Java API
HSM Dinamo
Loading...
Looking for...
No entries found
Functions
EFT

Detailed description

Electronic funds transfer operations.

See the HSM technical documentation.

Functions

String generateDUKPT (byte[] baKSI, byte[] baDID_CTR, int dwParam) throws TacException
 It generates a DUKPT key within the HSM using a KSI (Key Serial Identification), a DID (Device ID) and a CTR (Transaction Counter) from the same KSN (Key Serial Number).
 
String generateDUKPTName (byte[] baKSI, byte[] baDID_CTR) throws TacException
 Generates the name of the DUKPT from an entered KSI and CTR.
 
String generateBDKName (byte[] baKSI) throws TacException
 Generates the BDK name from a KSI (Key Serial Identification).
 
byte[] translatePINBlock (String srcPEK, String dstPEK, int transBlockType, String PAN, byte[] inPINBlock) throws TacException
 It translates a PIN block, decrypting it with one key and encrypting it with another.
 
byte[] exportTR31 (String kbpk, String key, int usage, byte mode, byte export) throws TacException
 Exports a key in TR-31 format according to the ASC X9 TR 31-2018 standard.
 
void importTR31 (String kbpk, String key, int keyAttributes, byte[] keyBlock) throws TacException
 Import a key in TR-31 format according to the ASC X9 TR 31-2018 standard.
 

Functions

generateDUKPT()

String generateDUKPT ( byte[] baKSI,
byte[] baDID_CTR,
int dwParam ) throws TacException

It generates a DUKPT key within the HSM using a KSI (Key Serial Identification), a DID (Device ID) and a CTR (Transaction Counter) from the same KSN (Key Serial Number).

Parameters
baKSIBuffer of size TacNDJavaLib.MIN_KSI_LEN containing the KSI (first 05 bytes of the KSN).
baDID_CTRBuffer of size TacNDJavaLib.MIN_CTR_LEN containing the DID and CTR (last 05 bytes of the KSN).
dwParamOperating flags according to the table below.
Value Meaning
TacNDJavaLib.NEW_DUKPT_MODE_DUK Generates a standard DUK (Derived Unique Key) according to the ISO X9.24-1-2004 manual.
TacNDJavaLib.NEW_DUKPT_MODE_PEK Generates a PEK key (PIN Encryption Key) according to the ISO X9.24-1-2004 A-1,A-6 manual by applying the XOR of the 0000 0000 0000 FF00 mask to the parts of the key.
TacNDJavaLib.NEW_DUKPT_MODE_MEK Generates a MEK key (MAC Encryption Key) according to the ISO X9.24-1-2004 A-1,A-6 manual by applying the XOR of the 0000 0000 0000 00FF mask to the parts of the key.
TacNDJavaLib.NEW_DUKPT_MODE_DE Diversifies the generated key in Data Encryption format. It applies an XOR of the 0000 0000 00FF 0000 0000 00FF 0000 mask to the generated DUKPT key, encrypts the left key of the DUKPT using the generated DUKPT and repeats the encryption with the right key. After this operation, it joins the encrypted left and right parts to form the Data Encryption Key. As described in IDTECH USER MANUAL SecureMag Encrypted MagStripe Reader (80096504-001 RevL 06/19/14).
It must be used in combination (via OR operation) with one of the flags: TacNDJavaLib.NEW_DUKPT_MODE_DUK, TacNDJavaLib.NEW_DUKPT_MODE_PEK or TacNDJavaLib.NEW_DUKPT_MODE_MEK.
TacNDJavaLib.NEW_DUKPT_MODE_EXP Generates an exportable DUKPT key. This is an attribute flag and should be used in combination with other flags. Only use if specifically required.
TacNDJavaLib.NEW_DUKPT_MODE_TMP Generates a temporary DUKPT key. This is an attribute flag and should be used in combination with other flags.
Return
Returns the name of the generated DUKPT key.
Exceptions
TacException

generateDUKPTName()

String generateDUKPTName ( byte[] baKSI,
byte[] baDID_CTR ) throws TacException

Generates the name of the DUKPT from an entered KSI and CTR.

Parameters
baKSIBuffer of size TacNDJavaLib.MIN_KSI_LEN containing the KSI (first 05 bytes of the KSN).
baDID_CTRBuffer of size TacNDJavaLib.MIN_CTR_LEN containing the DID and CTR (last 05 bytes of the KSN).
Return
Returns the name of the DUKPT key.
Exceptions
TacException

generateBDKName()

String generateBDKName ( byte[] baKSI) throws TacException

Generates the BDK name from a KSI (Key Serial Identification).

Parameters
baKSIBuffer of size TacNDJavaLib.MIN_KSI_LEN containing the KSI (first 05 bytes of the KSN).
Return
Returns the name of the BDK key.
Exceptions
TacException

translatePINBlock()

byte[] translatePINBlock ( String srcPEK,
String dstPEK,
int transBlockType,
String PAN,
byte[] inPINBlock ) throws TacException

It translates a PIN block, decrypting it with one key and encrypting it with another.

The incoming block format is identified automatically, and the outgoing block format can be defined by the caller, as long as the format change is not from a PAN Unbound to a PAN Bound. PAN Bound formats are those that use PAN information in their composition. It is therefore possible to perform both key translation and format translation. The caller can perform a forced validation of the format by indicating for the outgoing format, the same one they are using in the incoming PIN Block.

Parameters
srcPEKIdentifier of the decryption key within the HSM.
dstPEKIdentifier of the encryption key within the HSM.
transBlockTypeOutput block format identifier. According to the table below.
Value Meaning
TacNDJavaLib.TP_TRANSLATE_TYPE_AUTO It performs an opaque conversion, translating from the block with the source key to the block with the target key, without analyzing the format or content of the block.
PAN Bound: does not apply.
TacNDJavaLib.TP_TRANSLATE_TYPE_ISO_0 Uses ISO PIN Block Format 0 (equivalent to ANSI PIN Block Format 0 and VISA PIN Block Format 1).
PAN Bound: yes.
TacNDJavaLib.TP_TRANSLATE_TYPE_ISO_1 Uses ISO PIN Block Format 1.
PAN Bound: no.
TacNDJavaLib.TP_TRANSLATE_TYPE_ISO_3 Uses ISO PIN Block Format 3.
PAN Bound: yes.
TacNDJavaLib.TP_TRANSLATE_TYPE_IBM_3624 IBM 3624 block type used.
Not implemented.
PANPAN (Primary Account Number).
inPINBlockPIN Block input. The buffer must have the size of a PIN Block, TacNDJavaLib.DES_BLOCK (8 bytes)
Return
PIN block output.
Exceptions
TacException
Notes
In the case of a non-opaque conversion, i.e. a format translation, if the input PIN Block format cannot be recognized, a D_ERR_OPERATION_FAILED error will be returned.
The ISO PIN Block Format 2 method is not implemented in the HSM, as this format is intended to be used to protect the PIN when it is submitted from the chip card reader.

exportTR31()

byte[] exportTR31 ( String kbpk,
String key,
int usage,
byte mode,
byte export ) throws TacException

Exports a key in TR-31 format according to the ASC X9 TR 31-2018 standard.

Parameters
kbpkName of the KBPK key (Key Block Protection Key) used to derive the encryption and authentication keys.
keyName of the key to be exported from the HSM.
usageKey usage identifier, as described in ASC X9 TR 31-2018 Section A.5.1 table 6. The following options are accepted.
Value Meaning
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_AUTO Sets the identifier automatically. The following values are used: TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_D0 for symmetric key and TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_D1 for asymmetric key.
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_B0 BDK Base Derivation Key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_B1 Initial DUKPT Key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_B2 Base Key Variant Key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_C0 CVK Card Verification Key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_D0 Symmetric Key for Data Encryption
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_D1 Asymmetric Key for Data Encryption
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_D2 Data Encryption Key for Decimalization Table
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_E0 EMV/chip Issuer Master Key: Application cryptograms
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_E1 EMV/chip Issuer Master Key: Secure Messaging for Confidentiality
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_E2 EMV/chip Issuer Master Key: Secure Messaging for Integrity
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_E3 EMV/chip Issuer Master Key: Data Authentication Code
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_E4 EMV/chip Issuer Master Key: Dynamic Numbers
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_E5 EMV/chip Issuer Master Key: Card Personalization
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_E6 EMV/chip Issuer Master Key: Other
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_I0 Initialization Vector (IV)
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_K0 Key Encryption or wrapping
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_K1 TR-31 Key Block Protection Key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_K2 TR-34 Asymmetric key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_K3 Asymmetric key for key agreement/key wrapping
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M0 ISO 16609 MAC algorithm 1 (using TDEA)
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M1 ISO 9797-1 MAC Algorithm 1
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M2 ISO 9797-1 MAC Algorithm 2
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M3 ISO 9797-1 MAC Algorithm 3
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M4 ISO 9797-1 MAC Algorithm 4
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M5 ISO 9797-1:1999 MAC Algorithm 5
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M6 ISO 9797-1:2011 MAC Algorithm 5/CMAC
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M7 HMAC
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_M8 ISO 9797-1:2011 MAC Algorithm 6
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_P0 PIN Encryption
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_S0 Asymmetric key pair for digital signature
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_S1 Asymmetric key pair, CA key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_S2 Asymmetric key pair, non-X9.24 key
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_V0 PIN verification, KPV, other algorithm
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_V1 PIN verification, IBM 3624
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_V2 PIN Verification, VISA PVV
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_V3 PIN Verification, X9.132 algorithm 1
TacNDJavaLib.EFT_ME_TR31_EXP_USAGE_V4 PIN Verification, X9.132 algorithm 2
modeKey usage mode identifier, as described in ASC X9 TR 31-2018 Section A.5.3 table 8. The following options are accepted.
Value Meaning
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_AUTO Sets the usage mode identifier automatically. The following value is used TacNDJavaLib.EFT_ME_TR31_EXP_MODE_N.
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_B Both Encryption & Decryption / Wrap & Unwrap
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_C Both Generation & Verification
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_D Decryption / Unwrap Only
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_E Encryption / Wrap Only
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_G Generation Only
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_N No special restrictions (except those defined by the key usage identifier)
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_S Signature Only
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_T Both Signature & Decryption
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_V Verification only
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_X Key used to derive other key(s)
TacNDJavaLib.EFT_ME_TR31_EXP_MODE_Y Key used to create key variants
exportKey exportability identifier, as described in ASC X9 TR 31-2018 Section A.5.5 table 10. The following options are accepted.
Value Meaning
TacNDJavaLib.EFT_ME_TR31_EXP_AUTO Defines the exportability identifier automatically. The following value is used TacNDJavaLib.EFT_ME_TR31_EXP_X9_24.
TacNDJavaLib.EFT_ME_TR31_EXP_X9_24 Exportable under a KEK (Key Encryption Key) in a format meeting that defined in the requirements of X9.24 Parts 1 or 2.
TacNDJavaLib.EFT_ME_TR31_EXP_NON_EXPORTABLE Not exportable by the recipient of the Key Block, or storage location. Does not prevent the export of keys derived from a non-exportable key.
TacNDJavaLib.EFT_ME_TR31_EXP_KEK_EXPORTABLE Sensitive, Exportable under a KEK (Key Encryption Key) in a format not necessarily in accordance with the requirements of X9.24 Parts 1 or 2.
Return
key block
Exceptions
TacException
Notes
This API exports a key using the methods for generating key_block below.
KBPK algorithm Export method
3DES 5.3.2.1 Key Derivation Binding Method - TDEA
AES 5.3.2.3 Key Block Binding Method - AES

importTR31()

void importTR31 ( String kbpk,
String key,
int keyAttributes,
byte[] keyBlock ) throws TacException

Import a key in TR-31 format according to the ASC X9 TR 31-2018 standard.

Parameters
kbpkName of the KBPK key (Key Block Protection Key) used to derive the encryption and authentication keys.
keyName of the key to be imported into the HSM.
keyAttributesAdditional key parameters. See the options in the createKey() method.
keyBlockkey block
Exceptions
TacException
Notes
This API imports keys protected by the generation methods of the key_block.
KBPK algorithm Method
3DES 5.3.2.1 Key Derivation Binding Method - TDEA
AES 5.3.2.3 Key Block Binding Method - AES
Generated by Doxygen / Doxygen Awesome