth(byte keyIndex1, byte keyIndex2, byte[] csn, byte[] dataIn, byte[] initVector, byte mode) throws PedDevException; 3836 3837 /** 3838 * <div class="zh">读取客户定制TCUSTK密钥信息。</div> 3839 * <div class="en">Read customer customized TCUTK key information.</div> 3840 * 3841 * @param keyType <div class="zh">TCUSTK密钥类型。</div> 3842 * <div class="en">TCUSTK key type.</div> 3843 * @param keyIndex <div class="zh">TCUSTK密钥索引。</div> <div class="en">TCUSTK key index.</div> 3844 * @param infoType <div class="zh"> 数据类型 3845 * <br>目前只支持0。</div> 3846 * <div class="en">type of data 3847 * <br>Currently only supports 0.</div> 3848 * 3849 * @return <div class="zh">密钥信息,根据不同的InfoType输出不同的值,目前只支持0模式(keyTypeInfo + keyVersion)。</div> 3850 * <div class="en">Key information, output different values according to different InfoType, currently only supports 0 mode(keyTypeInfo + keyVersion).</div> 3851 * @throws PedDevException PedDevException 3852 * @since V3.27.00 3853 */ 3854 byte[] readKeyInfo(byte keyType, byte keyIndex, byte infoType) throws PedDevException; 3855 3856 3857 /** 3858 * <div class="zh">使用MAC密钥进行MAC运算。</div> 3859 * <div class="en">Use MAC keys for MAC operations.</div> 3860 * 3861 * @param keyType <div class="zh">MAC key type. can be TCUSTK(0x4a) or HMAC_TAK(0x4e).</div> 3862 * <div class="en">MAC key type. can be TCUSTK(0x4a) or HMAC_TAK(0x4e).</div> 3863 * @param keyIdx <div class="zh"> MAC key index. [1-100]</div> <div class="en"> MAC key index. [1-100]</div> 3864 * @param dataIn <div class="zh"> 需要进行运算的数据。</div> 3865 * <div class="en">Data to be calculated.</div> 3866 * @param mode <div class="zh">运算模式 3867 * <ul> 3868 * <li>CBC(16 bytes) 0x00 </li> 3869 * <li>CMAC(16 bytes) 0x03 </li> 3870 * <li>HMAC-SHA256(32 bytes) 0x05</li> 3871 * <li>SHA256(32 bytes) 0x06 </li> 3872 * <li>HMAC-SHA1(20 bytes) 0x07 </li> 3873 * </ul> 3874 * if keyType is TCUSTK, The valid mode is determined by the key info. 3875 * if keyType is HMAC_TAK, mode can be HMAC-SHA256/SHA256 3876 * </div> 3877 * <div class="en">Operation mode 3878 * <ul> 3879 * <li>CBC(16 bytes) 0x00 </li> 3880 * <li>CMAC(16 bytes) 0x03 </li> 3881 * <li>HMAC-SHA256(32 bytes) 0x05</li> 3882 * <li>SHA256(32 bytes) 0x06 </li> 3883 * <li>HMAC-SHA1(20 bytes) 0x07 </li> 3884 * </ul> 3885 * if keyType is TCUSTK, The valid mode is determined by the key info. 3886 * if keyType is HMAC_TAK, mode can be HMAC-SHA256/SHA256 3887 * </div> 3888 * @return <div class="zh">运算后的数据,根据mode不同,输出不同长度的值。</div> 3889 * <div class="en">The calculated data, according to different modes, output values of different lengths.</div> 3890 * @throws PedDevException PedDevException 3891 * @since V3.27.00 3892 */ 3893 byte[] keyCalcMac(byte keyType, byte keyIdx, byte[] dataIn, byte mode) throws PedDevException; 3894 3895 /** 3896 * <div class="zh">使用预装PAX CA公钥或者私钥进行签名、加密、解密。</div> 3897 * <div class="en">Use the pre-installed Pax CA for signature, encryption and decryption.</div> 3898 * 3899 * @param keyIdx <div class="zh"> 3900 * <ul> 3901 * <li>102: PAXCA_DSIG_IDX <br>当它作为私钥时,只能用于签名, 3902 * 因此输入数据的首字节必须为0x00</li> 3903 * <li>103: PAXCA_DID_IDX 当它作为私钥时,私钥仅用于解密,因此输入数据首字节不能为0x00 </li> 3904 * <li>104: PAXCA_DTLS_IDX 暂不做限制</li> 3905 * <li>105: PAXCA_DC_IDX 暂不做限制</li> 3906 * </ul> 3907 * </div> 3908 * <div class="en"> 3909 * <ul> 3910 * <li>102: PAXCA_DSIG_IDX <br> When it is used as a private key, 3911 * it can only be used for signing, so the first byte of the input data must be 0x00</li> 3912 * <li>103: PAXCA_DID_IDX When it is used as a private key, the private key is only used for decryption, 3913 * so the first byte of input data cannot be 0x00</li> 3914 * <li>104: PAXCA_DTLS_IDX No restrictions</li> 3915 * <li>105: PAXCA_DC_IDX No restrictions</li> 3916 * </ul> 3917 * </div> 3918 * @param pvkPukSelect <div class="zh">0: 公钥 1: 私钥。</div> 3919 * <div class="en">0: public key 1: private key.</div> 3920 * @param dataIn <div class="zh">输入的数据,长度必须为256。</div> 3921 * <div class="en">Input data, the length must be 256.</div> 3922 * @return <div class="zh">运算结果</div> 3923 * <div class="en">Result</div> 3924 * @throws PedDevException PedDevException 3925 * @since V3.27.00 3926 */ 3927 byte[] paxCARecover (byte keyIdx, byte pvkPukSelect, byte[] dataIn) throws PedDevException; 3928 3929 3930 /** 3931 * <div class="zh">使用AES_TAK对DataIn用Mode指定的算法进行MAC运算,将16字节的MAC结果输出到MacOut MAC运算密钥是主密钥/工作密钥体系或固定密钥体系密钥或DUKPT密钥体系。 3932 * <br/>用法: 3933 * <br/>1.敏感服务授权:在此接口内部,先进行认证以获取敏感服务授权,若授权失败则退出。 3934 * <br/>2.补零规则:将报文数据分割成若干16个字节的BLOCK,最后一个BLOCK不满16个字节则后补0x00。</div> 3935 * <div class="en">Use AES_TAK to perform MAC operation on dataIn with the algorithm specified by Mode, and output the 16-byte MAC result to MacOut. 3936 * The MAC operation key is the master key/working key system or fixed key system key or DUKPT key system. 3937 * <br/>usage: 3938 * <br/>1.Sensitive service authorization: In this interface, first perform authentication to obtain sensitive service authorization, 3939 * and exit if authorization fails. 3940 * <br/>2.Zero-filling rule: divide the message data into 16-byte BLOCKs, and add 0x00 after the last BLOCK is less than 16 bytes.</div> 3941 * 3942 * @param keyIdx <div class="zh">AES_TAK 1~100索引</div> 3943 * <div class="en">AES_TAK 1~100 index</div> 3944 * @param dataIn <div class="zh">需进行 MAC 运算的数据包. 长度InLen<=2048,长度不能被16整除时,则自动补0x00</div> 3945 * <div class="en">Data packet that needs MAC operation. Length<=2048, when the length is not divisible by 16, it will automatically add 0x00</div> 3946 * @param mode <div class="zh"> 3947 * <ul> 3948 * <li>0x00: 将BLOCK1用MAC密钥做AES加密,加密结果与BLOCK2进行逐位异或后再用MAC密钥做AES加密,依次进行得到16字节的加密结果, KSN不自动加1。</li> 3949 * <li>0x01: Hypercom Fast Mode,将BLOCK1和BLOCK2进行逐位异或,异或结果与BLOCK3进行逐位异或,依次进行,最后得到16字节的异或结果,将该结果用MAC密钥进行AES加密运算,KSN不自动加1。</li> 3950 * <li>0x03: CMAC算法,KSN不自动加1。</li> 3951 * <li>0x05: HMAC-SHA256算法,KSN不自动加1。</li> 3952 * </ul></div> 3953 * <div class="en"> 3954 * <ul> 3955 * <li>0x00: Use MAC key for AES encryption of BLOCK1, and perform bitwise XOR between the encrypted result and BLOCK2 and then use MAC key for AES encryption. 3956 * The 16-byte encryption result is obtained in sequence, and KSN does not automatically add 1.</li> 3957 * <li>0x01: Hypercom Fast Mode, XOR BLOCK1 and BLOCK2 bit by bit, XOR result and BLOCK3 bit by bit XOR, in turn, finally get a 16-byte XOR result, the result is encrypted with MAC key AES Operation, 3958 * KSN does not automatically increase by 1.</li> 3959 * <li>0x03: CMAC algorithm, KSN does not automatically increase by 1.</li> 3960 * <li>0x05: HMAC-SHA256 algorithm, KSN does not automatically increase by 1.</li> 3961 * </ul></div> 3962 * @return <div class="zh">MAC输出,模式5的时候是32字节输出,其他模式16字节输出</div> 3963 * <div class="en">MAC output, 32-byte output in mode 5, 16-byte output in other modes</div> 3964 * @throws PedDevException PedDevException 3965 * @since V3.28.00 3966 */ 3967 byte[] getMacAes(byte keyIdx, byte[] dataIn, byte mode) throws PedDevException; 3968 3969 /** 3970 * <div class="zh">读取RKI信息。</div> 3971 * <div class="en">Read RKI information.</div> 3972 * 3973 * @param item <div class="zh"><ul> 3974 * <li>0x01:当前PED状态(出厂状态、激活状态,个人化状态)</li> 3975 * <li>0x02:RKI KMS ID </li> 3976 * </ul></div> 3977 * <div class="en"><ul> 3978 * <li>0x01:Current PED state (factory state, activated state, personalized state)</li> 3979 * <li>0x02:RKI KMS ID</li> 3980 * </ul></div> 3981 * @return <div class="zh">当item是0x01时,返回数组的首位含义如下: 3982 * <ul> 3983 * <li>0x00:出厂态</li> 3984 * <li>0x01:绑定态/激活态</li> 3985 * <li>0x02:个人化状态</li> 3986 * <li>0x03:绑定态</li> 3987 * </ul></div> 3988 * <div class="en">When item is 0x01, the first bit of the returned array has the following meaning: 3989 * <ul> 3990 * <li>0x00:Factory state</li> 3991 * <li>0x01:Bound state/active state</li> 3992 * <li>0x02:Personalized state</li> 3993 * <li>0x03:Bound state</li> 3994 * </ul></div> 3995 * @throws PedDevException PedDevException 3996 * @since V3.31.00 3997 */ 3998 byte[] readRkiInfo(byte item) throws PedDevException; 3999 4000 /** 4001 * <div class="zh">设置输PIN时是否静音。</div> 4002 * <div class="en">Set whether to mute the PIN input.</div> 4003 * 4004 * @param mute <div class="zh">true: 静音 false:非静音。</div> 4005 * <div class="en">true: muted false: unmuted..</div> 4006 * @throws PedDevException PedDevException 4007 * @since V3.32.00 4008 */ 4009 void setPinMute(boolean mute) throws PedDevException; 4010 4011 4012 /** 4013 * <div class="zh">使用SecureData作为datain发散目的密钥。</div> 4014 * <div class="en">Use SecureData as the datain diverges the destination key.</div> 4015 * 4016 * @param srcKeyType <div>source key type, DerivationMode 0: must be TMK(0x02).</div> 4017 * @param srcKeyIdx <div>source key index, 1-100 in TMK area.</div> 4018 * @param dstKeyType <div>destination key type, DerivationMode 0: must be TMK(0x02).</div> 4019 * @param dstKeyIdx <div>destination key, 1-100 in TMK area.</div> 4020 * @param secureDataIndex <div> SecureData Index, 1-100 in working key area </div> 4021 * @param additionalDataIn <div>64 bytes Additional Data. DerivationMode 0: if not used, can be null. </div> 4022 * @param derivationMode <div>only support 0, GOWF algorithm </div> 4023 * 4024 * @throws PedDevException PedDevException 4025 * @since V3.33.00 4026 */ 4027 void deriveKeyBySecureData(byte srcKeyType, byte srcKeyIdx, byte dstKeyType, byte dstKeyIdx, byte secureDataIndex, 4028 byte[] additionalDataIn, byte derivationMode) throws PedDevException; 4029 4030 /** 4031 * <div class="zh">写入Stack UKPT Key。</div> 4032 * <div class="en">Write Stack UKPT Key.</div> 4033 * 4034 * @param groupIdx <div class="zh">[1~10] 密钥组索引号 </div> 4035 * <div class="en">[1~10] Key group index</div> 4036 * @param tscIdentifier <div class="zh">TSC标识 </div> <div class="en">TSC Identifier</div> 4037 * @param tscSeedKey <div class="zh">TSC种子密钥</div> <div class="en">TSC seed key</div> 4038 * @param tscSeedKeyDepth <div class="zh">TSC种子密钥深度</div> <div class="en">TSC seed key depth</div> 4039 * @param mode <div class="zh">目前只支持0</div> <div class="en">Currently only supports 0</div> 4040 * @throws PedDevException PedDevException 4041 * @since V3.32.00 4042 */ 4043 void writeStackUKPTKey(byte groupIdx, byte[] tscIdentifier, byte[] tscSeedKey, byte tscSeedKeyDepth, byte mode) throws PedDevException; 4044 4045 /** 4046 * <div class="zh">Stack UKPT Key演算。</div> 4047 * <div class="en">Stack UKPT Key evolution.</div> 4048 * 4049 * @param groupIdx <div class="zh">[1~10] 密钥组索引号 </div> 4050 * <div class="en">[1~10] Key group index</div> 4051 * @throws PedDevException PedDevException 4052 * @since V3.32.00 4053 */ 4054 void evolveStackUKPT(byte groupIdx) throws PedDevException; 4055 4056 /** 4057 * <div class="zh">获取Stack UKPT Key信息。</div> 4058 * <div class="en">Get Stack UKPT Key information.</div> 4059 * 4060 * @param groupIdx <div class="zh">[1~10] 密钥组索引号 </div> 4061 * <div class="en">[1~10] Key group index</div> 4062 * @param mode <div class="zh">目前只支持0</div><div class="en">Currently only supports 0</div> 4063 * @return <div class="zh"> Stack UKPT Key信息, TSC Identifier(6 bytes) + Key Evolution Identifier(5 bytes) </div> 4064 * <div class="en">Stack UKPT Key information, TSC Identifier(6 bytes) + Key Evolution Identifier(5 bytes)</div> 4065 * @throws PedDevException PedDevException 4066 * @since V3.32.00 4067 */ 4068 byte[] getInfoStackUKPT(byte groupIdx, byte mode) throws PedDevException; 4069 4070 /** 4071 * <div class="zh">使用Stack UKPT Key进行MAC加密运算。</div> 4072 * <div class="en">Use Stack UKPT Key for MAC encryption operation.</div> 4073 * 4074 * @param groupIdx <div class="zh">[1~10] 密钥组索引号 </div> 4075 * <div class="en">[1~10] Key group index</div> 4076 * @param keyVarType <div class="zh">MAC运算的密钥类型 </div><div class="en">Key type for MAC</div> 4077 * @param data <div class="zh"> 需进行 MAC 运算的数据包</div> <div class="en">Data packet that needs MAC operation</div> 4078 * @param mode <div class="zh"> <ul> 4079 * <li>0x00: 将BLOCK1用MAC密钥做DES/TDES加密,加密结果与BLOCK2进行逐位异或后再用TAK做DES/TDES加密, 依次进行得到8字节的加密结果. </li> 4080 * <li>0x01: 将BLOCK1和BLOCK2进行逐位异或,异或结果与BLOCK3进行逐位异或,依次进行,最后得到8字节的异或结果, 将该结果用TAK进行DES/TDES加密运算. </li> 4081 * <li>0x02: ANSIX9.19规范,将BLOCK1用TAK做DES加密(只取前8个字节的key), 加密结果与BLOCK2进行逐位异或后再用TAK做DES加密,依次进行得到8字节的加密结果,直到最后一次采用DES/TDES加密.</li> 4082 * <li>0x03: CMAC算法</li> 4083 * <li>0x05: hmac-sha256模式</li> 4084 * </ul></div> 4085 * <div class="en"><ul> 4086 * <li>0x00: Encrypt BLOCK1 with MAC key for DES/TDES, perform bit-by-bit XOR with BLOCK2, and then perform DES/TDES encryption with TAK, 4087 * and proceed in turn to obtain an 8-byte encryption result. </li> 4088 * <li>0x01: The BLOCK1 and BLOCK2 are XOR bit by bit, the XOR result is XOR bit by bit with BLOCK3, and the sequence is performed in turn, 4089 * and finally an 8-byte XOR result is obtained, and the result is encrypted by DES/TDES with TAK. </li> 4090 * <li>0x02: According to the ANSIX9.19 specification, BLOCK1 is encrypted with TAK for DES (only the key of the first 8 bytes is taken), 4091 * the encryption result is XOR bit by bit with BLOCK2, and then TAK is used for DES encryption, and the encryption result of 8 bytes is obtained in turn, 4092 * until the last DES/TDES encryption.</li> 4093 * <li>0x03: CMAC algorithm</li> 4094 * <li>0x05: hmac-sha256 mode</li> 4095 * </ul></div> 4096 * @return <div class="zh"> MAC输出(0x05模式为32字节,其他为8字节)。 </div> 4097 * <div class="en">MAC output (32 bytes for 0x05 mode, 8 bytes for others).</div> 4098 * @throws PedDevException PedDevException 4099 * @since V3.32.00 4100 */ 4101 byte[] getMacStackUKPT(byte groupIdx, byte keyVarType, byte[] data, byte mode) throws PedDevException; 4102 4103 /** 4104 * <div class="zh">扫描键盘上输入的PIN并输出由 Mode指定算法加密的 PIN BLOCK,用于Stack UKPT Key。</div> 4105 * <div class="en">Scan the PIN entered on the keyboard and output the PIN BLOCK encrypted by the algorithm specified by Mode for Stack UKPT Key.</div> 4106 * 4107 * @param groupIdx <div class="zh">[1~10] 密钥组索引号 </div> 4108 * <div class="en">[1~10] Key group index</div> 4109 * @param expPinLen <div class="zh"> 可输入的合法密码长度字符串,应用程序把允许的密码长度全部枚举出来,并且用","号隔开每个长度,密码长度的有效取值为:0,4~12。若允许输入 4、6 位密码并且允许无密码直接按确认,则该字符串应该设置为"0,4,6"。 4110 * 若枚举 0 长度则示意可以不输任何数字而直接按确认键返回。若枚举字符串中存在长度的无效值,比如"2,6,7,10",无效值将被忽略。</div> 4111 * <div class="en">The legal password length string that can be input. The application enumerates all the allowed password lengths and separates each length with "," signs. The valid values for password lengths are: 0,4 to 12. If 4 or 6-digit passwords are allowed to be entered and direct confirmation without a password is permitted, the string should be set to "0,4,6". 4112 * If the enumeration length is 0, it indicates that no numbers can be entered and the confirmation key can be directly pressed to return. If there are invalid values of length in the enumeration string, such as "2,6,7,10", the invalid values will be ignored. 4113 * </div> 4114 * @param data <div class="zh"> 4115 * <ul> 4116 * <li>当mode=0x00时,dataIn指向卡号移位后生成的16位主帐号。</li> 4117 * <li>当mode=0x01时,参考 ISO9564规范。 </li> 4118 * <li>当mode=0x02时,参考 ISO9564规范。</li> 4119 * <li>当mode=0x03时,为交易流水号ISN [6 Bytes,ASCII码]。</li> 4120 * </ul></div> 4121 * <div class="en"> 4122 * <ul> 4123 * <li>When mode=0x00, dataIn points to the 16-bit primary account generated after the card number shift.</li> 4124 * <li>When mode=0x01, Refer to ISO9564 specification.</li> 4125 * <li>When mode=0x02, Refer to ISO9564 specification.</li> 4126 * <li>When mode=0x03, is the transaction current number [6 Bytes,ASCII code].</li> 4127 * </ul></div> 4128 * @param mode <div class="zh"> PIN BLOCK的格式。 4129 * <ul> 4130 * <li>0x00:ISO9564 格式0。</li> 4131 * <li>0x01:ISO9564 格式1。</li> 4132 * <li>0x02:ISO9564 格式3。</li> 4133 * <li>0x03:HK EPS 格式。</li> 4134 * </ul></div> 4135 * <div class="en"> PIN BLOCK Format. 4136 * <ul> 4137 * <li>0x00:ISO9564 format 0.</li> 4138 * <li>0x01:ISO9564 format 1.</li> 4139 * <li>0x02:ISO9564 format 3.</li> 4140 * <li>0x03:HK EPS format.</li> 4141 * </ul></div> 4142 * @param timeoutMs <div class="zh">输入 PIN 的超时时间,单位:毫秒 最大值为 300000ms </div> 4143 * <div class="en">Timeout time for entering PIN, unit: milliseconds, the maximum value is 300000ms</div> 4144 * 4145 * @return <div class="zh">8字节的PinBlock。</div> <div class="en">8-byte PinBlock.</div> 4146 * 4147 * @throws PedDevException 4148 * @since V3.32.00 4149 */ 4150 byte[] getPinBlockStackUKPT(byte groupIdx, String expPinLen, byte[] data, byte mode, int timeoutMs) throws PedDevException; 4151 4152 /** 4153 * <div class="zh">使用Stack UKPT Key进行数据加解密。</div> 4154 * <div class="en">Use Stack UKPT Key to encrypt and decrypt data.</div> 4155 * 4156 * @param groupIdx <div class="zh">[1~10] 密钥组索引号 </div> 4157 * <div class="en">[1~10] Key group index</div> 4158 * @param keyVarType <div class="zh">密钥类型,必须为解密/加密类型密钥,且加解密时需使用对应Mode参数。 4159 * </div><div class="en">Key type. It must be a decryption/encryption type key, and the corresponding Mode parameter must be used.</div> 4160 * @param iv <div class="zh">向量,CBC模式下使用,长度为8字节,若为NULL则用0填充</div> 4161 * <div class="en">Vector, used in CBC mode, the length is 8 bytes, if it is NULL, it will be padded with 0</div> 4162 * @param data <div class="zh"> 用于运算的数据.输入长度最大支持2048并且能被8整除。 </div> 4163 * <div class="en">The data used for the operation. The input length supports a maximum of 2048 and is divisible by 8.</div> 4164 * @param mode <div class="zh"> <ul> 4165 * <li>ECB解密 0x00 </li> 4166 * <li>ECB加密 0x01 </li> 4167 * <li>CBC解密 0x02 </li> 4168 * <li>CBC加密 0x03 </li> 4169 * </ul></div> 4170 * <div class="en"><ul> 4171 * <li> ECB decryption 0x00</li> 4172 * <li> ECB encryption 0x01</li> 4173 * <li> CBC decryption 0x02</li> 4174 * <li> CBC encryption 0x03</li> 4175 * </ul></div> 4176 * @return <div class="zh"> 运算的结果。 </div> 4177 * <div class="en">the result of the operation.</div> 4178 * @throws PedDevException PedDevException 4179 * @since V3.32.00 4180 */ 4181 byte[] calcStackUKPT(byte groupIdx, byte keyVarType, byte[] iv, byte[] data, byte mode) throws PedDevException; 4182 4183 /** 4184 * <div class="zh">设置脱机PIN模式,并为外部PINPAD提供一些参数。</div> 4185 * <div class="en">Set offline PIN mode and provide some parameters for external PINPAD.</div> 4186 * 4187 * @param mode <div class="zh"> 4188 * <ul> 4189 * <li>0x00:内部PINPAD,默认模式。</li> 4190 * <li>0x01:外部PINPAD。</li> 4191 * </ul> 4192 * </div> 4193 * <div class="en"> 4194 * <ul> 4195 * <li>0x00:Built-in PINPAD, default mode.</li> 4196 * <li>0x01:External PINPAD.</li> 4197 * </ul> 4198 * </div> 4199 * 4200 * @param tpkIndex <div class="zh">TPK秘钥索引。 </div> <div class="en">The index of TPK.</div> 4201 * 4202 * @param pinBlock <div class="zh">8字节ISO9564格式1的加密 PINBLOCK。</div> <div class="en">8-byte Cipher PINBLOCK with ISO9564 Format 1.</div> 4203 * 4204 * @throws PedDevException 4205 * @since V3.33.00 4206 */ 4207 void setOfflinePinMode(byte mode, byte tpkIndex, byte[] pinBlock) throws PedDevException; 4208 4209 /** 4210 * <div class="zh"> 指定的时限内,扫描键盘上输入的PIN并输出PIN BLOCK加密数据块。仅支持{@link EPedType#EXTERNAL_TYPEA} 类型。 </div> 4211 * <div class="en"> Scan the keyboard PIN entry and output the PIN BLOCK encrypted data block in a specific time.{@link EPedType#EXTERNAL_TYPEA} is supported. </div> 4212 * 4213 * 4214 * @param keyIndex 4215 * <div class="zh"> [1~100] TPK的索引 </div> <div class="en"> [1~100] TPK index </div> 4216 * 4217 * @param keyLen <div class="zh">8、16 或 24,指示 PINBLOCK 是用 DES/TDES 加密</div> 4218 * <div class="en">8, 16, or 24, indicating that PINBLOCK is encrypted with DES/TDES</div> 4219 * 4220 * @param mode <div class="zh">PIN Block的格式。 4221 * <ul> 4222 * <li>0x00:ISO9564 格式 0</li> 4223 * <li>0x01:ISO9564 格式 1</li> 4224 * <li>0x02:ISO9564 格式 3</li> 4225 * <li>0x03:HK EPS 专用格式</li> 4226 * </ul> 4227 * </div> 4228 * <div class="en"> PIN Block format. 4229 * <ul> 4230 * <li>0x00:ISO9564 format 0</li> 4231 * <li>0x01:ISO9564 format 1</li> 4232 * <li>0x02:ISO9564 format 3</li> 4233 * <li>0x03:HK EPS -EPS PINBLOCK Format</li> 4234 * </ul> 4235 * </div> 4236 * 4237 * @param inputMode <div class="zh">0x01:只输入一次,0x02:输入两次密码,两次输入一致后返回 PINBLOCK</div> 4238 * <div class="en">0x01: Enter the password only once, 0x02: Enter the password twice, and return PINBLOCK if the two inputs are the same</div> 4239 * 4240 * @param inputMin <div class="zh">允许输入的 PIN 的最小长度(大于等于 0, 为 0 时,按 ENTER 键返回,且输入 长度 Len=0,此时应答数据长度为 0,表示用户没有输入密码)。</div> 4241 * <div class="en">The minimum length of the allowed PIN (when greater than or equal to 0, when it is 0, press the ENTER key to return, and enter the length Len=0, at this time the response data length is 0, which means that the user did not enter a password).</div> 4242 * 4243 * @param inputMax <div class="zh">允许输入的 PIN 的最大长度(小于等于 14)。</div> 4244 * <div class="en">The maximum length of the PIN that can be entered (less than or equal to 14).</div> 4245 * 4246 * @param dataIn 4247 * <div class="zh"> 4248 * <ul> 4249 * <li>当mode=0x00时, DataIn指向卡号移位后生成的16位主帐号。</li> 4250 * <li>当mode=0x01时, DataIn被忽略,接口内部采用随机数填充PINBlock。</li> 4251 * <li>当mode=0x02时, DataIn指向位移后的16位PAN。</li> 4252 * <li>当mode=0x03时, 为交易流水号ISN [6 Bytes,ASCII码]</li> 4253 * </ul> 4254 * </div> <div class="en"> 4255 * <ul> 4256 * <li>When mode=0x00, DataIn is the 16 bytes primary account number after shifting.</li> 4257 * <li>When mode=0x01, DataIn is ignored. The interface uses random numbers to fill PINBlock internally.</li> 4258 * <li>When mode=0x02, DataIn is the 16 bytes primary account number after shifting.</li> 4259 * <li>When mode=0x03, dataIn is ISN [6 Bytes, ASCII code]</li> 4260 * </ul> 4261 * </div> 4262 * 4263 * @param timeoutMs 4264 * <div class="zh"> 4265 * <p> 4266 * 输入PIN的超时时间,单位:毫秒 最大值为300000ms 4267 * </p> 4268 * <p> 4269 * 0:表示没有超时时间,PED不做超时控制 4270 * </p> 4271 * </div> <div class="en"> 4272 * <p> 4273 * The timeout of PIN entry [unit:ms] Maximum is 300000ms. 4274 * </p> 4275 * <p> 4276 * 0: No timeout time, not doing timeout control for PED. 4277 * </p> 4278 * </div> 4279 * 4280 * @return <div class="zh"> 返回pinBlock </div> <div class="en"> Return pinBlock byte array.</div> 4281 * 4282 * @throws PedDevException 4283 * @since V3.33.00 4284 */ 4285 public byte[] getPinBlock(byte keyIndex, int keyLen, byte mode, byte inputMode, int inputMin, int inputMax, byte[] dataIn, int timeoutMs) // NOSONAR 4286 throws PedDevException; 4287 4288 4289 /** 4290 * <div class="zh">设置键盘按键音量值。</div> <div class="en">Set keyboard key volume value.</div> 4291 * 4292 * @param volume <div class="zh">音量值(0~50)注:A35/A80S的音量值范围为1-50,不支持0.</div> 4293 * <div class="en">Volume value (0~50) Note: The volume value of the A35/A80S ranges from 1 to 50, and 0 is not supported.</div> 4294 * @throws PedDevException 4295 * @since V4.01.00 4296 */ 4297 void setPinVolume(int volume) throws PedDevException; 4298 4299 /** 4300 * <div class="zh">将salt写入指定索引位置。仅支持{@link EPedType#INTERNAL} 类型。</div> <div class="en">Write salt to the specified index. {@link EPedType#INTERNAL} only is supported.</div> 4301 * 4302 * @param salt <div class="zh">salt明文密钥。长度最长128字节。</div> <div class="en">Salt plaintext key.The maximum length is 128 bytes.</div> 4303 * 4304 * @param index <div class="zh">索引,1或2</div> <div class="en">index, 1 or 2</div> 4305 * @throws PedDevException 4306 * @since V4.03.00 4307 */ 4308 void writeSaltKey(byte[] salt, int index) throws PedDevException; 4309 4310 /** 4311 * <div class="zh"> 设置用于改变pin输入按键发声的频率和时间,只支持{@link EPedType#INTERNAL}类型 </div> <div class="en"> Set to change the frequency and time of the pin input key sound,{@link EPedType#INTERNAL} is supported. </div> 4312 * 4313 * @param freq 4314 * <div class="zh">频率 1850 ~2750</div> 4315 * <div class="en">frequency 1850 ~2750</div> 4316 * @param time 4317 * <div class="zh">时间:毫秒</div> 4318 * <div class="en">time:ms</div> 4319 * 4320 * @throws PedDevException 4321 * 4322 * @since V4.07.00 4323 */ 4324 void setPinBeep(int freq,int time) throws PedDevException; 4325 4326 /** 4327 * <div class="zh"> getPinBlock 时取消输入,注:取消输入时静音。只支持{@link EPedType#INTERNAL}类型。 </div> 4328 * <div class="en"> Cancel input when getPinBlock,Note: Mute when calling interface to cancel input`. {@link EPedType#INTERNAL} is supported.</div> 4329 * 4330 * @throws PedDevException 4331 * 4332 * @since V4.07.00 4333 */ 4334 void cancelInputMute() throws PedDevException; 4335 4336 /** 4337 * <div class="zh"> 在调用getPinBlock时,自定义一个输入。 </div> 4338 * <div class="en"> When calling getPinBlock, customize an input.</div> 4339 * @param keyvalue 4340 * <div class="zh">KEYCANCEL 0, KEYENTER 1, KEYCLEAR 2</div> 4341 * <div class="en">KEYCANCEL 0, KEYENTER 1, KEYCLEAR 2</div> 4342 * 4343 * @throws PedDevException 4344 * 4345 * @since V4.09.00 4346 */ 4347 void customInputKey(int keyvalue) throws PedDevException; 4348 4349 /** 4350 * <div class="zh">使用DUKPT的Data encryption功能,对输入数据进行加密或解密</div> 4351 * <div class="en">Use DUKPT's Data encryption feature to encrypt or decrypt input data.</div> 4352 * 4353 * @param groupIdx 4354 * <div class="zh">写入TIK时指定的组索引</div> 4355 * <div class="en">The group index specified when writing to TIK</div> 4356 * @param keyVarType 4357 * <div class="zh">0x01:request or both ways, 支持加密或者解密 4358 * 0x04:response,仅支持解密模式</div> 4359 * <div class="en">0x01:request or both ways, encryption or decryption is supported 4360 * 0x04: response, only decryption mode is supported</div> 4361 * @param pucIV 4362 * <div class="zh">初始向量,可以为NULL </div> 4363 * <div class="en">The initial vector can be NULL</div> 4364 * @param dataIn 4365 * <div class="zh">输入数据 </div> 4366 * <div class="en">Input data</div> 4367 * @param mode 4368 * <div class="zh"> 4369 * 0x00:EBC 解密 4370 * 0x01:EBC 加密 4371 * 0x02:CBC 解密 4372 * 0x03:CBC 加密 4373 * 0x04:OFB 解密 4374 * 0x05:OFB 加密 4375 * 0x06:CFB8 解密 4376 * 0x07:CFB8 加密.</div> 4377 * <div class="en"> 4378 * 0x00: The EBC is decrypted 4379 * 0x01:EBC encryption 4380 * 0x02:CBC decrypts 4381 * 0x03:CBC encryption 4382 * 0x04:OFB decrypts 4383 * 0x05:OFB encryption 4384 * 0x06:CFB8 Decrypts 4385 * 0x07:CFB8 encryption.</div> 4386 * 4387 * @return DUKPTResult {@link DUKPTResult} 4388 * 4389 * @throws PedDevException 4390 * 4391 * @since V4.11.00 4392 */ 4393 DUKPTResult desDukptDataCalc(byte groupIdx, byte keyVarType, byte[] pucIV, byte[] dataIn, byte mode) throws PedDevException; 4394 4395 /** 4396 * <div class="zh">Bind the certificate of host, load the new host certificate into device.</div> 4397 * <div class="en">Bind the certificate of host, load the new host certificate into device.</div> 4398 * 4399 * @param HostCA <div class="zh">The Host CA certificate in X509 DER format.</div> 4400 * <div class="en">The Host CA certificate in X509 DER format.</div> 4401 * 4402 * @param BindTokenKDH <div class="zh"> The value of BindToken.</div> 4403 * <div class="en"> The value of BindToken.</div> 4404 * 4405 * @param mode <div class="zh">0x00: The standard BindToken </div> 4406 * <div class="en">0x00: The standard BindToken </div> 4407 * @throws PedDevException 4408 * @since V4.15.00 4409 */ 4410 void tr34Bind(byte[] HostCA,byte[] BindTokenKDH,byte mode) throws PedDevException; 4411 4412 /** 4413 * <div class="zh"> Load CA, certificate, private key for device. </div> 4414 * <div class="en"> Load CA, certificate, private key for device. </div> 4415 * 4416 * @param DevCACert 4417 * <div class="zh">The value of CA certificate. The certificate is in the X509 DER format.</div> 4418 * <div class="en">The value of CA certificate. The certificate is in the X509 DER format.</div> 4419 * @param DevCert 4420 * <div class="zh">The value of device certificate. The certificate is in the X509 DER format. </div> 4421 * <div class="en">The value of device certificate. The certificate is in the X509 DER format. </div> 4422 * 4423 * @param DevPvkBlock 4424 * <div class="zh">Key Type(1 byte)+Key Index(1 byte)+Key Value 4425 * Key Type: PED_RSA The type of device private key. 4426 * Key Index: For PED_RSA, the range is 1~10 The index of the private key 4427 * Key Value: For PED_RSA, the structure of key value is defined as below: 4428 * Mod - 2 byte length+n bytes value 4429 * Exponent - 2 byte length+n bytes value</div> 4430 * <div class="en">Key Type(1 byte)+Key Index(1 byte)+Key Value 4431 * Key Type: PED_RSA The type of device private key. 4432 * Key Index: For PED_RSA, the range is 1~10 The index of the private key 4433 * Key Value: For PED_RSA, the structure of key value is defined as below: 4434 * Mod - 2 byte length+n bytes value 4435 * Exponent - 2 byte length+n bytes value</div> 4436 * 4437 * @throws PedDevException 4438 * 4439 * @since V4.15.00 4440 */ 4441 void tr34DevInit(byte[] DevCACert,byte[] DevCert,byte[] DevPvkBlock) throws PedDevException; 4442 4443 /** 4444 * <div class="zh">Decode TR-34 EnvelopedKey and write secret key into device</div> 4445 * <div class="en">Decode TR-34 EnvelopedKey and write secret key into device.</div> 4446 * 4447 * @param KeyInfo 4448 * <div class="zh">ucFormat(1 byte)+ucSrcKeyType(1 byte)+ucSrcKeyIdx(1 byte)+ucDstKeyIdx(1 byte)+ucIDKRDLen(1 byte)+ucIDKRD(n bytes) 4449 * +ucIDKDHLen(1byte)+ucIDKDH(n bytes)+ucKBHLen(1byte)+ucKBH(n bytes) 4450 * Format: 0x00 4451 * SrcKeyType: PED_RSA 4452 * ucSrcKeyIdx: Index of the protection key, When SrcKeyType = PED_RSA, SrcKeyIdx = [1~10]; 4453 * ucDstKeyIdx: Index of the exchanged key, When DstKeyType = PED_TMK,DstKeyIdx = [1~100]; When DstKeyType = PED_AES_TMK, DstKeyIdx = [1~100]; 4454 * ucIDKRDLen: It’s value denotes the length of IDKRD 4455 * ucIDKRD: The same format as defined in the TR-34 4456 * ucIDKDHLen: It’s value denotes the length of IDKDH 4457 * ucIDKDH: The same format as defined in the TR-34 4458 * ucKBHLen: It’s value denotes the length of TR-31 key block header(KBH) 4459 * ucKBH: The TR-31 key block header used in TR-34 key block.</div> 4460 * 4461 * <div class="en">ucFormat(1 byte)+ucSrcKeyType(1 byte)+ucSrcKeyIdx(1 byte)+ucDstKeyIdx(1 byte)+ucIDKRDLen(1 byte)+ucIDKRD(n bytes) 4462 * +ucIDKDHLen(1byte)+ucIDKDH(n bytes)+ucKBHLen(1byte)+ucKBH(n bytes) 4463 * Format: 0x00 4464 * SrcKeyType: PED_RSA 4465 * ucSrcKeyIdx: Index of the protection key, When SrcKeyType = PED_RSA, SrcKeyIdx = [1~10]; 4466 * ucDstKeyIdx: Index of the exchanged key, When DstKeyType = PED_TMK,DstKeyIdx = [1~100]; When DstKeyType = PED_AES_TMK, DstKeyIdx = [1~100]; 4467 * ucIDKRDLen: It’s value denotes the length of IDKRD 4468 * ucIDKRD: The same format as defined in the TR-34 4469 * ucIDKDHLen: It’s value denotes the length of IDKDH 4470 * ucIDKDH: The same format as defined in the TR-34 4471 * ucKBHLen: It’s value denotes the length of TR-31 key block header(KBH) 4472 * ucKBH: The TR-31 key block header used in TR-34 key block.</div> 4473 * 4474 * @param EnvKey <div class="zh"> 4475 * Format 0x00: 4476 * The value of EnvelopedData section as defined in the TR-34 standard and errata.The value contains the header(Sequence and length) of the EnvelopedData. 4477 * The EnvelopedData supports two formats. 4478 * Standard: 4479 * The ASN.1 encoded encryptedContent element is a sibling of the contentEncryptionAlgorithm element 4480 * Errata: 4481 * The ASN.1 encoded encryptedContent element is a son of the contentEncryptionAlgorithm element.</div> 4482 * 4483 * <div class="en"> 4484 * Format 0x00: 4485 * The value of EnvelopedData section as defined in the TR-34 standard and errata.The value contains the header(Sequence and length) of the EnvelopedData. 4486 * The EnvelopedData supports two formats. 4487 * Standard: 4488 * The ASN.1 encoded encryptedContent element is a sibling of the contentEncryptionAlgorithm element 4489 * Errata: 4490 * The ASN.1 encoded encryptedContent element is a son of the contentEncryptionAlgorithm element.</div> 4491 * 4492 * @return {@link Tr34OutBlock} 4493 * 4494 * @throws PedDevException 4495 * 4496 * @since V4.15.00 4497 */ 4498 Tr34OutBlock tr34WriteKey(byte[] KeyInfo, byte[] EnvKey) throws PedDevException; 4499 4500 /** 4501 * <div class="zh">Verify the signature and hash. Decode the EnvelopedData, FreshToken, CRL, KBH of the TR-34 token.</div> 4502 * <div class="en">Verify the signature and hash. Decode the EnvelopedData, FreshToken, CRL, KBH of the TR-34 token.</div> 4503 * 4504 * @param tokenBlock 4505 * <div class="zh">TR-34 Token block, include RebindToken, UnbindToken, KeyToken</div> 4506 * <div class="en">TR-34 Token block, include RebindToken, UnbindToken, KeyToken</div> 4507 * 4508 * @param kdhInfo 4509 * <div class="zh"> 4510 * Format 0x00: 4511 * Format(1 byte) - 0x00 4512 * IDKDH - The IDKDH defined in ASC TR-34. 4513 * KDH Public Key - The value of public key field in X509 Certificate, contains algorithm OID and public key value.</div> 4514 * <div class="en"> 4515 * Format 0x00: 4516 * Format(1 byte) - 0x00 4517 * IDKDH - The IDKDH defined in ASC TR-34. 4518 * KDH Public Key - The value of public key field in X509 Certificate, contains algorithm OID and public key value.</div> 4519 * 4520 * @return {@link Tr34ParseDataOffset} 4521 * 4522 * @throws PedDevException 4523 * 4524 * @since V4.15.00 4525 */ 4526 Tr34ParseDataOffset tr34Parse(byte[] tokenBlock, byte[] kdhInfo) throws PedDevException; 4527 4528 /** 4529 * <div class="zh">Rebind the certificate of host, load the new host certificate into device.</div> 4530 * <div class="en">Rebind the certificate of host, load the new host certificate into device.</div> 4531 * 4532 * @param HostCA <div class="zh">The Host CA certificate in X509 DER format.</div> 4533 * <div class="en">The Host CA certificate in X509 DER format.</div> 4534 * 4535 * @param reBindTokenKDH <div class="zh"> The value of ReBindToken .</div> 4536 * <div class="en"> The value of ReBindToken .</div> 4537 * 4538 * @param mode <div class="zh">0x00: The standard ReBindToken</div> 4539 * <div class="en">0x00: The standard ReBindToken</div> 4540 * @throws PedDevException 4541 * @since V4.15.00 4542 */ 4543 void tr34Rebind(byte[] HostCA,byte[] reBindTokenKDH,byte mode) throws PedDevException; 4544 4545 /** 4546 * <div class="zh">Unbind the certificate of host,delete the host certificate and specific keys.</div> 4547 * <div class="en">Unbind the certificate of host,delete the host certificate and specific keys.</div> 4548 * 4549 * @param HostCA <div class="zh">The Host CA certificate in X509 DER format.</div> 4550 * <div class="en">The Host CA certificate in X509 DER format.</div> 4551 * 4552 * @param unBindTokenKDH <div class="zh">The value of UnBindToken .</div> 4553 * <div class="en">The value of UnBindToken .</div> 4554 * 4555 * @param pucKeyList <div class="zh">The list of key pair made by 1 byte key type and 1 byte key index.</div> 4556 * <div class="en">The list of key pair made by 1 byte key type and 1 byte key index.</div> 4557 * 4558 * @param mode <div class="zh">0x00: The standard UnBindToken.</div> 4559 * <div class="en">0x00: The standard UnBindToken.</div> 4560 * @throws PedDevException 4561 * @since V4.15.00 4562 */ 4563 void tr34Unbind(byte[] HostCA, byte[] unBindTokenKDH, byte[] pucKeyList, byte mode) throws PedDevException; 4564 4565 /** 4566 * <div class="zh">Get Random Number Token of device.</div> 4567 * <div class="en">Get Random Number Token of device.</div> 4568 * 4569 * @param mode 4570 * <div class="zh"> 4571 * <ul> 4572 * <li>0x00: Output the RTKRD.</li> 4573 * <li>0x01: Output the RTKRD and IDKRD.</li> 4574 * </ul> 4575 * </div> <div class="en"> 4576 * <ul> 4577 * <li>0x00: Output the RTKRD.</li> 4578 * <li>0x01: Output the RTKRD and IDKRD.</li> 4579 * </ul> 4580 * </div> 4581 * @return {@link Tr34OutBlock} 4582 * 4583 * @throws PedDevException 4584 * 4585 * @since V4.15.00 4586 */ 4587 Tr34OutBlock tr34GetRTKRD(byte mode) throws PedDevException; 4588 4589 /** 4590 * <div class="zh">Get certificate of device in the CTKRD format.</div> 4591 * <div class="en">Get certificate of device in the CTKRD format.</div> 4592 * 4593 * @param mode 4594 * <div class="zh"> 4595 * <ul> 4596 * <li>0x00: Output the standard CTKRD.</li> 4597 * </ul> 4598 * </div> <div class="en"> 4599 * <ul> 4600 * <li>0x00: Output the standard CTKRD.</li> 4601 * </ul> 4602 * </div> 4603 * @return {@link Tr34OutBlock} 4604 * 4605 * @throws PedDevException 4606 * 4607 * @since V4.15.00 4608 */ 4609 Tr34OutBlock tr34GetCTKRD(byte mode) throws PedDevException; 4610 4611 /** 4612 * <div class="zh">Verify and decode the TR-34 Key Token, inject the secret key into device.</div> 4613 * <div class="en">Verify and decode the TR-34 Key Token, inject the secret key into device.</div> 4614 * 4615 * @param HostCA <div class="zh">The Host CA certificate in X509 DER format.</div> 4616 * <div class="en">The Host CA certificate in X509 DER format.</div> 4617 * 4618 * @param KeyToken <div class="zh"> 1 byte RSA index+1 byte dst key index+ n bytes TR34KTKDH.</div> 4619 * <div class="en"> 1 byte RSA index+1 byte dst key index+ n bytes TR34KTKDH. </div> 4620 * 4621 * @param mode <div class="zh"> 0x00: The standard KeyToken .</div> 4622 * <div class="en"> 0x00: The standard KeyToken .</div> 4623 * 4624 * @return {@link Tr34OutBlock} 4625 * 4626 * @throws PedDevException 4627 * 4628 * @since V4.15.00 4629 */ 4630 Tr34OutBlock tr34InjectKey(byte[] HostCA,byte[] KeyToken,byte Mode) throws PedDevException; 4631 4632 /** 4633 * <div class="zh">Use TDK to do DES/TDES operation for data with length of DataInLen. The operation method (DES/TDES) depends on the key length</div> 4634 * <div class="en">Use TDK to do DES/TDES operation for data with length of DataInLen. The operation method (DES/TDES) depends on the key length.</div> 4635 * 4636 * @param keyIdx 4637 * <div class="zh">TDK index[1~100] </div> 4638 * <div class="en">TDK index[1~100] </div> 4639 * @param initVector 4640 * <div class="zh">Initial vector (8 byte), can be any data when not in use </div> 4641 * <div class="en">Initial vector (8 byte), can be any data when not in use</div> 4642 * @param dataIn 4643 * <div class="zh">Point to the data to be calculated. Data length <=2048, it should be multiple by 8.</div> 4644 * <div class="en">Point to the data to be calculated. Data length <=2048, it should be multiple by 8.</div> 4645 * @param mode 4646 * <div class="zh"> 4647 * TDK for data encryption and decryption: 4648 * 0x00: ECB Decryption 4649 * 0x01: ECB Encryption 4650 * 0x02: CBC Decryption 4651 * 0x03: CBC Encryption 4652 * 0x04: OFB Decryption 4653 * 0x05: OFB Encryption 4654 * 0x06: CFB Decryption 4655 * 0x07: CFB Encryption.</div> 4656 * <div class="en"> 4657 * TDK for data encryption and decryption: 4658 * 0x00: ECB Decryption 4659 * 0x01: ECB Encryption 4660 * 0x02: CBC Decryption 4661 * 0x03: CBC Encryption 4662 * 0x04: OFB Decryption 4663 * 0x05: OFB Encryption 4664 * 0x06: CFB Decryption 4665 * 0x07: CFB Encryption.</div> 4666 * 4667 * @return <div class="zh">Point to the data which have been calculated</div> 4668 * <div class="en">Point to the data which have been calculated</div> 4669 * 4670 * @throws PedDevException 4671 * 4672 * @since V4.17.00 4673 */ 4674 byte[] calcDesData(byte keyIdx,byte[] initVector,byte[] dataIn,byte mode) throws PedDevException; 4675 4676 /** 4677 * <div class="zh">Use TCHDK to do TDES/AES encryption for sensitive data with length of DataInLen</div> 4678 * <div class="en">Use TCHDK to do TDES/AES encryption for sensitive data with length of DataInLen</div> 4679 * 4680 * @param keyType 4681 * <div class="zh">PED_TCHDK or PED_AES_TCHDK </div> 4682 * <div class="en">PED_TCHDK or PED_AES_TCHDK </div> 4683 * @param keyIndex 4684 * <div class="zh">[1~100] PED_TCHDK index or [1~100] PED_AES_TCHDK index </div> 4685 * <div class="en">[1~100] PED_TCHDK index or [1~100] PED_AES_TCHDK index </div> 4686 * @param initVector 4687 * <div class="zh">Initial vector (8 byte(PED_TCHDK)/16 byte(PED_AES_TCHDK)), can be null when not in use </div> 4688 * <div class="en">Initial vector (8 byte(PED_TCHDK)/16 byte(PED_AES_TCHDK)), can be null when not in use </div> 4689 * @param dataIn 4690 * <div class="zh">Point to the data to be calculated. Data length <=2048, it should be multiple by 8(TDES)/16(AES).</div> 4691 * <div class="en">Point to the data to be calculated. Data length <=2048, it should be multiple by 8(TDES)/16(AES).</div> 4692 * @param mode 4693 * <div class="zh"> 4694 * TCHDK for sensitive encryption: 4695 * 0x01/0x11/0x21: ECB Encryption 4696 * 0x03/0x13/0x23: CBC Encryption 4697 * 0x05/0x15/0x25: OFB Encryption</div> 4698 * <div class="en"> 4699 * TCHDK for sensitive encryption: 4700 * 0x01/0x11/0x21: ECB Encryption 4701 * 0x03/0x13/0x23: CBC Encryption 4702 * 0x05/0x15/0x25: OFB Encryption</div> 4703 * 4704 * @return <div class="zh">Point to the data which have been calculated</div> 4705 * <div class="en">Point to the data which have been calculated</div> 4706 * 4707 * @throws PedDevException 4708 * 4709 * @since V4.17.00 4710 */ 4711 byte[] encSensData(byte keyType,byte keyIndex,byte[] initVector,byte[] dataIn,byte mode) throws PedDevException; 4712 4713}