IPP MS AND DUKPT COMMUNICATIONS PACKETS
IPP7
M
X
800 SERIES PROGRAMMERS GUIDE 287
1DES
The 1DES master keys loaded in the short-form method (that is, IPP6 key-only
format) have the 'ANY' and 1DES attributes set. The 1DES master keys in GISKE
format are be loaded in GISKE clear text without cryptographic protection, if the
KLK present flag is clear in the IPP. The MAC value is all zero bytes. The version
of the incoming key is checked. The version of the stored key is the version
carried in the GISKE message. The stored key attribute is set to that carried in the
GISKE message.
The 1DES master keys in GISKE format are loaded in cipher text under the
protection of the KLK, if the KLK present flag is set. The KLK master key must be
3DES. The version of the key is checked against the stored version. The version
of the stored key is the version carried in the GISKE message. The stored key
attribute is set to that carried in the GISKE message.
Master Key
Addressing
In Omni 33XX, all master key locations 0–9 can hold single-, double-, or triple-
length DES keys. Omni 33XX IPP7 can hold at most three triple-length keys.
Clear Text GISKE
Key Block Loading
Rule
The following are VeriFone-proprietary rules for GISKE key block loading, and are
not part of the ANSI GISKE specification.
• If the KLK is not loaded, the GISKE key block is loaded in clear text.
• The clear-text GISKE key bock must be padded to a length of 120 bytes, as
shown in the following examples.
Key
GISKE key block: 8 HB + 24 HB + 24 KB + 8 MAC
Cipher text GISKE key
block for transmit
(encrypted with KLK
or KEK):
8 HB + 48 eHB + 48 eKB + 16 MAC
Clear text GISKE key
block (MAC is all
zeros):
8 HB + 24 HB + 48 KB + 16 MAC
To pad the clear text GISKE key block to a total length of 120 bytes and be
consistent with its counterpart (that is, the cipher text GISKE key block), 24 HB
is expanded to 48 HB. The high and low nibbles of ASCII are converted to an
individual hex value. For example:
HB indicates the header block
KB indicates the key block
eHB indicates the encrypted header block
eKB indicates the encrypted key block.
D0A...
0x44 0x30 0x41 (ASCII)
expanded HB = 0x34 0x34 0x33 0x30 0x34 0x31 (hex)
To Next Page
Loading...
Need help?
General
