Versions Compared

Old Version 18

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

compared with

New Version 19

changes.mady.by.user Josefin Klang (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...


Info

This article includes updates

for 

for Smart ID 23.04.6.


Expand
titleCredentials: Calculate Minidriver Offline Unblocking Response

Description 

Use this task to generate a response using the card manager key and a challenge for the offline unblocking process.

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
${challengeResponseGeneratorTask}

 The following parameter can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

CardManagerKeyField

Image Removed

(tick)

Example value:

  • Card_CardManagerKey

The name of the field that needs to hold the reference value to the card manager key (for example, Card_CardManagerKey). Must be a reference field.

ChallengeField

Image Removed

(tick)

Example value:

  • "CV act sc interface manager" in case of Cryptovision

The challenge provided by Windows or a 3rd party tool.

ResponseField

Image Removed

(tick)


The response is generated by this task to support unblocking.

DisableDerivation

-

Valid values:

  • true

  • false

Set to "true" if you want to use the CardManagerKey directly as challenge/response key instead of deriving one.

This is relevant for non-Cryptovision middlewares (for example, CardOS or Gemalto), where we directly use a 3DES CardManagerKey instead of a 2DES key from which the actual challenge/response key is derived.

If the field is absent, derivation is enabled and a 2DES CardManagerKey is expected.

DisableDerivationField

-


If present, points to a field containing the (override) value of DisableDerivation.

If both DisableDerivation and DisableDerivationField are present and the referenced field contains a value, the latter takes precedence. This is mainly intended for deployments that deal with multiple middlewares, which require different DisableDerivation values (for example CV + CardOS).

The following dependencies must be configured in the Spring configuration:

Dependency

Description

secretFieldsArchiver

Responsible for archiving the secrets into the secret field store.



Expand
titleCredentials: Create Minidriver Card Manager Key

Description 

Use this task to generate a 2DES / 3DES key as card manager key for minidriver compatible cards. The value generated is saved in an encrypted field.

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
${cardManagerKeyProviderTask}

 The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

passwordFieldName

Image Removed

(tick)

Example value:

  • Card_CardManagerKey

The name of the field that should hold the reference value to the card manager key (for example, Card_CardManagerKey). Must be a reference field.

blockCount

-

Valid values:

  • 2 (default)

  • 3

Desired key length in blocks of 8 bytes. By default 2DES keys (2 blocks, 16 bytes) are generated.
If you generate keys for CardOS or Gemalto, set the parameter to 3 so 3DES keys (3 blocks, 24 bytes) are generated instead.
This distinction is needed since for Cryptovision, multiple keys are derived, including the challenge/response key from a 2DES key.
For CardOS and Gemalto the challenge/response key is generated directly, and the key needs to be 3DES.

blockCountFieldName

-


If given, it points to a field containing the (override) value of blockCount.
If both blockCount and blockCountFieldName are present and the referenced field contains a value, the latter takes precedence.
This is mainly intended for deployments that deal with multiple middlewares which require different blockCount values (for example, CV + CardOS).

The following dependencies must be configured in the Spring configuration:

Dependency

Description

secretRefValueGenerator

Responsible for generating the reference value that is used to keep the reference to the secret value in the secret field store.

secretFieldsArchiver

Responsible for archiving the secrets into the secret field store.



Expand
titleCredentials: Create PIN and PUK

Description

Use this task to generate a value for PIN and PUK according to certain rules (length, allowed characters) and to archive those values for later retrieval during card production or for PIN letter printing.

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
${generateAndArchivePinAndPukParameterizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

pinFieldName

Image Removed

(tick)


The name of the field that shall hold the reference value to the archived PIN.

pukFieldName

Image Removed

(tick)


The name of the field that shall hold the reference value to the archived PUK.

pinLength

-

Example value:

  • 4

The desired length of the PIN.

pukLength

Example value:

  • 8

The desired length of the PUK.

pinAllowedCharacters

Valid values:

  • 0123456789

Describes the characters to be used for generating the PIN value.

pukAllowedCharacters

-

Valid values:

  • 0123456789

Describes the characters to be used for generating the PUK value.



Expand
titleCredentials: Create Random Password

Description

Use this task to generate a password or another secret and to archive the value for later retrieval during card production or for PIN letter printing. The secret value is also hashed and stored in a separate field for easier comparison. The hash algorithm is defined in Spring since it must be the same as the one that is used for checking the passwords during login.

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
${generateAndArchivePasswordWithMaxLengthAndAllowedCharactersTask}

The following parameters can be configured in Identity Manager Admin:

Parameter

Mandatory

Value

Description

passwordFieldName

-


The name of the field that should hold the reference value to the archived password. Must be a reference field.

passwordHashFieldName

-


The name of the field that should hold the hashed value of the password. The hash algorithm is defined in Spring. The data pool field must be of type password

passwordLength

Image Removed

(tick)

Example value:

  • 8

The desired length of the generated password.

passwordAllowedCharacters

Image Removed

(tick)

Valid values:

  • 0123456789

Describes the characters to be used for generating the password value.

The following dependencies must be configured in Spring:

Dependency

Description

passwordHashGenerator

The generator that is responsible for generating the hash value of the secret value. This is the place to define the hash algorithm.

secretRefValueGenerator

Responsible for generating the reference value that is used to keep the reference to the secret value in the secret field store.

secretFieldsArchiver

Responsible for archiving the secrets into the secret field store.



Expand
titleCredentials: Decrypt fields using INSIDE Server

Description

Use this task to decrypt values that were encrypted using the INSIDE server.

Configuration

To use this task, configure the following delegate expression in your service task:

Code Block
${decryptFieldsUsingInsideMiParameterizedTask}

The following parameters can be configured in Identity Manager Admin:

Parameter name

Mandatory

Value

Description

encryptKeyLabel

Image Removed

Example value:

  • KTEXCHANGE

The value represent a key label that is present in the HSM.

padding

Image Removed

(tick)

Valid values:

  • PAD_NULL

  • PAD_ISO9797_1

  • PAD_ISO9797_2

Padding scheme to be used.

iv

Image Removed

(tick)

Default value:

  • 00000000

Initialization Vector, value must be a multiple of 8.

<Processmap_Field>

-


Allowed multiple times for each field of the processmap that should be decrypted. The field should contain a secret reference. After decryption the value for the reference will be updated if successful.

aleaPin

Image Removed

(tick) 

Value:

  • JUEL expression

Example value:

  • ${PcmDpEmployeeCard_aleaPin}

PIN used in the decryption workflow in order to get the correct plain values for PIN and PUK. 

The corresponding value is a JUEL expression consisting of DataPool (for example PcmDpEmployeeCard) followed by the field name of aleaPin (for example aleaPin).