Encryption key (auth_key)
To secure the authentication process, the data exchanged between the APP and the PKSA will be encrypted using an encryption key (
auth_key). By encrypting these data, the HAS will be unaware of what's going on between the APP and the PKSA and unable to tamper with the authentication process.
Before initiating the authentication process, the APP must create an
auth_keyfor each account it manages. We recommend using a uuid to strengthen security.
auth_keyshould be stored by the APP if it plans to perform transactions later.
Each account managed by the APP should use a different
The APP should create a new
auth_keyeach time it authenticates an account and should never reuse it for another authentication.
For the PKSA to be able to decrypt the payload sent to it by the APP, the APP will have to share it with the PKSA. This can be done in two ways:
- 1.by embedding it in a QR code that the PKSA mobile app will scan
- 2.by encrypting it and embedding it in the
auth_reqauthentication payload when running your own PKSA in Service Mode