POS Platform
Deneme

RKL CA service

RKL Introduction Token RKL Binding library are designed for removing boilerplate code of RKL implementation to complete key processes.

Before adding To run this binding smooth, you need to add your AndroidManifest.xml snipped below which should contain bank info to set rkl.

    <meta-data
        android:name="app_name"
        android:value="BNK_xxx_XXXX" />

Function List 

Certificate exportDevicePublicKey()
KeyExchange startKeyExchange(byte[] ucKDHCertificate)
int completeKeyExchange(List< RKLKeyInfo> rklKeyInfoList,byte[] ucEncryptedKeyBlock,int hashAlgorithm,byte[] ucKDHSignature)

Certificate exportDevicePublicKey() Returns a certificate object which contains resultCode and certificate as byte[]. If result code is not zero,you should look on error table that are listed at below. If succeed, result code will be zero and you will receive key as byte array.

KeyExchange startKeyExchange(byte[] ucKDHCertificate) Send your KDH Certificate as byte array, then key exchange method will return an object named as KeyExchange which contains result code in operation. If successful, result code will be zero and you will receive random number in object as byte[] . If result code is not zero,you should look on error table that are listed at below.

int completeKeyExchange(List< RKLKeyInfo> rklKeyInfoList,byte[] ucEncryptedKeyBlock,int hashAlgorithm,byte[] ucKDHSignature) After you have parameters to construct RKLKeyInfo class,that parameters which need to construct shown in snippet,

private int usKeyIndex;
private String usTokenKMSKeyType;
private String usTokenKMSKeyAlgorithm;
private byte[] baKeyCheckValue;

//Constructor
public RKLKeyInfo(int usKeyIndex,String usTokenKMSKeyType,
                  String usTokenKMSKeyAlgorithm,byte[] baKeyCheckValue)

send them as a list with parameters,also add ucEncryptedKeyBlock as byte[], select your hash algorithm below and add your ucKDHSignature as byte[].

int HASH_ALGO_SHA1 = 1;
int HASH_ALGO_SHA256 = 6;

When keyExchange completes, injection will start afterwards. If any problem occurs in injection step,you will get result code provided from injection provider. Also you should check error table provided below. If everything is smooth,then you'll get result code zero which means injection is also successful.

RKL Error Table

int RKLERROR_NO_ERROR = 0;                                         
int RKLERROR_CERTIFICATE_NOT_AVAILABLE = 501;            
int RKLERROR_INVALID_REQUESTED_LENGTH = 502;             
int RKLERROR_INVALID_STATUS = 503;                       
int RKLERROR_INVALID_TERM_KEY_BIT_SIZE = 504;            
int RKLERROR_INVALID_KEY_BLOCK_LENGTH = 505;             
int RKLERROR_INVALID_KDH_KEY_BIT_SIZE = 506;             
int RKLERROR_INVALID_SIGNATURE_BLOCK_LENGTH = 507;       
int RKLERROR_GET_DEVICE_SERIAL_ERROR = 508;              
int RKLERROR_NOT_ENOUGH_MEMORY = 509;                    
int RKLERROR_INVALID_KDH_SIGNATURE = 510;                
int RKLERROR_KEY_INJECTION_FAILED = 511;                 
int RKLERROR_KEY_INJECTION_FAILED_WTF = 512;             
int RKLERROR_INVALID_RND_BUFF_LEN = 513;                 
int RKLERROR_NO_PERMISSION = 514;                        
int RKLERROR_KEYSET_NOT_FOUND_FOR_KDH = 515;             
int RKLERROR_NO_PERMISSION_ON_KEYSET = 516;              
int RKLERROR_KDH_CERTIFICATE_NOT_FOUND = 517;            
int RKLERROR_KDH_CERTIFICATE_REVOKED = 518;              
int RKLERROR_PRIVATE_KEY_ERROR = 519;

int INVALID_PARA = 10497;                
int FAIL = 10498;                        
int SYSTEM_ERROR = 10499;                
int NOT_OWNER = 10500;                   
int KEY_NOT_EXIST = 10501;               
int KEYTYPE_INCORRECT = 10502;           
int KEY_NOT_ALLOWED = 10503;             
int KEY_VERIFY_INCORRECT = 10504;        
int NOT_SUPPORTED = 10505;               
int INSUFFICIENT_BUFFER = 10509;         
int DUKPT_KEY_NOT_GENERATED = 10510;     
int GET_PIN_ABORT = 10511;               
int GET_PIN_TIMEOUT = 10512;             
int GET_PIN_NULL_PIN = 10513;            
int KEY_VALUE_NOT_UNIQUE = 10515;        
int KEY_TYPE_NOT_MATCH = 10516;          
int DUKPT_KEY_EXPIRED = 10517;           
int PURPOSE_NOT_UNIQUE = 10518;          
int PINPAD_WIDTH_HEIGHT_NULL = 10519;    
int MULTIPLECMD_ID_ERROR = 10522;        
int MULTIPLECMD_CLASS_ERROR = 10523;     
int MULTIPLECMD_CMD_FAIL = 10524;        
int JAVAKMS_INVALID = 10672;             
int GETIKMS2API_FAIL = 10673;            
int GETIKMS2REMOTE_FAIL = 10674;

Sample Usage 

binding = new TokenRKLBinding(MainActivity.this, new TokenRKLCallbacks() {
    @Override public void onRKLConnected() {
        try {
            Certificate certificate = binding.exportDevicePublicKey(); //Your code
            KeyExchange exchange = binding.startKeyExchange(ucKDHCertificate);
            //Your code

            int result = completeKeyExchange(rklKeyInfoList, ucEncryptedKeyBlock,hashAlgorithm,ucKDHSignature);
            //Your code
        } catch (RemoteException e) {
            e.printStackTrace();
        }
    }

    @Override
    public void onRKLDisconnected() {
    
    }
    });
PreviousDevice LibraryNextTMS Service

Last updated