beautypg.com

Encrypted track data, Track 1 encrypted data – MagTek iDynamo MagneSafe V5 User Manual

Page 13

background image

Section 2. Communications

7

Bit 13

=

DUKPT Key Variant used to encrypt MagnePrint data.

0 = PIN Variant, 1 = Data Variant/Bidirectional

Bits 14-15 =

Unassigned (always set to Zero)


Notes:

(1) Encryption will only be performed when Encryption Enabled (bit 2) and Initial DUKPT

key Injected (bit 1) are set. Otherwise, data that are normally encrypted are sent in the
clear in ASCII HEX format; the DUKPT Serial Number/counter will not be sent.

(2) When DUKPT Keys Exhausted (bit 0) is set, the reader will no longer read cards and

after a card swipe, the reader response will be sent as follows:
[P30]
[P31]
[P35] [Reader Encryption Status]
[P35]
[P35]
[P35]
[P35]
[P35]
[P35] [Device serial number]
[P35] [Encrypted Session ID]
[P35] [DUKPT serial number/counter]
[P35] [Encryption Counter] (optional, OFF by default)
[P35] [Clear Text CRC]
[P35] [Encrypted CRC]
[P35] [Format Code]
[P34]


Encrypted Track Data

If decodable track data exists for a given track, both the Masked Track Data field and the
Encrypted Track Data field for that track will contain data.

The encrypted data from each track is decoded and converted to ASCII, then is encrypted. The
encrypted track data includes all data starting with the start sentinel and ending with the end
sentinel. The encryption begins with the first 8 bytes of the clear text track data. The 8-byte
result of this encryption is placed in the Encrypted Data buffer for the corresponding track. The
process continues using the CBC (Cipher Block Chaining) method with the encrypted 8 bytes
XORed with the next 8 bytes of clear text. That result is placed in next 8 bytes of the Encrypted
Data buffer and the process continues until all clear text bytes have been encrypted. If the final
block of clear text contains fewer than 8 bytes, it is padded with binary zeros to fill up the 8
bytes. After this final clear text block is XORed with the prior 8 bytes of encrypted data, it is
encrypted and placed in the Encrypted Data buffer. No Initial Vector is used in the process.

Decrypting the data must be done in 8 byte blocks, ignoring any final unused bytes in the last
block. See Appendix A for more information.

Track 1 Encrypted Data

This Binary field contains the encrypted track data for track 1.

See also other documents in the category MagTek Equipment: