By default, encrypting communications between the MER and the point of sale, on device charging requires two root keys—Mer Private chargeKey (MPcK) and Mer Private readKey (MPrK)—that are installed into each MER, and generate a specific and separate keyset for each merchant. The keys, which are 192 bits in size, are used by 3-DES algorithms (DESede/CBC/PKCS5Padding).
In addition, on device charging requires an addition MPsK key for signing the transactions and producing an eToken (a signed transaction). By default, the encryption algorithm used by on device charing/MER for signing the generated transactions is RSA/ECB/PKCS1Padding.
However, the user can alternatively switch on a 3-DES algorithm (DESede/CBC/PKCS5Padding) to generate a smaller signature size and, thus, increase the number of eTokens that can be stored into the secure element. You must install the Bouncycastle package on the server side for verifying the eTokens.
java -jar com.sap.odc.tool.security.odckeytool-1.0.0.RELEASE.jar gen_odc_keys -url < smp_server_url> -login <mobiliser_user_login> -passwd <passwd> [-desSigning]
You can generate keys only once, during installation. Attempting to generate on device charging private keys multiple times prevents the deployed MER from communicating with the existing registered merchant point of sale, and also prevents existing customers from using on device charging with new merchants.