...
Once the transaction is complete, exporting the card data (encrypted) is as simple as:
Code Block |
---|
Devvar devagnos = new Dev(Agnos(this, this, this) ... // Transaction ... devagnos.exportCardData() |
This function, if successful, will return a block of data, which content is described below.
...
Card data are formatted as a BER-TLV byte string. The card data byte string is encrypted using the AES-CBC algorithm and a 128 bits AES key, Kpan-session and a shared IV, IVpan-session. The key and IV are unique for each encoded card data. Kpan-session is wrapped using the RSA-2048 4096 Kpan-pub using the PKCS#1 RSA-OAEP algorithm with SHA-1 as digest.
...
Object | Length (bytes) | Comments |
---|---|---|
RSA Key ID length | 2 | Length of the RSA key ID (MSB) |
RSA Key ID | var | RSA key ID used for the session key encryption |
Encrypted KEK length | 2 | Length of the encrypted KEK block (MSB - should be 256512) |
Encrypted KEK | 256512 | Encrypted KEK block:
|
Encrypted card data length | 2 | Length of the encrypted card data block (MSB ) |
Encrypted sensitive card data | var | Encrypted sensitive card data:
|
HMAC Key ID length | 2 | Length of the HMAC key ID (MSB) |
HMAC Key ID | var | HMAC key ID used for the checksum calculation |
HMAC length | 2 | Length of the HMAC checksum (MSB - should be 32) |
HMAC | 32 | AES-CBC-256 checksum |
...