 |
BALTECH Docs |
C API for BALTECH SDK
|
|
|
BALTECH Docs |
C API for BALTECH SDK
|
|
| brp_errcode brp_Pki_PfsAuthRdrCert | ( | brp_protocol | protocol, |
| brp_buf * | EncryptedResponse, | ||
| size_t * | EncryptedResponse_len, | ||
| brp_mempool * | mempool | ||
| ) |
After successfully authenticating the host against the reader using the brp_Pki_PfsAuthHostCert() command, the reader must return its own certificate to the host in order the host to verify it.
This command will finalize the PFS session setup and calculate the new AES-128 session key. This session key has to be used for all following calls of the brp_Pki_Tunnel2() command.
This command needs a long timeout, since the ECC operations may take up to 15 seconds.
| [in] | protocol | used to execute the command |
| [out] | EncryptedResponse | Encrypted reader's certificate. The data is encrypted via AES-128 CBC using the key and IV generated by the brp_Pki_PfsGenKey() command. After decryption, EncryptedResp can be split up into the following fields: * ReaderCertLen (2 Bytes): Length of the reader's certificate in Bytes. * RdrCert (n Bytes): The X.509 end certificate of the reader encoded in ASN.1 DER format (set by the brp_Pki_StoreX509Cert() command). * Several Bytes of padding zeros to ensure that the total length of EncryptedResponse is a multiple of 16. |
| [out] | EncryptedResponse_len | |
| [in] | mempool | is used to store response data. Maybe NULL to use an internal mempool, in this case the data is only available until another command uses the internal mempool |