accept or reject such a configuration. This decision is made prior to MACing the secure certificate.
The secure file descriptor section is found after the identifier [SecFiles]<cr><lf> and before the next section identifier (i.e., encountered by <cr><lf>[), or end of the file. The secure file descriptor is in the format:
MAC=12345678 applname dstfilename.ext class authmethod encrypt existence srcfilename.ext
The first field of the secure file descriptor is the MAC for the application data file.
MAC= is a text string identifying that the
12345678 is the Hex ASCII representation of the most significant 4 bytes of the MAC applied by the securing utility prior to download.
applname represents what application this data file belongs to.
dstfilename.ext represents the relative path and file name where the data file will reside in the UNICAPT 32 file system. For instance: bitmaps/card.bmp
class represents the particular categorization of the file within the terminal’s file system. Possible values: 0=private, 1=public.
authmethod represents the data file authentication method, i.e., the MAC calculation method that the data file used. Possible values:
—SHA1+MAC
—CBC+MAC. Use Code Download MAC Key: CDMK XOR 0x0000 0000 0000 00FF for each half of the key as the variant of CDMK to do MAC calculation/verification. The variant of CDMK that results from the XOR operation is used for both methods.
The MAC is calculated before the data file is encrypted. If the data file is specified to be encrypted, then the calculated data needs to be a multiple of 8 bytes. If it isn’t, the generated encrypted code file will have zeros appended at the end of the file for MAC calculation.
encrypt represents whether the data file is encrypted and needs to be decrypted. Possible values: Y, N. If the data file is encrypted, it should be encrypted under the variant of CDMK.
Use Code Download MAC Key: CDMK XOR 0x0000 0000 0000 00FF for each half of the key as the variant of CDMK to do encryption/decryption.
If the data file is specified to be encrypted, the MAC value is calculated and then added to the certificate file. Next, it will encrypt the data using the variant of CDMK. If the data file is not a multiple of 8 bytes, the last data block will have zeros appended for encryption calculation. The number of zeros that are appended to the code file are also appended to the end of the output encrypt file (e.g., adds “4” to represent four zeros). An encrypted data file will be generated with extension ‘.enc’.
The encrypted secure data file thus consists of two portions:
—The first portion is variable in length, depending on the size of the
106 | Chapter 10 Secure Certificate |
| Section 10.5 Secure Certificate Descriptor Sections |
