Ingenico 6500 Credit Card Machine User Manual


 
106 Chapter 10 Secure Certificate
Section 10.5 Secure Certificate Descriptor Sections
accept or reject such a configuration. This decision is made prior to MACing the secure
certificate.
The secure file descriptor section is found after the identifier [SecFiles]<cr><lf> and before
the next section identifier (i.e., encountered by <cr><lf>[), or end of the file. The secure file
descriptor is in the format:
MAC=12345678 applname dstfilename.ext class authmethod encrypt
existence srcfilename.ext
The first field of the secure file descriptor is the MAC for the application data file.
MAC= is a text string identifying that the pre-calculated fingerprint follows.
12345678 is the Hex ASCII representation of the most significant 4 bytes of the
MAC applied by the securing utility prior to download.
applname represents what application this data file belongs to.
dstfilename.ext represents the relative path and file name where the data file will
reside in the UNICAPT 32 file system. For instance: bitmaps/card.bmp
class represents the particular categorization of the file within the terminal’s file
system. Possible values: 0=private, 1=public.
authmethod represents the data file authentication method, i.e., the MAC
calculation method that the data file used. Possible values:
SHA1+MAC
CBC+MAC. Use Code Download MAC Key: CDMK XOR 0x0000 0000 0000
00FF for each half of the key as the variant of CDMK to do MAC
calculation/verification. The variant of CDMK that results from the XOR
operation is used for both methods.
The MAC is calculated before the data file is encrypted. If the data file is
specified to be encrypted, then the calculated data needs to be a multiple of 8
bytes. If it isn’t, the generated encrypted code file will have zeros appended at
the end of the file for MAC calculation.
encrypt represents whether the data file is encrypted and needs to be decrypted.
Possible values: Y, N. If the data file is encrypted, it should be encrypted under the
variant of CDMK.
Use Code Download MAC Key: CDMK XOR 0x0000 0000 0000 00FF for each half
of the key as the variant of CDMK to do encryption/decryption.
If the data file is specified to be encrypted, the MAC value is calculated and then
added to the certificate file. Next, it will encrypt the data using the variant of CDMK.
If the data file is not a multiple of 8 bytes, the last data block will have zeros
appended for encryption calculation. The number of zeros that are appended to the
code file are also appended to the end of the output encrypt file (e.g., adds “4” to
represent four zeros). An encrypted data file will be generated with extension ‘.enc’.
The encrypted secure data file thus consists of two portions:
The first portion is variable in length, depending on the size of the