1. John Oxley
  2. crypto-utils

Overview

What is this

crypto-utils is my own crypto project. I started it to try and learn how DUKPT keys work.
Right now, that's all that's in here, although the Utilities class has some useful methods.

THIS IS NOT SUITABLE FOR USE IN PRODUCTION. IT IS A LEARNING EXERCISE

DUKPT

I worked out DUKPT generation from the Thales Simulator. There is a lot of magic in there that I don't understand. DO NOT TRUST THIS CODE

There is a class KeySerialNumber which sets up the KSN. This contains important info like the transaction counter, the TRSM id and other stuff... At some point I will change this so it can be packed into an ISO message.

The DerivedKey.calculateIpek calculates the initial pin encryption key. This I think gets loaded onto the device with the TRSM id. The BDK stays only on the host.

The DerivedKey.calculateDerivedKey will take the BDK and KSN and use it to calculate the key that is used to encrypt the pinblock. It does this by mashing the IPEK with the KSN data together.

AFAIK, the pinblock is always in ISO-0 (ANSI X9.8) format. I may be wrong.

I don't know how DUKPT MACcing works at all :( If someone would like to tell me, please log an issue.

To summarise, the things I don't understand and would like help with:

  • A reference document of some sort, obviously public domain for this project
  • Register 3
  • Register 8
  • The way the IPEK is mashed into the KSN to produce the derived key
  • Exactly how the key is loaded into the pinpad/terminal