| Interface | Description |
|---|---|
| SecureKeyStore |
Represents a collection of Secure Keys and typically stores them in some
persistent storage.
|
| SMAdapter<T> |
A class that implements the SMAdapter interface would act as an
adapter to the real security module device (by communicating with it using
its proprietary protocol).
|
| Class | Description |
|---|---|
| BaseSMAdapter<T> |
Provides base functionality for the actual Security Module Adapter.
|
| CryptographicServiceMessage |
Cryptographic Service Message (CSM for short).
|
| EncryptedPIN |
The PIN (Personal Identification Number), is used to authenticate card
holders.
|
| ExtKeyUsage |
Defines the primary usage of the key contained in the key block.
|
| KeySerialNumber |
Key Serial Number (also called Key Name in the ANSI X9.24).
|
| KeyUsage |
Defines the primary usage of the key contained in the key block.
|
| SecureDESKey |
The SecureDESKey class represents:
Single, double or triple length DES keys that are secured by a security module. |
| SecureKey |
Represents a key that cannot be used except by your security module and for
performing the operations allowed by the security module for this type
of keys.
|
| SecureKeyBlock |
The class represents a secure key in key block form (TR-31 or derivatives).
|
| SecureKeyBlockBuilder |
The builder class to create and parse key block structure.
|
| SecureKeySpec |
This class contains a set of desirable key properties that can be passed to
an HSM device for example to generate a key or import it.
|
| SecurePrivateKey |
The
SecurePrivateKey class wraps any private key, which is protected
by the security module with variant methods. |
| SecureVariantKey |
The
SecureVariantKey class wraps any keys that are secured by
the security module with variant methods. |
| SensitiveString | |
| SimpleKeyFile |
Implements SecureKeyStore using a properties file.
|
| SystemSeed | |
| Util |
Util class contains some useful methods.
|
| Enum | Description |
|---|---|
| Algorithm |
Defines the cryptographic algorithm with which the key contained in the key
block will be used.
|
| ARPCMethod |
Indicate method for generation of the ARPC used for issuer authentication
Described in EMV v4.2 Book 2 section 8.2 |
| CipherMode |
Block cipher modes.
|
| Exportability |
Defines the conditions under which the key contained in the key block can be
exported outside the cryptographic domain in which the key is found.
|
| KeyScheme |
Key Encription Scheme.
|
| MKDMethod |
Indicate method for the derivation by the issuer of a 16-byte
ICC Master Key used for Application Cryptogram generation,
issuer authentication, and secure messaging.
|
| ModeOfUse |
Defines the operation that the key contained in the key block can perform.
|
| PaddingMethod |
Indicate padding method for encripting data (e.g.
|
| SKDMethod |
Indicate method for derivation by the issuer of a 16-byte
Unique DEA Key UDK (Session Key) used for Application Cryptogram generation,
issuer authentication, and secure messaging.
|
| Exception | Description |
|---|---|
| CryptographicServiceMessage.ParsingException | |
| SecureKeyStore.SecureKeyStoreException | |
| SMException |
Signals that a Security Module exception of some sort has occurred.
|
| WeakPINException |
Signals that a Weak PIN exception has occurred.
|
Key management, MAC, PIN encryption related classes.
Allows for the realization of the ANSI X9.17 and the ANSI X9.24.
It relies on a security module for performing the required cryptographic operations, so you do not need any knowledge about the JavaTM Cryptography Architecture (JCA) or the JavaTM Cryptography Extension (JCE) to use jPOS Security.
The term "Security Module" is so generic, it ranges from the big "Host Security Module" devices (HSMs) used by Interchanges and Hosts to the tiny smart card based TRSMs (Tamper Resistant Security Modules) that reside in Encrypting PIN Entry Devices (PEDs). There are also software based security modules like JCESecurityModule provided with jPOS security.
You will need a Security Module adapter for your specific security module to be able to use it with jPOS Security. The provided "JCE Security Module" does not need a separate adapter, it plugs automatically in jPOS. Implementing Adapters for other security modules (like Thales Host Security Modules) should be straight forward (just by extending BaseSMAdapter and implementing your Security Module's proprietary protocol)
Note: The terms "Security Module" (used in ANSI X9.24) and "Cryptographic Module" (used ANSI X9.17) are synonyms. We will be using the term "Security Module" (SM for short).