beautypg.com

Encryption keys, Load dukpt initial key – MagTek USB MagnePrint Swipe Reader with Encryption User Manual

Page 54

background image

USB MagnePrint Swipe Reader with Encryption

46

ENCRYPTION KEYS

Load DUKPT Initial Key

This command should only be used in a secure environment.


Command number:

7

Description:

This command is used in the Derived Unique Key Per Transaction
(DUKPT) Key Management scheme to load the initial key (as two
components) in the clear. This command may be used multiple times.
Each use completely initializes the DUKPT Key Management scheme,
losing all information about the previous scheme.

This command has two parts and the key is not loaded until the second
part is executed.

• The first part loads one of the components of the key; the second

part loads the other component.

• The first component must be entered first; the second component

must be entered within two minutes of the first part.

• There must be no loss of power to the device between the entry of

the first and second components.

• The two components are combined by XORing in the unit to create

the final key.

• On receipt of the correctly formatted first part, the DUKPT Key

Management scheme is initialized, losing all information about
previous DUKPT keys, and the new first component is stored in
secure memory in anticipation of receipt of the second component.

• On receipt of the second component, both components are

combined by XORing and the DUKPT Key Management scheme
is completely initialized.


Data structure:

Request Data: First Part:

Offset Field

Name

Description

0

Part Number

Part Number, always a 1

1 Initial

Key

Component (first
part)

This component must be 16 bytes long.

Request Data: Second Part:

Offset Field

Name

Description

0

Part Number

Part Number, always a 2

1 Key

Serial

Number Register.

This eighty-bit field includes the Initial Key
Serial Number in the leftmost 59 bits and a
value for the Encryption Counter in the
rightmost 21 bits. The value for the
Encryption Counter must be 0.

11 Initial

Key

Component
(second part)

This component must be 16 bytes long.

See also other documents in the category MagTek Equipment: