python-fints
python-fints copied to clipboard
Published
20 hours ago •
raphaelm
raphaelm
Consorsbank: Error during dialog initialization, could not fetch BPD.
Describe the bug
Execution of the test script fails in line 37 (on entering the with-block) with the exception fints.exceptions.FinTSClientError: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.
Bank I tested this with Name of the bank: Consorsbank FinTS URL: https://brokerage-hbci.consorsbank.de/hbci
Expected behavior On entering the with-block a dialog should be opened with the bank.
Code required to reproduce Same as https://python-fints.readthedocs.io/en/latest/trouble.html, with
client_args = (
'76030080', # BLZ
ACCOUNTID,
PIN,
'https://brokerage-hbci.consorsbank.de/hbci' # ENDPOINT
)
Log output / error message
Log output
WARNING:fints.client:You should register your program with the ZKA and pass your own product_id as a parameter.
DEBUG:fints.connection:Sending >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
fints.message.FinTSCustomerMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 395, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '0', # Dialog-ID
message_number = 1, # Nachrichtennummer
),
fints.segments.message.HNVSK3( # Verschlüsselungskopf, version 3
header = fints.formals.SegmentHeader('HNVSK', 998, 3), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '998', # Sicherheitsfunktion, kodiert
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '0',
),
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2019, 12, 22),
time = datetime.time(20, 16, 34, 492484),
),
encryption_algorithm = fints.formals.EncryptionAlgorithm( # Verschlüsselungsalgorithmus
usage_encryption = fints.formals.UsageEncryption.OSY, # Owner Symmetric
operation_mode = fints.formals.OperationMode.CBC, # Cipher Block Chaining
encryption_algorithm = fints.formals.EncryptionAlgorithmCoded.TWOKEY3DES, # 2-Key-Triple-DES
algorithm_parameter_value = b'\x00\x00\x00\x00\x00\x00\x00\x00',
algorithm_parameter_name = fints.formals.AlgorithmParameterName.KYE, # Symmetrischer Schlüssel, verschlüsselt mit symmetrischem Schlüssel
algorithm_parameter_iv_name = fints.formals.AlgorithmParameterIVName.IVC, # Initialization value, clear text
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.V, # Schlüsselart: Chiffrierschlüssel
key_number = 0,
key_version = 0,
),
compression_function = fints.formals.CompressionFunction.NULL, # Komprimierungsfunktion: Keine Kompression
),
fints.segments.message.HNVSD1( # Verschlüsselte Daten, version 1
header = fints.formals.SegmentHeader('HNVSD', 999, 1), # Segmentkopf
data = fints.types.SegmentSequence([ # Daten, verschlüsselt
fints.segments.message.HNSHK4( # Signaturkopf, version 4
header = fints.formals.SegmentHeader('HNSHK', 2, 4), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '999', # Sicherheitsfunktion, kodiert
security_reference = '3124035', # Sicherheitskontrollreferenz
security_application_area = fints.formals.SecurityApplicationArea.SHM, # Bereich der Sicherheitsapplikation, kodiert: Signaturkopf und HBCI-Nutzdaten
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '0',
),
security_reference_number = 1, # Sicherheitsreferenznummer
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2019, 12, 22),
time = datetime.time(20, 16, 34, 492247),
),
hash_algorithm = fints.formals.HashAlgorithm( # Hashalgorithmus
usage_hash = '1',
hash_algorithm = '999',
algorithm_parameter_name = '1',
),
signature_algorithm = fints.formals.SignatureAlgorithm( # Signaturalgorithmus
usage_signature = '6',
signature_algorithm = '10',
operation_mode = '16',
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.S, # Schlüsselart: Signierschlüssel
key_number = 0,
key_version = 0,
),
),
fints.segments.auth.HKIDN2( # Identifikation, version 2
header = fints.formals.SegmentHeader('HKIDN', 3, 2), # Segmentkopf
bank_identifier = fints.formals.BankIdentifier( # Kreditinstitutskennung
country_identifier = '280',
bank_code = '76030080',
),
customer_id = ACCOUNTID, # Kunden-ID
system_id = '0', # Kundensystem-ID
system_id_status = fints.formals.SystemIDStatus.ID_NECESSARY, # Kundensystem-Status: Kundensystem-ID wird benötigt
),
fints.segments.auth.HKVVB3( # Verarbeitungsvorbereitung, version 3
header = fints.formals.SegmentHeader('HKVVB', 4, 3), # Segmentkopf
bpd_version = 0, # BPD-Version
upd_version = 0, # UPD-Version
language = fints.formals.Language2.DE, # Dialogsprache: Deutsch, 'de', Subset Deutsch, Codeset 1 (Latin 1)
product_name = 'DC333D745719C4BD6A6F9DB6A', # Produktbezeichnung
product_version = '3.0.0', # Produktversion
),
fints.segments.dialog.HKSYN3( # Synchronisierung, version 3
header = fints.formals.SegmentHeader('HKSYN', 5, 3), # Segmentkopf
synchronization_mode = fints.formals.SynchronizationMode.NEW_SYSTEM_ID, # Neue Kundensystem-ID zurückmelden
),
fints.segments.message.HNSHA2( # Signaturabschluss, version 2
header = fints.formals.SegmentHeader('HNSHA', 6, 2), # Segmentkopf
security_reference = '3124035', # Sicherheitskontrollreferenz
user_defined_signature = fints.formals.UserDefinedSignature( # Benutzerdefinierte Signatur
pin = '***',
),
),
]),
),
fints.segments.message.HNHBS1( # Nachrichtenabschluss
header = fints.formals.SegmentHeader('HNHBS', 7, 1), # Segmentkopf
message_number = 1, # Nachrichtennummer
),
])
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): brokerage-hbci.consorsbank.de:443
DEBUG:urllib3.connectionpool:https://brokerage-hbci.consorsbank.de:443 "POST /hbci HTTP/1.1" 200 None
DEBUG:fints.connection:Received <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
fints.message.FinTSInstituteMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 1719, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '000003PF18OOKL2PME9FH225D7Q3JL', # Dialog-ID
message_number = 1, # Nachrichtennummer
reference_message = fints.formals.ReferenceMessage( # Bezugsnachricht
dialog_id = '000003PF18OOKL2PME9FH225D7Q3JL',
message_number = 1,
),
),
fints.segments.message.HNVSK3( # Verschlüsselungskopf, version 3
header = fints.formals.SegmentHeader('HNVSK', 998, 3), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '998', # Sicherheitsfunktion, kodiert
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MR, # Message Receiver
cid = None,
identifier = '0',
),
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
),
encryption_algorithm = fints.formals.EncryptionAlgorithm( # Verschlüsselungsalgorithmus
usage_encryption = fints.formals.UsageEncryption.OSY, # Owner Symmetric
operation_mode = fints.formals.OperationMode.CBC, # Cipher Block Chaining
encryption_algorithm = fints.formals.EncryptionAlgorithmCoded.TWOKEY3DES, # 2-Key-Triple-DES
algorithm_parameter_value = b'\x00\x00\x00\x00\x00\x00\x00\x00',
algorithm_parameter_name = fints.formals.AlgorithmParameterName.KYP, # Symmetrischer Schlüssel, verschlüsselt mit öffentlichem Schlüssel
algorithm_parameter_iv_name = fints.formals.AlgorithmParameterIVName.IVC, # Initialization value, clear text
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.V, # Schlüsselart: Chiffrierschlüssel
key_number = 0,
key_version = 0,
),
compression_function = fints.formals.CompressionFunction.NULL, # Komprimierungsfunktion: Keine Kompression
),
fints.segments.message.HNVSD1( # Verschlüsselte Daten, version 1
header = fints.formals.SegmentHeader('HNVSD', 999, 1), # Segmentkopf
data = fints.types.SegmentSequence([ # Daten, verschlüsselt
fints.segments.dialog.HIRMG2( # Rückmeldungen zur Gesamtnachricht
header = fints.formals.SegmentHeader('HIRMG', 2, 2), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '3060',
reference_element = None,
text = 'Teilweise liegen Warnungen/Hinweise vor.',
),
],
),
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 3, 2, 3), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '0020',
reference_element = None,
text = 'Angemeldet.',
),
fints.formals.Response( # Rückmeldung
code = '0901',
reference_element = None,
text = 'PIN gültig.',
),
],
),
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 4, 2, 4), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '0020',
reference_element = None,
text = 'Informationen fehlerfrei entgegengenommen.',
),
fints.formals.Response( # Rückmeldung
code = '3050',
reference_element = None,
text = 'BPD nicht mehr aktuell. Aktuelle Version folgt.',
),
fints.formals.Response( # Rückmeldung
code = '3920',
reference_element = None,
text = 'Zugelassene Ein- und Zwei-Schritt-Verfahren für den Benutzer',
parameters = [
'900',
],
),
],
),
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 5, 2, 5), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '0020',
reference_element = None,
text = 'Die Synchronisierung der Kundensystem-ID war erfolgreich.',
),
],
),
fints.segments.bank.HIBPA3( # Bankparameter allgemein, version 3
header = fints.formals.SegmentHeader('HIBPA', 6, 3, 4), # Segmentkopf
bpd_version = 1, # BPD-Version
bank_identifier = fints.formals.BankIdentifier( # Kreditinstitutskennung
country_identifier = '280',
bank_code = '76030080',
),
bank_name = 'Consors', # Kreditinstitutsbezeichnung
number_tasks = 0, # Anzahl Geschäftsvorfallarten pro Nachricht
supported_languages = fints.formals.SupportedLanguages2( # Unterstützte Sprachen
languages = [
fints.formals.Language2.DE, # Deutsch, 'de', Subset Deutsch, Codeset 1 (Latin 1)
fints.formals.Language2.EN, # Englisch, 'en', Subset Englisch, Codeset 1 (Latin 1)
],
),
supported_hbci_version = fints.formals.SupportedHBCIVersions2( # Unterstützte HBCI-Versionen
versions = [
'201',
'210',
'220',
'300',
'400',
],
),
max_message_length = 100, # Maximale Nachrichtengröße
),
fints.segments.bank.HIKOM4( # Kommunikationszugang rückmelden, version 4
header = fints.formals.SegmentHeader('HIKOM', 7, 4, 4), # Segmentkopf
bank_identifier = fints.formals.BankIdentifier( # Kreditinstitutskennung
country_identifier = '280',
bank_code = '76030080',
),
default_language = fints.formals.Language2.DE, # Standardsprache: Deutsch, 'de', Subset Deutsch, Codeset 1 (Latin 1)
communication_parameters = [ # Kommunikationsparameter
fints.formals.CommunicationParameter2( # Kommunikationsparameter
service_type = fints.formals.ServiceType2.HTTPS, # Kommunikationsdienst: https
address = 'https://brokerage-hbci.consorsbank.de/hbci', # Kommunikationsadresse
filter_function = 'MIM', # Filterfunktion
filter_function_version = 1, # Version der Filterfunktion
),
],
),
fints.segments.accounts.HISPAS1( # SEPA-Kontoverbindung anfordern, Parameter, version 1
header = fints.formals.SegmentHeader('HISPAS', 8, 1, 4), # Segmentkopf
max_number_tasks = 1, # Maximale Anzahl Aufträge
min_number_signatures = 1, # Anzahl Signaturen mindestens
security_class = fints.formals.SecurityClass.NONE, # Sicherheitsklasse: Kein Sicherheitsdienst erforderlich
parameter = fints.formals.GetSEPAAccountParameter1( # Parameter SEPA-Kontoverbindung anfordern
single_account_query_allowed = True, # Einzelkontenabruf erlaubt
national_account_allowed = True, # Nationale Kontoverbindung erlaubt
structured_purpose_allowed = True, # Strukturierter Verwendungszweck erlaubt
supported_sepa_formats = [ # Unterstützte SEPA-Datenformate
'urn:iso:std:iso:20022:tech:xsd:pain.001.001.03', # Unterstützte SEPA-Datenformate
'urn:iso:std:iso:20022:tech:xsd:pain.001.003.03', # Unterstützte SEPA-Datenformate
'urn:iso:std:iso:20022:tech:xsd:pain.001.002.03', # Unterstützte SEPA-Datenformate
'urn:swift:xsd:$pain.001.002.02', # Unterstützte SEPA-Datenformate
'sepade.pain.001.001.02.xsd', # Unterstützte SEPA-Datenformate
],
),
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIKAZS', 9, 7, 4), # Segmentkopf
_additional_data = ['1', '1', '0', ['90', 'J', 'N']],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HISALS', 10, 3, 4), # Segmentkopf
_additional_data = ['1', '1'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIKAZS', 11, 6, 4), # Segmentkopf
_additional_data = ['1', '1', '1', ['90', 'J', 'N']],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HICCSS', 12, 1, 4), # Segmentkopf
_additional_data = ['1', '1', '0'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIKAZS', 13, 5, 4), # Segmentkopf
_additional_data = ['1', '1', ['90', 'J', 'N']],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIKAZS', 14, 4, 4), # Segmentkopf
_additional_data = ['1', '1', ['90', 'J']],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('XIADAS', 15, 1, 4), # Segmentkopf
_additional_data = ['1', '1'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIKAZS', 16, 3, 4), # Segmentkopf
_additional_data = ['1', '1', ['90', 'J']],
),
fints.segments.auth.HITANS6(
header = fints.formals.SegmentHeader('HITANS', 17, 6, 4), # Segmentkopf
max_number_tasks = 1, # Maximale Anzahl Aufträge
min_number_signatures = 1, # Anzahl Signaturen mindestens
security_class = fints.formals.SecurityClass.NONE, # Sicherheitsklasse: Kein Sicherheitsdienst erforderlich
parameter = fints.formals.ParameterTwostepTAN6(
onestep_method_allowed = False,
multiple_tasks_allowed = False,
task_hash_algorithm = fints.formals.TaskHashAlgorithm.RIPEMD_160, # Auftrags-Hashwertverfahren: RIPEMD-160
twostep_parameters = [
fints.formals.TwoStepParameters6(
security_function = '900', # Sicherheitsfunktion kodiert
tan_process = '2', # TAN-Prozess
tech_id = 'MS1.0.0', # Technische Identifikation TAN-Verfahren
zka_id = 'photoTAN', # ZKA TAN-Verfahren
zka_version = None, # Version ZKA TAN-Verfahren
name = 'SecurePlus', # Name des Zwei-Schritt-Verfahrens
max_length_input = 8, # Maximale Länge des Eingabewertes im Zwei-Schritt-Verfahren
allowed_format = fints.formals.AllowedFormat.NUMERIC, # Erlaubtes Format im Zwei-Schritt-Verfahren: numerisch
text_return_value = 'Secure Plus TAN', # Text zur Belegung des Rückgabewertes im Zwei-Schritt-Verfahren
max_length_return_value = 999, # Maximale Länge des Rückgabewertes im Zwei-Schritt-Verfahren
multiple_tans_allowed = True, # Mehrfach-TAN erlaubt
tan_time_dialog_association = fints.formals.TANTimeDialogAssociation.NOT_ALLOWED, # TAN Zeit- und Dialogbezug: TAN nicht zeitversetzt / dialogübergreifend erlaubt
cancel_allowed = False, # Auftragsstorno erlaubt
sms_charge_account_required = fints.formals.SMSChargeAccountRequired.MUST_NOT, # SMS-Abbuchungskonto erforderlich: SMS-Abbuchungskonto darf nicht angegeben werden
principal_account_required = fints.formals.PrincipalAccountRequired.MUST_NOT, # Auftraggeberkonto erforderlich: Auftraggeberkonto darf nicht angegeben werden
challenge_class_required = False, # Challenge-Klasse erforderlich
challenge_structured = True, # Challenge strukturiert
initialization_mode = fints.formals.InitializationMode.CLEARTEXT_PIN_NO_TAN, # Initialisierungsmodus: Initialisierungsverfahren mit Klartext-PIN und ohne TAN
description_required = fints.formals.DescriptionRequired.MUST_NOT, # Bezeichnung des TAN-Medium erforderlich: Bezeichnung des TAN-Mediums darf nicht angegeben werden
response_hhd_uc_required = True, # Antwort HHD_UC erforderlich
supported_media_number = 1, # Anzahl unterstützter aktiver TAN-Medien
),
],
),
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIWPDS', 18, 2, 4), # Segmentkopf
_additional_data = ['1', '1', 'J'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIWPDS', 19, 6, 4), # Segmentkopf
_additional_data = ['1', '1', '0', ['J', 'J', 'J']],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIWPDS', 20, 5, 4), # Segmentkopf
_additional_data = ['1', '1', ['J', 'J', 'J']],
),
fints.segments.journal.HIPROS4( # Statusprotokoll Parameter, version 4
header = fints.formals.SegmentHeader('HIPROS', 21, 4, 4), # Segmentkopf
max_number_tasks = 1, # Maximale Anzahl Aufträge
min_number_signatures = 1, # Anzahl Signaturen mindestens
security_class = fints.formals.SecurityClass.NONE, # Sicherheitsklasse: Kein Sicherheitsdienst erforderlich
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIWPDS', 22, 4, 4), # Segmentkopf
_additional_data = ['1', '1', ['J', 'J', 'J']],
),
fints.segments.journal.HIPROS3( # Statusprotokoll Parameter, version 3
header = fints.formals.SegmentHeader('HIPROS', 23, 3, 4), # Segmentkopf
max_number_tasks = 1, # Maximale Anzahl Aufträge
min_number_signatures = 1, # Anzahl Signaturen mindestens
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HIWPDS', 24, 3, 4), # Segmentkopf
_additional_data = ['1', '1', 'J'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('XIADSS', 25, 1, 4), # Segmentkopf
_additional_data = ['1', '1'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HISALS', 26, 4, 4), # Segmentkopf
_additional_data = ['1', '1'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HISALS', 27, 5, 4), # Segmentkopf
_additional_data = ['1', '1'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('HISALS', 28, 6, 4), # Segmentkopf
_additional_data = ['1', '1', '0'],
),
fints.segments.base.FinTS3Segment(
header = fints.formals.SegmentHeader('DIPINS', 29, 1, 4), # Segmentkopf
_additional_data = ['1', '1', ['HKSPA', 'N', 'HKKAZ', 'N', 'HKSAL', 'N', 'HKCCS', 'J', 'XKADA', 'N', 'HKTAN', 'N', 'HKWPD', 'N', 'HKPRO', 'N', 'XKADS', 'N']],
),
fints.segments.auth.HIPINS1( # PIN/TAN-spezifische Informationen, version 1
header = fints.formals.SegmentHeader('HIPINS', 30, 1, 4), # Segmentkopf
max_number_tasks = 1, # Maximale Anzahl Aufträge
min_number_signatures = 1, # Anzahl Signaturen mindestens
security_class = fints.formals.SecurityClass.NONE, # Sicherheitsklasse: Kein Sicherheitsdienst erforderlich
parameter = fints.formals.ParameterPinTan( # Parameter PIN/TAN-spezifische Informationen
transaction_tans_required = [
fints.formals.TransactionTanRequired(
transaction = 'HKSPA',
tan_required = False,
),
fints.formals.TransactionTanRequired(
transaction = 'HKKAZ',
tan_required = False,
),
fints.formals.TransactionTanRequired(
transaction = 'HKSAL',
tan_required = False,
),
fints.formals.TransactionTanRequired(
transaction = 'HKCCS',
tan_required = True,
),
fints.formals.TransactionTanRequired(
transaction = 'XKADA',
tan_required = False,
),
fints.formals.TransactionTanRequired(
transaction = 'HKTAN',
tan_required = False,
),
fints.formals.TransactionTanRequired(
transaction = 'HKWPD',
tan_required = False,
),
fints.formals.TransactionTanRequired(
transaction = 'HKPRO',
tan_required = False,
),
fints.formals.TransactionTanRequired(
transaction = 'XKADS',
tan_required = False,
),
],
),
),
fints.segments.dialog.HISYN4( # Synchronisierungsantwort
header = fints.formals.SegmentHeader('HISYN', 31, 4, 5), # Segmentkopf
system_id = '000003PF18PG4C3RRPFB2NON53UQ3K', # Kundensystem-ID
),
]),
),
fints.segments.message.HNHBS1( # Nachrichtenabschluss
header = fints.formals.SegmentHeader('HNHBS', 32, 1), # Segmentkopf
message_number = 1, # Nachrichtennummer
),
])
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
DEBUG:fints.connection:Sending >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
fints.message.FinTSCustomerMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 423, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '000003PF18OOKL2PME9FH225D7Q3JL', # Dialog-ID
message_number = 2, # Nachrichtennummer
),
fints.segments.message.HNVSK3( # Verschlüsselungskopf, version 3
header = fints.formals.SegmentHeader('HNVSK', 998, 3), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '998', # Sicherheitsfunktion, kodiert
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '000003PF18PG4C3RRPFB2NON53UQ3K',
),
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2019, 12, 22),
time = datetime.time(20, 16, 35, 285589),
),
encryption_algorithm = fints.formals.EncryptionAlgorithm( # Verschlüsselungsalgorithmus
usage_encryption = fints.formals.UsageEncryption.OSY, # Owner Symmetric
operation_mode = fints.formals.OperationMode.CBC, # Cipher Block Chaining
encryption_algorithm = fints.formals.EncryptionAlgorithmCoded.TWOKEY3DES, # 2-Key-Triple-DES
algorithm_parameter_value = b'\x00\x00\x00\x00\x00\x00\x00\x00',
algorithm_parameter_name = fints.formals.AlgorithmParameterName.KYE, # Symmetrischer Schlüssel, verschlüsselt mit symmetrischem Schlüssel
algorithm_parameter_iv_name = fints.formals.AlgorithmParameterIVName.IVC, # Initialization value, clear text
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.V, # Schlüsselart: Chiffrierschlüssel
key_number = 0,
key_version = 0,
),
compression_function = fints.formals.CompressionFunction.NULL, # Komprimierungsfunktion: Keine Kompression
),
fints.segments.message.HNVSD1( # Verschlüsselte Daten, version 1
header = fints.formals.SegmentHeader('HNVSD', 999, 1), # Segmentkopf
data = fints.types.SegmentSequence([ # Daten, verschlüsselt
fints.segments.message.HNSHK4( # Signaturkopf, version 4
header = fints.formals.SegmentHeader('HNSHK', 2, 4), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '999', # Sicherheitsfunktion, kodiert
security_reference = '7835602', # Sicherheitskontrollreferenz
security_application_area = fints.formals.SecurityApplicationArea.SHM, # Bereich der Sicherheitsapplikation, kodiert: Signaturkopf und HBCI-Nutzdaten
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '000003PF18PG4C3RRPFB2NON53UQ3K',
),
security_reference_number = 1, # Sicherheitsreferenznummer
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2019, 12, 22),
time = datetime.time(20, 16, 35, 285354),
),
hash_algorithm = fints.formals.HashAlgorithm( # Hashalgorithmus
usage_hash = '1',
hash_algorithm = '999',
algorithm_parameter_name = '1',
),
signature_algorithm = fints.formals.SignatureAlgorithm( # Signaturalgorithmus
usage_signature = '6',
signature_algorithm = '10',
operation_mode = '16',
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.S, # Schlüsselart: Signierschlüssel
key_number = 0,
key_version = 0,
),
),
fints.segments.dialog.HKEND1( # Dialogende, version 1
header = fints.formals.SegmentHeader('HKEND', 3, 1), # Segmentkopf
dialog_id = '000003PF18OOKL2PME9FH225D7Q3JL', # Dialog-ID
),
fints.segments.message.HNSHA2( # Signaturabschluss, version 2
header = fints.formals.SegmentHeader('HNSHA', 4, 2), # Segmentkopf
security_reference = '7835602', # Sicherheitskontrollreferenz
user_defined_signature = fints.formals.UserDefinedSignature( # Benutzerdefinierte Signatur
pin = '***',
),
),
]),
),
fints.segments.message.HNHBS1( # Nachrichtenabschluss
header = fints.formals.SegmentHeader('HNHBS', 5, 1), # Segmentkopf
message_number = 2, # Nachrichtennummer
),
])
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): brokerage-hbci.consorsbank.de:443
DEBUG:urllib3.connectionpool:https://brokerage-hbci.consorsbank.de:443 "POST /hbci HTTP/1.1" 200 None
DEBUG:fints.connection:Received <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
fints.message.FinTSInstituteMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 312, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '000003PF18OOKL2PME9FH225D7Q3JL', # Dialog-ID
message_number = 2, # Nachrichtennummer
reference_message = fints.formals.ReferenceMessage( # Bezugsnachricht
dialog_id = '000003PF18OOKL2PME9FH225D7Q3JL',
message_number = 2,
),
),
fints.segments.message.HNVSK3( # Verschlüsselungskopf, version 3
header = fints.formals.SegmentHeader('HNVSK', 998, 3), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '998', # Sicherheitsfunktion, kodiert
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MR, # Message Receiver
cid = None,
identifier = '000003PF18PG4C3RRPFB2NON53UQ3K',
),
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
),
encryption_algorithm = fints.formals.EncryptionAlgorithm( # Verschlüsselungsalgorithmus
usage_encryption = fints.formals.UsageEncryption.OSY, # Owner Symmetric
operation_mode = fints.formals.OperationMode.CBC, # Cipher Block Chaining
encryption_algorithm = fints.formals.EncryptionAlgorithmCoded.TWOKEY3DES, # 2-Key-Triple-DES
algorithm_parameter_value = b'\x00\x00\x00\x00\x00\x00\x00\x00',
algorithm_parameter_name = fints.formals.AlgorithmParameterName.KYP, # Symmetrischer Schlüssel, verschlüsselt mit öffentlichem Schlüssel
algorithm_parameter_iv_name = fints.formals.AlgorithmParameterIVName.IVC, # Initialization value, clear text
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.V, # Schlüsselart: Chiffrierschlüssel
key_number = 0,
key_version = 0,
),
compression_function = fints.formals.CompressionFunction.NULL, # Komprimierungsfunktion: Keine Kompression
),
fints.segments.message.HNVSD1( # Verschlüsselte Daten, version 1
header = fints.formals.SegmentHeader('HNVSD', 999, 1), # Segmentkopf
data = fints.types.SegmentSequence([ # Daten, verschlüsselt
fints.segments.dialog.HIRMG2( # Rückmeldungen zur Gesamtnachricht
header = fints.formals.SegmentHeader('HIRMG', 2, 2), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '0100',
reference_element = None,
text = 'Der Dialog wurde beendet.',
),
],
),
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten
header = fints.formals.SegmentHeader('HIRMS', 3, 2, 3), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '0020',
reference_element = None,
text = 'Abgemeldet.',
),
],
),
]),
),
fints.segments.message.HNHBS1( # Nachrichtenabschluss
header = fints.formals.SegmentHeader('HNHBS', 4, 1), # Segmentkopf
message_number = 2, # Nachrichtennummer
),
])
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
DEBUG:fints.connection:Sending >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
fints.message.FinTSCustomerMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 496, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '0', # Dialog-ID
message_number = 1, # Nachrichtennummer
),
fints.segments.message.HNVSK3( # Verschlüsselungskopf, version 3
header = fints.formals.SegmentHeader('HNVSK', 998, 3), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 2, # Version des Sicherheitsverfahrens
),
security_function = '998', # Sicherheitsfunktion, kodiert
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '000003PF18PG4C3RRPFB2NON53UQ3K',
),
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2019, 12, 22),
time = datetime.time(20, 16, 35, 556284),
),
encryption_algorithm = fints.formals.EncryptionAlgorithm( # Verschlüsselungsalgorithmus
usage_encryption = fints.formals.UsageEncryption.OSY, # Owner Symmetric
operation_mode = fints.formals.OperationMode.CBC, # Cipher Block Chaining
encryption_algorithm = fints.formals.EncryptionAlgorithmCoded.TWOKEY3DES, # 2-Key-Triple-DES
algorithm_parameter_value = b'\x00\x00\x00\x00\x00\x00\x00\x00',
algorithm_parameter_name = fints.formals.AlgorithmParameterName.KYE, # Symmetrischer Schlüssel, verschlüsselt mit symmetrischem Schlüssel
algorithm_parameter_iv_name = fints.formals.AlgorithmParameterIVName.IVC, # Initialization value, clear text
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.V, # Schlüsselart: Chiffrierschlüssel
key_number = 0,
key_version = 0,
),
compression_function = fints.formals.CompressionFunction.NULL, # Komprimierungsfunktion: Keine Kompression
),
fints.segments.message.HNVSD1( # Verschlüsselte Daten, version 1
header = fints.formals.SegmentHeader('HNVSD', 999, 1), # Segmentkopf
data = fints.types.SegmentSequence([ # Daten, verschlüsselt
fints.segments.message.HNSHK4( # Signaturkopf, version 4
header = fints.formals.SegmentHeader('HNSHK', 2, 4), # Segmentkopf
security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil
security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren
security_method_version = 1, # Version des Sicherheitsverfahrens
),
security_function = '900', # Sicherheitsfunktion, kodiert
security_reference = '1977795', # Sicherheitskontrollreferenz
security_application_area = fints.formals.SecurityApplicationArea.SHM, # Bereich der Sicherheitsapplikation, kodiert: Signaturkopf und HBCI-Nutzdaten
security_role = fints.formals.SecurityRole.ISS, # Rolle des Sicherheitslieferanten, kodiert: Erfasser, Erstsignatur
security_identification_details = fints.formals.SecurityIdentificationDetails( # Sicherheitsidentifikation, Details
identified_role = fints.formals.IdentifiedRole.MS, # Message Sender
cid = None,
identifier = '000003PF18PG4C3RRPFB2NON53UQ3K',
),
security_reference_number = 1, # Sicherheitsreferenznummer
security_datetime = fints.formals.SecurityDateTime( # Sicherheitsdatum und -uhrzeit
date_time_type = fints.formals.DateTimeType.STS, # Sicherheitszeitstempel
date = datetime.date(2019, 12, 22),
time = datetime.time(20, 16, 35, 555454),
),
hash_algorithm = fints.formals.HashAlgorithm( # Hashalgorithmus
usage_hash = '1',
hash_algorithm = '999',
algorithm_parameter_name = '1',
),
signature_algorithm = fints.formals.SignatureAlgorithm( # Signaturalgorithmus
usage_signature = '6',
signature_algorithm = '10',
operation_mode = '16',
),
key_name = fints.formals.KeyName( # Schlüsselname
bank_identifier = fints.formals.BankIdentifier(
country_identifier = '280',
bank_code = '76030080',
),
user_id = ACCOUNTID,
key_type = fints.formals.KeyType.S, # Schlüsselart: Signierschlüssel
key_number = 0,
key_version = 0,
),
),
fints.segments.auth.HKIDN2( # Identifikation, version 2
header = fints.formals.SegmentHeader('HKIDN', 3, 2), # Segmentkopf
bank_identifier = fints.formals.BankIdentifier( # Kreditinstitutskennung
country_identifier = '280',
bank_code = '76030080',
),
customer_id = ACCOUNTID, # Kunden-ID
system_id = '000003PF18PG4C3RRPFB2NON53UQ3K', # Kundensystem-ID
system_id_status = fints.formals.SystemIDStatus.ID_NECESSARY, # Kundensystem-Status: Kundensystem-ID wird benötigt
),
fints.segments.auth.HKVVB3( # Verarbeitungsvorbereitung, version 3
header = fints.formals.SegmentHeader('HKVVB', 4, 3), # Segmentkopf
bpd_version = 1, # BPD-Version
upd_version = 0, # UPD-Version
language = fints.formals.Language2.DE, # Dialogsprache: Deutsch, 'de', Subset Deutsch, Codeset 1 (Latin 1)
product_name = 'DC333D745719C4BD6A6F9DB6A', # Produktbezeichnung
product_version = '3.0.0', # Produktversion
),
fints.segments.auth.HKTAN6( # Zwei-Schritt-TAN-Einreichung, version 6
header = fints.formals.SegmentHeader('HKTAN', 5, 6), # Segmentkopf
tan_process = '4', # TAN-Prozess
segment_type = 'HKIDN', # Segmentkennung
parameter_challenge_class = fints.formals.ParameterChallengeClass( # Parameter Challenge-Klasse
parameters = [
None,
# 8 empty items skipped
],
),
),
fints.segments.message.HNSHA2( # Signaturabschluss, version 2
header = fints.formals.SegmentHeader('HNSHA', 6, 2), # Segmentkopf
security_reference = '1977795', # Sicherheitskontrollreferenz
user_defined_signature = fints.formals.UserDefinedSignature( # Benutzerdefinierte Signatur
pin = '***',
),
),
]),
),
fints.segments.message.HNHBS1( # Nachrichtenabschluss
header = fints.formals.SegmentHeader('HNHBS', 7, 1), # Segmentkopf
message_number = 1, # Nachrichtennummer
),
])
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): brokerage-hbci.consorsbank.de:443
DEBUG:urllib3.connectionpool:https://brokerage-hbci.consorsbank.de:443 "POST /hbci HTTP/1.1" 200 None
DEBUG:fints.connection:Received <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
fints.message.FinTSInstituteMessage([
fints.segments.message.HNHBK3( # Nachrichtenkopf
header = fints.formals.SegmentHeader('HNHBK', 1, 3), # Segmentkopf
message_size = 211, # Größe der Nachricht (nach Verschlüsselung und Komprimierung)
hbci_version = 300, # HBCI-Version
dialog_id = '000003PF18QPG8989E84DQOTM8A6JH', # Dialog-ID
message_number = 1, # Nachrichtennummer
reference_message = fints.formals.ReferenceMessage( # Bezugsnachricht
dialog_id = '000003PF18QPG8989E84DQOTM8A6JH',
message_number = 1,
),
),
fints.segments.dialog.HIRMG2( # Rückmeldungen zur Gesamtnachricht
header = fints.formals.SegmentHeader('HIRMG', 2, 2), # Segmentkopf
responses = [ # Rückmeldung
fints.formals.Response( # Rückmeldung
code = '9800',
reference_element = None,
text = 'Der Dialog wurde abgebrochen.',
),
fints.formals.Response( # Rückmeldung
code = '9010',
reference_element = None,
text = 'Ungültiger Signaturaufbau: Fehler im Segmentaufbau.',
),
],
),
fints.segments.message.HNHBS1( # Nachrichtenabschluss
header = fints.formals.SegmentHeader('HNHBS', 3, 1), # Segmentkopf
message_number = 1, # Nachrichtennummer
),
])
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Traceback (most recent call last):
File "testscript.py", line 37, in <module>
with f:
File "/home/sonic/devel/projects/pynab-converter/venv/lib/python3.8/site-packages/fints/client.py", line 251, in __enter__
self._standing_dialog.__enter__()
File "/home/sonic/devel/projects/pynab-converter/venv/lib/python3.8/site-packages/fints/dialog.py", line 37, in __enter__
self.init()
File "/home/sonic/devel/projects/pynab-converter/venv/lib/python3.8/site-packages/fints/dialog.py", line 85, in init
retval = self.send(*segments, internal_send=True)
File "/home/sonic/devel/projects/pynab-converter/venv/lib/python3.8/site-packages/fints/dialog.py", line 156, in send
self.client.process_response_message(self, response, internal_send=internal_send)
File "/home/sonic/devel/projects/pynab-converter/venv/lib/python3.8/site-packages/fints/client.py", line 230, in process_response_message
self._process_response(dialog, None, response)
File "/home/sonic/devel/projects/pynab-converter/venv/lib/python3.8/site-packages/fints/client.py", line 1284, in _process_response
raise FinTSClientError("Error during dialog initialization, could not fetch BPD. Please check that you "
fints.exceptions.FinTSClientError: Error during dialog initialization, could not fetch BPD. Please check that you passed the correct bank identifier to the HBCI URL of the correct bank.
The relevant log line is
Ungültiger Signaturaufbau: Fehler im Segmentaufbau.
But nothing looks wrong about the segments :thinking:
Your Log output: fints.segments.message.HNSHK4( # Signaturkopf, version 4 header = fints.formals.SegmentHeader('HNSHK', 2, 4), # Segmentkopf security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren security_method_version = 1, # Version des Sicherheitsverfahrens
Change field security_method_version. It must be 2 in all messages using two-step-procedure .according to document
ZKA Document : https://www.hbci-zka.de/dokumente/spezifikation_deutsch/fintsv3/FinTS_3.0_Security_Sicherheitsverfahren_PINTAN_2018-02-23_final_version.pdf
Page 58:
B.9.1 DEG „Sicherheitsprofil“
Sicherheitsverfahren, Code „PIN“ : bei allen Nachrichten
Version des Sicherheitsverfahrens:
„1“ : bei allen Nachrichten, wenn Dialog im Einschritt-Verfahren
„2“ : bei allen Nachrichten, wenn Dialog im Zwei-Schritt-Verfahren
Last message received from the bank contains no challenge of TAN-input due to the wrong setting security_method_version=1. First customer message (synchronisation) works with security_method_version=1, because CONSORS don't request "strong authenfication" in this case
How can we use this to fix the issue? I am willing to help but I have almost no knowledge of how FinTS or this library work. I played around with my pycharm debugger inside the client.py file to force the client to use PinTanDummyEncryptionMechanism(2), i.e. security version 2, in every case. This did not yield any improvement. My init_tan_response is always None so I looked up how it is filled in dialog.py. It turns out that get_tan_mechanisms() for Consorsbank always returns None because self.bpd.segments is only an empty list. Here is where I hit a wall. I looked up how SegmentSequence objects are defined which is the type of bpd but I cannot find out where it should have been populated.
It seems, Consorsbank does not send any information on 1) that it requires a TAN and 2) which TAN methods they support. Maybe they do not implement the API correctly. However, Banking4A on Android is able to connect to Consorsbank after requesting a TAN. It should be possible somehow but their code is not accessible: https://subsembly.com/fints-api.html...
Could someone try pointing me into the correct direction? I can try to do the legwork.
It also works with Hibiscus / hcbi4java. Here are my logs for fetching transactions:
0} Synchronizing Account: Lohn/Gehalt/Rente Privat, IBAN <REDACTED> [BNP Paribas...eutschland]
HNHBK:1:3+000000000497+300+0+1'HNVSK:998:3+PIN:2+998+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1:20191009:143115+2:2:13:@8@��������:5:1+280:76030080:<REDACTED>:V:0:0+0'HNVSD:999:1+@303@HNSHK:2:4+PIN:2+900+1217806788+1+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1+1:20191009:143115+1:999:1+6:10:16+280:76030080:<REDACTED>:S:0:0'HKIDN:3:2+280:76030080+<REDACTED>+000003TGFQ2N83NP5R5MFEJ6L690RB+1'HKVVB:4:3+1+0+1+A44C2953982351617D475443E+2.8'HKTAN:5:6+4+HKIDN++++N'HNSHA:6:2+1217806788++<REDACTED>''HNHBS:7:1+1'
HNHBK:1:3+000000000585+300+000003TGG22D2H2GTFGEKCFCE90JGQ+1+000003TGG22D2H2GTFGEKCFCE90JGQ:1'HIRMG:2:2:+0010::Die Nachricht wurde entgegengenommen.'HIRMS:3:2:3+0030::Auftrag empfangen - Sicherheitsfreigabe erforderlich.+0901::PIN gültig.'HIRMS:4:2:4+0020::Informationen fehlerfrei entgegengenommen.+3920::Zugelassene Ein- und Zwei-Schritt-Verfahren für den Benutzer:900'HITAN:5:6:5+4++000003TGG22D2H2GTFGEKCFCE90JGQvb+Bitte TAN eingeben.'HNHBS:6:1+1'
HNHBK:1:3+000000000452+300+000003TGG22D2H2GTFGEKCFCE90JGQ+2'HNVSK:998:3+PIN:2+998+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1:20191009:143127+2:2:13:@8@��������:5:1+280:76030080:<REDACTED>:V:0:0+0'HNVSD:999:1+@229@HNSHK:2:4+PIN:2+900+1851964325+1+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1+1:20191009:143116+1:999:1+6:10:16+280:76030080:<REDACTED>:S:0:0'HKTAN:3:6+2+HKIDN+++000003TGG22D2H2GTFGEKCFCE90JGQvb+N'HNSHA:4:2+1851964325++<REDACTED>:07377448''HNHBS:5:1+2'
HNHBK:1:3+000000002373+300+000003TGG22D2H2GTFGEKCFCE90JGQ+2+000003TGG22D2H2GTFGEKCFCE90JGQ:2'HIRMG:2:2:+3060::Teilweise liegen Warnungen/Hinweise vor.'HIRMS:3:2:3+0020::Angemeldet.+3050::BPD nicht mehr aktuell. Aktuelle Version folgt.+3050::UPD nicht mehr aktuell. Aktuelle Version folgt.+3920::Zugelassene Ein- und Zwei-Schritt-Verfahren für den Benutzer:900'HITAN:4:6:3+2++000003TGG22D2H2GTFGEKCFCE90JGQvb'HIBPA:5:3:3+1+280:76030080+Consors+0+1:2+201:210:220:300:400+100'HIKOM:6:4:3+280:76030080+1+3:https?://brokerage-hbci.consorsbank.de/hbci::MIM:1'HISPAS:7:1:3+1+1+0+J:J:J:urn?:iso?:std?:iso?:20022?:tech?:xsd?:pain.001.002.03:urn?:swift?:xsd?:$pain.001.002.02:sepade.pain.001.001.02.xsd:urn?:iso?:std?:iso?:20022?:tech?:xsd?:pain.008.002.02:urn?:swift?:xsd?:$pain.008.002.01:sepade.pain.008.001.01.xsd'HIKAZS:8:7:3+1+1+0+30:J:N'HISALS:9:3:3+1+1'HIKAZS:10:6:3+1+1+1+90:J:N'HICCSS:11:1:3+1+1+0'HIKAZS:12:5:3+1+1+90:J:N'HIKAZS:13:4:3+1+1+90:J'XIADAS:14:1:3+1+1'HIKAZS:15:3:3+1+1+90:J'HITANS:16:6:3+1+1+0+N:N:1:900:2:MS1.0.0:photoTAN::SecurePlus:8:1:Secure Plus TAN:999:J:1:N:0:0:N:J:00:0:J:1'HIWPDS:17:2:3+1+1+J'HIWPDS:18:6:3+1+1+0+J:J:J'HIWPDS:19:5:3+1+1+J:J:J'HIPROS:20:4:3+1+1+0'HIWPDS:21:4:3+1+1+J:J:J'HIPROS:22:3:3+1+1'HIWPDS:23:3:3+1+1+J'XIADSS:24:1:3+1+1'HISALS:25:4:3+1+1'HISALS:26:5:3+1+1'HISALS:27:6:3+1+1+0'HIPINS:28:1:3+1+1+0+:::::HKSPA:N:HKKAZ:J:HKSAL:J:HKCCS:J:XKADA:N:HKTAN:N:HKWPD:N:HKPRO:N:XKADS:N'HIUPA:29:4:3+<REDACTED>+0+0+<REDACTED>'HIUPD:30:6:3+<REDACTED>::280:76030080++<REDACTED>++EUR+<REDACTED>++Depot++HKWPD:1+HKPRO:1'HIUPD:31:6:3+<REDACTED>::280:76030080+DE65760300800<REDACTED>+<REDACTED>++EUR+<REDACTED>++Lohn/Gehalt/Rente Privat++HKCCS:1+HKKAZ:1+HKSPA:1+HKSAL:1+HKPRO:1'HIUPD:32:6:3+<REDACTED>::280:76030080+DE74760300800<REDACTED>+<REDACTED>++EUR+<REDACTED>++Kontokorrentkonto Privat++HKCCS:1+HKKAZ:1+HKSPA:1+HKSAL:1+HKPRO:1'HIUPD:33:6:3+<REDACTED>::280:76030080+DE05760300800<REDACTED>+<REDACTED>++EUR+<REDACTED>++Tagesgeldkonto++HKCCS:1+HKKAZ:1+HKSPA:1+HKSAL:1+HKPRO:1'HIUPD:34:6:3+<REDACTED>::280:76030080+DE80760300800<REDACTED>+<REDACTED>++EUR+<REDACTED>++Lohn/Gehalt/Rente Privat++HKCCS:1+HKKAZ:1+HKSPA:1+HKSAL:1+HKPRO:1'HNHBS:35:1+2'
HNHBK:1:3+000000000442+300+000003TGG22D2H2GTFGEKCFCE90JGQ+3'HNVSK:998:3+PIN:2+998+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1:20191009:143128+2:2:13:@8@��������:5:1+280:76030080:<REDACTED>:V:0:0+0'HNVSD:999:1+@219@k:2:4+PIN:2+900+1949792619+1+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1+1:20191009:143128+1:999:1+6:10:16+280:76030080:<REDACTED>:S:0:0'HKSAL:3:6+<REDACTED>::280:76030080+N'HKTAN:4:6+4+HKSAL'HNSHA:5:2+1949792619++<REDACTED>''HNHBS:6:1+3'
HNHBK:1:3+000000000542+300+000003TGG22D2H2GTFGEKCFCE90JGQ+3+000003TGG22D2H2GTFGEKCFCE90JGQ:3'HIRMG:2:2:+3060::Teilweise liegen Warnungen/Hinweise vor.'HIRMS:3:2:3+0020::Der Auftrag wurde ausgeführt.+3076::Keine starke Authentifizierung erforderlich.'HISAL:4:6:3+<REDACTED>::280:76030080+Lohn/Gehalt/Rente Privat+EUR+C:<REDACTED>:EUR:20191008++3800,:EUR+10035,16:EUR'HITAN:5:6:4+4++noref+nochallenge'HNHBS:6:1+3'
HNHBK:1:3+000000000477+300+000003TGG22D2H2GTFGEKCFCE90JGQ+4'HNVSK:998:3+PIN:2+998+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1:20191009:143128+2:2:13:@8@��������:5:1+280:76030080:<REDACTED>:V:0:0+0'HNVSD:999:1+@254@HNSHK:2:4+PIN:2+900+1641636270+1+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1+1:20191009:143128+1:999:1+6:10:16+280:76030080:<REDACTED>:S:0:0'HKKAZ:3:7+DE65760300800<REDACTED>:CSDBDE71XXX:<REDACTED>::280:76030080+N'HKTAN:4:6+4+HKKAZ'HNSHA:5:2+1641636270++<REDACTED>''HNHBS:6:1+4'
HNHBK:1:3+000000022038+300+000003TGG22D2H2GTFGEKCFCE90JGQ+4+000003TGG22D2H2GTFGEKCFCE90JGQ:4'HIRMG:2:2:+3060::Teilweise liegen Warnungen/Hinweise vor.'HIRMS:3:2:3+0020::Der Auftrag wurde ausgeführt.+3076::Keine starke Authentifizierung erforderlich.'HIKAZ:4:7:3+@21586@
<TRANSACTIONS>
-'HITAN:5:6:4+4++noref+nochallenge'HNHBS:6:1+4'
HNHBK:1:3+000000000429+300+000003TGG22D2H2GTFGEKCFCE90JGQ+5'HNVSK:998:3+PIN:2+998+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1:20191009:143129+2:2:13:@8@��������:5:1+280:76030080:<REDACTED>:V:0:0+0'HNVSD:999:1+@206@HNSHK:2:4+PIN:2+900+1547567324+1+1+1::000003TGFQ2N83NP5R5MFEJ6L690RB+1+1:20191009:143129+1:999:1+6:10:16+280:76030080:<REDACTED>:S:0:0'HKEND:3:1+000003TGG22D2H2GTFGEKCFCE90JGQ'HNSHA:4:2+1547567324++<REDACTED>''HNHBS:5:1+5'
HNHBK:1:3+000000000312+300+000003TGG22D2H2GTFGEKCFCE90JGQ+5+000003TGG22D2H2GTFGEKCFCE90JGQ:5'HIRMG:2:2:+0100::Der Dialog wurde beendet.'HIRMS:3:2:3+0020::Abgemeldet.'HNHBS:4:1+5'
In all messages the security version is 2: HNSHK:2:4+PIN:2.
I also got hcbi4java's sample script UmsatzAbrufPinTan.java to work. If you're interested, here's a run-down of what I did:
- Fill in
USER,BLZ, andPIN - Modify the
MyHBCICallbackclass to handleNEED_PT_TANandNEED_PT_SECMECH. I did something like this:
case NEED_PT_SECMECH:
String code = "900";
retData.replace(0, retData.length(), code);
break;
case NEED_PT_TAN:
String flicker = retData.toString();
if (flicker != null && flicker.length() > 0) {
throw new RuntimeException("Not implemented");
} else {
// Ist smsTAN, iTAN, o.ae.
// Dialog zur TAN-Eingabe anzeigen mit dem Text aus "msg".
Scanner input = new Scanner(System.in);
System.out.println(msg);
String tan = input.next();
System.out.println("Got TAN: " + tan);
retData.replace(0, retData.length(), tan);
input.close();
}
break;
- Getting the accounts with
passport.getAccounts()doesn't always work. Sometimes the IBAN and BIC are not properly transmitted and/or parsed. Instead, fill them in manually, e.g.,
Konto[] konten = passport.getAccounts();
if (konten == null || konten.length == 0)
error("Keine Konten ermittelbar");
Konto k = konten[0];
for (Konto konto:konten) {
if (konto.number.equals("<KONTONUMMER>")) {
k = konto;
if (k.iban == null || k.bic == null) {
k.iban = "<IBAN>";
k.bic = "<BIC>";
}
break;
}
}
if (k.iban == null) {
throw new RuntimeException("Nope");
}
Hello,
I tried to modify the code in such a way that the secure method matches the hbci4java method:
# client.py
def fetch_tan_mechanisms(self):
self.set_tan_mechanism('900')
# security.py
def sign_prepare(self, message: FinTSMessage):
_now = datetime.datetime.now()
rand = random.SystemRandom()
self.pending_signature = HNSHK4(
security_profile=SecurityProfile(SecurityMethod.PIN, 2),
...
As a response from Consorbank I receive:
fints.formals.Response( # Rückmeldung
code = '9075',
reference_element = None,
text = 'Starke Authentifizierung erforderlich.',
)
In the FinTS Specs they say: "Unterstützt ein Kreditinstitut die starke Kundenauthentifizierung mithilfe von HKTANab #6, so sollte ein Kundenprodukt in die Segmentfolge der Dialoginitialisierung grundlegend ein HKTAN-Segmentab #6 einstellen, um ggf. einen Rückmeldungscode 3075 bzw. 9075 zu vermeiden"
However, in client.py I found the comment "Implementing HKTAN#6 implies support for Strong Customer Authentication (SCA) which may require TANs for many more operations including dialog initialization. We do not currently support that."
My question is, does it mean that SCA/HKTAN#6 is not supported yet? As I see it, Consorbank requires SCA for further requests, correct me, if I'm wrong.
I hope it helps solving the issue.
Your Log output: fints.segments.message.HNSHK4( # Signaturkopf, version 4 header = fints.formals.SegmentHeader('HNSHK', 2, 4), # Segmentkopf security_profile = fints.formals.SecurityProfile( # Sicherheitsprofil security_method = fints.formals.SecurityMethod.PIN, # Sicherheitsverfahren security_method_version = 1, # Version des Sicherheitsverfahrens
Change field security_method_version. It must be 2 in all messages using two-step-procedure .according to document
How do you change this field?
Each use of class HNSHK4 (SiganturKopf.) in messages must use class SecurityProfile with security_method_version = 2
e.g. security_profile=SecurityProfile(SecurityMethod.PIN, 2),
class HNSHK4(FinTS3Segment):
"""Signaturkopf, version 4
Source: FinTS Financial Transaction Services, Sicherheitsverfahren HBCI"""
security_profile = DataElementGroupField(type=SecurityProfile, _d="Sicherheitsprofil")
security_function = DataElementField(type='code', max_length=3, _d="Sicherheitsfunktion, kodiert")
security_reference = DataElementField(type='an', max_length=14, _d="Sicherheitskontrollreferenz")
security_application_area = CodeField(SecurityApplicationArea, max_length=3, _d="Bereich der Sicherheitsapplikation, kodiert")
security_role = CodeField(SecurityRole, max_length=3, _d="Rolle des Sicherheitslieferanten, kodiert")
security_identification_details = DataElementGroupField(type=SecurityIdentificationDetails, _d="Sicherheitsidentifikation, Details")
security_reference_number = DataElementField(type='num', max_length=16, _d="Sicherheitsreferenznummer")
security_datetime = DataElementGroupField(type=SecurityDateTime, _d="Sicherheitsdatum und -uhrzeit")
hash_algorithm = DataElementGroupField(type=HashAlgorithm, _d="Hashalgorithmus")
signature_algorithm = DataElementGroupField(type=SignatureAlgorithm, _d="Signaturalgorithmus")
key_name = DataElementGroupField(type=KeyName, _d="Schlüsselname")
certificate = DataElementGroupField(type=Certificate, required=False, _d="Zertifikat")
In FinTS you find setting of security_method_version=1 in module security.py / class PinTanAuthenticationMechanism. I don't know if there are any side-effects if you change this line. In my project I used it this way - but I don't use batch-processing.
security_profile=SecurityProfile(SecurityMethod.PIN, 2)
Each message must contain a HKTAN6 segment, if BPD Data (Bankdata) announces a TAN challenge to use HKKAZ, HKWPD, HKSAL, ....
class PinTanAuthenticationMechanism(AuthenticationMechanism):
def __init__(self, pin):
self.pin = pin
self.pending_signature = None
self.security_function = None
def sign_prepare(self, message: FinTSMessage):
_now = datetime.datetime.now()
rand = random.SystemRandom()
self.pending_signature = HNSHK4(
security_profile=SecurityProfile(SecurityMethod.PIN, 1),
............
Hi.
I have the same problem connecting to Consors as initially described by Pete. Is there a known workaround for this problem?
I was wondering about the log file which also contains this paragraph:
fints.segments.dialog.HIRMS2( # Rückmeldungen zu Segmenten header = fints.formals.SegmentHeader('HIRMS', 3, 2, 3), # Segmentkopf responses = [ # Rückmeldung fints.formals.Response( # Rückmeldung code = '0020', reference_element = None, text = 'Abgemeldet.', ), ], ),
Isn't this causing the problem? So that the relevant log line described by raphaelm (Ungültiger Signaturaufbau: Fehler im Segmentaufbau.) above is just a consequence as the bank already ended the dialog and logged out the user?
Best regards, Christian.
