Note: All lines within the secure certificate text file are terminated with a character sequence carriage return followed by line feed (e.g., <cr><lf>) except for the last line of the file.
The fields of the file are described more fully in the sections that follow.
10.5Secure Certificate Descriptor Sections
The following descriptor sections make up a secure certificate:
Secure certificate MAC descriptor section
Visa PED mode descriptor section
Application descriptor section
Secure file descriptor section
Delete application code file descriptor section
Delete data file descriptor section
Delete the whole application descriptor section
10.5.1Secure Certificate MAC Descriptor Section
This section, which is the MAC of the secure certificate file, must exist on the first line of the file. If it does not, validation fails. If it does, a MAC is calculated on the secure certificate, using SHA1 + MAC, starting from the first character of the second line of the file until the end of the file.
If the MAC detected on the first line of the file is not the same as the calculated MAC, validation fails.
The first line of the file must be in the following format:
MAC=12345678
The first field of the application descriptor is the MAC for the secure certificate file itself.
MAC= is a text string indicating that the precalculated fingerprint follows
12345678 is the Hex ASCII representation of the most significant 4 bytes of the MAC value of the SHA1 result for the whole certificate file, precalculated and applied by the securing utility prior to download.
Note: The first line of the file must end with a carriage return and line feed. The second line is considered to begin at the first character immediately after the first carriage return and line feed characters of the file.
102 | Chapter 10 Secure Certificate |
| Section 10.5 Secure Certificate Descriptor Sections |
