This operation retrieves temporary PIN enryption key used for setting PIN. Returned tzpk is encrypted with the provided RSA public key.
// generate RSA key pair var kpg = KeyPairGenerator.getInstance(“RSA”); kpg.initialize(2048); var keyPair = kpg.generateKeyPair(); var publicKey = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());
// controlId received from pincontrol API var controlId = “83fa5f55-3dd7-453a-8233-4242a6bad179”;
// public RSA key, generated by the card-holder device in Step 1 var publicKey = // fetched from the device
// make request var tzpkResponse = pinApiClient.post() .uri(“/pin/v3/set/tzpk?auditUser=”, “test”) .bodyValue(Map.of( “controlId”, controlId, “publicKey”, publicKey )) .retrieve() .bodyToMono(TzpkResponse.class) .block();
// response from the API call done in Step 2, given by the backend var tzpkResponse = // given by the backend
// decrypt tzpk with private key var rsa = Cipher.getInstance(“RSA/ECB/OAEPPadding”); rsa.init(Cipher.DECRYPT_MODE, keyPair.getPrivate(), new OAEPParameterSpec(“SHA-256”, “MGF1”, MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT)); var decryptedTzpk = rsa.doFinal(Base64.getDecoder().decode(tzpkResponse.getTzpk())); // convert double-length key to triple-length - used if the library support only triple-length 3DES var tzpk = new byte[24]; System.arraycopy(decryptedTzpk, 0, tzpk, 0, 16); System.arraycopy(decryptedTzpk, 0, tzpk, 16, 8);
The audit user to log the request
The related PIN control request data
The body is of type object
.
The response is of type object
.