—CBC+MAC. Use Code Download MAC Key: CDMK XOR 0x0000 0000 0000 00FF for each half of the key to do MAC calculation/verification.
The MAC is calculated before the code file is encrypted. If the code file is specified to be encrypted, then the calculated data needs to be a multiple of 8 bytes. If it isn’t, the generated encrypted code file will have zeros appended at the end of the file for MAC calculation.
encrypt represents whether the code file is encrypted and needs to be decrypted. Possible values: Y, N. If the code file is encrypted, it should be encrypted under the variant of CDMK.
The applied variant method is use CDMK XOR 0x0000 0000 0000 FF00 for each half of the key to do encryption/decryption.
If the code file needs to be encrypted, the MAC value will be calculated and it will be added to the certificate file. Next, it will encrypt the code using the variant of CDMK starting from address 0x0200 (the code file header is not encrypted). If the code file is not a multiple of 8 bytes, the last data block will have zeros appended for encryption calculation. The number of zeros that are appended to the code file are also appended to the end of the output encrypt file (e.g., adds “4” to represent four zeros). An encrypted code file will be generated with extension ‘.enc’. The encrypted application code file thus consists of three portions:
—The first 0x0200 bytes (i.e. 512 bytes) are the first 512 bytes of the original application code file in clear form.
—The second portion is variable in length depending on the size of the original application code file. It consists of groups of encrypted data. Each group is of 8 bytes long. The last group is padded with 0’s to make up 8 bytes, if necessary, before encryption.
—The third portion is one byte long. Its value indicates the number of 0’s padded to the last group of data. It is in clear form.
—Note: Code file 0 won’t be encrypted even if the encrypt field is specified to be “yes.”
srcfilename.ext represents the relative or full path of the code file residing in the computer. For instance: code\ WW002G011010. This field is not used by the secure process, but will be used by the securing utility.
10.5.4Secure File Descriptor Section
The secure file descriptor section is an area of the secure certificate file that contains information pertaining to the files that require secure fingerprint validation.
By being able to define the files that require fingerprint validation, the developer can maintain some level of control over what and how much of the application needs to be validated.
Note: If an application has parameter files that could change dynamically from an external source, then these files can be defined in the
Ingenico 6500 User’s Guide | 105 |
