Amadis

Crypto Backend - APIs - HMAC key

Owned by Alexandre Munsch (Unlicensed)
Last updated: Aug 29, 2022
1 min read
[ 1 Generate a HMAC-SHA256 256 bits key ]

Generate a HMAC-SHA256 256 bits key

Verb

POST

Resource

/api/cryptoprovider/v1/key/hmackey

Content type

application/json

Body

{

“terminalid”: “<terminal ID>”,

“clientPubKey”: “<client public key>”,

“domain”:”<domain>”

}

Where:

Field

Description

Field

Description

terminalid

ID of the terminal the key is to be created for.

clientPubKey

Base64 encoded P-521 ECDH public key in X9.63 format (uncompressed).

domain

Security domain (PIN or PAN or SAM)

The response data is a JSON object with the following structure:

{

Field

Description

 

“keyid”: ”<key id>”

ID of the generated key

 

“peerPubKey”:”<peer public key>”

Base64 encoded P-521 ECDH peer public key in X9.63 format (uncompressed).

 

“sharedIV”:”<shared IV>”

Base64 encoded shared IV

 

“hmackey”:”<wrapped key>”

Base64 encoded wrapped hmac key

}

 

 

The following figure describes the HMAC key generation and wrapping flow.

HMAC key generation and wrapping

The generated key is to be persisted 3 months by the HSM.