Nexus/br.com.gertec.nexus.domain.emv.port.input/EMVPort/resetKernelCAPK

resetKernelCAPK

abstract fun resetKernelCAPK(): NexusRet

Resets all Certificate Authority Public Keys (CAPKs) stored in the EMV kernel for both contact and contactless transactions.

This method clears all previously loaded CAPKs from both contact and contactless EMV kernels. CAPKs are essential for EMV Offline Data Authentication (ODA) processes including Static Data Authentication (SDA), Dynamic Data Authentication (DDA), and Combined DDA/Application Cryptogram Generation (CDA). Resetting CAPKs effectively disables offline authentication until new CAPKs are loaded.

Reset operations typically include:

  1. Contact CAPK removal - Clears all contact EMV Certificate Authority Public Keys

  2. Contactless CAPK removal - Clears all contactless kernel Certificate Authority Public Keys

  3. Memory cleanup - Frees allocated memory used for CAPK storage

Data cleared includes:

  • Certificate Authority Public Key modulus and exponent values

  • CAPK indices and associated Registered Application Provider Identifiers (RIDs)

  • Hash algorithm indicators and key usage parameters

  • Expiration dates and validity periods

  • All cryptographic material used for offline data authentication

Prerequisites:

Post-conditions:

  • All CAPKs are removed from both contact and contactless kernels

  • Offline Data Authentication capabilities are disabled until new CAPKs are loaded

  • Kernels remain initialized but without cryptographic authentication keys

  • System is ready to receive new CAPK data via configuration methods

  • Memory allocated for CAPK data is freed

Usage scenarios:

  • Before loading updated or new CAPK sets

  • When switching between different certification authority configurations

Thread safety: Implementation should ensure thread-safe reset operations. Concurrent access during reset should be handled gracefully to prevent cryptographic data corruption.

Exceptions: This function MUST NOT throw any exception. Any error must be indicated through NexusRet Any unexpected error must be mapped as NexusRet.INTERR

Implementation notes:

  • Implementations should log detailed information about each reset step

  • Failed reset operations should provide clear error messages

  • Consider implementing secure memory wiping for cryptographic material

  • Ensure atomic operation where possible (all or nothing)

  • Does not throw any exception

Return

NexusRet indicating the reset operation result:

  • NexusRet.OK: All CAPKs successfully cleared from both kernels

  • NexusRet.INTERR: Internal error during reset operation

  • Other values: Specific reset errors as defined by the implementation

Example usage:

    val result = emvPort.resetKernelCAPK()
    if (result == NexusRet.OK) {
        // CAPKs cleared successfully
        println("EMV kernel CAPKs reset successfully")
        // Now ready to load new CAPK configurations
        // Note: Offline authentication is disabled until CAPKs are reloaded
    } else {
        // Handle reset failure
        println("Failed to reset EMV CAPKs: $result")
    }
Content copied to clipboard