Protocols / HttpsClient / InitialEncryptedAuthToken Value

Project-specific, encrypted authentication token for the server specified in AuthUrl.

The token will be used on the first successful connection to replace the authentication token with a token individual to the reader.

The key for encrypting the initial token is:

Sample
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3mEEb/cQw5uyR3o9sv2LfXAbNs2a
lyzKx30YeXSzqpcKv6P9Zjst1HleRn4YKTMVdNpqBms+EvG7ckeEHQ128Q==
-----END PUBLIC KEY-----

When using an IF Converter development image, the key is:

Sample
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeV6InxoTLA1uWvoikxksU/XkfDeh
xztawfX/tBEdOaVNx5i8QVhDxqfQUMns1VCIeIb5DFkRWGG+E7xKjUOFIw==
-----END PUBLIC KEY-----

Properties

Format

Name Type/Size Description
Token Raw data (until end of frame) ASCII string (up to 16 characters) encrypted using ECC P-256. It consists of the following components:
  1. Header byte
    • 1 byte
    • Default value 0x00
    • For IF Converter development images: 0x64 ( 100 in decimal)
  2. Ephemeral public key
    • A random, DER-encoded ECC P-256 public key used for encrypting the token
    • Format: Length-prefixed byte sequence
      • First byte: Length of the DER-encoded public key
      • Following bytes: DER-encoded key itself
  3. PKCS#7-padded and AES-256-CBC encrypted version of the initial token.
    • Encryption key: Derived by computing the SHA-256 hash of the ECDH shared secret, which is generated using the random ephemeral public key and the IF Converter's public key (see above).
    • Initialization vector (IV): The first 16 bytes of the SHA-256 hash of the SHA-256 hash of the same ECDH shared secret.
    • Format: Stored as a length-prefixed byte sequence, where the first byte indicates the length of the encrypted data, followed by the encrypted content.