Key rollover for the macKey in TUPAS authentication method - SSO

Owned by ubisebastian
2021-01-19
1 min read

Banks provide a shared secret called macKey. macKeys typically need to be updated at regular intervals, typically every two years. Some banks provide a new macKey which is valid immediately, some banks require that the key is changed at a certain date and time. The procedures of each case are shown below:

If your bank provides a new Mac Key which is valid immediately:

  • macKey1
    Enter the new macKey provided by your bank.
  • keyvers
    Enter the new key version, only if provided by your bank (for example, 0002).
  • Press Update
    The new settings are available immediately.

If your bank provides a macKey which is only valid after a certain date and time:

To prevent service outages, it is possible to enter the new macKey provided by your bank before the old key expires. When the old key expires (macKey1), the software will automatically ensure that the new key is used – macKey2 is moved to macKey1.
If you have already configured a TUPAS authentication method and a bank has provided you with a new macKey, use the following fields:

  • macKey2
    Enter new macKey provided by your bank. macKeys are sensitive information and are therefore hidden from user view once entered.
  • macKey1ValidTo
    Enter date and time when the macKey1 will be replaced automatically by the macKey2 entered above. Use the format shown (yyyy-MM-dd HH:mm:ss).
  • Press Update
    The new macKey is used beginning at the date and time provided above.


Ubisecure Privacy Policy & Cookie Statement