901 - PKI901 Configuration Loader After PKI process
- goofy.liu
- Hamdy Atakora (Unlicensed)
- Will.Feng (Deactivated)
- Mindy Yang
Objectives, PKI901:
- All necessary settings loading after PKI loading : Certificates Ready; RKI-KEK Ready; Secure Key(s) (Optionally) Ready (i.e. After the process of PKI001 → PKI002 → PKI003 done)
- Non-PKI stuffs loading functions support - Example: TransArmor Certificates.
- EMV L2 Customized Settings support - Example: Encryption Mode(MSR/MSD; EMV) Enable
- Customized ViVOTech2 IDG Commands Frame Send/Recv Loader.
Objectives - 2nd, PKI901.White List Editor:
- To provide the editor of SMFG+SMSG white list (timestamp version) send frame.
User Guide - PKI901
| Version | Date | Comments | Approved |
|---|---|---|---|
| Add RS232 interface & troubleshooting support | ||
|
|
User Guide - PKI901, White List Editor Version
(Branch from PKI901 V1.01.007)
| Version | Date | Comments | Approved |
|---|---|---|---|
PKI901_WhiteListEditor_UserGuide.txt - Draft 01 |
| Initial Draft Version | |
Supported Platforms:
NEO 2.0
AR 3.0.0
Note 01 - What are PEM, CRT, CER, and DER ?
Ref Link : http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/
Supported Model List
- Function Matrix Information. 502 - Wiki : PKI
- Trans Armor definitions.
| Product | Comment |
|---|---|
VP5300 |
SPTP2-988-33-2C-0C (Production) PEM download : PEM_SPTP2-988-33-2C-0C.7z | |
IDT-CERT-P-2-T01 rev A | Cert;Prod;TransArmor;Root;2048 |
IDT-CERT-P-2-T02 rev A | Cert;Prod;TransArmor;CA;2048 |
|
|
SPTP2-988-33-2CD-0C (Demo) PEM Download : PEM_SPTP2-988-33-2CD-0C.7z | |
IDT-CERT-P-2-T01 rev A | Cert;Prod;TransArmor;Root;2048 |
IDT-CERT-T-2-T02 rev 50 | Cert;Test;TransArmor;CA;2048 |
|
Removed request. |
When to use PKI901 ?
Stage 01.Production Assembly →
Stage 02.Run TS for Production Test, PASSED →
Stage 03.PKI Process (PKI001~003 or more), Download default IDTech Certificates and default IDTech Keys →
Stage 04.Run (*01) PKI901 (Customized Configurations) Tool. → Done.
Note *01. Shanghai Team developed the Configuration Mode in Universal TS (UTS).
Note 02. Please reference Part Number List in the confluence page: 502 - Wiki : PKI
ToDo List
1.PID XML Config File Supports.
File Name: "NEO2_Devices.xml"
External / Reference Libraries
| Item | Description |
|---|---|
OpenSSL | OpenSSL tool ("openssl.exe") is used for PEM to DER openssl x509 -outform der -in CERTIFICATE.pem -out CERTIFICATE.der Note: if Visual C++ Redistributable Packages is required, please download it from Microsoft website.
|
TA Certificate Check Command | |
| Ref IDG Commands | Production Cert Name List TA Root CA Cert: TACA TA Interm CA Cert: TACAP1 Demo Cert Name List |
Download List 2 - PKI901 for white list version
| Ver | Date | Description | Approved |
|---|---|---|---|
V 1.01.008 | |||
| 1.Fixed issues. 1.A PIN(PAN) WhiteList Tag Invalid : DFEE21 Correct : DFEF21
1.B AID WhiteList Tag Invalid : DFEE22 Correct : DFEF22 | ||
V1.01.007 | |||
| 1.Fixed issues. 1.a white list one entry parsing issue in PAN/BIN or AID List. 1.b Unsigned data structure issue. 1.b.1 old: <Main><Sub><(*), 2 bytes><(*) 2 bytes><time stamp><(*)2 bytes, TLV data size><TLVs(white list)><(*) 2 bytes><RSA.SHA1-Dev Signed data, 256 bytes> 1.b.2 correct: <Main><Sub><time stamp><TLVs(white list)> 2.Functions Added 2.1 ViVOTech2 Send Frame in #09 ================== Running Steps | ||
| Tab Pan A01, V1.01.008
Tab Pane A02 |
Download List
| Ver | Date | Description | Approved by PN List / Version |
|---|---|---|---|
V 1.01.007 | TE-823 TE-699 - Getting issue details... STATUS TE-593 - Getting issue details... STATUS | ||
|
IDVV-580801 : TA Cert Root+Interm
| ||
| [+] SPTP2-988-33-2C-EC : TA Cert Root+Interm [+] SPTP2-988-33-2CD-EC: TA Cert Root+Interm (Interm = Demo Version) | ||
| 1.P/N List Updated [+] 80152001-003 - VP5300 : TA Cert Root+Interm [+] 80152001-005 - VP5300 : TA Cert Root+Interm ------------------ [+] 80152001-004 - VP5300 : TA Cert Root+Interm (Demo:Mid) [+] 80152001-006 - VP5300 : TA Cert Root+Interm (Demo:Mid) | ||
| |||
|
1.Adding Tx/Rx Retrying to prevent from broken send frame. Using thread-safe mechanism. | ||
|
[M] IDVV-580801-TL, Script File Check before all kind of EMV L2 commands being executed... (a)Adding 04-0A Reset to Default and System Upexecution. (b)Adding Waiting Timer for the DUT system up (c)Adding Connection / Disconnection command b | ||
|
[M] IDVV-580801-TL, Script File Check mode scope : [QC]+ [QC-US] Adding DFEE38(08) + 5F2A(0949) checks in System Groups... group scope: 00, 80, 90, A0, B0, C0, D0, | ||
|
[M] IDVV-580801-TL Removed MSR/MSD/EMV Security Flag Check in the script file. | ||
|
[+] IDVV-580801-TL, Global TLVs Set & Checks, Turkish A. Set Turkish Language: Change tag DFEE38 to “08” B. Set Turkish Currency: Change tag 5F2A for all groups and AIDs to “0949”. | ||
V 1.01.006 | |||
| goofy.liuV 1.01.006-C01, 2019 Aug 14. goofy.liu 1.P/N Updated, [X] = Removed [X]IDEM-841RPD - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A [X]IDEM-851RPD - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A [X]IDEM-241RP - Augusta [X]IDEM-241RPD - Augusta [X]IDEM-251RP - Augusta [X]IDEM-251RPD - Augusta [X]IDEM-841RP - Augusta S [X]IDEM-841RPD - Augusta S [X]IDEM-851RP - Augusta S [X]IDEM-851RPD - Augusta S 2.Updated UI Display a. PASS, S/N FAIL, S/N
| SHA-512: D36858C8370A9233159DBE65EA8DD8EFDA12CAD096712B165FEF70779EE043939B0F16C6A0472207F0B5DF91A5BF48DAD8F16C66BE8C0CBB167F699C62E06745 | |
V 1.01.005 | |||
| |||
|
[+] IDVV-580909CP, TransArmor-RI, Non-SRED, Encryption Mode ON(EMV+MSD/MSR) A.Product: VP6300 [FWInfo] = VP6300 FW v1.00.048.0319 Test USB Boot Loader Version : 31 2E 31 32, 1.12
[+]IDVV-580801PD, IDVV-580909CP, and IDVV-580909CP-US. C7-36, C7-37 for Encryption Mode Set/Check | ||
V1.01.004 |
| ||
| V 1.01.004-C01, 2019 June 12. goofy.liu, FW:
(+)SPTP2-988-33-2C-0C-J1, for VP5300. TransArmor CA Root + Interm Download. To be noted that .. this P/N’s TA Certificates = SPTP2-988-33-2C-0C’s. | ||
V1.01.003 |
| ||
V1.01.002 |
| 1.Add sleep time to slow send data speed CRC32:0c0fd8b1 | |
V1.01.001 |
| 1.NGA format support CRC32:c2be7a8a | |
V 1.00.009 |
| ||
(+) IDEM-241RP - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A (+) IDEM-241RPD - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A (+) IDEM-251RP - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A (+) IDEM-251RPD - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A
---[USB KB PID]--- (+) 3810 = Augusta (+) 3910 = Augusta S ---[USB HID PID]--- (+) 3820 = Augusta (+) 3830 = Augusta CPR TTK (+) 3920 = Augusta S
| |||
(-) IDVV-581801P-US (+) IDEM-841RPD - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A (+) IDEM-851RPD - : TA Cert Interm, TA Cert DEK. [X]TA Cert Root-N/A
2.A HID Type August - 0x3820 August S - 0x3920 August S CPR(TTK) - 0x3830 2.B KB Type August - 0x3810 August S - 0x3910 | |||
V 1.00.008 |
| ||
Mindy Yang
C419D29410E95B27C84BFBF765094875605993B4BF484A0687A471089CE3861C9957CD554D39456CC9D34E9C7D7A3FF9ED68AA4FD1310121C1A725B87B012AC3 | |||
(+) IDVV-581801P - VP6300 : TA Root Cert, TA Interm Cert (M) IDVV-580801-US - VP6300 USAT : App Data Tx/Rx List Updated.
(+) =4442, USAT | Mindy Yang
| ||
V 1.00.007 |
| ||
- IDMR-PBT71 - VP3310 BLE : PCD Antenna Parameters - IDMR-PBT71D - VP3310 BLE : PCD Antenna Parameters | |||
- IDMR-PBT71 - VP3310 BLE : PCD Antenna Parameters - IDMR-PBT71D - VP3310 BLE : PCD Antenna Parameters M IDVV-580801-US - VP6300 USAT: Contact L2 Configuration (Terminal Data)
- = removed item M = Modified item
Updated CT_TerminalData.txt : TerminalData _4C_v02.txt | |||
+ IDVV-580801-US - VP6300 USAT: Contact L2 Configuration (AppData,Terminal,and CAKeys)
| |||
V 1.00.006 | |||
| |||
V 1.00.005 | |||
The 2nd and later UUT TA Cert Information is automatically verified depending on 1st UUT's.
| |||
V 1.00.004 | |||
1.Fixed RS232->USB-HID toggling problem. 2.Fixed RS232 no closed after running done. | |||
How to toggle interface between USB-HID and RS232 ? Press mouse right key on the [RUN - XXX] Button before running..
| |||
V 1.00.003 | |||
1.Remove TA Data Cert. [-] PEM\SPTP2-988-33-2CD-0C\IDT-CERT-T-2-T03.PEM Removed Request e-mail | |||
V 1.00.002 | |||
1.Add Part Number Support, for VP5300 2.Rename exe file to PKI901_TA_CertTool.exe 3.Add Tool Instruction Document (i.e. User Guide) 801XXXXX-TI-Rev 53_VP5300_TA_CertTool.docx
| |||
V1.00.001 | |||
1.Initial Version 2.USB-HID Interface ONLY Operation Steps: Click [Select Files] → select file (PEM; txt;), multiple selection support → Click [Run] --> PASS / FAIL
|
White List Download Tool
| Version | Comment | Approved by |
|---|---|---|
V 1.00.010 | ||
old: RS232 new: USB-HID To cycle these interfaces by performing right-clicking mouse @ Run button.
| ||
goofy.liu Will.Feng (Deactivated)
(+)2018_ICSWhiteList - old style white list (+)2019_ICSWhiteList - new style white list Kevin Vo White List Load Request RE Update TA_Loader_V1.00.001-C01.msg Update TA_Loader_V1.00.001-C01.msg Comment: The new commands are 9309 and 9119. The length is included in the text file. You have to add the IDG header and CRC at the end. The new software should be compatible with the old and new files. You can compare the first two bytes to determine if old or new format file. If 0C00, then old format, else new format. Something like that. The IDG Command to retrieve white list information. 2C-53, to retrieve white list information. |