 |
BALTECH Docs |
C API for BALTECH SDK
|
|
|
BALTECH Docs |
C API for BALTECH SDK
|
|
| brp_errcode brp_Sec_AuthPhase2 | ( | brp_protocol | protocol, |
| brp_buf | EncRndB | ||
| ) |
This command finishes the 2-phase authentication procedure started by the brp_Sec_AuthPhase1() command.
The host has to encrypt the parameter RndB returned by brp_Sec_AuthPhase1() two times, using AES128 encryption, with the key of the Security Level specified by the SecLevel parameter of brp_Sec_AuthPhase1(). The host then sends the result back to the reader as EncRndB.
If RndB was encrypted correctly, the reader returns the OK status code and enters the security level specified in brp_Sec_AuthPhase1() as parameter SecLevel. Depending on the Authentication Mode, the reader enters this Security Level permanently (all subsequent commands are executed in this Security Level) or temporarily (only encrypted/MACed commands are executed in this Security Level). To ensure that the reader enters the Security Level temporarily, one of the Encrypted /_MACed_ flags of the Authentication Mode has to be set. Please refer to the brp_Sec_SetKey() command for details.
Additionally, the Sec.AuthPhase2 command generates a session key by encrypting the RndA parameter of brp_Sec_AuthPhase1() and the RndB value returned by brp_Sec_AuthPhase1(), each only once. The resulting 16 Byte session key is the result of the encryption of the concatenated RndA (first 8 Bytes) and RndB (last 8 Bytes).
| [in] | protocol | used to execute the command |
| [in] | EncRndB | RndB value returned by brp_Sec_AuthPhase1() encrypted twice by the key of Security Level specified by the SecLevel variable of brp_Sec_AuthPhase1(). |