| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
Generate a HMAC-SHA256 256 bits key
Verb | POST |
Resource | /api/cryptoprovider/v1/key/hmackey |
Content type | application/json |
Body | { “terminalid”: “<terminal ID>”, “clientPubKey”: “<client public key>”, “domain”:”<domain>” } |
Where:
Field | Description |
|---|---|
terminalid | ID of the terminal the key is to be created for. |
clientPubKey | Base64 encoded P-521 ECDH public key in X9.63 format (uncompressed). |
domain | Security domain (PIN or PAN or SAM) |
The response data is a JSON object with the following structure:
{ | Field | Description |
“keyid”: ”<key id>” | ID of the generated key | |
“peerPubKey”:”<peer public key>” | Base64 encoded P-521 ECDH peer public key in X9.63 format (uncompressed). | |
“sharedIV”:”<shared IV>” | Base64 encoded shared IV | |
“hmackey”:”<wrapped key>” | Base64 encoded wrapped hmac key | |
} |
The following figure describes the HMAC key generation and wrapping flow.
...
HMAC key generation and wrapping
| Info |
|---|
The generated key is to be persisted 3 months by the HSM. |