 |
BALTECH Docs |
C API for BALTECH SDK
|
|
|
BALTECH Docs |
C API for BALTECH SDK
|
|
| brp_errcode brp_Pki_PfsAuthRdrCert | ( | brp_protocol | protocol, |
| brp_buf * | EncryptedResponse, | ||
| size_t * | EncryptedResponse_len, | ||
| brp_mempool * | mempool | ||
| ) |
After successfully authenticating the host against the reader using the Pki.PfsAuthHostCert command, the reader must return its own certificate to the host in order the host to verify it.
This command will finalize the PFS session setup and calculate the new AES-128 session key. This session key has to be used for all following calls of the Pki.Tunnel2 command.
This command needs a long timeout, since the ECC operations may take up to 15 seconds.
| [in] | protocol | used to execute the command |
| [out] | EncryptedResponse | Encrypted reader's certificate. The data is encrypted via AES-128 CBC using the key and IV generated by the Pki.PfsGenKey command. After decryption, EncryptedResp can be split up into the following fields: * ReaderCertLen (2 Bytes): Length of the reader's certificate in Bytes. * RdrCert (n Bytes): The X.509 end certificate of the reader encoded in ASN.1 DER format (set by the Pki.StoreX509Cert command). * Several Bytes of padding zeros to ensure that the total length of EncryptedResponse is a multiple of 16. |
| [out] | EncryptedResponse_len | |
| [in] | mempool | is used to store response data. Maybe NULL to use an internal mempool, in this case the data is only available until another command uses the internal mempool |