Generate a HMAC-SHA256 256 bits key
Verb | POST |
Resource | /api/cryptoprovider/v1/key/hmackey |
Content type | application/json |
Body | { “terminalid”: “<terminal ID>”, “clientPubKey”: “<client public key>” } |
Where:
Field | Description |
---|---|
terminalid | ID of the terminal the key is to be created for. |
clientPubKey | Base64 encoded P-521 ECDH public key in X9.63 format (uncompressed). |
The response data is a JSON object with the following structure:
{ | Field | Description |
“keyid”: ”<key id>” | ID of the generated key | |
“peerPubKey”:”<peer public key>” | Base64 encoded P-521 ECDH peer public key in X9.63 format (uncompressed). | |
“sharedIV”:”<shared IV>” | Base64 encoded shared IV | |
“hmackey”:”<wrapped key>” | Base64 encoded wrapped hmac key | |
} |
The following figure describes the HMAC key generation and wrapping flow.
HMAC key generation and wrapping
The generated key is to be persisted 3 months by the HSM.