C API for BALTECH SDK

§ brp_Pki_PfsGenKey()

brp_errcode brp_Pki_PfsGenKey ( brp_protocol  protocol,
brp_buf  TmpHostPubKey,
size_t  TmpHostPubKey_len,
brp_buf TmpRdrPubKey,
size_t *  TmpRdrPubKey_len,
brp_mempool mempool 
)

This command prepares a perfect forward secrecy (PFS) session by exchanging the public part of temporary elliptic curve cryptography (ECC) keys generated by host and reader.

These are needed by the brp_Pki_PfsAuthHostCert() and brp_Pki_PfsAuthRdrCert() commands.

The next step in negotiating a session key can be performed by running the brp_Pki_PfsAuthHostCert() command.

If a session key was negotiated before running this command, it will be invalidated. For this reason, it is not possible to exchange encrypted commands until finalizing the session setup sequence.

The temporary keys generated by the host (TmpHostPubKey parameter) and by the reader (TmpRdrPubKey response variable) follow the Abstract Syntax Notation One (ASN.1) Distinguished Encoding Rules (DER) format. An example of the format for such keys is as follows:

30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 0C C2 D2 24 16 47 4B DC A1 39 52 08 73 B7 6E A1 32 40 34 7B 8D 70 2F E1 FC CC 93 81 ED EF 65 8E 0C 49 A8 63 0F 23 65 07 5F C1 19 3A 3B 90 4F CA 35 E7 18 52 F7 95 AA CF FB FE 96 66 3D 44 0A BA

Please not that the initial part of the key (30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07) is the ASN.1 DER-specific header and must always be identical.

This command needs a long timeout, since the ECC operations may take up to 15 seconds.

Parameters
[in]protocolused to execute the command
[in]TmpHostPubKeyThe host's temporary generated public ECC key in ASN.1 DER format.
[in]TmpHostPubKey_len
[out]TmpRdrPubKeyThe reader's temporary generated public ECC key in ASN.1 DER format.
[out]TmpRdrPubKey_len
[in]mempoolis used to store response data. Maybe NULL to use an internal mempool, in this case the data is only available until another command uses the internal mempool