Amadis
Crypto Backend - APIs - HMAC key
Generate a HMAC-SHA256 256 bits key
Verb | POST |
Resource | /api/cryptoprovider/v1/key/hmackey |
Content type | application/json |
Body | { “terminalid”: “<terminal ID>”, “clientPubKey”: “<client public key>”, “domain”:”<domain>” } |
Where:
Field | Description |
---|---|
terminalid | ID of the terminal the key is to be created for. |
clientPubKey | Base64 encoded P-521 ECDH public key in X9.63 format (uncompressed). |
domain | Security domain (PIN or PAN or SAM) |
The response data is a JSON object with the following structure:
{ | Field | Description |
| “keyid”: ”<key id>” | ID of the generated key |
| “peerPubKey”:”<peer public key>” | Base64 encoded P-521 ECDH peer public key in X9.63 format (uncompressed). |
| “sharedIV”:”<shared IV>” | Base64 encoded shared IV |
| “hmackey”:”<wrapped key>” | Base64 encoded wrapped hmac key |
} |
|
|
The following figure describes the HMAC key generation and wrapping flow.
HMAC key generation and wrapping
The generated key is to be persisted 3 months by the HSM.