Amadis

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Generate a HMAC-SHA256 256 bits key

Verb

POST

Resource

/api/cryptoprovider/v1/key/hmackey

Content type

application/json

Body

{

“terminalid”: “<terminal ID>”,

“clientPubKey”: “<client public key>”,

“domain”:”<domain>”

}

Where:

Field

Description

terminalid

ID of the terminal the key is to be created for.

clientPubKey

Base64 encoded P-521 ECDH public key in X9.63 format (uncompressed).

domain

Security domain (PIN or PAN or SAM)

The response data is a JSON object with the following structure:

{

Field

Description

“keyid”: ”<key id>”

ID of the generated key

“peerPubKey”:”<peer public key>”

Base64 encoded P-521 ECDH peer public key in X9.63 format (uncompressed).

“sharedIV”:”<shared IV>”

Base64 encoded shared IV

“hmackey”:”<wrapped key>”

Base64 encoded wrapped hmac key

}

The following figure describes the HMAC key generation and wrapping flow.

HMAC key generation and wrapping

The generated key is to be persisted 3 months by the HSM.

  • No labels