[Jpos-devel] CVS: jpos/src/main/org/jpos/security CryptographicServiceMessage.java,1.2,1.3 SMAdapter
Brought to you by:
apr
Menu
▾
▴
[Jpos-devel] CVS: jpos/src/main/org/jpos/security CryptographicServiceMessage.java,1.2,1.3 SMAdapter.java,1.1,1.2 SecureKey.java,1.1,1.2
|
From: Alejandro P. R. <ap...@us...> - 2002-12-16 12:47:28
|
Update of /cvsroot/jpos/jpos/src/main/org/jpos/security
In directory sc8-pr-cvs1:/tmp/cvs-serv28785/org/jpos/security
Modified Files:
CryptographicServiceMessage.java SMAdapter.java SecureKey.java
Log Message:
Minor changes to reduce new Doclet warnings.
Index: CryptographicServiceMessage.java
===================================================================
RCS file: /cvsroot/jpos/jpos/src/main/org/jpos/security/CryptographicServiceMessage.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -r1.2 -r1.3
*** CryptographicServiceMessage.java 22 Apr 2002 04:51:51 -0000 1.2
--- CryptographicServiceMessage.java 16 Dec 2002 12:47:25 -0000 1.3
***************
*** 58,63 ****
/**
! * <p>
! * Cryptographic Service Message (CSM for short): A message for transporting keys or
* related information used to control a keying relationship.
* It is typically the contents of ISOField(123).
--- 58,64 ----
/**
! * Cryptographic Service Message (CSM for short).
! *
! * A message for transporting keys or
* related information used to control a keying relationship.
* It is typically the contents of ISOField(123).
***************
*** 206,208 ****
}
! }
\ No newline at end of file
--- 207,209 ----
}
! }
Index: SMAdapter.java
===================================================================
RCS file: /cvsroot/jpos/jpos/src/main/org/jpos/security/SMAdapter.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** SMAdapter.java 17 Apr 2002 19:57:06 -0000 1.1
--- SMAdapter.java 16 Dec 2002 12:47:25 -0000 1.2
***************
*** 54,59 ****
* A class that implements the SecurityModuleAdapter interface would act as an
* adapter to the real security module device (by communicating with it using
! * its proprietary protocol). But application programmers will be communicating
* with the security module using this simple interface.
* @todo support for PIN Verification API's and RSA
* @author Hani S. Kirollos
--- 54,62 ----
* A class that implements the SecurityModuleAdapter interface would act as an
* adapter to the real security module device (by communicating with it using
! * its proprietary protocol).
! *
! * But application programmers will be communicating
* with the security module using this simple interface.
+ *
* @todo support for PIN Verification API's and RSA
* @author Hani S. Kirollos
***************
*** 78,152 ****
*/
public static final String TYPE_ZMK = "ZMK";
/**
! * ZPK: Zone PIN Key is a DES (or Triple-DES) data-encrypting key which is distributed automatically
! * and is used to encrypt PINs for transfer between communicating parties (e.g. between acquirers and issuers).
*/
public static final String TYPE_ZPK = "ZPK";
/**
! * TMK: Terminal Master Key is a DES (or Triple-DES) key-encrypting key which is distributed manually,
! * or automatically under a previously installed TMK. It is used to distribute
! * data-encrypting keys, whithin a local network, to an ATM or POS terminal or similar.
*/
public static final String TYPE_TMK = "TMK";
/**
! * TPK: Terminal PIN Key is a DES (or Triple-DES) data-encrypting key which is used to encrypt PINs
! * for transmission, within a local network, between the terminal and the terminal
! * data acquirer.
*/
public static final String TYPE_TPK = "TPK";
/**
! * TAK: Terminal Authentication Key is a DES (or Triple-DES) data-encrypting key which is used to
! * generate and verify a Message Authentication Code (MAC) when data is transmitted,
! * within a local network, between the terminal and the terminal data acquirer.
*/
public static final String TYPE_TAK = "TAK";
/**
! * PVK: PIN Verification Key is a DES (or Triple-DES) data-encrypting key which is used to generate
! * and verify PIN verification data and thus verify the authenticity of a PIN.
*/
public static final String TYPE_PVK = "PVK";
/**
! * CVK: Card Verification Key is similar for PVK but for card information instead
! * of PIN
*/
public static final String TYPE_CVK = "CVK";
/**
! * BDK: Base Derivation Key is a Triple-DES key-encryption key used to derive transaction keys in DUKPT (see ANSI X9.24)
*/
public static final String TYPE_BDK = "BDK";
/**
! * ZAK: Zone Authentication Key a DES (or Triple-DES) data-encrypting key that is distributed automatically,
! * and is used to generate and verify a Message Authentication Code (MAC)
! * when data is transmitted between communicating parties (e.g. between acquirers and issuers)
*/
public static final String TYPE_ZAK = "ZAK";
/**
! * This is the PIN Block Format adopted by ANSI (ANSI X9.8) and is one of
! * two formats supported by the ISO (ISO 95641 - format 0)
*/
public static final byte FORMAT01 = (byte)01;
/**
* PIN Block Format 02 supports Douctel ATMs.
*/
public static final byte FORMAT02 = (byte)02;
/**
! * PIN Block Format 04 is the PIN block format adopted by the PLUS network
*/
public static final byte FORMAT04 = (byte)04;
/**
! * PIN Block Format 05 is the ISO 9564-1 Format 1 PIN Block
*/
public static final byte FORMAT05 = (byte)05;
/**
* <p>
! * Most Security Modules use a proprietary PIN Block format when encrypting the
! * PIN under the LMK of the Security Module, hence this format (FORMAT00).
! * </p>
! * <p>
! * This is not a standard format, every Security Module would interpret FORMAT00
! * differently.
! * So, no interchange would accept PIN Blocks from other interchanges using
! * this format. It is useful only when working with PIN's inside your own interchange.
* </p>
*/
--- 81,190 ----
*/
public static final String TYPE_ZMK = "ZMK";
+
/**
! * ZPK: Zone PIN Key.
! *
! * is a DES (or Triple-DES) data-encrypting key which is distributed
! * automatically and is used to encrypt PINs for transfer between
! * communicating parties (e.g. between acquirers and issuers).
*/
public static final String TYPE_ZPK = "ZPK";
+
/**
! * TMK: Terminal Master Key.
! *
! * is a DES (or Triple-DES) key-encrypting key which is distributed
! * manually, or automatically under a previously installed TMK. It is
! * used to distribute data-encrypting keys, whithin a local network,
! * to an ATM or POS terminal or similar.
*/
public static final String TYPE_TMK = "TMK";
+
/**
! * TPK: Terminal PIN Key.
! *
! * is a DES (or Triple-DES) data-encrypting key which is used
! * to encrypt PINs for transmission, within a local network,
! * between the terminal and the terminal data acquirer.
*/
public static final String TYPE_TPK = "TPK";
+
/**
! * TAK: Terminal Authentication Key.
! *
! * is a DES (or Triple-DES) data-encrypting key which is used to
! * generate and verify a Message Authentication Code (MAC) when data
! * is transmitted, within a local network, between the terminal and
! * the terminal data acquirer.
*/
public static final String TYPE_TAK = "TAK";
+
/**
! * PVK: PIN Verification Key.
! * is a DES (or Triple-DES) data-encrypting key which is used to
! * generate and verify PIN verification data and thus verify the
! * authenticity of a PIN.
*/
public static final String TYPE_PVK = "PVK";
+
/**
! * CVK: Card Verification Key.
! *
! * is similar for PVK but for card information instead of PIN
*/
public static final String TYPE_CVK = "CVK";
+
/**
! * BDK: Base Derivation Key.
! * is a Triple-DES key-encryption key used to derive transaction
! * keys in DUKPT (see ANSI X9.24)
*/
public static final String TYPE_BDK = "BDK";
+
/**
! * ZAK: Zone Authentication Key.
! *
! * a DES (or Triple-DES) data-encrypting key that is distributed
! * automatically, and is used to generate and verify a Message
! * Authentication Code (MAC) when data is transmitted between
! * communicating parties (e.g. between acquirers and issuers)
*/
public static final String TYPE_ZAK = "ZAK";
/**
! * PIN Block Format adopted by ANSI (ANSI X9.8) and is one of
! * two formats supported by the ISO (ISO 95641 - format 0).
*/
public static final byte FORMAT01 = (byte)01;
+
/**
* PIN Block Format 02 supports Douctel ATMs.
*/
public static final byte FORMAT02 = (byte)02;
+
/**
! * PIN Block Format 04 is the PIN block format adopted
! * by the PLUS network.
*/
public static final byte FORMAT04 = (byte)04;
+
/**
! * PIN Block Format 05 is the ISO 9564-1 Format 1 PIN Block.
*/
public static final byte FORMAT05 = (byte)05;
/**
+ * Proprietary PIN Block format.
+ *
+ * Most Security Modules use a proprietary PIN Block format
+ * when encrypting the PIN under the LMK of the Security Module
+ * hence this format (FORMAT00).
+ *
* <p>
! * This is not a standard format, every Security Module would
! * interpret FORMAT00 differently.
! *
! * So, no interchange would accept PIN Blocks from other interchanges
! * using this format. It is useful only when working with PIN's inside
! * your own interchange.
* </p>
*/
***************
*** 154,158 ****
/**
! * Generates a random DES Key
* @param keyType type of the key to be generated (TYPE_ZMK, TYPE_TMK...etc)
* @param keyLength bit length of the key to be generated (LENGTH_DES, LENGTH_DES3_2KEY...)
--- 192,197 ----
/**
! * Generates a random DES Key.
! *
* @param keyType type of the key to be generated (TYPE_ZMK, TYPE_TMK...etc)
* @param keyLength bit length of the key to be generated (LENGTH_DES, LENGTH_DES3_2KEY...)
***************
*** 165,169 ****
/**
! * Imports a key from encryption under a KEK (Key-Encrypting Key) to protection under the security module.
* @param keyLength bit length of the key to be imported (LENGTH_DES, LENGTH_DES3_2KEY...etc)
* @param keyType type of the key to be imported (TYPE_ZMK, TYPE_TMK...etc)
--- 204,210 ----
/**
! * Imports a key from encryption under a KEK (Key-Encrypting Key)
! * to protection under the security module.
! *
* @param keyLength bit length of the key to be imported (LENGTH_DES, LENGTH_DES3_2KEY...etc)
* @param keyType type of the key to be imported (TYPE_ZMK, TYPE_TMK...etc)
***************
*** 180,184 ****
/**
! * Exports secure key to encryption under a KEK (Key-Encrypting Key)
* @param key the secure key to be exported
* @param kek the key-encrypting key
--- 221,225 ----
/**
! * Exports secure key to encryption under a KEK (Key-Encrypting Key).
* @param key the secure key to be exported
* @param kek the key-encrypting key
***************
*** 188,195 ****
public byte[] exportKey (SecureDESKey key, SecureDESKey kek) throws SMException;
-
-
/**
! * Encrypts a clear pin under LMK<br>
* CAUTION: The use of clear pin presents a significant security risk
* @param pin clear pin as entered by card holder
--- 229,235 ----
public byte[] exportKey (SecureDESKey key, SecureDESKey kek) throws SMException;
/**
! * Encrypts a clear pin under LMK.
! *
* CAUTION: The use of clear pin presents a significant security risk
* @param pin clear pin as entered by card holder
***************
*** 200,207 ****
public EncryptedPIN encryptPIN (String pin, String accountNumber) throws SMException;
-
-
/**
! * Decrypts an Encrypted PIN (under LMK)<br>
* CAUTION: The use of clear pin presents a significant security risk
* @param pinUnderLmk
--- 240,245 ----
public EncryptedPIN encryptPIN (String pin, String accountNumber) throws SMException;
/**
! * Decrypts an Encrypted PIN (under LMK).
* CAUTION: The use of clear pin presents a significant security risk
* @param pinUnderLmk
***************
*** 211,218 ****
public String decryptPIN (EncryptedPIN pinUnderLmk) throws SMException;
-
-
/**
! * Imports a PIN from encryption under KD (Data Key) to encryption under LMK
* @param pinUnderKd1 the encrypted PIN
* @param kd1 Data Key under which the pin is encrypted
--- 249,256 ----
public String decryptPIN (EncryptedPIN pinUnderLmk) throws SMException;
/**
! * Imports a PIN from encryption under KD (Data Key)
! * to encryption under LMK.
! *
* @param pinUnderKd1 the encrypted PIN
* @param kd1 Data Key under which the pin is encrypted
***************
*** 225,229 ****
/**
! * Translates a PIN from encrytion under KD1 to encryption under KD2
* @param pinUnderKd1 pin encrypted under KD1
* @param kd1 Data Key (also called session key) under which the pin is encrypted
--- 263,268 ----
/**
! * Translates a PIN from encrytion under KD1 to encryption under KD2.
! *
* @param pinUnderKd1 pin encrypted under KD1
* @param kd1 Data Key (also called session key) under which the pin is encrypted
***************
*** 239,243 ****
/**
! * Imports a PIN from encryption under a transaction key to encryption under LMK.<br>
* The transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
* @param pinUnderDuk pin encrypted under a transaction key
--- 278,284 ----
/**
! * Imports a PIN from encryption under a transaction key to encryption
! * under LMK.
! *
* The transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
* @param pinUnderDuk pin encrypted under a transaction key
***************
*** 253,257 ****
/**
! * Translates a PIN from encryption under a transaction key to encryption under a KD (Data Key).<br>
* The transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
* @param pinUnderDuk pin encrypted under a DUKPT transaction key
--- 294,300 ----
/**
! * Translates a PIN from encryption under a transaction key to
! * encryption under a KD (Data Key).
! *
* The transaction key is derived from the Key Serial Number and the Base Derivation Key using DUKPT (Derived Unique Key per Transaction). See ANSI X9.24 for more information.
* @param pinUnderDuk pin encrypted under a DUKPT transaction key
***************
*** 269,273 ****
/**
! * Exports a PIN from encryption under LMK to encryption under a KD (Data Key)
* @param pinUnderLmk pin encrypted under LMK
* @param kd2 the destination data key (also called session key) under which the pin will be encrypted
--- 312,318 ----
/**
! * Exports a PIN from encryption under LMK to encryption under a KD
! * (Data Key).
! *
* @param pinUnderLmk pin encrypted under LMK
* @param kd2 the destination data key (also called session key) under which the pin will be encrypted
***************
*** 281,285 ****
/**
! * Generates CBC-MAC (Cipher Block Chaining Message Authentication Code) for some data
* @param data the data to be MACed
* @param kd the key used for MACing
--- 326,332 ----
/**
! * Generates CBC-MAC (Cipher Block Chaining Message Authentication Code)
! * for some data.
! *
* @param data the data to be MACed
* @param kd the key used for MACing
Index: SecureKey.java
===================================================================
RCS file: /cvsroot/jpos/jpos/src/main/org/jpos/security/SecureKey.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -r1.1 -r1.2
*** SecureKey.java 17 Apr 2002 19:29:25 -0000 1.1
--- SecureKey.java 16 Dec 2002 12:47:25 -0000 1.2
***************
*** 57,65 ****
/**
- * <p>
* Represents a key that cannot be used except by your security module and for
! * performing the operations allowed by the security module for this type of keys.<br>
* So, a SecureKey can be safely stored in a clear file or database.
! * </p>
* <p>
* A SecureKey is typically a key encrypted under one of the secret keys that are
--- 57,66 ----
/**
* Represents a key that cannot be used except by your security module and for
! * performing the operations allowed by the security module for this type
! * of keys.
! *
* So, a SecureKey can be safely stored in a clear file or database.
! *
* <p>
* A SecureKey is typically a key encrypted under one of the secret keys that are
|
