Key Management in SDK
The CPoC SDK supports multiple cryptographic key management for cryptographic operations.
Key Loading Method
- Loading symmetric key via RSA PKCSv1.5
- TR31 key loading (TDES†1 and AES)
Key Derivation Scheme
- DUKPT TDES†1 X9.24-2009
- DUKPT AES X9.24-2017
Key Algorithm
- RSA 2048/3072/4096 (encryption/ decryption, PKCSv1.5)
- AES 128/192/256 (encryption/ decryption, AES/CBC/PKCS7padding)
- TDES†1 16/24 (encryption/ decryption, TDES/CBC/PCKS7padding)
Random Number Generator 2
- Provides an HSM driven CTR-DRBG random number generator
†1 If you're developing a CPoC/ MPoC solution, you SHOULD NOT use the TDES key and algorithm in your application. AES is the preferred algorithm being used.
†2 Random number generator is only available after initialization. You shall not invoke a random number generator interface prior to completion of SDK initialization.