Pki.PfsAuthRdrCert
After successfully authenticating the host against the reader using the Pki.PfsAuthHostCert command, the reader must return its own certificate to the host in order the host to verify it.
This command will finalize the PFS session setup and calculate the new AES-128 session key. This session key has to be used for all following calls of the Pki.Tunnel2 command.
This command needs a long timeout, since the ECC operations may take up to 15 seconds.
Properties
- Command code: 0x0903
- Command timeout: 16000 ms
- Possible status codes: General status codes, Pki.ErrSeclevelUnsupported
Parameters (request frame)
None
Returned values (response frame)
Name | Type/Size | Description |
---|---|---|
Length of EncryptedResponse | Integer (16 bits) |
Length of EncryptedResponse in bytes |
EncryptedResponse | Raw data |
Encrypted reader's certificate. The data is encrypted via AES-128 CBC using the key and IV generated by the Pki.PfsGenKey command. After decryption, EncryptedResp can be split up into the following fields:
|