Comment on page
Encryption key (auth_key)
To secure the authentication process, the data exchanged between the APP and the PKSA will be encrypted using an encryption key (
auth_key). By encrypting these data, the HAS will be unaware of what's going on between the APP and the PKSA and unable to tamper with the authentication process.
auth_keyshould be stored by the APP if it plans to perform transactions later.
Each account managed by the APP should use a different
The APP should create a new
auth_keyeach time it authenticates an account and should never reuse it for another authentication.
For the PKSA to be able to decrypt the payload sent to it by the APP, the APP will have to share it with the PKSA. This can be done in two ways: