Our terminals possess a secure processor and a secure memory implemented onboard. All kinds of key operations such as encryption, decryption, signing and more run on this secure processor. Fundamentally, KMS is a service that provides functions to developers for carrying out crypto operations on this secure hardware.

TokenKMS kms = new TokenKMS();
kms.init(context, new KMSWrapperInterface.InitCallbacks() {
    @Override
    public void onInitSuccess() {
        
    }
    @Override
    public void onInitFailed() {
    
    } 
});

Key Index

Key Index should be between 0 and 39

Key Types

TOKENKMS_KEYTYPE_TMK -> Terminal Master Key TOKENKMS_KEYTYPE_KPK -> Key Protection Key (Key Encryption Key(KEK)) TOKENKMS_KEYTYPE_PIN -> PIN Key TOKENKMS_KEYTYPE_MAC -> MAC Key TOKENKMS_KEYTYPE_TDK TOKENKMS_KEYTYPE_KBPK -> Key Block Protection Key

Key Algorithms

TOKENKMS_KEY_ALG_TYPE_3DES
TOKENKMS_KEY_ALG_TYPE_AES

Protection Modes

TOKENKMS_PROTECTION_MODE_ECB
TOKENKMS_PROTECTION_MODE_CBC

Encryption/Decryption

int keyIndex Index of key that is going to be used in encryption and decryption byte[] dataArray Data to be encrypted or decrypted

byte[] IV Initialization Vector must be null for ECB

• Data Encryption ECB

byte[] encryptedData = kms.encryptData(keyIndex,dataArray,TOKENKMS_PROTECTION_MODE_ECB,IV)

• Data Decryption ECB

byte[] decryptedData = kms.decryptData(keyIndex,dataArray,TOKENKMS_PROTECTION_MODE_ECB,IV)

• Data Encryption CBC

byte[] encryptedData = kms.encryptData(keyIndex,dataArray,TOKENKMS_PROTECTION_MODE_CBC,IV)

• Data Decryption CBC

byte[] decryptedData = kms.decryptData(keyIndex,dataArray,TOKENKMS_PROTECTION_MODE_CBC,IV)

Key Injection

int keyIndex Index of Key that is going to be injected

int keyIndex_KEK Index of KEK(Key Encryption Key) that is going to be used for injection

byte[] encKeydata Encrypted key data

byte[] KCV Key Check Value

kms.injectKeybyKEK(keyIndex,keyIndex_KEK,TokenKMSKeyType,TokenKMSKeyAlgorithm ,encKeyData,KCV);

• Get Key Check Value

int keyIndex Index of Key to get Key check Value

int len Length of Key Check Value

byte[] keyCheckValue = kms.getKeyCheckValue(keyIndex,len)

Size of returning byte array is equal to len parameter