Interface SymmetricCryptoSecuritySetting
-
public interface SymmetricCryptoSecuritySettingSecurity setting for a Calypso card transaction secured by "symmetric" key cryptographic algorithms (e.g. SAM).An instance of this interface can be obtained via the method
CalypsoCardApiFactory.createSymmetricCryptoSecuritySetting(SymmetricCryptoCardTransactionManagerFactory).- Since:
- 2.0.0
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description SymmetricCryptoSecuritySettingaddAuthorizedSessionKey(byte kif, byte kvc)Adds an authorized session key defined by its KIF and KVC values.SymmetricCryptoSecuritySettingaddAuthorizedSvKey(byte kif, byte kvc)Adds an authorized Stored Value key defined by its KIF and KVC values.SymmetricCryptoSecuritySettingassignDefaultKif(WriteAccessLevel writeAccessLevel, byte kif)Defines for a given write access level the default KIF value to use when it could not be determined by any other means.SymmetricCryptoSecuritySettingassignDefaultKvc(WriteAccessLevel writeAccessLevel, byte kvc)Defines for a given write access level the KVC value to use for cards that do not provide KVC.SymmetricCryptoSecuritySettingassignKif(WriteAccessLevel writeAccessLevel, byte kvc, byte kif)Defines for a given write access level the KIF value to use for cards that only provide KVC.SymmetricCryptoSecuritySettingauthorizeSvNegativeBalance()Allows the SV balance to become negative.SymmetricCryptoSecuritySettingdisableReadOnSessionOpening()Disables the automatic merging of the "Open Secure Session" command with a possible "Read Record" command.SymmetricCryptoSecuritySettingenableMultipleSession()Enables multiple session mode to allow more changes to the card than the session buffer can handle.SymmetricCryptoSecuritySettingenablePinPlainTransmission()Enables the PIN transmission in plain text.SymmetricCryptoSecuritySettingenableRatificationMechanism()Enables the ratification mechanism to handle the early removal of the card preventing the terminal from receiving the acknowledgement of the session closing.SymmetricCryptoSecuritySettingenableSvLoadAndDebitLog()Enables the retrieval of both loading and debit log records.voidinitCryptoContextForNextTransaction()Prepares the cryptographic module for the next transaction by anticipating all security context configuration operations.SymmetricCryptoSecuritySettingsetPinModificationCipheringKey(byte kif, byte kvc)Sets the KIF/KVC pair of the PIN modification ciphering key.SymmetricCryptoSecuritySettingsetPinVerificationCipheringKey(byte kif, byte kvc)Sets the KIF/KVC pair of the PIN verification ciphering key.
-
-
-
Method Detail
-
enableMultipleSession
SymmetricCryptoSecuritySetting enableMultipleSession()
Enables multiple session mode to allow more changes to the card than the session buffer can handle.- Returns:
- The current instance.
- Since:
- 1.0.0
-
enableRatificationMechanism
SymmetricCryptoSecuritySetting enableRatificationMechanism()
Enables the ratification mechanism to handle the early removal of the card preventing the terminal from receiving the acknowledgement of the session closing.- Returns:
- The current instance.
- Since:
- 1.0.0
-
enablePinPlainTransmission
SymmetricCryptoSecuritySetting enablePinPlainTransmission()
Enables the PIN transmission in plain text.- Returns:
- The current instance.
- Since:
- 1.0.0
-
enableSvLoadAndDebitLog
SymmetricCryptoSecuritySetting enableSvLoadAndDebitLog()
Enables the retrieval of both loading and debit log records.The default value is false.
- Returns:
- The current instance.
- Since:
- 1.0.0
-
authorizeSvNegativeBalance
SymmetricCryptoSecuritySetting authorizeSvNegativeBalance()
Allows the SV balance to become negative.The default value is false.
- Returns:
- The current instance.
- Since:
- 1.0.0
-
disableReadOnSessionOpening
SymmetricCryptoSecuritySetting disableReadOnSessionOpening()
Disables the automatic merging of the "Open Secure Session" command with a possible "Read Record" command.By default, this optimization is performed when the command that follows the session opening is a "Read Record" command.
This mechanism may in some cases be incompatible with the security requirements.
- Returns:
- The current instance.
- Since:
- 1.6.0
-
assignKif
SymmetricCryptoSecuritySetting assignKif(WriteAccessLevel writeAccessLevel, byte kvc, byte kif)
Defines for a given write access level the KIF value to use for cards that only provide KVC.- Parameters:
writeAccessLevel- The write access level.kvc- The card's KVC value.kif- The KIF value to use.- Returns:
- The current instance.
- Throws:
java.lang.IllegalArgumentException- If the provided writeAccessLevel is null.- Since:
- 1.0.0
-
assignDefaultKif
SymmetricCryptoSecuritySetting assignDefaultKif(WriteAccessLevel writeAccessLevel, byte kif)
Defines for a given write access level the default KIF value to use when it could not be determined by any other means.- Parameters:
writeAccessLevel- The write access level.kif- The KIF value to use.- Returns:
- The current instance.
- Throws:
java.lang.IllegalArgumentException- If the provided writeAccessLevel is null.- Since:
- 1.0.0
-
assignDefaultKvc
SymmetricCryptoSecuritySetting assignDefaultKvc(WriteAccessLevel writeAccessLevel, byte kvc)
Defines for a given write access level the KVC value to use for cards that do not provide KVC.- Parameters:
writeAccessLevel- The session level.kvc- The KVC to use.- Returns:
- The current instance.
- Throws:
java.lang.IllegalArgumentException- If the provided writeAccessLevel is null.- Since:
- 1.0.0
-
addAuthorizedSessionKey
SymmetricCryptoSecuritySetting addAuthorizedSessionKey(byte kif, byte kvc)
Adds an authorized session key defined by its KIF and KVC values.By default, all keys are accepted.
If at least one key is added using this method, then only authorized keys will be accepted.- Parameters:
kif- The KIF value.kvc- The KVC value.- Returns:
- The current instance.
- Since:
- 1.0.0
-
addAuthorizedSvKey
SymmetricCryptoSecuritySetting addAuthorizedSvKey(byte kif, byte kvc)
Adds an authorized Stored Value key defined by its KIF and KVC values.By default, all keys are accepted.
If at least one key is added using this method, then only authorized keys will be accepted.- Parameters:
kif- The KIF value.kvc- The KVC value.- Returns:
- The current instance.
- Since:
- 1.0.0
-
setPinVerificationCipheringKey
SymmetricCryptoSecuritySetting setPinVerificationCipheringKey(byte kif, byte kvc)
Sets the KIF/KVC pair of the PIN verification ciphering key.The default value for both KIF and KVC is 0.
- Parameters:
kif- The KIF value.kvc- The KVC value.- Returns:
- The current instance.
- Since:
- 1.0.0
-
setPinModificationCipheringKey
SymmetricCryptoSecuritySetting setPinModificationCipheringKey(byte kif, byte kvc)
Sets the KIF/KVC pair of the PIN modification ciphering key.The default value for both KIF and KVC is 0.
- Parameters:
kif- The KIF value.kvc- The KVC value.- Returns:
- The current instance.
- Since:
- 1.0.0
-
initCryptoContextForNextTransaction
void initCryptoContextForNextTransaction()
Prepares the cryptographic module for the next transaction by anticipating all security context configuration operations.This feature is only useful if the currently allocated cryptographic module will be used for the next transaction. It is particularly relevant to optimize the transaction time in a ticketing context of user card validation.
For this optimization to be effective, it is necessary to call this method at the very end of the current transaction, i.e. after having notified the user of the access right (e.g. after opening the gate).
- Throws:
CryptoException- If an error occurred when computing a crypto operation.CryptoIOException- If a communication error with the crypto module (e.g. timeout with the reader or the computing unit, network error, etc.).- Since:
- 2.0.0
-
-