0% found this document useful (0 votes)

79 views

Cardpaymentprotocolssecurity 2.1

This document provides guidance on card payment protocols security. It describes cryptographic message syntax data structures, key management mechanisms including DUKPT, UKPT and RSAES-OAEP, and encryption mechanisms for CBC. Recommendations are provided on protecting messages.

Uploaded by

ericsmso

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

79 views

Cardpaymentprotocolssecurity 2.1

Uploaded by

ericsmso

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 123

1

3 Card Payment Protocols

4 Security
5

8
9
10
11

12 Version 2.1
13 1st April 2017
14

© 2017 nexo AISBL All rights reserved.

This information is protected by international intellectual property laws and its use is governed by the applicable End-User
license
Card Payment Protocols Security Version 2.1

15 TABLE OF CONTENTS
16
17 1 Introduction ........................................................................................................................... 5
18 1.1 What’s new in the edition 2 ...............................................................................................................5
19 1.2 References .......................................................................................................................................5
20 1.3 Protection of Messages ....................................................................................................................6
21 1.4 Recommendations. ...........................................................................................................................6
22 2 Cryptographic Message Syntax (CMS) Data Structure ...................................................... 7
23 2.1 Introduction .......................................................................................................................................7
24 2.2 CMS Data Structure Usage ..............................................................................................................8
25 3 Key Management Mechanisms .......................................................................................... 18
26 3.1 DUKPT Key Management ..............................................................................................................19
27 3.1.1 Key Management ............................................................................................................................ 19
28 3.1.2 Resulting CMS Structure ................................................................................................................. 20
29 3.1.3 PIN Encryption Key ......................................................................................................................... 21
30 3.1.4 Data Encryption Key ........................................................................................................................ 21
31 3.1.5 Message Authentication Key ........................................................................................................... 22
32 3.1.6 Examples ......................................................................................................................................... 22
33 3.1.6.1 Base Key and Terminal Initial Key ........................................................................................................... 22
34 3.1.6.2 CMS Key Management Data ................................................................................................................... 23
35 3.1.6.3 Generation of the Keys ............................................................................................................................ 24
36 3.2 UKPT Key Management .................................................................................................................26
37 3.2.1 Resulting CMS Structure ................................................................................................................. 26
38 3.2.2 Triple DES UKPT Key Management ................................................................................................ 28
39 3.2.3 AES UKPT Key Management .......................................................................................................... 29
40 3.2.4 IBM CCA UKPT Key Management .................................................................................................. 30
41 3.2.5 Examples ......................................................................................................................................... 31
42 3.2.5.1 Triple DES UKPT..................................................................................................................................... 31
43 3.2.5.2 AES UKPT............................................................................................................................................... 33
44 3.2.5.3 IBM CCA UKPT ....................................................................................................................................... 34
45 3.3 RSAES-OAEP Key Encryption .......................................................................................................36
46 3.3.1 Key Management ............................................................................................................................ 36
47 3.3.2 Resulting CMS Structure ................................................................................................................. 37
48 3.3.3 Key Encryption Process................................................................................................................... 38
49 3.3.4 MG1 Mask Generator Function Process.......................................................................................... 40
50 3.3.5 Key Decryption Process .................................................................................................................. 41
51 3.3.6 Examples ......................................................................................................................................... 43
52 3.3.6.1 RSA Encryption Key and Certificate......................................................................................................... 43
53 3.3.6.2 RSAES-OAEP Encryption........................................................................................................................ 48
54 3.3.6.3 RSADS-OAEP Decryption ....................................................................................................................... 59
55 3.4 RSAEncryption Key Encryption ......................................................................................................66
56 3.4.1 Key Management ............................................................................................................................ 66
57 3.4.2 Resulting CMS Structure ................................................................................................................. 66
58 3.4.3 Key Encryption Process................................................................................................................... 67
59 3.4.4 Key Decryption Process .................................................................................................................. 68

-2-
Card Payment Protocols Security Version 2.1

60 3.4.5 Examples ......................................................................................................................................... 69

61 3.4.5.1 RSA Encryption Key and Certificate......................................................................................................... 69
62 3.4.5.2 Encryption step ........................................................................................................................................ 73
63 3.4.5.3 Decryption sstep ...................................................................................................................................... 79

64 4 Encryption Mechanisms ..................................................................................................... 81

65 4.1 Introduction .....................................................................................................................................81
66 4.2 Resulting CMS Structure ................................................................................................................82
67 4.3 Encryption/Decryption ....................................................................................................................83
68 4.3.1 CBC Encryption Process ................................................................................................................. 83
69 4.3.2 CBC Decryption Process: ................................................................................................................ 84
70 4.3.3 Special Encryption/Decryption ......................................................................................................... 85
71 4.4 Examples ........................................................................................................................................86
72 4.4.1 Data to Encrypt ................................................................................................................................ 86
73 4.4.2 Triple DES Encryption with a 112 bits Key ...................................................................................... 87
74 4.4.3 AES Encryption with a 128 bits Key ................................................................................................ 89
75 4.4.4 Special Encryption/Decryption ......................................................................................................... 91
76 5 MAC Mechanisms ............................................................................................................... 92
77 5.1 Introduction .....................................................................................................................................92
78 5.2 Resulting CMS Structure ................................................................................................................92
79 5.3 MAC Generation and Verification Processes .................................................................................94
80 5.3.1 Retail-CBC-MAC with SHA-256 ....................................................................................................... 94
81 5.3.2 CMAC with SHA256 ........................................................................................................................ 95
82 5.4 Examples ........................................................................................................................................97
83 5.4.1 Message Body ................................................................................................................................. 97
84 5.4.2 Retail-CBC-MAC ............................................................................................................................. 98
85 5.4.3 Retail-CBC-MAC with SHA-256 ....................................................................................................... 99
86 5.4.4 SHA-256 CMAC with AES ............................................................................................................. 100
87 6 Digital Signature Mechanisms ......................................................................................... 102
88 6.1 Introduction ...................................................................................................................................102
89 6.2 Resulting CMS Structure ..............................................................................................................103
90 6.3 Digital Signature Generation and Verification Processes ............................................................105
91 6.3.1 SHA-256 with RSA ........................................................................................................................ 105
92 6.4 Example ........................................................................................................................................107
93 6.4.1 Signing Key and Certificate ........................................................................................................... 107
94 6.4.2 Message Body to Sign ................................................................................................................... 112
95 6.4.3 SHA-256 with RSA ........................................................................................................................ 114
96 7 Digest Mechanisms .......................................................................................................... 122
97 7.1 Introduction ...................................................................................................................................122
98 7.2 Resulting CMS Structure ..............................................................................................................122
99 7.3 Digest test vectors ........................................................................................................................123
100
101
102

-3-
Card Payment Protocols Security Version 2.1

103 Figures
104
105 Figure 1: Messages Data Protection ...................................................................................................6
106 Figure 2: Generic ContentInformationType Overview ..........................................................................7
107 Figure 3: Key Management for an Encryption Key or a MAC Key ......................................................18
108 Figure 4: Key Serial Number Details..................................................................................................19
109 Figure 5 : PIN Encryption Key Variant ...............................................................................................21
110 Figure 6 : Data Encryption Key ..........................................................................................................21
111 Figure 7 : Message Authentication Key Variant for X9.4-1:2009 ........................................................22
112 Figure 8: Triple DES UKPT Session Key Generation .........................................................................28
113 Figure 9: AES UKPT Session Key Generation ...................................................................................29
114 Figure 10: IBM CCA UKPT Session Key Generation .........................................................................30
115 Figure 11 : RSAES-OAEP Encryption ...............................................................................................39
116 Figure 12 : MG1 Mask Generator Function ........................................................................................40
117 Figure 13 : RSADS-OAEP Decryption ...............................................................................................42
118 Figure 14 : CBC Encryption Process .................................................................................................83
119 Figure 15 : CBC Decryption Process .................................................................................................84
120 Figure 16 : Special Encryption/Decryption .........................................................................................85
121 Figure 17 : Retail-CBC-MAC with SHA-256 .......................................................................................94
122 Figure 18 : CMAC with SHA-256 .......................................................................................................95
123 Figure 19 : Generation of CMAC Subkeys .........................................................................................96
124 Figure 20 : SHA-256 with RSA Digital Signature.............................................................................. 105
125
126
127

-4-
Card Payment Protocols Security Version 2.1

128 1 Introduction
129 This document contains the specifications of the security to protect the nexo protocol messages.
130 These specifications might be used for the following protocols:
131  The nexo Acquirer protocol (ISO 20022 CAPE messages, business area caaa),
132  The nexo TMS protocol (ISO 20022 CAPE messages, business area catm),
133  The nexo ATM protocol (ISO 20022 CAPE messages, business area catp),
134  The nexo Retailer protocol, Sale to POI protocol.
135
136 The document specifies all the security mechanisms which might be used by one of these protocols.
137

138 1.1 What’s new in the edition 2

139
140 This edition brings the following improvements:
141  Inside the CMS Structue Cf: 2 Cryptographic Message Syntax (CMS) Data Structure
142 o The ability to exchange keys enciphered by an encrypting key previously exchanged :
143 o The ability to use different encryption format
144 o Support of various algorithms to encipher key
145 o Addition of new algorithm for data encipherement
146 o Support of new MAC algorithm
147 o Addition of new Signature algorithms
148  Suppression of the SHA256 CMAC with Triple DES
149  Correction of X509 examples
150  Examples for Digests
151  Precision on padding algorithm for Retail CBC MAC.
152

153 1.2 References

154
155 ANSI X9-24-1:2009 : Retail Financial Services Symmetric Key Management – Part 1 : Using
156 Symmetric Techniques
157 FIPS 180-2 : Secure Hash Standard NIST Computer Security 1st August 2002
158 ISO9797-1 : Information technology – Security techniques – Message Authentication Codes (MACs)
159 – Part 1 : Mechanisms using a block cipher. Second edition 2011-03-01
160 RFC 3370: “Cryptographic Message Syntax (CMS) Algorithms”
161 RFC 3447 : “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications
162 Version 2.1”
163 RFC 3560 : “Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message
164 Syntax (CMS)”
165 RFC 5652 : “Cryptographic Message Syntax (CMS)”
166

1 Introduction -5- 1.1 What’s new in the edition 2

Card Payment Protocols Security Version 2.1

167 1.3 Protection of Messages

168 Card payments messages of the nexo protocols use four types of protection:
169 1) Protection of the PIN, performed by the application.
170 2) Protection of sensitive data (e.g. card data or biometric information in authentication value),
171 performed by either the payment application or the nexo protocol when configured to do so.
172 Thus sensitive data doesn't include PIN in this document controversely to the PCI-DSS
173 definition.
174 3) Protection of the message by a MAC (Message Authentication Code).
175 4) Protection of the message by a digital signature.
176
177 All the protected data and the related information are formatted according to the generic format
178 defined by the Cryptographic Message Syntax (CMS) standard defined in the RFC 5652.
179

EPAS Message EPAS Message EPAS Message

Message Header Message Header Message Header

Message Body Message Body Message Body

1 Encrypted PIN
Encrypted PIN Encrypted PIN
CMS data structure CMS data structure
2 Protected Protected
Card data
Card data Card data
CMS data structure CMS data structure
Authentication 2 Protected Protected
value Authentication Authentication
value value
CMS data structure CMS data structure
other data
3
other data 4 other data
Unprotected message
Message containing Message Trailer
protected data CMS data structure

Message Body protected by a MAC

180 protected data or a signature

181 Figure 1: Messages Data Protection

182
183 The CMS data structure is general enough to convey various attributes related to the protected data
184 (e.g. identifications of the used keys, encrypted keys, cryptographic algorithms with their parameters,
185 certificate and revocation lists, time stamps), and can support various architectures of key
186 management.
187 In addition the syntax of the data structure accepts multiple encapsulations, and these encapsulations
188 can be nested.
189

190 1.4 Recommendations

191
192 The use of the SHA-1 defined in FIPS 180-2 is deprecated and therefore not recommended. The
193 support of SHA-1 in nexo protocol might be removed in a further release.
194 For RSA key, we recommend that the length of the RSA modulus must be at least 2048 bits and that
195 the public exponent is greater than or equal to 216+1.
196 In order to build smaller message, we recommend to remove all unnecessary white space inside XML
197 messages. All examples in this document will try to follow this best practice.
198

1 Introduction -6- 1.3 Protection of Messages

Card Payment Protocols Security Version 2.1

199 2 Cryptographic Message Syntax (CMS) Data

200 Structure
201

202 2.1 Introduction

203
204 The generic CMS data structure is a multi-form data structure, one for each kind of protection, which
205 contains two elements:
206  The first element, ContentType, a code identifying the kind of protection:
207  EnvelopedData, for digital envelope or data encrypted by a cryptographic key
208 identified in the message,
209  AuthenticatedData, for a MAC, generated with a cryptographic key identified in the
210 message,
211  SignedData, for a digital signature, generated with an asymmetric cryptographic key
212 pair,
213  DigestedData, for the digest of information,
214  The second element which is a data structure dedicated to the kind of protection identified by
215 the first element (EnvelopedData, AuthenticatedData, SignedData and DigestedData).
ContentInformationType

ContentType

EnvelopedData SignedData
AuthenticatedData DigestedData

EnvelopedData AuthenticatedData SignedData DigestedData

Encryption MAC Digital signature Digest

216
217 Figure 2: Generic ContentInformationType Overview
218
219 The details of these sub-structures and their usage are presented in the following section.
220

2 Cryptographic Message Syntax (CMS) Data Structure -7- 2.1 Introduction

Card Payment Protocols Security Version 2.1

221 2.2 CMS Data Structure Usage

222 This section present a layout of the CMS data structure with all levels of the structure expanded.
223 The table contains several columns:
224  The “Or” column is used to define a choice of one data structure among several.
225 These data structures are successive. The first one contains “{Or” in this column, the following
226 ones “Or”, except the last one which contains “Or}”.
227 Each data structure of the choice can define any number of occurrences.
228  The “ContentInformationType” column contains the name of the data element with an
229 indentation related to the nesting level.
230  The “Mult.” column provides between square brackets, e.g. [n..m], the minimum number (n) of
231 occurrences of the data element, and the maximum number (m) of occurrences of the data
232 element. When the maximum number of occurrence is the character ‘*’, the maximum number is
233 unlimited.
234  The “Usage” column presents how to use the data structure or data element, the allowed values
235 for enumerations or code list.
236 A default value, defined by “default val”, for which the absence of the data element produces the
237 same result as the presence of the data element with the default value val.
238
Or Lvl ContentInformationType Mult. Usage
1 ContentType [1..1] Type of data protection, allowed values:
AuthenticatedData: ContentType is followed by the
AuthenticatedData message item containing a Message
Authentication Code (MAC) and the MAC generation key,
protected by a transport key.
DigestedData: ContentType is followed by the DigestedData
message item containing a digest.
EnvelopedData: ContentType is followed by the EnvelopedData
message item containing encrypted data and the
encryption key, protected by a transport key.
SignedData: ContentType is followed by the SignedData message
item containing digital signature(s) with the identification
of the signer(s).
{Or 1 EnvelopedData [0..1] Encrypted data with a cryptographic key protected by a transport key
(or key encryption key).
2 Version [0..1] default 0
Version of the data structure, current version is 0.
2 Recipient [1..*] Encryption key.
If there are several Recipient, the key encryption must be the same
for all the Recipient, but obviously not the transport key.
{Or 3 KeyTransport [1..1] Encryption key protected by an asymmetric key authenticated and
identified by an X.509 certificate.
4 Version [0..1] [default 0]
Version of the data structure, current version is 0.
4 RecipientIdentification [1..1] Identification of the recipient’s certificate transport key.
{Or 5 IssuerAndSerialNumber [1..1] Identification of the issuer and the serial number of the X.509
certificate.
6 Issuer [1..1] Issuer of the X.509 certificate.
7 RelativeDistinguished- [1..*] Relative distinguish name identifying the certificate issuer.
Name
8 AttributeType [1..1] X.509 attribute, allowed codes:
CountryName Country of the certificate issuer
Locality City of the certificate issuer
OrganisationName Organisation of the certificate issuer
OrganisationUnitName Organisation unit of the certificate issuer
CommonName Name of the certificate issuer
8 AttributeValue [1..1] Value of the X.509 attribute.

2 Cryptographic Message Syntax (CMS) Data Structure -8- 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

6 SerialNumber [1..1] Serial number of the certicate containing the transport public key.
Or} 5 KeyIdentifier [1..1] Identifier of a cryptographic asymmetric key, previously exchanged
between parties.
6 KeyIdentification [1..1] Identification of the key.
6 KeyVersion [1..1] Version of the key.
6 SequenceNumber [0..1] Number of usages of the cryptographic key.
6 DerivationIdentification [0..1] Information to perform key derivation.
4 KeyEncryptionAlgorithm [1..1] Specifies the encryption algorithm of the key encryption key.
5 Algorithm [1..1] Asymmetric encryption algorithm for the protection of the encryption
key. Allowed values:
RSAEncryption RSA key encryption scheme (PKCS #1 version
2.1) - (ASN.1 Object Identifier: rsaEncryption).
RSAES-OAEP RSA encryption scheme based on Optimal
Asymmetric Encryption Padding scheme (OAEP
in PKCS #1 version 2.1) - (ASN.1 Object
Identifier: id-RSAES-OAEP).
5 Parameter [0..1] Parameter of the RSAES-OAEP encryption algorithm.
6 EncryptionFormat [0..1] Format of data before encryption, if the format is not plaintext or
implicit. Allowed values:
TR31 Format of a cryptographic key specified by the ANSI X9
TR-31 standard.
TR34 Format of a cryptographic key specified by the ANSI X9
TR-34 standard.
6 DigestAlgorithm [0..1] Cryptographic algorithm for computing the digest of the label in the
encryption algorithm. Allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
6 MaskGeneratorAlgorithm [0..1] Mask generator function algorithm used by the RSAES-OAEP
encryption algorithm.
7 Algorithm [1..1] Algorithm of the mask generator function, allowed value:
MGF1 Mask Generator Function, used for RSA encryption and
RSA digital signature (PKCS #1 version 2.1) - (ASN.1
Object Identifier: id-mgf1).
7 Parameter [0..1] Parameters associated to the mask generator function cryptographic
algorithm.
8 DigestAlgorithm [0..1] Digest algorithm used in the mask generator function. Allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
4 EncryptedKey [1..1] Encryption key encrypted by the transport public key, using the
KeyEncryptionAlgorithm.
Or 3 KEK [1..1] Encryption key protected by a transport key, using a symmetric
cryptographic key.
4 Version [0..1] default 4
Version of the data structure, current version is 4.
4 KEKIdentification [1..1] Identification of the encryption key.
5 KeyIdentification [1..1] Identification of the key.
5 KeyVersion [1..1] Version of the key.

2 Cryptographic Message Syntax (CMS) Data Structure -9- 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

5 SequenceNumber [0..1] Number of usages of the cryptographic key.
5 DerivationIdentification [0..1] Information to perform key derivation.
4 KeyEncryptionAlgorithm [1..1] Specifies the encryption algorithm of the key encryption key.
5 Algorithm [1..1] Symmetric encryption algorithm for the protection of the encryption
key. Allowed values:
AES128CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 128 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 –
November 6, 2001 - Advanced Encryption Standard).
AES192CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 192 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 –
November 6, 2001 - Advanced Encryption Standard).
AES256CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 256 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 –
November 6, 2001 - Advanced Encryption Standard).
DES112CBC Triple DES (Data Encryption Standard) CBC
(Chaining Block Cypher) encryption with double length
key (112 Bit) as defined in FIPS PUB 46-3
DUKPT2009 DUKPT (Derived Unique Key Per Transaction)
algorithm, as specified in ANSI X9.24-2009 Annex A.
UKPT UKPT (Unique Key Per Transaction) key encryption,
using Triple DES encryption with a double length key
(112 Bit) as defined in FIPS PUB 46-3.
UKPTwithAES128 UKPT (Unique Key Per Transaction) key
encryption, using Advanced Encryption Standard with
a 128 bits cryptographic key, approved by the Federal
Information Processing Standards (FIPS 197 -
November 6, 2001 - Advanced Encryption Standard).
5 Parameter [0..1] Parameter of the CBC encryption algorithm.
6 EncryptionFormat [0..1] see KeyTransport/KeyEncryptionAlgorithm/EncryptionFormat.
see KeyTransport/KeyEncryptionAlgorithm/BytePadding.
6 InitialisationVector [0..1] CBC initialisation vector.
6 BytePadding [0..1] Byte padding for a cypher block chaining mode encryption, if the
padding is not implicit. Allowed values:
LengthPadding: The message to encrypt is completed by a byte
value containing the total number of added bytes.
Null80Padding: The message to encrypt is completed by one bit of
value 1, followed by null bits until the encryption block
length is reached.
NullLengthPadding: The message to encrypt is completed by null
byte values, the last byte containing the total number
of added bytes.
NullPadding: The message to encrypt is completed by null bytes.
RandomPadding: The message to encrypt is completed by random
value, the last byte containing the total number of
added bytes.
4 EncryptedKey [1..1] Key encryption key encrypted by the symmetric transport key, using
the KeyEncryptionAlgorithm.
Or} 3 KeyIdentifier [1..1] Identification of a cryptographic key, shared and previously
exchanged between the initiator and the recipient.
4 KeyIdentification [1..1] Identification of the key.
4 KeyVersion [1..1] Version of the key.
4 SequenceNumber [0..1] Number of usages of the cryptographic key.
4 DerivationIdentification [0..1] Information to perform key derivation.
2 EncryptedContent [0..1] Encrypted data.

2 Cryptographic Message Syntax (CMS) Data Structure - 10 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

3 ContentType [1..1] Type of encrypted data. Allowed values:
AuthenticatedData: Encrypted data content is a CMS
AuthenticatedData structure.
DigestedData: Encrypted data content is a CMS DigestedData
structure.
EnvelopedData: Encrypted data content is a CMS EnvelopedData
structure.
PlainData: Encrypted application data is not a CMS data
structure.
SignedData: Encrypted data content is a CMS SignedData
structure.
3 ContentEncryptionAlgorithm [1..1] Encryption algorithm of the data.
4 Algorithm [1..1] Data encryption algorithm. Allowed values:
AES128CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 128 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 -
November 6, 2001 - Advanced Encryption Standard).
AES192CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 192 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 –
November 6, 2001 - Advanced Encryption Standard).
AES256CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 256 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 –
November 6, 2001 - Advanced Encryption Standard).
DES112CBC Triple DES (Data Encryption Standard) CBC
(Chaining Block Cypher) encryption with double length
key (112 Bit) as defined in FIPS PUB 46-3
4 Parameter [0..1] Parameter of the CBC encryption algorithm.
5 EncryptionFormat [0..1] see KeyTransport/KeyEncryptionAlgorithm/EncryptionFormat.
5 InitialisationVector [0..1] CBC initialisation vector.
5 BytePadding [0..1] see KeyTransport/KeyEncryptionAlgorithm/BytePadding.
3 EncryptedData [1..1] Encrypted data.
Or 1 AuthenticatedData [0..1] Message Authentication Code (MAC) and the MAC generation key,
protected by a transport key.
2 Version [0..1] default 0
Version of the data structure, current version is 0.
2 Recipient [1..*] MAC generation key,
{Or 3 KeyTransport [0..1] see EnvelopedData/Recipient/KeyTransport (encryption key must be
replaced by MAC generation key).
4 Version [0..1]
4 RecipientIdentification [1..1]
{Or 5 IssuerAndSerialNumber [1..1]
6 Issuer [1..1]
7 RelativeDistinguished- [1..*]
Name
8 AttributeType [1..1]
8 AttributeValue [1..1]
6 SerialNumber [1..1]
Or} 5 KeyIdentifier [1..1]
6 KeyIdentification [1..1]
6 KeyVersion [1..1]
6 SequenceNumber [0..1]
6 DerivationIdentification [0..1]

2 Cryptographic Message Syntax (CMS) Data Structure - 11 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

4 KeyEncryptionAlgorithm [1..1]
5 Algorithm [1..1]
5 Parameter [0..1]
6 EncryptionFormat [0..1]
6 DigestAlgorithm [0..1]
6 MaskGeneratorAlgorithm [0..1]
7 Algorithm [1..1]
7 Parameter [0..1]
8 DigestAlgorithm [0..1]
4 EncryptedKey [1..1]
Or 3 KEK [0..1] see EnvelopedData/Recipient/KEK (encryption key must be replaced
by MAC generation key).
4 Version [0..1]
4 KEKIdentification [1..1]
5 KeyIdentification [1..1]
5 KeyVersion [1..1]
5 SequenceNumber [0..1]
5 DerivationIdentification [0..1]
4 KeyEncryptionAlgorithm [1..1]
5 Algorithm [1..1]
5 Parameter [0..1]
6 EncryptionFormat [0..1]
6 InitialisationVector [0..1]
6 BytePadding [0..1]
4 EncryptedKey [1..1]
Or} 3 KeyIdentifier [1..1] see EnvelopedData/Recipient/KeyIdentifier (encryption key must be
replaced by MAC generation key).
4 KeyIdentification [1..1]
4 KeyVersion [1..1]
4 SequenceNumber [0..1]
4 DerivationIdentification [0..1]
2 MACAlgorithm [1..1] Algorithm to compute the Message Authentication Code.

2 Cryptographic Message Syntax (CMS) Data Structure - 12 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

3 Algorithm [1..1] Cryptographic algorithms for the MAC. Allowed values:
RetailCBCMAC: Retail CBC (Chaining Block Cypher) MAC
(Message Authentication Code) (cf. ISO 9807, ANSI
X9.19) - (ASN.1 Object Identifier: id-retail-cbc-mac).
RetailSHA1MAC: Retail-CBC-MAC with SHA-1 (Secure Hash
standard) - (ASN.1 Object Identifier: id-retail-cbc-mac-sha-
1) with padding Method 2 from ISO9797-1.
RetailSHA256MAC Retail-CBC-MAC with SHA-256 (Secure
Hash standard) - (ASN.1 Object Identifier: id-retail-cbc-
macsha-256).
SHA256CMACwithAES128: CMAC (Cipher based Message
Authentication Code) defined by the National Institute of
Standards and Technology (NIST 800-38B - May 2005),
using the block cipher Advanced Encryption Standard with
a 128 bits cryptographic key, approved by the Federal
Information Processing Standards (FIPS 197 - November
6, 2001 - Advanced Encryption Standard).
SHA384CMACwithAES192: CMAC (Cipher based Message
Authentication Code) defined by the National Institute of
Standards and Technology (NIST 800-38B - May 2005),
using the block cipher Advanced Encryption Standard with
a 192 bits cryptographic key, approved by the Federal
Information Processing Standards (FIPS 197 - November
6, 2001 - Advanced Encryption Standard). The CMAC
algorithm is computed on the SHA-384 digest of the
message.
SHA512CMACwithAES256: CMAC (Cipher based Message
Authentication Code) defined by the National Institute of
Standards and Technology (NIST 800-38B - May 2005),
using the block cipher Advanced Encryption Standard with
a 256 bits cryptographic key, approved by the Federal
Information Processing Standards (FIPS 197 - November
6, 2001 - Advanced Encryption Standard). The CMAC
algorithm is computed on the SHA-512 digest of the
message.
3 Parameter [0..1] Parameter of the CBC encryption algorithm.
4 InitialisationVector [0..1] CBC initialisation vector.
4 BytePadding [0..1]
2 EncapsulatedContent [1..1] Data to authenticate, i.e. input of the MAC generation.
3 ContentType [1..1] Type of authenticated data. Allowed values:
DigestedData: Authenticated data content is a CMS DigestedData
structure.
EnvelopedData: Authenticated data content is a CMS
EnvelopedData structure.
PlainData: Authenticated application data is not a CMS data
structure.
SignedData: Authenticated data content is a CMS SignedData
structure.
3 Content [0..1] Data to authenticate.
Absent if the MAC is detached, i.e. if the content to authenticate with
this MAC is implicitly defined in another location of the message.
2 MAC [1..1] MAC value.
Or 1 SignedData [0..1] Digital signature(s) with identification of the signers and their signing
key.
2 Version [0..1] default 1
Version of the data structure, current version is 1.
2 DigestAlgorithm [1..*] Digest algorithm used by one or more signer to perform its digital
signature.

2 Cryptographic Message Syntax (CMS) Data Structure - 13 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

3 Algorithm [1..1] Cryptographic algorithms for digests, allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
2 EncapsulatedContent [1..1] Data that have been signed, i.e. input of the digital signature
generation.
3 ContentType [1..1] Type of signed data. Allowed values:
AuthenticatedData: Signed data content is a CMS
AuthenticatedData structure.
DigestedData: Signed data content is a CMS DigestedData
structure.
EnvelopedData: Signed data content is a CMS EnvelopedData
structure.
PlainData: Signed application data is not a CMS data
structure.
3 Content [0..1] Data that have been signed.
Absent if the digital signature is detached, i.e. the content to sign is
implicitly in another location of the message.
2 Certificate [0..*] Collection of certificates.
2 Signer [1..*] Identification of the signing key and digital signature per signer.
3 Version [0..1] default 1
Version of the data structure, current version is 1.
3 SignerIdentification [0..1] Identification of the signing key.
{Or 4 IssuerAndSerialNumber [1..1] Issuer name and serial number of the certificate.
5 Issuer [1..1] Issuer Name
6 RelativeDistinguished- [1..*] X.500 attribute.
Name
7 AttributeType [1..1] Type of attribute, allowed values:
CountryName Country name of the attribute (ASN.1 Object
Identifier: id-at-countryName).
CommonName Common name of the attribute (ASN.1 Object
Identifier: id-at-commonName).
Locality Locality of the attribute (ASN.1 Object Identifier: id-
atlocalityName).
OrganisationName Organization name of the attribute (ASN.1
Object Identifier: id-at-organizationName).
OrganisationUnitName Organization unit name of the attribute
(ASN.1 Object Identifier: id-at-organizationalUnitName).
7 AttributeValue [1..1] Value of the attribute.
5 SerialNumber [1..1] Serial number of the certificate.
Or} 4 KeyIdentifier [1..1] Identifier of a cryptographic asymmetric key, previously exchanged
between parties.
5 KeyIdentification [1..1] Identification of the key.
5 KeyVersion [1..1] Version of the key.
5 SequenceNumber [0..1] Number of usages of the cryptographic key.
5 DerivationIdentification [0..1] Information to perform key derivation.
3 DigestAlgorithm [1..1] Digest algorithm to apply to the data (EncapsulatedContent) before
private encryption.

2 Cryptographic Message Syntax (CMS) Data Structure - 14 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

4 Algorithm [1..1] Identifiation of the algorithm, allowed values:
Cryptographic algorithms for digests, allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
3 SignatureAlgorithm [1..1] Digital signature algorithm to apply to the data
(EncapsulatedContent).
4 Algorithm [1..1] Digital signature algorithm, allowed values:
RSASSA-PSS Signature algorithm with Appendix, Probabilistic
Signature Scheme (PKCS #1 version 2.1), -
(ASN.1 Object Identifier: id-RSASSA-PSS).
SHA1WithRSA Signature algorithms with RSA (PKCS #1
version 2.1), using SHA-1 digest algorithm -
(ASN.1 Object Identifier:
sha1WithRSAEncryption).
SHA256WithRSA Signature algorithms with RSA (PKCS #1
version 2.1), using SHA-256 digest algorithm -
(ASN.1 Object Identifier:
sha256WithRSAEncryption).
4 Parameter [0..1] Parameter of the RSASSA-PSS signature algorithm.
5 DigestAlgorithm [0..1] Cryptographic algorithm for computing the digest of the label in the
RSASSA-PSS encryption algorithm. Allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
5 MaskGeneratorAlgorithm [1..1] Mask generator function algorithm used by the RSASSA-PSS
signature algorithm.
6 Algorithm [1..1] Algorithm of the mask generator function, allowed value:
MGF1 Mask Generator Function, used for RSA encryption and
RSA igital signature (PKCS #1 version 2.1) - (ASN.1
Object Identifier: id-mgf1).
6 Parameter [0..1] Parameters associated to the mask generator function cryptographic
algorithm.
7 DigestAlgorithm [0..1] Digest algorithm used in the mask generator function. Allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
5 SaltLength [1..1] Length of the salt to include in the signature.
5 TrailerField [0..1] Trailer field number.
3 Signature [1..1] Digital signature value.
Or} 1 DigestedData [0..1] Digest computed on identified data.
2 Version [0..1] default 0
Version of the data structure: 0 if ContentType has the value
“PlainData”, otherwise 2.
2 DigestAlgorithm [1..1] Digest algorithm.

2 Cryptographic Message Syntax (CMS) Data Structure - 15 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

Or Lvl ContentInformationType Mult. Usage

3 Algorithm [1..1] Identifiation of the algorithm, allowed values:
Cryptographic algorithms for digests, allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
2 EncapsulatedContent [1..1] Data, input of the digest generation.
3 ContentType [1..1] Type of digested data. Allowed values:
AuthenticatedData: Digested data content is a CMS
AuthenticatedData structure.
EnvelopedData: Digested data content is a CMS EnvelopedData
structure.
PlainData: Digested application data is not a CMS data
structure.
SignedData: Digested data content is a CMS SignedData
structure.

3 Content [0..1] Data that have been digested.

Absent if the digest is detached, i.e. if the content to hash is implicitly
in another location of the message.
2 Digest [1..1] Digest value.

239
240 The layout of the CMS data structure could also be presented by this component view.
241

2 Cryptographic Message Syntax (CMS) Data Structure - 16 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

242
243 Figure 3: Component view of the CMS data structure.
244

245

2 Cryptographic Message Syntax (CMS) Data Structure - 17 - 2.2 CMS Data Structure Usage
Card Payment Protocols Security Version 2.1

246 3 Key Management Mechanisms

247
248 This section present the key management mechanisms used for:
249 1. Data encryption, carried out by the CMS data structure EnvelopedData, and
250 2. Message Authentication Code (MAC), carried out by the CMS data structure
251 AuthenticatedData.
252
253 The EnvelopedData and AuthenticatedData CMS data structures include the same data structure
254 Recipient which contains identification or the protected encryption key or MAC generation key.
255 The Recipient data structure is a choice between:
256  An encryption or MAC key protected by an asymmetric key carried out by the KeyTransport
257 CMS data structure,
258  An encryption or MAC key protected by a symmetric key carried out by the KEK CMS data
259 structure.
260  An identification of the key carried out by the KeyIdentifier CMS data structure
261 KeyTransport and KEK data structures contain:
262  The identification of the key, RecipientIdentification and KEKIdentification respectively,
263  The encryption algorithm of the encryption key or MAC key,
264  The encrypted encryption key or MAC key
265
encryption key encrypted data
EnvelopedData Version Recipient EncryptedContent

AuthenticatedData Version Recipient MACAlgorithm EncapsulatedContent MAC

MAC computation key

KeyTransport Version RecipientIdentification KeyEncryptionAlgorithm EncryptedKey

Recipient KEK Version KEKIdentification KeyEncryptionAlgorithm EncryptedKey

KeyIdentifier KeyIdentification Version SequenceNumber DerivationIdentification

266
267 Figure 4: Key Management for an Encryption Key or a MAC Key
268
269

3 Key Management Mechanisms - 18 - 2.2 CMS Data Structure Usage

Card Payment Protocols Security Version 2.1

270 3.1 DUKPT Key Management

271 The DUKPT (Derived Unique Key per Transaction) key management is specified in the ANS X9.24-
272 1:2009 standard using a different key for request/advice and response messages.
273 The standard defines the generation of three triple DES keys (112 bits) with the following usages:
274 1) The encryption of the cardholder PIN (Personnal Identification Number), for an online PIN
275 verification.
276 2) The encryption of sensitive data, as card data,
277 3) The generation of a Message Authentication Code (MAC).
278

279 3.1.1 Key Management

280 The DUKPT key management mechanism uses 10 bytes of information (Key Serial Number or KSN)
281 sent by the initiator of the message request to uniquely identify the derived key at the recipient side.
282 This KSN contains the following information:
283 - Information related to the owner and the identification of the base key,
284 - Information to perform derivation of the base per merchant and POI,
285 - Transaction Counter (last 21 bits): the counter value to detect message replay or abusive usage
286 of the key.
287
288 At the exception of the Transaction Counter, the organisation of these information is the responsibility
289 of the owner of the key. An example is provided by the DUKPT standard. Note that this could led to
290 the management of a very high number of base keys which may not be suitable for large networks of
291 POS.
292
293 The 5 first bytes are sent in the Recipient.KEK.KEKIdentification.DerivationIdentification item of the
294 EnvelopedData component, the last 5 bytes are sent in the Recipient.KEK.EncryptedKey of the
295 EnvelopedData component.
296
297 The figure below shows how to map the KSN, as presented as an example in Figure D-1 of the ANSI
298 standard X9-24-1:2009, in the corresponding CMS fields.
Issuer Identification Number Merchant ID Group ID Device ID Transaction Counter

3 bytes 1 byte 1 byte 19 bits 21 bits

DerivationIdentification EncryptedKey
5 bytes 5 bytes
299
300
301 Figure 5: Key Serial Number Details
302
303 The KSN has always the same value for the two messages of the same exchange (request and
304 response).
305
306
307

3 Key Management Mechanisms - 19 - 3.1 DUKPT Key Management

Card Payment Protocols Security Version 2.1

308 3.1.2 Resulting CMS Structure

309 The CMS data structures that are used by the keys that DUKPT provides are the following:
310 1. EnvelopedData to convey the encrypted cardholder PIN.
311 One occurrence of EnvelopedData/Recipient contains the information to retrieve the DUKPT
312 PIN key,
313 2. EnvelopedData to convey other encrypted data.
314 One occurrence of EnvelopedData/Recipient contains the information to retrieve the DUKPT
315 data encryption key,
316 3. AuthenticatedData to convey the MAC of a message.
317 One occurrence of AuthenticatedData/Recipient contains the information to retrieve the
318 DUKPT Message Authentication key,
319
320
321 In addition to the KSN prefix, the DUKPT Base DerivationKey (BDK) is identified by a name. Test key
322 identification is distinguished from production key by a name including the suffix "TestKey".
323
324 The Recipient element of EnvelopedData and AuthenticatedData for DUKPT key management is
325 presented in the table below:
326
DUKPT Key Mult. Usage
Recipient [1..1] Information related to the DUKPT key for the recipient.
KEK [1..1] DUKPT uses the KEK choice.
Version [0..1] default 4
Version of the data structure, current version is 4.
KEKIdentification [1..1] Identification of the DUKPT base key.
KeyIdentification [1..1] Name of the key. Test keys must include the suffix "TestKey".
KeyVersion [1..1] The version of the DUKPT key.
When the version represents the date of activation, it must have the format
YYYYMMDDhh where:
YYYY is a 4-digits numeral representing the year, 0000 is prohibited
MM is a 2-digits numeral representing the month (from 01 to 12)
DD is a 2-digits numeral representing the day of the month (from 01 to 31)
hh is a 2-digits numeral representing the hours (from 00 to 23)
SequenceNumber [0..1] Number of usages of the cryptographic key.
DerivationIdentification [1..1] see Figure 5: Key Serial Number Details
KeyEncryptionAlgorithm [1..1] Algorithm to encrypt the key encryption key.
Algorithm [1..1] Value "DUKPT2009"
EncryptedKey [1..1] see Figure 5: Key Serial Number Details

327
328 The same data structure is used for the two messages of the same exchange.
329
330

3 Key Management Mechanisms - 20 - 3.1 DUKPT Key Management

Card Payment Protocols Security Version 2.1

331 3.1.3 PIN Encryption Key

332
333 After derivation of the resultant key, an XOR with the hexadecimal value 00000000 000000FF
334 00000000 000000FF is applied to the resultant key in order to use a variant of the key for PIN
335 encryption.
8 bytes 8 bytes
Derived Key

PIN Encryption Variant PIN Encryption Variant

00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 FF

xor xor

PIN Encryption Key

336
337 Figure 6 : PIN Encryption Key Variant
338
339

340 3.1.4 Data Encryption Key

341
342 The DUKPT Data Encryption key can be used to protect sensitive data, as card data, with the
343 exception of the PIN.
344
345 After derivation of the resultant key, in conformance to the ANS X9.24-1:2009 standard:
346  A different mask has to be used for the request/advice messages and the response messages
347 (the hexadecimal values 00000000 00FF0000 00000000 00FF0000 and 000000FF 00000000
348 000000FF 00000000 respectively),
349  An additional triple DES is applied as described in the figure below.
8 bytes 8 bytes
Derived Key

Data Encryption Variant Data Encryption Variant

request 00 00 00 00 00 FF 00 00 00 00 00 00 00 FF 00 00 request
response 00 00 00 FF 00 00 00 00 00 00 00 FF 00 00 00 00 response

xor xor

key key
3DES 3DES

Data Encryption Key

350
351 Figure 7 : Data Encryption Key
352
353

3 Key Management Mechanisms - 21 - 3.1 DUKPT Key Management

Card Payment Protocols Security Version 2.1

354 3.1.5 Message Authentication Key

355 The DUKPT Message Authentication Key is used to compute the MAC of an nexo message (in the
356 SecurityTrailer).
357
358 After derivation of the resultant key:
359  When using the ANS X9.24-1:2009 standard:
360  A different mask has to be used for the request/advice messages and the response
361 messages (the hexadecimal values 00000000 0000FF00 00000000 0000FF00 and
362 00000000 FF000000 00000000 FF000000 respectively),
8 bytes 8 bytes
Derived Key

Msg Authentication Variant Msg Authentication Variant

request/advice 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 FF 00 request/advice
response 00 00 00 00 FF 00 00 00 00 00 00 00 FF 00 00 00 response

xor xor

Message Authentication Key

363
364 Figure 8 : Message Authentication Key Variant for X9.4-1:2009
365

366 3.1.6 Examples

367 3.1.6.1 Base Key and Terminal Initial Key

368
369 The DUKPT base test key is named "SpecV1TestKey", with the version "2010060715".
370
371 The hereby displayed example uses the test base derivation key value:
372 - BDK (Base Derivation Key stored by the RecipientParty of the message):
373 37233E89 0B0104E9 BC943D0E 45EAE5A7
374
375 and the following KSN input values:
376 - Issuer Identification Number (3 bytes): 398725
377 - Merchant ID (1 byte): A5
378 - Group ID (1 byte): 01
379 - Device ID (19 bits): 71481
380
381 which then produces the following initial key?
382 - TIK (Terminal Initial Key stored by the sender of the message):
383 EE3AE644 1C2EEE18 3F3B4179 2DBCD318
384
385 With a Transaction Counter hexadecimal value of 00017 and the information above, the KSN has the
386 value: 39 87 25 A5 01 E2 90 20 00 17 (notice the 1-bit-left-shift of the Device ID before
387 concatenation to the TC and integration to the KSN to obtain the value E2 90 2, as the leading bit of
388 the TC has the value 0).
389
3 Key Management Mechanisms - 22 - 3.1 DUKPT Key Management
Card Payment Protocols Security Version 2.1

390 3.1.6.2 CMS Key Management Data

391
392 The Recipient data structure is presented in the table below:
393
Message Item Value
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2010060715
DerivationIdentification 398725A501
KeyEncryptionAlgorithm
Algorithm DUKPT2009
EncryptedKey E290200017
394
395 The resulting XML encoded structure is:
396 <Rcpt>
397 <KEK>
398 <KEKId>
399 <KeyId>SpecV1TestKey</KeyId>
400 <KeyVrsn>2010060715</KeyVrsn>
401 <DerivtnId>OYclpQE=</DerivtnId>
402 </KEKId>
403 <KeyNcrptnAlgo>
404 <Algo>DKP9</Algo>
405 </KeyNcrptnAlgo>
406 <NcrptdKey>4pAgABc=</NcrptdKey>
407 </KEK>
408 </Rcpt>
409
410 Once unnecessary spaces and carriage returns are removed,Recipient data structure is:
411 0000 3C 52 63 70 74 3E 3C 4B 45 4B 3E 3C 4B 45 4B 49 |<Rcpt><KEK><KEKI|
412 0010 64 3E 3C 4B 65 79 49 64 3E 53 70 65 63 56 31 54 |d><KeyId>SpecV1T|
413 0020 65 73 74 4B 65 79 3C 2F 4B 65 79 49 64 3E 3C 4B |estKey</KeyId><K|
414 0030 65 79 56 72 73 6E 3E 32 30 31 30 30 36 30 37 31 |eyVrsn>201006071|
415 0040 35 3C 2F 4B 65 79 56 72 73 6E 3E 3C 44 65 72 69 |5</KeyVrsn><Deri|
416 0050 76 74 6E 49 64 3E 4F 59 63 6C 70 51 45 3D 3C 2F |vtnId>OYclpQE=</|
417 0060 44 65 72 69 76 74 6E 49 64 3E 3C 2F 4B 45 4B 49 |DerivtnId></KEKI|
418 0070 64 3E 3C 4B 65 79 4E 63 72 70 74 6E 41 6C 67 6F |d><KeyNcrptnAlgo|
419 0080 3E 3C 41 6C 67 6F 3E 44 4B 50 39 3C 2F 41 6C 67 |><Algo>DKP9</Alg|
420 0090 6F 3E 3C 2F 4B 65 79 4E 63 72 70 74 6E 41 6C 67 |o></KeyNcrptnAlg|
421 00A0 6F 3E 3C 4E 63 72 70 74 64 4B 65 79 3E 34 70 41 |o><NcrptdKey>4pA|
422 00B0 67 41 42 63 3D 3C 2F 4E 63 72 70 74 64 4B 65 79 |gABc=</NcrptdKey|
423 00C0 3E 3C 2F 4B 45 4B 3E 3C 2F 52 63 70 74 3E |></KEK></Rcpt> |
424
425

3 Key Management Mechanisms - 23 - 3.1 DUKPT Key Management

Card Payment Protocols Security Version 2.1

426 3.1.6.3 Generation of the Keys

427
428 Intermediary results to compute the 3 DUKPT keys are presented below:
429
430 Derivation of the Initial Key
431 KSN, without Encryption Counter 39 87 25 A5 01 E2 90 20
432 Left Half of Initial Key EE 3A E6 44 1C 2E EE 18
433 Masked Base Key F7 E3 FE 49 0B 01 04 E9 7C 54 FD CE 45 EA E5 A7
434 Right Half of Initial Key 3F 3B 41 79 2D BC D3 18
435 Terminal Initial Key EE 3A E6 44 1C 2E EE 18 3F 3B 41 79 2D BC D3 18
436
437 Init
438 CurKey: EE 3A E6 44 1C 2E EE 18 3F 3B 41 79 2D BC D3 18
439 R8: 25 A5 01 E2 90 20 00 00
440
441 Iteration 17
442 R8 bit set: 25 A5 01 E2 90 20 00 10
443 R8A = R8 xor CurKey-rh: 1A 9E 40 9B BD 9C D3 08
444 R8A = (R8A)CurKey-lh: 65 84 66 1C 74 B8 D1 0E
445 R8A = R8A xor CurKey-rh: 5A BF 27 65 59 04 02 16
446 CurKey xor Mask: 2E FA 26 84 1C 2E EE 18 FF FB 81 B9 2D BC D3 18
447 R8B = R8 xor CurKey-rh: DA 5E 80 5B BD 9C D3 08
448 R8B = (R8B)CurKey-lh: 51 14 00 21 8A 81 3A CF
449 R8B = R8B xor CurKey-rh: AE EF 81 98 A7 3D E9 D7
450 CurKey: AE EF 81 98 A7 3D E9 D7 5A BF 27 65 59 04 02 16
451
452 Iteration 19
453 R8 bit set: 25 A5 01 E2 90 20 00 14
454 R8A = R8 xor CurKey-rh: 7F 1A 26 87 C9 24 02 02
455 R8A = (R8A)CurKey-lh: D7 73 EF A0 25 F1 D1 AB
456 R8A = R8A xor CurKey-rh: 8D CC C8 C5 7C F5 D3 BD
457 CurKey xor Mask: 6E 2F 41 58 A7 3D E9 D7 9A 7F E7 A5 59 04 02 16
458 R8B = R8 xor CurKey-rh: BF DA E6 47 C9 24 02 02
459 R8B = (R8B)CurKey-lh: 69 D2 07 16 0D 83 0F D5
460 R8B = R8B xor CurKey-rh: F3 AD E0 B3 54 87 0D C3
461 CurKey: F3 AD E0 B3 54 87 0D C3 8D CC C8 C5 7C F5 D3 BD
462
463 Iteration 20
464 R8 bit set: 25 A5 01 E2 90 20 00 16
465 R8A = R8 xor CurKey-rh: A8 69 C9 27 EC D5 D3 AB
466 R8A = (R8A)CurKey-lh: 7F 30 95 40 58 26 B5 8E
467 R8A = R8A xor CurKey-rh: F2 FC 5D 85 24 D3 66 33
468 CurKey xor Mask: 33 6D 20 73 54 87 0D C3 4D 0C 08 05 7C F5 D3 BD
469 R8B = R8 xor CurKey-rh: 68 A9 09 E7 EC D5 D3 AB
470 R8B = (R8B)CurKey-lh: 2C DC A0 C2 78 1D B4 19
471 R8B = R8B xor CurKey-rh: 61 D0 A8 C7 04 E8 67 A4
472 CurKey: 61 D0 A8 C7 04 E8 67 A4 F2 FC 5D 85 24 D3 66 33
473

3 Key Management Mechanisms - 24 - 3.1 DUKPT Key Management

Card Payment Protocols Security Version 2.1

474 Iteration 21
475 R8 bit set: 25 A5 01 E2 90 20 00 17
476 R8A = R8 xor CurKey-rh: D7 59 5C 67 B4 F3 66 24
477 R8A = (R8A)CurKey-lh: 8D 9E C2 47 97 D1 61 D9
478 R8A = R8A xor CurKey-rh: 7F 62 9F C2 B3 02 07 EA
479 CurKey xor Mask: A1 10 68 07 04 E8 67 A4 32 3C 9D 45 24 D3 66 33
480 R8B = R8 xor CurKey-rh: 17 99 9C A7 B4 F3 66 24
481 R8B = (R8B)CurKey-lh: 6D 59 6C EE D6 8E A3 92
482 R8B = R8B xor CurKey-rh: 5F 65 F1 AB F2 5D C5 A1
483 CurKey: 5F 65 F1 AB F2 5D C5 A1 7F 62 9F C2 B3 02 07 EA
484
485 PIN Encryption Key:
486 Applying the mask defined in section 3.1.3 PIN Encryption Key, the variant of the key for PIN
487 encryption is then:
488 CurKey xor PINVariant: 5F 65 F1 AB F2 5D C5 5E 7F 62 9F C2 B3 02 07 15
489 With the parity bits applied to the key:
490 PIN Encryption Key: 5E 64 F1 AB F2 5D C4 5E 7F 62 9E C2 B3 02 07 15
491
492
493 Data Encryption Key:
494 Applying the mask defied in section 0
495 Data Encryption Key, the variant of the key for data encryption is then:
496 The encryption key for the request or advice messages:
497 CurKey xor EncVariantReq: 5F 65 F1 AB F2 A2 C5 A1 7F 62 9F C2 B3 FD 07 EA
498 TDES(CurKey)CurKey: A7 5C 21 F7 04 51 74 44 3F 28 24 9C 3B 08 A7 2B
499 With the parity bits applied to the key:
500 Data Encryption Key Req: A7 5D 20 F7 04 51 75 45 3E 29 25 9D 3B 08 A7 2A
501 The encryption key for the response messages:
502 CurKey xor EncVariantResp: 5F 65 F1 54 F2 5D C5 A1 7F 62 9F 3D B3 02 07 EA
503 TDES(CurKey)CurKey: ED 7E 8A 3D 76 05 2B EA E6 9E E6 88 61 61 3B E2
504 With the parity bits applied to the key:
505 Data Encryption Key Resp: EC 7F 8A 3D 76 04 2A EA E6 9E E6 89 61 61 3B E3
506
507
508 Message Authentication Key:
509 The MAC key for the request or advice messages:
510 CurKey xor MACVariantReq: 5F 65 F1 AB F2 5D 3A A1 7F 62 9F C2 B3 02 F8 EA
511 With the parity bits applied to the key:
512 MAC Key Req: 5E 64 F1 AB F2 5D 3B A1 7F 62 9E C2 B3 02 F8 EA
513 The MAC key for the response messages:
514 CurKey xor MACVariantResp: 5F 65 F1 AB 0D 5D C5 A1 7F 62 9F C2 4C 02 07 EA
515 With the parity bits applied to the key:
516 MAC Key Resp: 5E 64 F1 AB 0D 5D C4 A1 7F 62 9E C2 4C 02 07 EA
517
518
519

3 Key Management Mechanisms - 25 - 3.1 DUKPT Key Management

Card Payment Protocols Security Version 2.1

520 3.2 UKPT Key Management

521 The UKPT (Unique Key per Transaction) key management is based on a Master Session Key MK and
522 a session key for encryption or MAC generation exchanged for each message.
523
524 Resulting CMS Structure

525 The CMS data structures that are used to retrieve the UKPT session keys are the following:
526 1. EnvelopedData to convey encrypted sensitive data.
527 One occurrence of EnvelopedData/Recipient contains the information to retrieve the
528 encryption session key,
529 2. AuthenticatedData to convey the MAC of a message.
530 One occurrence of AuthenticatedData/Recipient contains the information to retrieve the MAC
531 session key,
532
533 The Recipient element of EnvelopedData and AuthenticatedData for UKPT key management is
534 presented in the table below:
UKPT Key Mult. Usage
Recipient [1..1] Information related to the UKPT key for the recipient.
KEK [1..1] UKPT uses the KEK choice.
Version [0..1] default 4
Version of the data structure, current version is 4.
KEKIdentification [1..1] Identification of the Master Session key MK.
KeyIdentification [1..1] Name of the key. Test keys must include the suffix "TestKey".
KeyVersion [1..1] The version of the Master Session key.
When the value represents the date of activation, it must use the format
YYYYMMDDhh where:
YYYY is a 4-digits numeral representing the year, 0000 is prohibited
MM is a 2-digits numeral representing the month (from 01 to 12)
DD is a 2-digits numeral representing the day of the month (from 01 to 31)
hh is a 2-digits numeral representing the hours (from 00 to 23)
KeyEncryptionAlgorithm [1..1] Algorithm to encrypt the key encryption key.
Algorithm [1..1] Symmetric encryption algorithm for the protection of the encryption key.
Allowed values:
DES112CBC Triple DES (D Encryption Standard) with double length key
(112 Bit) as defined in FIPS PUB 46-3
section 3.2.2: Triple DES UKPT Key Management
UKPT UKPT (Unique Key Per Transaction) key encryption, using
Triple DES encryption with a double length key (112 Bit) and
IBM CCA control vectors.
section 3.2.4: IBM CCA UKPT Key Management
UKPTwithAES128 UKPT (Unique Key Per Transaction) key encryption,
using Advanced Encryption Standard with a 128 bits
cryptographic key, approved by the Federal Information
Processing Standards (FIPS 197 - November 6, 2001 -
Advanced Encryption Standard).
section 0:
AES UKPT Key Management
EncryptedKey [1..1] see following sections :
3.2.2: Triple DES UKPT Key Management
3.2.4: IBM CCA UKPT Key Management
0:
AES UKPT Key Management

535 The same value for the data structures KEKIdentification and KeyEncryptionAlgorithm must be used
536 for the two messages of the same exchange.

3 Key Management Mechanisms - 26 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

537 However to use different session keys, the value of EncryptedKey must be different for the two
538 messages of the same exchange.
539

3 Key Management Mechanisms - 27 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

540 3.2.2 Triple DES UKPT Key Management

541
542
543 The Triple DES UKPT key management mechanism uses:
544
545 1. A 112 bits Triple DES Master Session Key MK, identified by the KEK/KEKIdentification,
546 2. A 128 bits random number, conveyed in KEK/EncryptedKey,
547
548
549 The result generates a 112 bits Triple DES Session Key for sensitive data encryption or MAC
550 computation with the following algorithm:
551 (i) Set IV to 0
552 (ii) Split the random number contained in EncryptedKey in two blocks of 8 bytes
553 (iii) Compute a XOR with IV and the first block of the EncryptedKey
554 (iv) Decrypt the the result of this XOR with the Master Session Key identified by KEKIdentification
555 (v) Compute a XOR with the given result and the second block of EncryptedKey
556 (vi) Decrypt the result of the XOR with the Master Session Key identified by KEKIdentification
557 (vii) Concatenate the results
558 (viii) Impose odd parity to each of the 16 bytes on the least significant bit to obtain the
559 Session Key.
560
561 The figure below summarises the details of the generation.

8 bytes 8 bytes
EncryptedKey
Initialisation Vector (IV)
00 00 00 00 00 00 00 00 xor xor

MK 3DES-1 MK 3DES-1

parity

Session Key

562
563 Figure 9: Triple DES UKPT Session Key Generation
564
565
566

3 Key Management Mechanisms - 28 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

567 3.2.3 AES UKPT Key Management

568
569
570 The AES UKPT key management mechanism uses:
571
572 1. A 128 bits AES Master Session Key MK, identified by the KEK/KEKIdentification,
573 2. A 128 bits random number, conveyed in KEK/EncryptedKey,
574
575
576 The result generates a 128 bits AES Session Key for sensitive data encryption or MAC computation
577 with the quite simple following algorithm:
578 (i) Decrypt the random number contained in EncryptedKey with the Master Session Key
579 identified by KEKIdentification to obtain the Session Key.
580
581
582 The figure below summarises the details of the generation.
16 bytes
EncryptedKey

MK AES-1

Session Key
583
584 Figure 10: AES UKPT Session Key Generation
585
586
587

3 Key Management Mechanisms - 29 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

588 3.2.4 IBM CCA UKPT Key Management

589
590 The IBM CCA UKPT key management mechanism uses:
591 1. A 112 bits Triple DES Master Session Key MK, identified by the KEK/KEKIdentification,
592 2. A 128 bits random number, conveyed in KEK/EncryptedKey,
593 The result generates a 112 bits Triple DES Session Key for sensitive data encryption, PIN encryption,
594 key encryption, or MAC computation with the following algorithm:
595 (i) Mask the Master Session Key MK identified by KEKIdentification with an exclusive OR by the
596 control vectors below, depending on the key usage, to generate two 112 bits Triple DES Key
597 Encryption Keys KEKL and KEKR:
598 Left MAC control vector: 00004D00 03410000 00004D00 03410000
599 Left PIN control vector: 00215F00 03410000 00215F00 03410000
600 Left data control vector: 00007100 03410000 00007100 03410000
601 Left key encryption control vector: 00427D00 03410000 00427D00 03410000
602 Right MAC control vector: 00004D00 03210000 00004D00 03210000
603 Right PIN control vector: 00215F00 03210000 00215F00 03210000
604 Right data control vector: 00007100 03210000 00007100 03210000
605 Right key encryption control vector: 00427D00 03210000 00427D00 03210000
606 (ii) Split the random number contained in EncryptedKey in two blocks of 8 bytes
607 (ii) Decrypt the left EncryptedKey block with the key KEKL, and the right EncryptedKey block with
608 the key KEKR
609 (iii) Impose odd parity to each of the 16 bytes with the least significant bit to obtain the Session
610 Key.
611 The figure below summarises the details of the generation.
Left Control Vectors Right Control Vectors
00 00 4D 00 03 41 00 00 00 00 4D 00 03 41 00 00 MAC 00 00 4D 00 03 21 00 00 00 00 4D 00 03 21 00 00
00 21 5F 00 03 41 00 00 00 21 5F 00 03 41 00 00 PIN 00 21 5F 00 03 21 00 00 00 21 5F 00 03 21 00 00
00 00 71 00 03 41 00 00 00 00 71 00 03 41 00 00 data 00 00 71 00 03 21 00 00 00 00 71 00 03 21 00 00
00 42 7D 00 03 41 00 00 00 42 7D 00 03 41 00 00 key encrypt 00 42 7D 00 03 21 00 00 00 42 7D 00 03 21 00 00

Master Session Key

xor xor
16 bytes

left key KEKL right key KEKR

EncryptedKey
8 bytes 8 bytes

key key
3DES-1 3DES-1

Parity

Session Key
612
613 Figure 11: IBM CCA UKPT Session Key Generation
614

3 Key Management Mechanisms - 30 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

615 3.2.5 Examples

616

617 3.2.5.1 Triple DES UKPT

618
619 The hereby displayed example uses for DES test Master Session Key MK the same value as the test
620 DUKPT base derivation key:
621 37233E89 0B0104E9 BC943D0E 45EAE5A7
622
623 The random string sent in the KEK/EnryptedKey is:
624 F5DBFB9D 229BEF77 758F0448 87D15245
625
626 (i) Split the random number contained in EncryptedKey in two blocks of 8 bytes
627 Block 1 = F5DBFB9D 229BEF77
628 Block 2 = 758F0448 87D15245

629 (ii) Decrypt the first block with the Master Session Key identified by KEKIdentification
630 Decrypted Block 1 = 877162B8 EB9557D3

631 (iii) Compute a XOR with the given result and the second block of EncryptedKey
632 Decrypted Block 1 XOR Block 2 = F2FE66F0 6C440596

633 (iv) Decrypt the result of the XOR with the Master Session Key identified by KEKIdentification
634 Decrypted Block 2 = 949088E1 C3BA954E

635 (v) Concatenate the results

636 Session Key = 877162B8 EB9557D3 949088E1 C3BA954E

637 (vi) Impose odd parity to each of the 16 bytes on the least significant bit to obtain the Session Key
638 Odd-parity adjusted Session Key = 867062B9 EA9457D3 949189E0 C2BA944F
639
640 The Recipient data structure is presented in the table below:
641
Message Item Value
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2010060715
KeyEncryptionAlgorithm
Algorithm DES112CBC
EncryptedKey F5DBFB9D229BEF77758F044887D15245
642
643 The resulting XML encoded structure is:
644 <Rcpt>
645 <KEK>
646 <KEKId>
647 <KeyId>SpecV1TestKey</KeyId>
648 <KeyVrsn>2010060715</KeyVrsn>
649 </KEKId>
650 <KeyNcrptnAlgo>
651 <Algo>E3DC</Algo>

3 Key Management Mechanisms - 31 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

652 </KeyNcrptnAlgo>
653 <NcrptdKey>9dv7nSKb73d1jwRIh9FSRQ==</NcrptdKey>
654 </KEK>
655 </Rcpt>
656
657

3 Key Management Mechanisms - 32 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

672 3.2.5.2 AES UKPT

673
674 The hereby displayed example uses for AES test Master Session Key MK the same value as the test
675 DUKPT base derivation key:
676 37233E89 0B0104E9 BC943D0E 45EAE5A7
677
678 The random string sent in the KEK/EnryptedKey is:
679 F5DBFB9D 229BEF77 758F0448 87D15245
680
681 The AES decryption of the random string by the Key MK, which is the Session Key is:
682 88D0ECFD ACAB3E8A C044BAE5 04548F9A
683
684 The Recipient data structure is presented in the table below:
685
Message Item Value
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2010060715
KeyEncryptionAlgorithm
Algorithm UKPTwithAES128
EncryptedKey F5DBFB9D229BEF77758F044887D15245
686
687 The resulting XML encoded structure is:
688 <Rcpt>
689 <KEK>
690 <KEKId>
691 <KeyId>SpecV1TestKey</KeyId>
692 <KeyVrsn>2010060715</KeyVrsn>
693 </KEKId>
694 <KeyNcrptnAlgo>
695 <Algo>UKA1</Algo>
696 </KeyNcrptnAlgo>
697 <NcrptdKey>9dv7nSKb73d1jwRIh9FSRQ==</NcrptdKey>
698 </KEK>
699 </Rcpt>
700
701
3 Key Management Mechanisms - 33 - 3.2 UKPT Key Management
Card Payment Protocols Security Version 2.1

718 3.2.5.3 IBM CCA UKPT

719
720 The hereby displayed example uses for DES test Master Session Key MK the same value as the test
721 DUKPT base derivation key:
722 37233E89 0B0104E9 BC943D0E 45EAE5A7
723
724 We are considering the generation of a MAC session key, the random string sent in the
725 KEK/EnryptedKey being:
726 F5DBFB9D 229BEF77 758F0448 87D15245
727
728 The “exclusive or” of the Key MK by the left MAC control vector 00004D00 03410000 00004D00
729 03410000, to generate the KEKL key is:
730 37237389 084004E9 BC94700E 46ABE5A7
731
732 The “exclusive or” of the Key MK by the rigth MAC control vector 00004D00 03210000 00004D00
733 03210000, to generate the KEKR key is:
734 37237389 082004E9 BC94700E 46CBE5A7
735
736 The triple DES decryption of the random string by the KEKL and KEKR keys is:
737 053262F9 191BFD81 5C5D2414 C2D4A248
738
739 Imposing bitwise odd parity, the session key is:
740 043262F8 191AFD80 5D5D2515 C2D5A249
741
742
743

3 Key Management Mechanisms - 34 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

744 The Recipient data structure is presented in the table below:

745
Message Item Value
Recipient
KEK
KEKIdentification
KeyIdentification SpecV1TestKey
KeyVersion 2010060715
KeyEncryptionAlgorithm
Algorithm UKPT
EncryptedKey F5DBFB9D229BEF77758F044887D15245
746
747 The resulting XML encoded structure is:
748 <Rcpt>
749 <KEK>
750 <KEKId>
751 <KeyId>SpecV1TestKey</KeyId>
752 <KeyVrsn>2010060715</KeyVrsn>
753 </KEKId>
754 <KeyNcrptnAlgo>
755 <Algo>UKPT</Algo>
756 </KeyNcrptnAlgo>
757 <NcrptdKey>9dv7nSKb73d1jwRIh9FSRQ==</NcrptdKey>
758 </KEK>
759 </Rcpt>
760
761
762 Once unnecessary spaces and carriage returns are removed, Recipient data structure is:
763 0000 3C 52 63 70 74 3E 3C 4B 45 4B 3E 3C 4B 45 4B 49 |<Rcpt><KEK><KEKI|
764 0010 64 3E 3C 4B 65 79 49 64 3E 53 70 65 63 56 31 54 |d><KeyId>SpecV1T|
765 0020 65 73 74 4B 65 79 3C 2F 4B 65 79 49 64 3E 3C 4B |estKey</KeyId><K|
766 0030 65 79 56 72 73 6E 3E 32 30 31 30 30 36 30 37 31 |eyVrsn>201006071|
767 0040 35 3C 2F 4B 65 79 56 72 73 6E 3E 3C 2F 4B 45 4B |5</KeyVrsn></KEK|
768 0050 49 64 3E 3C 4B 65 79 4E 63 72 70 74 6E 41 6C 67 |Id><KeyNcrptnAlg|
769 0060 6F 3E 3C 41 6C 67 6F 3E 55 4B 50 54 3C 2F 41 6C |o><Algo>UKPT</Al|
770 0070 67 6F 3E 3C 2F 4B 65 79 4E 63 72 70 74 6E 41 6C |go></KeyNcrptnAl|
771 0080 67 6F 3E 3C 4E 63 72 70 74 64 4B 65 79 3E 39 64 |go><NcrptdKey>9d|
772 0090 76 37 6E 53 4B 62 37 33 64 31 6A 77 52 49 68 39 |v7nSKb73d1jwRIh9|
773 00A0 46 53 52 51 3D 3D 3C 2F 4E 63 72 70 74 64 4B 65 |FSRQ==</NcrptdKe|
774 00B0 79 3E 3C 2F 4B 45 4B 3E 3C 2F 52 63 70 74 3E |y></KEK></Rcpt> |
775
776
777
778

3 Key Management Mechanisms - 35 - 3.2 UKPT Key Management

Card Payment Protocols Security Version 2.1

779 3.3 RSAES-OAEP Key Encryption

780 The RSAES-OAEP (RSA Encryption Scheme with Optimal Asymmetric Encryption Padding) is an
781 encryption specified in the RFC 3447 “Public-Key Cryptography Standards (PKCS) #1: RSA
782 Cryptography Specifications Version 2.1”. The section 1.4 contains key lengths and key exponent
783 recommendations.
784

785 3.3.1 Key Management

786 The RSAES-OAEP algorithm is used to encrypt a transport key by a RSA public key, as specified in
787 the RFC 3560 “Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message
788 Syntax (CMS)”.
789 The RSA public key must be authenticated by a Certificate Authority that has signed the RSA public
790 along with other information in a X.509 certificate.
791 The keyUsage extension must be present in the X.509 certificate, and must contain the value
792 “keyEncipherment”.
793 The KeyTransport choice of the CMS Recipient data structure must be used with:
794 - The Issuer’s distinguished names of the X.509 certificate, with the AttributeType and
795 AttributeValue in the same order than in the X.509 certificate.
796 - The serial number of the X.509 certificate.
797
798 The parameters allowed by RSAES-OAEP are:
799 - The digest algorithms used by RSAES-OAEP are limited to SHA-256, as specified in FIPS 180-
800 2.
801 - The mask generator functions used by RSAES-OAEP are limited to MGF1, as specified in the
802 RFC 3560 “Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message
803 Syntax (CMS)”.
804 - The digest algorithms used by the mask generator function MGF1 are limited to SHA-256, as
805 specified in FIPS 180-2.
806
807
808
809

3 Key Management Mechanisms - 36 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

810 3.3.2 Resulting CMS Structure

811 The CMS data structure that is used by the provided RSAES-OAEP key is the following:
812 1. EnvelopedData to convey an encrypted key encryption key.
813 One occurrence of EnvelopedData/Recipient/KeyTransport contains the information to retrieve
814 the key encryption key.
815
816 The Recipient element of EnvelopedData is presented in the table below:
817
Message Item Mult. Usage
Recipient [1..1] Information related to the transport key for the recipient.
KeyTransport [1..1] RSAES-OAEP uses the KeyTransport choice.
Version [1..1] [default 0]
Version of the data structure, current version is 0.
RecipientIdentification [1..1] Identification of the X.509 certificate of the RSA public key.
IssuerAndSerialNumber [1..1] Identification of the issuer and the serial number of the X.509 certificate.
Issuer [1..1] Identification of the issuer of the X.509 certificate.
RelativeDistinguished- [1..*] X.509 attributes of the issuer of the X.509 certificate, in the same order as the
Name certificate.
AtributeType [1..1] X.509 attribute, allowed codes:
CountryName Country of the certificate issuer
Locality City of the certificate issuer
OrganisationName Organisation of the certificate issuer
OrganisationUnitName Organisation unit of the certificate issuer
CommonName Name of the certificate issuer
AttributeName [1..1] Value of the X.509 attribute.
SerialNumber [1..1] Serial number of the X.509 certificate of the RSA public key.
KeyEncryptionAlgorithm [1..1] Algorithm to encrypt the transport key by the RSA public key.
Algorithm [1..1] Encryption algorithm for the encryption of the transport key. Allowed value:
RSAES-OAEP RSA encryption scheme based on Optimal Asymmetric
Encryption Padding scheme (OAEP in PKCS #1 version 2.1)
- (ASN.1 Object Identifier: id-RSAES-OAEP).
Parameter [1..1] Parameter of the RSAES-OAEP encryption algorithm.
DigestAlgorithm [1..1] Cryptographic algorithm for computing the digest of the label in the RSAES-
OAEP encryption algorithm. Allowed value:
SHA256 Message digest algorithm SHA-256 as defined in FIPS 180-2 -
(ASN.1 Object Identifier: id-sha256).
MaskGeneratorAlgorithm [1..1] Mask generator function algorithm used by the RSAES-OAEP encryption
algorithm.
Algorithm [1..1] Algorithm of the mask generator function, allowed value:
MGF1 Mask Generator Function, used for RSA encryption and RSA digital
signature (PKCS #1 version 2.1) - (ASN.1 Object Identifier: id-mgf1).
Parameter [1..1] Parameters associated to the mask generator function cryptographic
algorithm.
DigestAlgorithm [1..1] Digest algorithm used in the mask generator function. Allowed value:
SHA256 Message digest algorithm SHA-256 as defined in FIPS 180-2 -
(ASN.1 Object Identifier: id-sha256).
EncryptedKey [1..1]

818
819

3 Key Management Mechanisms - 37 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

820 3.3.3 Key Encryption Process

821
822 The RSAES-OAEP encryption is described below with the following notations:
823 - K: the RSA key pair
824 - mLen: the length of the K modulus
825 - hLen: the length of the digest, 32 for the SHA-256
826 - KT: the plaintext transport key
827 - 01: an hexadecimal value
828 - || : the concatenation
829
830 (i) Compute the SHA-256 digest LH of the empty string.
831 (ii) Build the data block DB = LH || PS || 01 || KT
832 of length mLen - (hLen + 1), where
833 PS is the string of hexadecimal byte values 00
834 (iii) Generate a random seed block value SD of length hLen
835 (iv) Compute the data block mask DBM of length mLen - (hLen + 1), result of the mask
836 generator function MGF1 applied to the seed block SD for the length mLen - (hLen + 1)
837 (v) Compute the masked data block MDB of length mLen - (hLen + 1), result of the bitwise
838 exclusive or, between the data block DB and the data block mask DBM
839 (vi) Compute the seed block mask SDM of length hLen, result of the mask generator function
840 MGF1 applied to the block MDB for the length hLen
841 (vii) Compute the masked seed block MSD of length hLen, result of the bitwise exclusive or,
842 between the seed block SD and the seed block mask SDM
843 (viii) Build the block EM= 00 || MSD || MDB
844 of length mLen
845 (ix) Encrypt the block EM with the RSA public key K to fill EncryptedKey.
846
847 The figure below summarises the steps (i) to (ix) of the RSAESOAEP encryption process.
848

3 Key Management Mechanisms - 38 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

DB (ii)
(i)
empty string SHA256 LH
00 00 00

mLen-(hLen+1)

00 01

KT KT

mLen-(hLen+1)
hLen

(iii) SD MGF1

(iv)

DBM xor

(v)

hLen

MGF1 MDB

(vi)

SDM

xor

(vii) EM (viii)

MSD 00
MSD
(ix)

Public key K mLen

MDB

EncryptedKey RSA

849
850 Figure 12 : RSAES-OAEP Encryption
851
852

3 Key Management Mechanisms - 39 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

853 3.3.4 MG1 Mask Generator Function Process

854
855 The RSAES-OAEP encryption and decryption use the MGF1 mask generator function.
856
857 The MGF1 function generates a data block M of length mLen from a seed block mgfSD, using a digest
858 algorithm limited to SHA-256 in nexo protocols:
859 (i) Build a block T initialised as an empty string (i.e. T has length 0)
860 (ii) Initialise a counter C of 4 bytes to 00 00 00 00
861 (iii) While the block T has not reached a length of mLen bytes:
862 a. T = T || SHA-256(mgfSD || C)
863 b. Increment C by one
864 (iv) M is the first mLen bytes of T
865

mgfSD mgfSD mgfSD

C 00 00 00 00 C 00 00 00 01 C xx xx xx xx

SHA256 SHA256 SHA256

mLen
866
867 Figure 13 : MG1 Mask Generator Function
868
869
870

3 Key Management Mechanisms - 40 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

871 3.3.5 Key Decryption Process

872
873 The RSADS-OAEP decryption is described below with the same notations than for the encryption:
874
875 (i) Decrypt the value of EncryptedKey with the RSA private key K to the block
876 EM= Y || MSD || MDB where
877 Y, one byte, must be equal to 00
878 MSD has the length hLen
879 MDB has the length mLen-(hLen+1)
880 (ii) Compute the seed mask block SDM of length hLen, result of the mask generator function
881 MGF1 applied to the block MDB for the length hLen
882 (iii) Compute the seed block SD of length hLen, result of the bitwise exclusive or between the
883 seed mask MSD and the masked seed SDM
884 (iv) Compute the masked data block DBM of length mLen - (hLen + 1), result of the mask
885 generator function MGF1 applied to the seed block SD for the length mLen - (hLen + 1)
886 (v) Compute the data block DB of length mLen - (hLen + 1), result of the bitwise exclusive or
887 between the masked data bloc MDB and the data block mask DBM
888 (vi) Compute the SHA-256 digest LH of the empty string.
889 (vii) Split the data block DB=LH’ || PS || M || KT
890 LH’ of length hLen must be equal to LH
891 PS is the largest string following LH’ of hexadecimal of value 00
892 M, first non zero byte, must have the value 01
893 KT, the remaining string, the transport key to use, must have the right length
894
895 The figure below summarises the steps (i) to (vii) of the RSADS-OAEP decryption process.
896

3 Key Management Mechanisms - 41 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

empty string SHA256

(vi) DB (v)

LH LH’
00 00 00

(vii) 00 01

KT KT

mLen-(hLen+1)
(iii)

SD MGF1

(iv)

DBM xor

hLen

MGF1 MDB

(ii)

SDM

xor

EM (i)

MSD 00
MSD

Private key K
mLen-(hLen+1)
MDB

EncryptedKey RSA

897
898 Figure 14 : RSADS-OAEP Decryption
899
900

3 Key Management Mechanisms - 42 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

901 3.3.6 Examples

902 3.3.6.1 RSA Encryption Key and Certificate

903 The RSA key to encrypt the transport key has a key length of 3072 bits with the components dumped
904 below:
RSA Key Component Value
Modulus D72CCF63FB2F866A18F219DC919316495FF66C906F904D7B266525C37FABE7D4
ED99EA0424336D99B0B7979DE1764E7CD16B64B9BA954610BCACBB6CFDA4CB90
6AA75BED58B9A0037152541EB1DC3DD0B6214EB31BE97A4F91073412DE042216
FA8F826D24C7F2D305D4BF63465BF899DC6F073FF6AA338EA44DB6BE51A6358C
AA3CCB8528E58B55540ED22325233333D3D6D2B82ED7A58D499F445FF835C3EB
D5B515379A7C2B5B41D35F3DFD5A1A2D61491038FDD19E18EF678FD794872ACC
8B8129AFA0D02FCD6E4ADE9184D5FEC2386441293B16BB76B8E2E4F8E8027636
6855A880E0EFAC449E76124C4BF7FF2BA15E674B62A5637D26600AA3A013E153
0E11F4BF984E533F520A2E74BD826DD507C283D2F563C22848E05D84D2B7D222
1F4B63B56797E6AFB425D567E5F916E3AB4E2C486EC81489469C17DA2DFAF7AB
496EE7C24E43951FFE28006BFF96E2D15838AC7252F3D45E8FEBEF0F7EEF974F
FE0A38C38926CFA0683198CA8FD08C8B2427B91A0B16F79A7186DE7DAB9DFF3D
Public Exponent 010001
Private Exponent 70CA3357D446202E232F5CB10AB9D017DC2E7ECFE33AFFF24AB900678ED7DC68
F7B7133CE280F6B57635764B32F0E1C979B8D28EACA82C96FF5F87CB64D56A43
2434DFF1F4ED305C3D9D8B2C9FCCB3B66091EAFFE5E4A7D16753204FB782F11F
9C6D774FA0D5128ADCE69CFFFBD49FE67EEED01D0E3E3F5248FBD78BC19EDF39
01CF665B4189B9549C003CD461562733C69A37D085F551F9529B22AB2F9F7738
7AC835FBF4859BF074FBC853E526C2CC00CFDCAA131A3AC6154FF2CD6D34C110
8A903DDA424D8A689EBCCFDB05FCAC0B9FC16C3091D284506661F52D4A2FAB8C
A519B79C882E1E1DA6E04BC292D8C86A073BBB4DD354FE9A068F59621AD2739C
F0C7C1536187337B758F0CA31CE1381EC81D61EF92F7251BA60ABC2F3732C0CB
31979282D7B96866CAD0CFD4842A1041E2A8BC720FB2B9147DED36BAD36E323E
21482BD5A5416E3FA2DB23355B19A3534910DA8A03FC41B2DCA278796D98E9A3
BE44410361825CBA24ACC5E0D5276FE55A6AD20E0F8FE1F3BFBE7DC5E1D5F581
Prime 1 FA00B40D29723058B33EB625A4B52D9B9F010360F739135E4A6AB13A24780D7C
D577657B3E6DB0043C4B1422384D4023E2F901B922D188C5AE0365B816DCF8AF
7E62E4ECF2D0AB3EA21B362B811873661BFF476DD123509F07D8D633CC373F7A
EF59894385BF9FC7E82BBD84DC148922A00558DD365A47B6A384BF91EAF440F4
E05D4BC95481AEFB61A1706C1E4B62A482A0A5AE9E3A87ED64826896CDD52B00
355FDF2D81B649E553D412205C0EFB4E075C2526FDDFA885F94AAFA323C4601D
Prime 2 DC5639C6AE9A6BD28746623C4D86C4A4E0212A1BE44EC34054FEEC65C101DC1E
0F45183CEC4CECB367E250D69A1B4ADE858BD67CE8CDCFAE182369B7B86D2DC0
F1159429A29E1293ADAFC66C5A8673D789D589AA66D0C25AE6B5325D1477B47A
713DC43842E22A36AEB738A893D17CFEAC4F9F0FF25DCD5D7DAD3AF7346B88EA
D4E5C86ECC970BC67BE142C53534788006AA1D8FADE91EE6D988BDB6D57775C7
3F8C41AAEF83508E836A92083B571D52E2904D0592A34900787C9650A41831A1
Exponent 1 D72FA7CAF473BF3D79FB6E98F42EA6B51EA5A69CDDEF18C6BE531B7D2A4AD381
31D4755B219F14347119469935D0F8766B355DD05731F801FF081993DCCA129C
2BB33FCCDC2BD45A32FA2D24411824AC2D490BD8707D6F35937186DE4AD6FB22
FBC61BAA2D0385AA7222C41C09BAFB56FC59DDE57A9536C8F3F29D5A21DC5FD4
E71226DB828BA56BE6DB2883478827BDE65A14823ADBB288194D4E6D0F7A7E6A
CD8659F9377F0A180491B3907AECC24EA57320DF710204725CE3764E7BC8D9D9
Exponent 2 5826F73E92249DF6C0C05C151C3F4AF55BE668DE77DD3B28C5D8A7E39DF08C8C
4A37AE96D143857FD1942E1B6DD47583C99244E1FC923B00C00F8B0041FD0C4D
21272CFBEB5FAAB702CA4C6C955B2D859253A89C503E3D43F9018D80C7EB8C7D
604901F4306E23CD74E140FDD106032830F03A073B4464217F628B30D3FC21EF
31F62CD6876BF6FE1619ED88D0DC89494F61482A6FBDD0EB33250E21D40DD345
401B713A5E50FF2DC54E21D6C146FD286814AB7C0B4AE0AE1B865CED2E79AF81
Coefficient BF2571D99CCC8D31ECEE0DE36E8C591043C371D01052AE0DF46DD35118031F5E
4AAB2948761A9BFCE909047EA5143B03EAD08A65B9F0E96F525ABF014A121E4C
E7935EDB7F0244357B1E20E106066A2E0BF326D82BFE6EDD2A283174D6E9A865
D3FD60D3FACC1D1B8F82FD32A9DAE2CEFC92C0BA4A3D66872A82FB1E67608565
3EDF96B096766729824F4C2B050494C7CE6ADEE376379558E3DA58CC608558CD
A2C4257398C03A973B9790ADAE2E3D4FD18A551DBC847E632455BB55633698EF

3 Key Management Mechanisms - 43 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

905
906 This RSA key is authenticated by a certificate authority with the following informations:
Certificate Information Value
serialNumber 7895 CA35 014C 3D2F 1E11 B10D
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418101823+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Host Key Encryption
Extensions
keyUsage KeyEncipherment

907
908 The dump of the X.509 certificate is:
909 0000 30 82 05 25 30 82 03 0D A0 03 02 01 02 02 0C 78 |0..%0..........x|
910 0010 95 CA 35 01 4C 3D 2F 1E 11 B1 0D 30 0D 06 09 2A |..5.L=/....0...*|
911 0020 86 48 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 |.H........0h1.0.|
912 0030 06 03 55 04 06 13 02 42 45 31 10 30 0E 06 03 55 |..U....BE1.0...U|
913 0040 04 0A 13 07 45 50 41 53 4F 72 67 31 26 30 24 06 |....EPASOrg1&0$.|
914 0050 03 55 04 0B 13 1D 54 65 63 68 6E 69 63 61 6C 20 |.U....Technical |
915 0060 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 |Center of Expert|
916 0070 69 73 65 31 1F 30 1D 06 03 55 04 03 13 16 45 50 |ise1.0...U....EP|
917 0080 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 |AS Protocols Tes|
918 0090 74 20 43 41 30 2A 17 13 32 30 31 33 30 34 31 38 |t CA0*..20130418|
919 00A0 31 30 31 38 32 33 2B 30 31 30 30 17 13 32 30 31 |101823+0100..201|
920 00B0 38 31 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 |81001182005+0100|
921 00C0 30 78 31 0B 30 09 06 03 55 04 06 13 02 46 52 31 |0x1.0...U....FR1|
922 00D0 10 30 0E 06 03 55 04 0A 13 07 45 50 41 53 4F 72 |.0...U....EPASOr|
923 00E0 67 31 26 30 24 06 03 55 04 0B 13 1D 54 65 63 68 |g1&0$..U....Tech|
924 00F0 6E 69 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 |nical Center of |
925 0100 45 78 70 65 72 74 69 73 65 31 2F 30 2D 06 03 55 |Expertise1/0-..U|
926 0110 04 03 13 26 45 50 41 53 20 50 72 6F 74 6F 63 6F |...&EPAS Protoco|
927 0120 6C 20 54 65 73 74 20 48 6F 73 74 20 4B 65 79 20 |l Test Host Key |
928 0130 45 6E 63 72 79 70 74 69 6F 6E 30 82 01 A2 30 0D |Encryption0...0.|
929 0140 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 |..*.H...........|
930 0150 8F 00 30 82 01 8A 02 82 01 81 00 D7 2C CF 63 FB |..0.........,.c.|
931 0160 2F 86 6A 18 F2 19 DC 91 93 16 49 5F F6 6C 90 6F |/.j.......I_.l.o|
932 0170 90 4D 7B 26 65 25 C3 7F AB E7 D4 ED 99 EA 04 24 |.M{&e%.........$|
933 0180 33 6D 99 B0 B7 97 9D E1 76 4E 7C D1 6B 64 B9 BA |3m......vN|.kd..|
934 0190 95 46 10 BC AC BB 6C FD A4 CB 90 6A A7 5B ED 58 |.F....l....j.[.X|
935 01A0 B9 A0 03 71 52 54 1E B1 DC 3D D0 B6 21 4E B3 1B |...qRT...=..!N..|
936 01B0 E9 7A 4F 91 07 34 12 DE 04 22 16 FA 8F 82 6D 24 |.zO..4..."....m$|

3 Key Management Mechanisms - 44 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

937 01C0 C7 F2 D3 05 D4 BF 63 46 5B F8 99 DC 6F 07 3F F6 |......cF[...o.?.|

938 01D0 AA 33 8E A4 4D B6 BE 51 A6 35 8C AA 3C CB 85 28 |.3..M..Q.5..<..(|
939 01E0 E5 8B 55 54 0E D2 23 25 23 33 33 D3 D6 D2 B8 2E |..UT..#%#33.....|
940 01F0 D7 A5 8D 49 9F 44 5F F8 35 C3 EB D5 B5 15 37 9A |...I.D_.5.....7.|
941 0200 7C 2B 5B 41 D3 5F 3D FD 5A 1A 2D 61 49 10 38 FD ||+[A._=.Z.-aI.8.|
942 0210 D1 9E 18 EF 67 8F D7 94 87 2A CC 8B 81 29 AF A0 |....g....*...)..|
943 0220 D0 2F CD 6E 4A DE 91 84 D5 FE C2 38 64 41 29 3B |./.nJ......8dA);|
944 0230 16 BB 76 B8 E2 E4 F8 E8 02 76 36 68 55 A8 80 E0 |..v......v6hU...|
945 0240 EF AC 44 9E 76 12 4C 4B F7 FF 2B A1 5E 67 4B 62 |..D.v.LK..+.^gKb|
946 0250 A5 63 7D 26 60 0A A3 A0 13 E1 53 0E 11 F4 BF 98 |.c}&`.....S.....|
947 0260 4E 53 3F 52 0A 2E 74 BD 82 6D D5 07 C2 83 D2 F5 |NS?R..t..m......|
948 0270 63 C2 28 48 E0 5D 84 D2 B7 D2 22 1F 4B 63 B5 67 |c.(H.]....".Kc.g|
949 0280 97 E6 AF B4 25 D5 67 E5 F9 16 E3 AB 4E 2C 48 6E |....%.g.....N,Hn|
950 0290 C8 14 89 46 9C 17 DA 2D FA F7 AB 49 6E E7 C2 4E |...F...-...In..N|
951 02A0 43 95 1F FE 28 00 6B FF 96 E2 D1 58 38 AC 72 52 |C...(.k....X8.rR|
952 02B0 F3 D4 5E 8F EB EF 0F 7E EF 97 4F FE 0A 38 C3 89 |..^....~..O..8..|
953 02C0 26 CF A0 68 31 98 CA 8F D0 8C 8B 24 27 B9 1A 0B |&..h1......$'...|
954 02D0 16 F7 9A 71 86 DE 7D AB 9D FF 3D 02 03 01 00 01 |...q..}...=.....|
955 02E0 A3 33 30 31 30 0E 06 03 55 1D 0F 01 01 00 04 04 |.3010...U.......|
956 02F0 03 02 05 20 30 1F 06 03 55 1D 23 04 18 30 16 80 |... 0...U.#..0..|
957 0300 14 A0 6F 83 79 EF C4 EB 3C 73 78 4C A4 98 E5 18 |..o.y...<sxL....|
958 0310 4E E0 50 D9 AC 30 0D 06 09 2A 86 48 86 F7 0D 01 |N.P..0...*.H....|
959 0320 01 0B 05 00 03 82 02 01 00 A8 6F 81 98 4D F9 14 |..........o..M..|
960 0330 E4 54 09 98 62 5C 9F 3D BB 62 95 87 0A 2C 11 74 |.T..b\.=.b...,.t|
961 0340 74 23 38 53 57 0A 04 1E 5A 79 DE F6 0F 51 17 E6 |t#8SW...Zy...Q..|
962 0350 FB 8E 31 17 8C 72 6B 7A 48 62 34 CF 3E 85 1D E8 |..1..rkzHb4.>...|
963 0360 1E 69 0C 65 2D 39 15 91 57 0E F2 8B 50 B3 E5 E7 |.i.e-9..W...P...|
964 0370 62 8C 13 EC DF 5E FE 61 41 FF E1 64 FD 72 B7 22 |b....^.aA..d.r."|
965 0380 ED A9 B8 D2 82 1C 1E 20 F7 8A 6A 9A 4C FC 1B 42 |....... ..j.L..B|
966 0390 37 4C F2 9D C1 A2 56 DC 80 1E CF 07 F2 44 1A 47 |7L....V......D.G|
967 03A0 D8 CD AE 80 F3 03 2C 6B CF FC 94 89 50 96 00 58 |......,k....P..X|
968 03B0 12 25 DC 24 39 5B 02 D4 CC 14 07 0D 38 99 EA 67 |.%.$9[......8..g|
969 03C0 6E 05 20 3F 8E 48 34 4F F0 68 29 BA 2E 12 89 11 |n. ?.H4O.h).....|
970 03D0 7D AA E6 6D 8A 83 B7 55 48 01 01 1D E7 72 3C AB |}..m...UH....r<.|
971 03E0 FA 39 2D 8D A7 C1 BB C6 A2 52 C4 CC 0B 2E F8 7C |.9-......R.....||
972 03F0 5C E6 8A 11 7D 2E C8 73 59 05 D1 B9 5B 01 45 CE |\...}..sY...[.E.|
973 0400 E1 60 02 20 9B 52 96 26 23 07 12 78 52 1A 60 FE |.`. .R.&#..xR.`.|
974 0410 65 81 A1 F5 00 95 7E 52 95 A0 2A 57 05 90 A7 81 |e.....~R..*W....|
975 0420 33 06 6B 9A 78 4F 93 45 0B BA 91 F3 AC 91 88 A8 |3.k.xO.E........|
976 0430 25 0C 48 57 83 D1 47 86 9C 00 70 61 8E 88 E4 68 |%.HW..G...pa...h|
977 0440 E7 34 CA 44 7F B0 06 19 DE 4D DB 36 5F 7D 6E 61 |.4.D.....M.6_}na|
978 0450 13 63 80 23 AE 20 F2 78 EB 7C EF 3F CF 1E 5D 87 |.c.#. .x.|.?..].|
979 0460 2F 14 6D 1B D6 73 7E C0 FF 94 6A E8 70 E2 B5 33 |/.m..s~...j.p..3|
980 0470 66 7F 42 5B 86 49 0F D4 6D 4E 09 F0 8D 52 E4 59 |f.B[.I..mN...R.Y|
981 0480 E0 4C 1E AA E8 19 F9 94 52 94 99 FF 38 2B 90 37 |.L......R...8+.7|
982 0490 52 B7 FE E1 BD B1 96 F9 C9 A2 28 01 9D BD 82 1A |R.........(.....|
983 04A0 E2 71 71 10 EF 3F 59 A9 9E 61 A7 5F 23 5D 61 65 |.qq..?Y..a._#]ae|
984 04B0 6E A3 6C 6F 76 05 46 C0 FC 12 A1 0D E5 52 24 16 |n.lov.F......R$.|
985 04C0 3C 28 14 00 B4 FC 64 13 4A 2A 9E 05 EE 4F 62 19 |<(....d.J*...Ob.|
986 04D0 69 AA E1 B2 20 EF 9F 5A 9B A6 FB 1F 14 A0 7B 0F |i... ..Z......{.|
987 04E0 EF F1 94 DE B5 62 6D AF 84 F2 DD 6D FD A5 EF 76 |.....bm....m...v|
988 04F0 A2 5F 34 FA 78 19 0B 96 A0 FF A4 3A B4 D4 9A 07 |._4.x......:....|
989 0500 47 68 AD 3E A1 22 27 CE 9B 24 56 E2 FA B0 34 BB |Gh.>."'..$V...4.|

3 Key Management Mechanisms - 45 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

990 0510 E2 E4 B0 27 1A 96 D2 2E 8C D3 79 8C D3 73 25 A0 |...'......y..s%.|

991 0520 28 04 9D 01 C8 01 60 0D F7 |(.....`.. |
992
993 The RSA key of the certificate authority signing this X.509 certificate has a key length of 4096 bits with
994 the components dumped below:
RSA Key Component Value
Modulus A97F45122196E7353C89C240F5D163CF7B9B6A0899440C3D3F3C431BF898BFDE
121407E57E4B6EA2A85E52742659E05087CBC69E2EF6A301B9000A9DA4216951
B793B70B3D27EA9BD6E80584929C55AA5D315CF691F789E677E52105065CC79C
20C58384DF934640A80E7F970088650663610B80B478B17E5863B910332C89DF
3F1FEE47E8A96E9A413CD69410693FECBA0388D2DDB4B6B33341CF9D523AC561
729C5854512EDE984AEB1D937E3C8F74F527FFEFE710CBD2A6819CA0A3C8C7CB
C237E1B60A66D790E5DFFCE5EF1B8BA241E284FBF32345AC74D179382DA7D714
E63CE04084FD904C3AAE0CAC44CCB17A4DFB4B5917971BE12B24FBC17E1E20DD
DC363E45D1659C80D5FF087C51FBED5846C43C0D3580C1C7E8BE91629FDE96F7
A5E531E0166AFE88CC3AFE4EB642F9E51F02E007CB482B4E91D588965F53C73D
8CA2A2D4F7A8663F492CB1623906417A553C9D4DFB2CF55CE6290956C5E80009
7F0E8C974E879BCB981977377FA6A3750DBF478F57C0C7338F45BA83F54670E3
5DDBAC4E30665338A75C0D61DF6918721E885054C85BC3CACD2206468C8A84BB
8B3432CE2D8B2F46B3E25124E956E401AA4194066C01ADC9E633DD2BFE794C87
10F3B94766986465135B8B395F832166A17F9E7EDD8DCB0D19125307CC32B76B
7009113A1BD91C5A2815E0A5A533B8A6ABFC47F0D11A668A2791E9F2F6088A5D
Public Exponent 010001
Private Exponent 2329168FF34DD57A92AB55139AAAAC14CF6466F38FAFB1064786DDB900B1D723
5F06AEB8A9A1463B11C8373C86F41FF734A44DF8646F9F52ED28980B299010C3
F5DBFB9DA63B108CF160C23C45198F1FBF234D508CE917BF2A61EA9E9B3A45E2
1A5E3EB1229BEF77DC24DDCCDA3C7110892F096ED28132F8ADA74A2D9520091D
B97F8B33798D2437758F044844BB409A7FDFD9D33C508F91CEF138FB3EA2986D
65940F32B6808D86740C1FDF87D1524505D21D628BC14D36CE79969F303AA74F
9A63733C0B1E585B63843A770C49DF86723A6631C9B7286DE4F1CB3E9F21F119
11C5D1133143545AABD58D2573442F10DAFA651FFF27C68DC8206CE52F9F5A5B
B51BEDC9E488312A3B6FEB3C3F216C06B1DEAC0EEFBF0923146338A642D98136
45AD19BA6F057946FB7DD6C590E232ED8B7B41431D6970362F0D4DBCBD9B24E7
4C3B3339B312D350DF8CB61DED711FCDC184F06FB9D8F89E68BAC2ABBFADDF52
88946DE053723075CD4F429B413D7FD870A104145A6ACE893A20258864FAD2A8
6A1F5AD252269AF71283593929304F86D9720A43161E26ABA6B19E9E870B1B39
952B6D97EAA88904F8D5D33BC00C87AC207D30EB07FC90FC5EA1423AA7AED534
30DAA12A68E5FA78CC42336D34273F6530BFA098085990EA2A12252E68B5E166
67086DB85B22FF747ECC0AA74F3687A9C058ABF9B891CE423FDE410D6E3CE121
Prime 1 C68BEBAFB00F0A1B7150AB24BDFC6E9ACCB413951857EEF62EC81D78B7F4E432
CF653F969F81F6C26FB6ACC300302F583853C654B823E48EA617540F2EAE10A9
D46C005A539F270AFC86E8A1FDA9B66960B5C4B6D1746F5B616A6B90D8B1E822
C3AF0ED1097550D87B55C5B6651CBFE769A16051FAA4F416DEECBA79FD9252BC
D99694FEA3981A50E329ECB367988A5FAEEB7C81FDAD8276B11CFC3AD0A85E65
53AB5D661EFA4D26A30157BD9FEA3428EB452F20D33525B2A9151BF542885B38
BF2FDAFA3CD3C3B48754822A5EF648D91A4CB3F98BCD222CC1497CB530A91B29
F1C52ED3F3242E1D6AB0A790708A3CB96D6DD718A7F1B4579EE6D0941DC06CE5
Prime 2 DA8B67A93CB27D2F5B7D2F86454FD2A57D20258058B3AE74999665E03C8A95A4
739D338B1312AD7E39EDBECADB3151A5172D198ABA2D1D6C88DFBA3462D52805
ADCF44070423098B0DC7D12CC767109860B1D1674F37CA2A3E03A425A76ECAB5
2737392460DB0221E90E099F02623FC93631E34C146B8DBD7367C0365C329704
C6D2304E0B4A8519737162556E0D36952D24A830DC8BDB1EDE7062C0DA000C26
44653F9F6043452EC676F51E3CF8EC2AC4B9249630CE522E2E754D5A0629612D
5D7180EBA39802E9DA665C6EA661A8483AB688D5B525B2EB0521BFF5E37211FA
7E882FE3F2FA109CC53800A902296BA6E4C3CCDC84E8EBAAB9EB59A03CCFC819
Exponent 1 9D26A8D1319865D69CD54DF1521358F45BEC78C77D3234A95513FE07CC0B2108
7A91D847FF4EDE22BE4BA7E8DCE046C91C246B0A2989F7615563879C50C563D9
1892B7A0C72964BCD46E6FF9B00EC19C1CF9228FD5AFC4685EEDDDE0133495D9
D66B5C5DE68F9E030B74337F0FFF36821360B11D923738205628A7DCE0F10D5D
FF17AA2CF70DF05E6FBF8263EA2E99EFEC42E614F9D6793A3B2C0715028D11D2
3FEC968BBB1F412BC0BFD253FC1C6356B409D9A8B0A413879B3F6316B8A7B714
6E77916A99F4BFA5C7AC032F4864C5FA594FB6F0615067A96700249E41BAC80E
66183DDD734902DB33D4497D1126C9B3B742C68AF47B62D42BA8E415288B6365

3 Key Management Mechanisms - 46 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

Exponent 2 483FC1FB5F079AFF26FDD1D24FE3BDBDDC09DE9BF9B71D3B8AF2FFA70C1CBCAF
EB50D3136D30C58E6F543BB91091D36E02A574463A9A6399D7FE2EAED6E5A51F
8B8073FAE5D1377C7307D60D39B6C6F3B933D0089955D64DF4C67B63BF608F3F
2841C770515CD5EDA4007209D15DEDBC756034C698119E803D40D578A32E4E62
D3DFF4FC381B60B933430EC1336AC6DAB65BE2069542DF23EB61B8240D6DEA96
54122CE061909BB485041AB0EE735490270D161D58F13C95EBE1F7BA8542F4CF
6C8EF391F33973ED1FB8AB62213B33C8FD300F38A774591BFD4C550BD32F88E6
0922B8C261376E7A8570A8373771BE172495DE8A209E681ABEF0216729F37F31
Coefficient 6978A387C201384A23F0E0BCD73737787364460ACF34F2B103AE60181A3E2DAF
D4F26B819F4B1ED7CD9E8CF225922365ACFB408ACC2E87207E339CF72059B94B
09552BFFAED96E486CE29AABDC8B95DA948B19F26CE702FD4D40867B50F5CFF5
7361BD181A7B4AFF4D80C547A5CBF9D2D51E9A1D1C729FF12E84129DCB132DC9
DCEE79F45456A05F232E1B3C31CA02D56EBDBC031C81A85DDE3CA2A5E4CD2F5B
C7D6394AA7F20022B74ED11A730C8C7024053C36500658D10C0622668C41E627
AF714A6EB76BCDC0B888F8AB4046DC5F158D08A5D7F388C76C7F022CE1834FDE
2B443126A9209274DED029D7D4FF7AC4B5AB0C88E8DEFD592D440AE254FBB422
995
996

3 Key Management Mechanisms - 47 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

997 3.3.6.2 RSAES-OAEP Encryption

998 The transport key KT to encrypt is the following 112 bits triple DES key:
999 0000 AE EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |.....=..[.&dX...|

1000
1001
1002 Step (i): Digest LH of the empty string Label
1003 The block LH, SHA-256 digest of the empty string, is:
1004 0000 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 |...B.........o.$|
1005 0010 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 |'.A.d..L....xR.U|
1006
1007
1008 Step (ii): Building of the block DB
1009 The RSA encryption key has a modulus length mLen of 384.
1010 The SHA-256 digest has a length hLen of 32.
1011
1012 The bloc DB has a length of 384 - (32+1)= 351 bytes:
1013 0000 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 |...B.........o.$|
1014 0010 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 |'.A.d..L....xR.U|
1015 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1016 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1017 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1018 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1019 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1020 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1021 0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1022 0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1023 00A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1024 00B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1025 00C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1026 00D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1027 00E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1028 00F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1029 0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1030 0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1031 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1032 0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1033 0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 AE |................|
1034 0150 EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |....=..[.&dX... |
1035
1036
1037 Step (iii): Generation of the Seed SD
1038 We consider the following seed SD:
1039 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |?.].w.0}`..lo;.=|
1040 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C |...]d.Lg.;......|
1041
1042

3 Key Management Mechanisms - 48 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1043 Step (iv): Generation of the mask DBM by MGF1

1044
1045 Intermediate computation of the MGF1 function with:
1046 - The seed SD generated at the step (iii)
1047 - The length of the mask to generate, mLen-(hLen+1) equal to 351
1048 - The SHA256 digest algorithm
1049 are presented below.
1050
1051 Iteration 0 (T length =00)
1052 Block mgfSD || C
1053 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1054 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1055 0020 00 00 00 00 | |
1056 Result SHA-256(mgfSD || C)
1057 0000 E2 DB 1C 9A C4 B9 69 92 EC E4 CC 9A 9E D7 82 AD | i |
1058 0010 59 0A CD 0B 51 58 03 56 5D 4C B3 26 89 5B B1 F1 |Y QX V]L & [ |
1059
1060 Iteration 1 (T length = 20)
1061 Block mgfSD || C
1062 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1063 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1064 0020 00 00 00 01 | |
1065 Result SHA-256(mgfSD || C)
1066 0000 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1067 0010 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1068
1069 Iteration 2 (T length = 40)
1070 Block mgfSD || C
1071 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1072 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1073 0020 00 00 00 02 | |
1074 Result SHA-256(mgfSD || C)
1075 0000 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1076 0010 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1077
1078 Iteration 3 (T length = 60)
1079 Block mgfSD || C
1080 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1081 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1082 0020 00 00 00 03 | |
1083 Result SHA-256(mgfSD || C)
1084 0000 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1085 0010 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1086

3 Key Management Mechanisms - 49 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1087 Iteration 4 (T length = 80)

1088 Block mgfSD || C
1089 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1090 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1091 0020 00 00 00 04 | |
1092 Result SHA-256(mgfSD || C)
1093 0000 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1094 0010 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1095
1096 Iteration 5 (T length = A0)
1097 Block mgfSD || C
1098 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1099 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1100 0020 00 00 00 05 | |
1101 Result SHA-256(mgfSD || C)
1102 0000 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1103 0010 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1104
1105 Iteration 6 (T length = C0)
1106 Block mgfSD || C
1107 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1108 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1109 0020 00 00 00 06 | |
1110 Result SHA-256(mgfSD || C)
1111 0000 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1112 0010 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1113
1114 Iteration 7 (T length = E0)
1115 Block mgfSD || C
1116 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1117 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1118 0020 00 00 00 07 | |
1119 Result SHA-256(mgfSD || C)
1120 0000 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1121 0010 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1122
1123 Iteration 8 (T length = 100)
1124 Block mgfSD || C
1125 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1126 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1127 0020 00 00 00 08 | |
1128 Result SHA-256(mgfSD || C)
1129 0000 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1130 0010 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1131
1132

3 Key Management Mechanisms - 50 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1133 Iteration 9 (T length = 120)

1134 Block mgfSD || C
1135 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1136 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1137 0020 00 00 00 09 | |
1138 Result SHA-256(mgfSD || C)
1139 0000 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1140 0010 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1141
1142 Iteration A (T length = 140)
1143 Block mgfSD || C
1144 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1145 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1146 0020 00 00 00 0A | |
1147 Result SHA-256(mgfSD || C)
1148 0000 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2A 33 | p J +J *3|
1149 0010 93 03 D4 DF CA F8 74 CC 4E BD D9 C3 9C 0B 01 04 | t N |
1150
1151 The resulting block DBM is:
1152 0000 E2 DB 1C 9A C4 B9 69 92 EC E4 CC 9A 9E D7 82 AD | i |
1153 0010 59 0A CD 0B 51 58 03 56 5D 4C B3 26 89 5B B1 F1 |Y QX V]L & [ |
1154 0020 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1155 0030 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1156 0040 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1157 0050 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1158 0060 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1159 0070 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1160 0080 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1161 0090 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1162 00A0 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1163 00B0 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1164 00C0 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1165 00D0 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1166 00E0 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1167 00F0 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1168 0100 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1169 0110 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1170 0120 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1171 0130 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1172 0140 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2A 33 | p J +J *3|
1173 0150 93 03 D4 DF CA F8 74 CC 4E BD D9 C3 9C 0B 01 | t N |
1174
1175

3 Key Management Mechanisms - 51 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1176 Step (v): Generation of the block MDB

1177
1178 The masked block MDB, result of the bitwise exclusive or between DB and DBM is then:
1179 0000 01 6B D8 D8 5C 45 75 86 76 1F 38 52 07 B8 3B 89 | k \Eu v 8R ; |
1180 0010 7E A4 8C EF 35 C3 90 1A F9 D9 2A 3D F1 09 09 A4 |~ 5 *= |
1181 0020 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1182 0030 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1183 0040 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1184 0050 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1185 0060 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1186 0070 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1187 0080 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1188 0090 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1189 00A0 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1190 00B0 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1191 00C0 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1192 00D0 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1193 00E0 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1194 00F0 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1195 0100 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1196 0110 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1197 0120 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1198 0130 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1199 0140 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2B 9D | p J +J + |
1200 0150 7C 83 4C 78 F7 11 A2 97 F1 9B BD 9B 98 09 17 || Lx |
1201
1202 Step (vi): Generation of the mask SDM by MGF1
1203
1204 Intermediate computation of the MGF1 function with:
1205 - The masked bloc MDB generated at the previous step
1206 - The length of the mask to generate, hLen equal to 32
1207 - The SHA256 digest algorithm
1208 Are presented below.
1209
1210 Iteration 0 (T length =00)
1211 Block mgfSD || C
1212 0000 01 6B D8 D8 5C 45 75 86 76 1F 38 52 07 B8 3B 89 | k \Eu v 8R ; |
1213 0010 7E A4 8C EF 35 C3 90 1A F9 D9 2A 3D F1 09 09 A4 |~ 5 *= |
1214 0020 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1215 0030 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1216 0040 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1217 0050 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1218 0060 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1219 0070 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1220 0080 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1221 0090 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1222 00A0 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1223 00B0 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1224 00C0 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1225 00D0 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1226 00E0 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1227 00F0 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1228 0100 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1229 0110 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1230 0120 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1231 0130 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1232 0140 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2B 9D | p J +J + |
1233 0150 7C 83 4C 78 F7 11 A2 97 F1 9B BD 9B 98 09 17 00 || Lx |
1234 0160 00 00 00 | |

3 Key Management Mechanisms - 52 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1235 Result SHA-256(mgfSD || C)

1236 0000 48 C3 43 1B CF 4B A3 1A 1A 04 E2 EC 8B 10 93 DB |H C K |
1237 0010 7D 07 8F 36 4E 58 D1 4C 6F D5 AE 32 87 1A B4 40 |} 6NX Lo 2 @|
1238
1239 The resulting block SDM is:
1240 0000 48 C3 43 1B CF 4B A3 1A 1A 04 E2 EC 8B 10 93 DB |H C K |
1241 0010 7D 07 8F 36 4E 58 D1 4C 6F D5 AE 32 87 1A B4 40 |} 6NX Lo 2 @|
1242
1243 Step (vii): Generation of the block MSD
1244
1245 The masked block MSD, result of the bitwise exclusive or between SD and SDM is then:
1246 0000 77 6D 1E 08 B8 8C 93 67 7A D7 79 80 E4 2B 00 E6 |wm gz y + |
1247 0010 7C 8E 1A 6B 2A 87 9D 2B D9 EE 58 3A 74 E8 30 5C || k* + X:t 0\|
1248
1249
1250 Step (viii): Generation of the block EM
1251
1252 The block EM, result of the concatenation 00 || MSD || MDB is then:
1253 0000 00 77 6D 1E 08 B8 8C 93 67 7A D7 79 80 E4 2B 00 | wm gz y + |
1254 0010 E6 7C 8E 1A 6B 2A 87 9D 2B D9 EE 58 3A 74 E8 30 | | k* + X:t 0|
1255 0020 5C 01 6B D8 D8 5C 45 75 86 76 1F 38 52 07 B8 3B |\ k \Eu v 8R ;|
1256 0030 89 7E A4 8C EF 35 C3 90 1A F9 D9 2A 3D F1 09 09 | ~ 5 *= |
1257 0040 A4 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E | ' x g Lfz 'N|
1258 0050 62 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 |bz l' |
1259 0060 B0 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A | C pP H) |
1260 0070 F6 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 | h I t2( ;z5 |
1261 0080 B0 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 | y 1|
1262 0090 35 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 |5 #\` |
1263 00A0 59 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 |Ys8 ;f e ~ |
1264 00B0 5C F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 |\ h q R '## |
1265 00C0 E3 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 | X% Q Z p|
1266 00D0 84 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A | \ y R |
1267 00E0 69 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD |i6 _ m |
1268 00F0 4D A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A |M 9 [.= |
1269 0100 E4 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 | ]#Y@9@l! ? M |
1270 0110 F3 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 | K>7 Aa xq' ew6|
1271 0120 66 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 |fz_ Iu +4 x |
1272 0130 8D 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 | % Q ] PHw |
1273 0140 77 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C |w qL 8 n b\ |
1274 0150 9E E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 | mq Fi S |
1275 0160 E5 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2B | p J +J +|
1276 0170 9D 7C 83 4C 78 F7 11 A2 97 F1 9B BD 9B 98 09 17 | | Lx |
1277
1278

3 Key Management Mechanisms - 53 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1279 Step (ix): Encryption of the block EM

1280
1281 The encryption of the block EM by the public RSA key is:
1282 0000 0E 8E 47 09 FA 83 A3 2B 80 63 5B D7 D0 F7 F8 B9 | G + c[ |
1283 0010 EE A8 14 E9 D2 B7 7A 34 95 84 F5 24 DB DF 60 76 | z4 $ `v|
1284 0020 4B 16 CE 42 71 5F 01 D7 49 FC B4 EF B2 51 77 11 |K Bq_ I Qw |
1285 0030 A4 9D FD 6D 6F 8E 81 87 51 9C 8F A7 B7 FF 92 8E | mo Q |
1286 0040 C1 78 3E D7 07 DB C7 D5 79 BC 08 9A 6E AA 87 6C | x> y n l|
1287 0050 DD 06 16 E9 32 2C 0A CF 43 18 B4 2B 58 35 DD 5B | 2, C +X5 [|
1288 0060 2C 2F FA E5 46 26 4D 61 5F 79 88 E0 D4 DC 53 F6 |,/ F&Ma_y S |
1289 0070 20 4B D6 35 B1 B7 24 F0 51 F8 46 93 9E D1 13 B1 | K 5 $ Q F |
1290 0080 A3 90 EE 6B 02 E1 14 12 BB D2 4D 5F 73 65 32 05 | k M_se2 |
1291 0090 9D 54 E4 8C 9A 67 39 C1 CE 5D 48 B0 A6 90 67 EA | T g9 ]H g |
1292 00A0 76 24 CF A4 4B D8 BD 7E FD 2D 3E BE 58 76 39 89 |v$ K ~ -> Xv9 |
1293 00B0 C7 4A CA 5B 38 F3 8D D0 C8 EE FF EE 7F EC A8 A5 | J [8 |
1294 00C0 47 5E 0E 3D 32 98 00 7A C6 E9 44 2A 6D D3 1B 7D |G^ =2 z D*m }|
1295 00D0 3C 1B AE F5 A6 DE B3 37 AA FF A4 83 6E 8D 09 1E |< 7 n |
1296 00E0 EF 98 2A EC C0 BA 5F B0 5E 48 6B 51 DA 82 02 64 | * _ ^HkQ d|
1297 00F0 20 26 1A 8F 05 5C 40 B4 F3 60 8D 7B 07 FF C2 0C | & \@ ` { |
1298 0100 71 69 4A 9E DC 2A 54 8B 72 CA C2 DC 38 2D B1 AF |qiJ *T r 8- |
1299 0110 F7 E0 F6 1F F9 06 86 01 CA 90 3A 1F 2C 59 8F FF | : ,Y |
1300 0120 D8 86 EC 23 A9 25 F6 F3 4E 49 BE AC 43 83 6D 76 | # % NI C mv|
1301 0130 EF C8 B3 88 F4 F2 CB E6 45 AD 10 14 C3 29 E8 09 | E ) |
1302 0140 2C A3 71 7C 88 4D A8 6A 7F A5 8E 8D 96 DB 31 57 |, q| M j 1W|
1303 0150 85 1A 56 98 F5 5D BA 0C 4D 26 21 A0 E1 58 AE 06 | V ] M&! X |
1304 0160 87 86 95 31 AF 1C 6B 1F E4 CA 99 B1 C5 D2 1E 11 | 1 k |
1305 0170 69 23 B9 09 42 7D 5B 94 96 B5 82 C6 2D 15 BA 69 |i# B}[ - i|
1306
1307
1308

3 Key Management Mechanisms - 54 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1309 Inside the EnvelopedData CMS data structure, the Recipient data structure is presented in the table
1310 below:
Message Item Value
Recipient
KeyTransport
Version 0
RecipientIdentification
IssuerAndSerialNumber
Issuer
RelativeDistinguishedName
AtributeType CountryName
AttributeName BE
RelativeDistinguishedName
AtributeType OrganisationName
AttributeName EPASOrg
RelativeDistinguishedName
AtributeType OrganisationUnitName
AttributeName Technical Center of Expertise
RelativeDistinguishedName
AtributeType CommonName
AttributeName EPAS Protocols Test CA
SerialNumber 7895CA35014C3D2F1E11B10D
KeyEncryptionAlgorithm
Algorithm RSAES-OAEP
Parameter
DigestAlgorithm SHA256
MaskGeneratorAlgorithm
Algorithm MGF1
Parameter
DigestAlgorithm SHA256
EncryptedKey 0E8E4709FA83A32B80635BD7D0F7F8B9EEA814E9D2B77A34
9584F524DBDF60764B16CE42715F01D749FCB4EFB2517711
A49DFD6D6F8E8187519C8FA7B7FF928EC1783ED707DBC7D5
79BC089A6EAA876CDD0616E9322C0ACF4318B42B5835DD5B
2C2FFAE546264D615F7988E0D4DC53F6204BD635B1B724F0
51F846939ED113B1A390EE6B02E11412BBD24D5F73653205
9D54E48C9A6739C1CE5D48B0A69067EA7624CFA44BD8BD7E
FD2D3EBE58763989C74ACA5B38F38DD0C8EEFFEE7FECA8A5
475E0E3D3298007AC6E9442A6DD31B7D3C1BAEF5A6DEB337
AAFFA4836E8D091EEF982AECC0BA5FB05E486B51DA820264
20261A8F055C40B4F3608D7B07FFC20C71694A9EDC2A548B
72CAC2DC382DB1AFF7E0F61FF9068601CA903A1F2C598FFF
D886EC23A925F6F34E49BEAC43836D76EFC8B388F4F2CBE6
45AD1014C329E8092CA3717C884DA86A7FA58E8D96DB3157
851A5698F55DBA0C4D2621A0E158AE0687869531AF1C6B1F
E4CA99B1C5D21E116923B909427D5B9496B582C62D15BA69
1311

3 Key Management Mechanisms - 55 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1312 The XML encoded structure of the Recipient data structure in the EnvelopedData CMS data structure
1313 is:
1314 <Rcpt>
1315 <KeyTrnsprt>
1316 <Vrsn>0</Vrsn>
1317 <RcptId>
1318 <IssrAndSrlNb>
1319 <Issr>
1320 <RltvDstngshdNm>
1321 <AttrTp>CATT</AttrTp>
1322 <AttrVal>BE</AttrVal>
1323 </RltvDstngshdNm>
1324 <RltvDstngshdNm>
1325 <AttrTp>OATT</AttrTp>
1326 <AttrVal>EPASOrg</AttrVal>
1327 </RltvDstngshdNm>
1328 <RltvDstngshdNm>
1329 <AttrTp>OUAT</AttrTp>
1330 <AttrVal>Technical Center of Expertise</AttrVal>
1331 </RltvDstngshdNm>
1332 <RltvDstngshdNm>
1333 <AttrTp>CNAT</AttrTp>
1334 <AttrVal>EPAS Protocols Test CA</AttrVal>
1335 </RltvDstngshdNm>
1336 </Issr>
1337 <SrlNb>eJXKNQFMPS8eEbEN</SrlNb>
1338 </IssrAndSrlNb>
1339 </RcptId>
1340 <KeyNcrptnAlgo>
1341 <Algo>RSAO</Algo>
1342 <Param>
1343 <DgstAlgo>HS25</DgstAlgo>
1344 <MskGnrtrAlgo>
1345 <Algo>MGF1</Algo>
1346 <Param>
1347 <DgstAlgo>HS25</DgstAlgo>
1348 </Param>
1349 </MskGnrtrAlgo>
1350 </Param>
1351 </KeyNcrptnAlgo>
1352 <NcrptdKey>
1353 Do5HCfqDoyuAY1vX0Pf4ue6oFOnSt3o0lYT1JNvfYHZLFs5CcV8B10n8tO+yUXcRpJ39bW+OgYdRnI
1354 +nt/+SjsF4PtcH28fVebwImm6qh2zdBhbpMiwKz0MYtCtYNd1bLC/65UYmTWFfeYjg1NxT9iBL1jWx
1355 tyTwUfhGk57RE7GjkO5rAuEUErvSTV9zZTIFnVTkjJpnOcHOXUiwppBn6nYkz6RL2L1+/S0+vlh2OY
1356 nHSspbOPON0Mju/+5/7KilR14OPTKYAHrG6UQqbdMbfTwbrvWm3rM3qv+kg26NCR7vmCrswLpfsF5I
1357 a1HaggJkICYajwVcQLTzYI17B//CDHFpSp7cKlSLcsrC3Dgtsa/34PYf+QaGAcqQOh8sWY//2IbsI6
1358 kl9vNOSb6sQ4Ntdu/Is4j08svmRa0QFMMp6Akso3F8iE2oan+ljo2W2zFXhRpWmPVdugxNJiGg4Viu
1359 BoeGlTGvHGsf5MqZscXSHhFpI7kJQn1blJa1gsYtFbpp
1360 </NcrptdKey>
1361 </KeyTrnsprt>
1362 </Rcpt>
1363
1364

3 Key Management Mechanisms - 56 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

3 Key Management Mechanisms - 57 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1432 0420 62 36 73 51 34 4E 74 64 75 2F 49 73 34 6A 30 38 |b6sQ4Ntdu/Is4j08|

3 Key Management Mechanisms - 58 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1444 3.3.6.3 RSADS-OAEP Decryption

1445 We use the result of the previous section with the EncryptedKey message item value:
1446 0000 0E 8E 47 09 FA 83 A3 2B 80 63 5B D7 D0 F7 F8 B9 | G + c[ |
1447 0010 EE A8 14 E9 D2 B7 7A 34 95 84 F5 24 DB DF 60 76 | z4 $ `v|
1448 0020 4B 16 CE 42 71 5F 01 D7 49 FC B4 EF B2 51 77 11 |K Bq_ I Qw |
1449 0030 A4 9D FD 6D 6F 8E 81 87 51 9C 8F A7 B7 FF 92 8E | mo Q |
1450 0040 C1 78 3E D7 07 DB C7 D5 79 BC 08 9A 6E AA 87 6C | x> y n l|
1451 0050 DD 06 16 E9 32 2C 0A CF 43 18 B4 2B 58 35 DD 5B | 2, C +X5 [|
1452 0060 2C 2F FA E5 46 26 4D 61 5F 79 88 E0 D4 DC 53 F6 |,/ F&Ma_y S |
1453 0070 20 4B D6 35 B1 B7 24 F0 51 F8 46 93 9E D1 13 B1 | K 5 $ Q F |
1454 0080 A3 90 EE 6B 02 E1 14 12 BB D2 4D 5F 73 65 32 05 | k M_se2 |
1455 0090 9D 54 E4 8C 9A 67 39 C1 CE 5D 48 B0 A6 90 67 EA | T g9 ]H g |
1456 00A0 76 24 CF A4 4B D8 BD 7E FD 2D 3E BE 58 76 39 89 |v$ K ~ -> Xv9 |
1457 00B0 C7 4A CA 5B 38 F3 8D D0 C8 EE FF EE 7F EC A8 A5 | J [8 |
1458 00C0 47 5E 0E 3D 32 98 00 7A C6 E9 44 2A 6D D3 1B 7D |G^ =2 z D*m }|
1459 00D0 3C 1B AE F5 A6 DE B3 37 AA FF A4 83 6E 8D 09 1E |< 7 n |
1460 00E0 EF 98 2A EC C0 BA 5F B0 5E 48 6B 51 DA 82 02 64 | * _ ^HkQ d|
1461 00F0 20 26 1A 8F 05 5C 40 B4 F3 60 8D 7B 07 FF C2 0C | & \@ ` { |
1462 0100 71 69 4A 9E DC 2A 54 8B 72 CA C2 DC 38 2D B1 AF |qiJ *T r 8- |
1463 0110 F7 E0 F6 1F F9 06 86 01 CA 90 3A 1F 2C 59 8F FF | : ,Y |
1464 0120 D8 86 EC 23 A9 25 F6 F3 4E 49 BE AC 43 83 6D 76 | # % NI C mv|
1465 0130 EF C8 B3 88 F4 F2 CB E6 45 AD 10 14 C3 29 E8 09 | E ) |
1466 0140 2C A3 71 7C 88 4D A8 6A 7F A5 8E 8D 96 DB 31 57 |, q| M j 1W|
1467 0150 85 1A 56 98 F5 5D BA 0C 4D 26 21 A0 E1 58 AE 06 | V ] M&! X |
1468 0160 87 86 95 31 AF 1C 6B 1F E4 CA 99 B1 C5 D2 1E 11 | 1 k |
1469 0170 69 23 B9 09 42 7D 5B 94 96 B5 82 C6 2D 15 BA 69 |i# B}[ - i|

1470
1471 The value of mLen is 384 (or 180)
1472 The value of hLen is 32 (or 20)
1473
1474

3 Key Management Mechanisms - 59 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1475 Step (i): Decryption of the block EncryptedKey

1476
1477 The decryption of the EncryptedKey message item by the private RSA key provides the following
1478 block EM by:
1479 0000 00 77 6D 1E 08 B8 8C 93 67 7A D7 79 80 E4 2B 00 | wm gz y + |
1480 0010 E6 7C 8E 1A 6B 2A 87 9D 2B D9 EE 58 3A 74 E8 30 | | k* + X:t 0|
1481 0020 5C 01 6B D8 D8 5C 45 75 86 76 1F 38 52 07 B8 3B |\ k \Eu v 8R ;|
1482 0030 89 7E A4 8C EF 35 C3 90 1A F9 D9 2A 3D F1 09 09 | ~ 5 *= |
1483 0040 A4 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E | ' x g Lfz 'N|
1484 0050 62 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 |bz l' |
1485 0060 B0 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A | C pP H) |
1486 0070 F6 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 | h I t2( ;z5 |
1487 0080 B0 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 | y 1|
1488 0090 35 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 |5 #\` |
1489 00A0 59 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 |Ys8 ;f e ~ |
1490 00B0 5C F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 |\ h q R '## |
1491 00C0 E3 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 | X% Q Z p|
1492 00D0 84 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A | \ y R |
1493 00E0 69 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD |i6 _ m |
1494 00F0 4D A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A |M 9 [.= |
1495 0100 E4 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 | ]#Y@9@l! ? M |
1496 0110 F3 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 | K>7 Aa xq' ew6|
1497 0120 66 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 |fz_ Iu +4 x |
1498 0130 8D 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 | % Q ] PHw |
1499 0140 77 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C |w qL 8 n b\ |
1500 0150 9E E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 | mq Fi S |
1501 0160 E5 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2B | p J +J +|
1502 0170 9D 7C 83 4C 78 F7 11 A2 97 F1 9B BD 9B 98 09 17 | | Lx |
1503
1504 The EM block is split in 3 blocks: Y || MSD || MDB
1505 Y has the value 00,
1506 The masked seed block MSD has the value:
1507 0000 77 6D 1E 08 B8 8C 93 67 7A D7 79 80 E4 2B 00 E6 |wm gz y + |
1508 0010 7C 8E 1A 6B 2A 87 9D 2B D9 EE 58 3A 74 E8 30 5C || k* + X:t 0\|
1509
1510 The masked data block MDB has the value:
1511 0000 01 6B D8 D8 5C 45 75 86 76 1F 38 52 07 B8 3B 89 | k \Eu v 8R ; |
1512 0010 7E A4 8C EF 35 C3 90 1A F9 D9 2A 3D F1 09 09 A4 |~ 5 *= |
1513 0020 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1514 0030 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1515 0040 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1516 0050 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1517 0060 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1518 0070 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1519 0080 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1520 0090 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1521 00A0 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1522 00B0 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1523 00C0 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1524 00D0 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1525 00E0 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1526 00F0 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1527 0100 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1528 0110 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1529 0120 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1530 0130 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1531 0140 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2B 9D | p J +J + |
1532 0150 7C 83 4C 78 F7 11 A2 97 F1 9B BD 9B 98 09 17 || Lx |

1533
1534

3 Key Management Mechanisms - 60 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1535 Step (ii): Generation of the seed mask SDM by MGF1

1536
1537 Intermediate computation of the MGF1 function with:
1538 - The masked bloc MDB isolated at the previous step
1539 - The length of the mask to generate, hLen equal to 32
1540 - The SHA256 digest algorithm
1541 are presented below.
1542
1543 Iteration 0 (T length =00)
1544 Block mgfSD || C
1545 0000 01 6B D8 D8 5C 45 75 86 76 1F 38 52 07 B8 3B 89 | k \Eu v 8R ; |
1546 0010 7E A4 8C EF 35 C3 90 1A F9 D9 2A 3D F1 09 09 A4 |~ 5 *= |
1547 0020 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1548 0030 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1549 0040 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1550 0050 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1551 0060 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1552 0070 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1553 0080 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1554 0090 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1555 00A0 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1556 00B0 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1557 00C0 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1558 00D0 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1559 00E0 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1560 00F0 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1561 0100 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1562 0110 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1563 0120 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1564 0130 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1565 0140 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2B 9D | p J +J + |
1566 0150 7C 83 4C 78 F7 11 A2 97 F1 9B BD 9B 98 09 17 00 || Lx |
1567 0160 00 00 00 | |
1568 Result SHA-256(mgfSD || C)
1569 0000 48 C3 43 1B CF 4B A3 1A 1A 04 E2 EC 8B 10 93 DB |H C K |
1570 0010 7D 07 8F 36 4E 58 D1 4C 6F D5 AE 32 87 1A B4 40 |} 6NX Lo 2 @|
1571
1572 The resulting block SDM is:
1573 0000 48 C3 43 1B CF 4B A3 1A 1A 04 E2 EC 8B 10 93 DB |H C K |
1574 0010 7D 07 8F 36 4E 58 D1 4C 6F D5 AE 32 87 1A B4 40 |} 6NX Lo 2 @|
1575
1576 Step (iii): Retrieving the seed block SD
1577
1578 The seed SD, result of the bitwise exclusive or between the masked seed MSD and seed mask SDM
1579 is then:
1580 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |?.].w.0}`..lo;.=|
1581 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C |...]d.Lg.;......|
1582
1583

3 Key Management Mechanisms - 61 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1584 Step (iv): Generation of the mask DBM by MGF1

1585
1586 Intermediate computation of the MGF1 function with:
1587 - The seed SD retireved at the step (iii)
1588 - The length of the mask to generate, mLen-(hLen+1) equal to 351 (or 15F)
1589 - The SHA256 digest algorithm
1590 Are presented below.
1591
1592 Iteration 0 (T length =00)
1593 Block mgfSD || C
1594 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1595 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1596 0020 00 00 00 00 | |
1597 Result SHA-256(mgfSD || C)
1598 0000 E2 DB 1C 9A C4 B9 69 92 EC E4 CC 9A 9E D7 82 AD | i |
1599 0010 59 0A CD 0B 51 58 03 56 5D 4C B3 26 89 5B B1 F1 |Y QX V]L & [ |
1600
1601 Iteration 1 (T length = 20)
1602 Block mgfSD || C
1603 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1604 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1605 0020 00 00 00 01 | |
1606 Result SHA-256(mgfSD || C)
1607 0000 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1608 0010 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1609
1610 Iteration 2 (T length = 40)
1611 Block mgfSD || C
1612 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1613 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1614 0020 00 00 00 02 | |
1615 Result SHA-256(mgfSD || C)
1616 0000 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1617 0010 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1618
1619 Iteration 3 (T length = 60)
1620 Block mgfSD || C
1621 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1622 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1623 0020 00 00 00 03 | |
1624 Result SHA-256(mgfSD || C)
1625 0000 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1626 0010 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1627

3 Key Management Mechanisms - 62 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1628 Iteration 4 (T length = 80)

1629 Block mgfSD || C
1630 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1631 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1632 0020 00 00 00 04 | |
1633 Result SHA-256(mgfSD || C)
1634 0000 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1635 0010 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1636
1637 Iteration 5 (T length = A0)
1638 Block mgfSD || C
1639 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1640 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1641 0020 00 00 00 05 | |
1642 Result SHA-256(mgfSD || C)
1643 0000 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1644 0010 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1645
1646 Iteration 6 (T length = C0)
1647 Block mgfSD || C
1648 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1649 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1650 0020 00 00 00 06 | |
1651 Result SHA-256(mgfSD || C)
1652 0000 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1653 0010 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1654
1655 Iteration 7 (T length = E0)
1656 Block mgfSD || C
1657 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1658 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1659 0020 00 00 00 07 | |
1660 Result SHA-256(mgfSD || C)
1661 0000 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1662 0010 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1663
1664 Iteration 8 (T length = 100)
1665 Block mgfSD || C
1666 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1667 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1668 0020 00 00 00 08 | |
1669 Result SHA-256(mgfSD || C)
1670 0000 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1671 0010 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1672
1673

3 Key Management Mechanisms - 63 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1674 Iteration 9 (T length = 120)

1675 Block mgfSD || C
1676 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1677 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1678 0020 00 00 00 09 | |
1679 Result SHA-256(mgfSD || C)
1680 0000 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1681 0010 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1682
1683 Iteration A (T length = 140)
1684 Block mgfSD || C
1685 0000 3F AE 5D 13 77 C7 30 7D 60 D3 9B 6C 6F 3B 93 3D |? ] w 0}` lo; =|
1686 0010 01 89 95 5D 64 DF 4C 67 B6 3B F6 08 F3 F2 84 1C | ]d Lg ; |
1687 0020 00 00 00 0A | |
1688 Result SHA-256(mgfSD || C)
1689 0000 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2A 33 | p J +J *3|
1690 0010 93 03 D4 DF CA F8 74 CC 4E BD D9 C3 9C 0B 01 04 | t N |
1691
1692 The resulting block DBM, mask of the data block, is:
1693 0000 E2 DB 1C 9A C4 B9 69 92 EC E4 CC 9A 9E D7 82 AD | i |
1694 0010 59 0A CD 0B 51 58 03 56 5D 4C B3 26 89 5B B1 F1 |Y QX V]L & [ |
1695 0020 27 EF 19 93 78 FD B8 67 DF 4C 66 7A 91 27 4E 62 |' x g Lfz 'Nb|
1696 0030 7A 81 8D D4 C7 BA 06 CB 6C 27 C8 D7 9B 96 15 B0 |z l' |
1697 0040 DA 8A 43 17 70 50 A5 CC 48 29 C8 B3 F1 A9 1A F6 | C pP H) |
1698 0050 68 CC 0C 03 49 E4 74 32 28 86 3B 7A 35 B8 87 B0 |h I t2( ;z5 |
1699 0060 0C EC 0B E5 8E 79 9C EB FF FD BB ED E9 ED 31 35 | y 15|
1700 0070 15 F6 B4 DA 9D 87 8D E7 0F DE 06 23 5C 60 D4 59 | #\` Y|
1701 0080 73 38 83 3B 66 16 65 C9 A6 01 7E FD 1A D8 00 5C |s8 ;f e ~ \|
1702 0090 F8 68 DC 71 A3 80 52 0E 0A 9D 27 23 23 82 A7 E3 | h q R '## |
1703 00A0 8C 58 25 FA 97 F0 C2 06 0B 51 1B 04 5A 88 70 84 | X% Q Z p |
1704 00B0 83 13 CB BE F2 5C 07 79 E0 11 1F 52 A2 AF 8A 69 | \ y R i|
1705 00C0 36 F8 EE 95 02 AB 5F 92 E6 6D B7 CA DD C2 FD 4D |6 _ m M|
1706 00D0 A3 B8 EB F4 CB 07 39 C3 5B 2E 3D C0 D0 DD 1A E4 | 9 [.= |
1707 00E0 5D 23 59 40 39 40 6C 21 A7 90 3F 1C 92 4D B7 F3 |]#Y@9@l! ? M |
1708 00F0 4B 3E 37 D9 41 61 C8 F7 78 71 27 A0 65 77 36 66 |K>7 Aa xq' ew6f|
1709 0100 7A 5F DB 49 75 CD E9 DA C0 2B 34 A2 78 85 B9 8D |z_ Iu +4 x |
1710 0110 25 EF DA 91 BC E3 51 B1 5D E2 50 48 77 F5 81 77 |% Q ] PHw w|
1711 0120 F7 71 4C 0E 38 EC FE 6E 8E B1 62 5C A9 1E 8C 9E | qL 8 n b\ |
1712 0130 E1 B1 B4 6D 71 F2 D6 46 69 D3 95 EE 53 C4 A8 E5 | mq Fi S |
1713 0140 01 70 BE 4A 14 0D 8E A7 2B 4A 00 D5 03 D8 2A 33 | p J +J *3|
1714 0150 93 03 D4 DF CA F8 74 CC 4E BD D9 C3 9C 0B 01 | t N |
1715
1716

3 Key Management Mechanisms - 64 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1717 Step (v): Retrieving the data block DB

1718
1719 The data block DB, result of the bitwise exclusive or between the masked data MDB and data mask
1720 DBM is then:
1721 0000 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 |...B.........o.$|
1722 0010 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 |'.A.d..L....xR.U|
1723 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1724 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1725 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1726 0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1727 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1728 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1729 0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1730 0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1731 00A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1732 00B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1733 00C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1734 00D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1735 00E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1736 00F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1737 0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1738 0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1739 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1740 0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
1741 0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 AE |................|
1742 0150 EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |....=..[.&dX... |

1743
1744
1745 Step (vi): Digest LH of the empty string Label
1746
1747 The block LH, SHA-256 digest of the empty string, is:
1748 0000 E3 B0 C4 42 98 FC 1C 14 9A FB F4 C8 99 6F B9 24 |...B.........o.$|
1749 0010 27 AE 41 E4 64 9B 93 4C A4 95 99 1B 78 52 B8 55 |'.A.d..L....xR.U|

1750
1751
1752 Step (vii): Retrieving the data (KT key)
1753
1754 The data block DB is split in 3 blocks: LH’ || PS || M || KT
1755 LH’ and LH, of length 32 (or 20), have the same value,
1756 PS the largest string following LH’ of hexadecimal of value 00, has a length of 302 (or 12E) bytes
1757 M, the following byte, has the value 01,
1758 The data, or KT key, is:
1759 0000 AE EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |.....=..[.&dX...|
1760
1761
1762

3 Key Management Mechanisms - 65 - 3.3 RSAES-OAEP Key Encryption

Card Payment Protocols Security Version 2.1

1763 3.4 RSAEncryption Key Encryption

1764 The RSAEncryption (RSAEncryption Scheme PKCS1-v1_5) is an encryption specified in the RFC
1765 3447 “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1”.
1766 As mentioned in the RFC3447, we recommend also to use the RSAES-OAEP method, but for
1767 compatibility issue, we support also the RSAES-PKCS1-V1_5 method.
1768

1769 3.4.1 Key Management

1770 The RSAEncryption algorithm is used to encrypt a transport key by a RSA public key, as specified in
1771 the RFC 3370 “Cryptographic Message Syntax (CMS) Algorithms”.
1772 The RSA public key must be authenticated by a Certificate Authority that has signed the RSA public
1773 along with other information in a X.509 certificate.
1774 The keyUsage extension must be present in the X.509 certificate, and must contain the value
1775 “keyEncipherment”.
1776 The KeyTransport choice of the CMS Recipient data structure must be used with:
1777 - The Issuer’s distinguished names of the X.509 certificate, with the AttributeType and
1778 AttributeValue in the same order than in the X.509 certificate.
1779 - The serial number of the X.509 certificate.
1780
1781 There is no parameter for RSAEncryption.
1782

1783 3.4.2 Resulting CMS Structure

1784 The CMS data structure that is used by the provided RSAEncryption key is the following:
1785 2. EnvelopedData to convey an encrypted key encryption key.
1786 One occurrence of EnvelopedData/Recipient/KeyTransport contains the information to retrieve
1787 the key encryption key.
1788
1789 The Recipient element of EnvelopedData is presented in the table below:
1790
Message Item Mult. Usage
Recipient [1..1] Information related to the transport key for the recipient.
KeyTransport [1..1] RSAEncryption uses the KeyTransport choice.
Version [1..1] [default 0]
Version of the data structure, current version is 0.
RecipientIdentification [1..1] Identification of the X.509 certificate of the RSA public key.
IssuerAndSerialNumber [1..1] Identification of the issuer and the serial number of the X.509 certificate.
Issuer [1..1] Identification of the issuer of the X.509 certificate.
RelativeDistinguished- [1..*] X.509 attributes of the issuer of the X.509 certificate, in the same order as the
Name certificate.
AtributeType [1..1] X.509 attribute, allowed codes:
CountryName Country of the certificate issuer
Locality City of the certificate issuer
OrganisationName Organisation of the certificate issuer
OrganisationUnitName Organisation unit of the certificate issuer
CommonName Name of the certificate issuer
AttributeName [1..1] Value of the X.509 attribute.
SerialNumber [1..1] Serial number of the X.509 certificate of the RSA public key.
KeyEncryptionAlgorithm [1..1] Algorithm to encrypt the transport key by the RSA public key.

3 Key Management Mechanisms - 66 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

Message Item Mult. Usage

Algorithm [1..1] Encryption algorithm for the encryption of the transport key. Allowed value:
RSAEncryption RSA key encryption scheme (PKCS #1 version 2.1) - (ASN.1
Object Identifier: rsaEncryption).
EncryptedKey [1..1]

1791

1792 3.4.3 Key Encryption Process

1793
1794 The encryption following the RSAEncryption algorithm is described below with the following notations:
1795 - K: the RSA key pair
1796 - k: the length of the K modulus
1797 - KT: the plaintext transport key
1798 - mLen: the length of the key KT
1799 - 01: an hexadecimal value
1800 - || : the concatenation
1801
1802 (i) Compute a pseudo randomly generated non zero octet string PS of length k-mLen – 3.
1803 (ii) Build the block EM= 00 || 02 || PS || 00 || KT
1804 of length mLen
1805 (iii) Encrypt the block EM with the RSA public key K to fill EncryptedKey.
1806
1807 The figure below summarises the steps (i) to (iii) of the RSAEncryption encryption process.
1808

EM (ii)
k-(mLen+3) 00 02
(i)

Random PSS
k

mLen KT KT

(iii)

Public key K

EncryptedKey RSA

1809
1810 Figure 15 : Encryption step of RSAEncryption
1811
1812

3 Key Management Mechanisms - 67 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

1813 3.4.4 Key Decryption Process

1814
1815 The RSAEncryption decryption is described below with the same notations than for the encryption:
1816
1817 (i) Decrypt the value of EncryptedKey with the RSA private key K to the block
1818 (ii) Split the data block EM= 00 || 02 || PS || 00 || KT
1819 PS is a pseudo random string
1820 KT is the transport key to use
1821
1822 The figure below summarises the steps (i) to (ii) of the RSAEncryption decryption process.
1823

(ii)

k-(mLen+3) KT

EM (i)
00 02

Private key K PSS

k-(mLen+3)

EncryptedKey RSA 00

1824
1825 Figure 16 : RSAEncryption Decryption
1826
1827

3 Key Management Mechanisms - 68 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

1828 3.4.5 Examples

1829 3.4.5.1 RSA Encryption Key and Certificate

1830 The RSA key to encrypt the transport key has a key length of 3072 bits with the components dumped
1831 below:
RSA Key Component Value
Modulus D72CCF63FB2F866A18F219DC919316495FF66C906F904D7B266525C37FABE7D4
ED99EA0424336D99B0B7979DE1764E7CD16B64B9BA954610BCACBB6CFDA4CB90
6AA75BED58B9A0037152541EB1DC3DD0B6214EB31BE97A4F91073412DE042216
FA8F826D24C7F2D305D4BF63465BF899DC6F073FF6AA338EA44DB6BE51A6358C
AA3CCB8528E58B55540ED22325233333D3D6D2B82ED7A58D499F445FF835C3EB
D5B515379A7C2B5B41D35F3DFD5A1A2D61491038FDD19E18EF678FD794872ACC
8B8129AFA0D02FCD6E4ADE9184D5FEC2386441293B16BB76B8E2E4F8E8027636
6855A880E0EFAC449E76124C4BF7FF2BA15E674B62A5637D26600AA3A013E153
0E11F4BF984E533F520A2E74BD826DD507C283D2F563C22848E05D84D2B7D222
1F4B63B56797E6AFB425D567E5F916E3AB4E2C486EC81489469C17DA2DFAF7AB
496EE7C24E43951FFE28006BFF96E2D15838AC7252F3D45E8FEBEF0F7EEF974F
FE0A38C38926CFA0683198CA8FD08C8B2427B91A0B16F79A7186DE7DAB9DFF3D
Public Exponent 010001
Private Exponent 70CA3357D446202E232F5CB10AB9D017DC2E7ECFE33AFFF24AB900678ED7DC68
F7B7133CE280F6B57635764B32F0E1C979B8D28EACA82C96FF5F87CB64D56A43
2434DFF1F4ED305C3D9D8B2C9FCCB3B66091EAFFE5E4A7D16753204FB782F11F
9C6D774FA0D5128ADCE69CFFFBD49FE67EEED01D0E3E3F5248FBD78BC19EDF39
01CF665B4189B9549C003CD461562733C69A37D085F551F9529B22AB2F9F7738
7AC835FBF4859BF074FBC853E526C2CC00CFDCAA131A3AC6154FF2CD6D34C110
8A903DDA424D8A689EBCCFDB05FCAC0B9FC16C3091D284506661F52D4A2FAB8C
A519B79C882E1E1DA6E04BC292D8C86A073BBB4DD354FE9A068F59621AD2739C
F0C7C1536187337B758F0CA31CE1381EC81D61EF92F7251BA60ABC2F3732C0CB
31979282D7B96866CAD0CFD4842A1041E2A8BC720FB2B9147DED36BAD36E323E
21482BD5A5416E3FA2DB23355B19A3534910DA8A03FC41B2DCA278796D98E9A3
BE44410361825CBA24ACC5E0D5276FE55A6AD20E0F8FE1F3BFBE7DC5E1D5F581
Prime 1 FA00B40D29723058B33EB625A4B52D9B9F010360F739135E4A6AB13A24780D7C
D577657B3E6DB0043C4B1422384D4023E2F901B922D188C5AE0365B816DCF8AF
7E62E4ECF2D0AB3EA21B362B811873661BFF476DD123509F07D8D633CC373F7A
EF59894385BF9FC7E82BBD84DC148922A00558DD365A47B6A384BF91EAF440F4
E05D4BC95481AEFB61A1706C1E4B62A482A0A5AE9E3A87ED64826896CDD52B00
355FDF2D81B649E553D412205C0EFB4E075C2526FDDFA885F94AAFA323C4601D
Prime 2 DC5639C6AE9A6BD28746623C4D86C4A4E0212A1BE44EC34054FEEC65C101DC1E
0F45183CEC4CECB367E250D69A1B4ADE858BD67CE8CDCFAE182369B7B86D2DC0
F1159429A29E1293ADAFC66C5A8673D789D589AA66D0C25AE6B5325D1477B47A
713DC43842E22A36AEB738A893D17CFEAC4F9F0FF25DCD5D7DAD3AF7346B88EA
D4E5C86ECC970BC67BE142C53534788006AA1D8FADE91EE6D988BDB6D57775C7
3F8C41AAEF83508E836A92083B571D52E2904D0592A34900787C9650A41831A1
Exponent 1 D72FA7CAF473BF3D79FB6E98F42EA6B51EA5A69CDDEF18C6BE531B7D2A4AD381
31D4755B219F14347119469935D0F8766B355DD05731F801FF081993DCCA129C
2BB33FCCDC2BD45A32FA2D24411824AC2D490BD8707D6F35937186DE4AD6FB22
FBC61BAA2D0385AA7222C41C09BAFB56FC59DDE57A9536C8F3F29D5A21DC5FD4
E71226DB828BA56BE6DB2883478827BDE65A14823ADBB288194D4E6D0F7A7E6A
CD8659F9377F0A180491B3907AECC24EA57320DF710204725CE3764E7BC8D9D9
Exponent 2 5826F73E92249DF6C0C05C151C3F4AF55BE668DE77DD3B28C5D8A7E39DF08C8C
4A37AE96D143857FD1942E1B6DD47583C99244E1FC923B00C00F8B0041FD0C4D
21272CFBEB5FAAB702CA4C6C955B2D859253A89C503E3D43F9018D80C7EB8C7D
604901F4306E23CD74E140FDD106032830F03A073B4464217F628B30D3FC21EF
31F62CD6876BF6FE1619ED88D0DC89494F61482A6FBDD0EB33250E21D40DD345
401B713A5E50FF2DC54E21D6C146FD286814AB7C0B4AE0AE1B865CED2E79AF81
Coefficient BF2571D99CCC8D31ECEE0DE36E8C591043C371D01052AE0DF46DD35118031F5E
4AAB2948761A9BFCE909047EA5143B03EAD08A65B9F0E96F525ABF014A121E4C
E7935EDB7F0244357B1E20E106066A2E0BF326D82BFE6EDD2A283174D6E9A865
D3FD60D3FACC1D1B8F82FD32A9DAE2CEFC92C0BA4A3D66872A82FB1E67608565
3EDF96B096766729824F4C2B050494C7CE6ADEE376379558E3DA58CC608558CD
A2C4257398C03A973B9790ADAE2E3D4FD18A551DBC847E632455BB55633698EF

3 Key Management Mechanisms - 69 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

1832
1833 This RSA key is authenticated by a certificate authority with the following informations:
Certificate Information Value
serialNumber 7895 CA35 014C 3D2F 1E11 B10D
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418101823+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Host Key Encryption
Extensions
keyUsage KeyEncipherment

1834
1835 The dump of the X.509 certificate is:
1836 0000 30 82 05 25 30 82 03 0D A0 03 02 01 02 02 0C 78 |0..%0..........x|
1837 0010 95 CA 35 01 4C 3D 2F 1E 11 B1 0D 30 0D 06 09 2A |..5.L=/....0...*|
1838 0020 86 48 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 |.H........0h1.0.|
1839 0030 06 03 55 04 06 13 02 42 45 31 10 30 0E 06 03 55 |..U....BE1.0...U|
1840 0040 04 0A 13 07 45 50 41 53 4F 72 67 31 26 30 24 06 |....EPASOrg1&0$.|
1841 0050 03 55 04 0B 13 1D 54 65 63 68 6E 69 63 61 6C 20 |.U....Technical |
1842 0060 43 65 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 |Center of Expert|
1843 0070 69 73 65 31 1F 30 1D 06 03 55 04 03 13 16 45 50 |ise1.0...U....EP|
1844 0080 41 53 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 |AS Protocols Tes|
1845 0090 74 20 43 41 30 2A 17 13 32 30 31 33 30 34 31 38 |t CA0*..20130418|
1846 00A0 31 30 31 38 32 33 2B 30 31 30 30 17 13 32 30 31 |101823+0100..201|
1847 00B0 38 31 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 |81001182005+0100|
1848 00C0 30 78 31 0B 30 09 06 03 55 04 06 13 02 46 52 31 |0x1.0...U....FR1|
1849 00D0 10 30 0E 06 03 55 04 0A 13 07 45 50 41 53 4F 72 |.0...U....EPASOr|
1850 00E0 67 31 26 30 24 06 03 55 04 0B 13 1D 54 65 63 68 |g1&0$..U....Tech|
1851 00F0 6E 69 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 |nical Center of |
1852 0100 45 78 70 65 72 74 69 73 65 31 2F 30 2D 06 03 55 |Expertise1/0-..U|
1853 0110 04 03 13 26 45 50 41 53 20 50 72 6F 74 6F 63 6F |...&EPAS Protoco|
1854 0120 6C 20 54 65 73 74 20 48 6F 73 74 20 4B 65 79 20 |l Test Host Key |
1855 0130 45 6E 63 72 79 70 74 69 6F 6E 30 82 01 A2 30 0D |Encryption0...0.|
1856 0140 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 |..*.H...........|
1857 0150 8F 00 30 82 01 8A 02 82 01 81 00 D7 2C CF 63 FB |..0.........,.c.|
1858 0160 2F 86 6A 18 F2 19 DC 91 93 16 49 5F F6 6C 90 6F |/.j.......I_.l.o|
1859 0170 90 4D 7B 26 65 25 C3 7F AB E7 D4 ED 99 EA 04 24 |.M{&e%.........$|
1860 0180 33 6D 99 B0 B7 97 9D E1 76 4E 7C D1 6B 64 B9 BA |3m......vN|.kd..|
1861 0190 95 46 10 BC AC BB 6C FD A4 CB 90 6A A7 5B ED 58 |.F....l....j.[.X|
1862 01A0 B9 A0 03 71 52 54 1E B1 DC 3D D0 B6 21 4E B3 1B |...qRT...=..!N..|
1863 01B0 E9 7A 4F 91 07 34 12 DE 04 22 16 FA 8F 82 6D 24 |.zO..4..."....m$|

3 Key Management Mechanisms - 70 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

1864 01C0 C7 F2 D3 05 D4 BF 63 46 5B F8 99 DC 6F 07 3F F6 |......cF[...o.?.|

1865 01D0 AA 33 8E A4 4D B6 BE 51 A6 35 8C AA 3C CB 85 28 |.3..M..Q.5..<..(|
1866 01E0 E5 8B 55 54 0E D2 23 25 23 33 33 D3 D6 D2 B8 2E |..UT..#%#33.....|
1867 01F0 D7 A5 8D 49 9F 44 5F F8 35 C3 EB D5 B5 15 37 9A |...I.D_.5.....7.|
1868 0200 7C 2B 5B 41 D3 5F 3D FD 5A 1A 2D 61 49 10 38 FD ||+[A._=.Z.-aI.8.|
1869 0210 D1 9E 18 EF 67 8F D7 94 87 2A CC 8B 81 29 AF A0 |....g....*...)..|
1870 0220 D0 2F CD 6E 4A DE 91 84 D5 FE C2 38 64 41 29 3B |./.nJ......8dA);|
1871 0230 16 BB 76 B8 E2 E4 F8 E8 02 76 36 68 55 A8 80 E0 |..v......v6hU...|
1872 0240 EF AC 44 9E 76 12 4C 4B F7 FF 2B A1 5E 67 4B 62 |..D.v.LK..+.^gKb|
1873 0250 A5 63 7D 26 60 0A A3 A0 13 E1 53 0E 11 F4 BF 98 |.c}&`.....S.....|
1874 0260 4E 53 3F 52 0A 2E 74 BD 82 6D D5 07 C2 83 D2 F5 |NS?R..t..m......|
1875 0270 63 C2 28 48 E0 5D 84 D2 B7 D2 22 1F 4B 63 B5 67 |c.(H.]....".Kc.g|
1876 0280 97 E6 AF B4 25 D5 67 E5 F9 16 E3 AB 4E 2C 48 6E |....%.g.....N,Hn|
1877 0290 C8 14 89 46 9C 17 DA 2D FA F7 AB 49 6E E7 C2 4E |...F...-...In..N|
1878 02A0 43 95 1F FE 28 00 6B FF 96 E2 D1 58 38 AC 72 52 |C...(.k....X8.rR|
1879 02B0 F3 D4 5E 8F EB EF 0F 7E EF 97 4F FE 0A 38 C3 89 |..^....~..O..8..|
1880 02C0 26 CF A0 68 31 98 CA 8F D0 8C 8B 24 27 B9 1A 0B |&..h1......$'...|
1881 02D0 16 F7 9A 71 86 DE 7D AB 9D FF 3D 02 03 01 00 01 |...q..}...=.....|
1882 02E0 A3 33 30 31 30 0E 06 03 55 1D 0F 01 01 00 04 04 |.3010...U.......|
1883 02F0 03 02 05 20 30 1F 06 03 55 1D 23 04 18 30 16 80 |... 0...U.#..0..|
1884 0300 14 A0 6F 83 79 EF C4 EB 3C 73 78 4C A4 98 E5 18 |..o.y...<sxL....|
1885 0310 4E E0 50 D9 AC 30 0D 06 09 2A 86 48 86 F7 0D 01 |N.P..0...*.H....|
1886 0320 01 0B 05 00 03 82 02 01 00 A8 6F 81 98 4D F9 14 |..........o..M..|
1887 0330 E4 54 09 98 62 5C 9F 3D BB 62 95 87 0A 2C 11 74 |.T..b\.=.b...,.t|
1888 0340 74 23 38 53 57 0A 04 1E 5A 79 DE F6 0F 51 17 E6 |t#8SW...Zy...Q..|
1889 0350 FB 8E 31 17 8C 72 6B 7A 48 62 34 CF 3E 85 1D E8 |..1..rkzHb4.>...|
1890 0360 1E 69 0C 65 2D 39 15 91 57 0E F2 8B 50 B3 E5 E7 |.i.e-9..W...P...|
1891 0370 62 8C 13 EC DF 5E FE 61 41 FF E1 64 FD 72 B7 22 |b....^.aA..d.r."|
1892 0380 ED A9 B8 D2 82 1C 1E 20 F7 8A 6A 9A 4C FC 1B 42 |....... ..j.L..B|
1893 0390 37 4C F2 9D C1 A2 56 DC 80 1E CF 07 F2 44 1A 47 |7L....V......D.G|
1894 03A0 D8 CD AE 80 F3 03 2C 6B CF FC 94 89 50 96 00 58 |......,k....P..X|
1895 03B0 12 25 DC 24 39 5B 02 D4 CC 14 07 0D 38 99 EA 67 |.%.$9[......8..g|
1896 03C0 6E 05 20 3F 8E 48 34 4F F0 68 29 BA 2E 12 89 11 |n. ?.H4O.h).....|
1897 03D0 7D AA E6 6D 8A 83 B7 55 48 01 01 1D E7 72 3C AB |}..m...UH....r<.|
1898 03E0 FA 39 2D 8D A7 C1 BB C6 A2 52 C4 CC 0B 2E F8 7C |.9-......R.....||
1899 03F0 5C E6 8A 11 7D 2E C8 73 59 05 D1 B9 5B 01 45 CE |\...}..sY...[.E.|
1900 0400 E1 60 02 20 9B 52 96 26 23 07 12 78 52 1A 60 FE |.`. .R.&#..xR.`.|
1901 0410 65 81 A1 F5 00 95 7E 52 95 A0 2A 57 05 90 A7 81 |e.....~R..*W....|
1902 0420 33 06 6B 9A 78 4F 93 45 0B BA 91 F3 AC 91 88 A8 |3.k.xO.E........|
1903 0430 25 0C 48 57 83 D1 47 86 9C 00 70 61 8E 88 E4 68 |%.HW..G...pa...h|
1904 0440 E7 34 CA 44 7F B0 06 19 DE 4D DB 36 5F 7D 6E 61 |.4.D.....M.6_}na|
1905 0450 13 63 80 23 AE 20 F2 78 EB 7C EF 3F CF 1E 5D 87 |.c.#. .x.|.?..].|
1906 0460 2F 14 6D 1B D6 73 7E C0 FF 94 6A E8 70 E2 B5 33 |/.m..s~...j.p..3|
1907 0470 66 7F 42 5B 86 49 0F D4 6D 4E 09 F0 8D 52 E4 59 |f.B[.I..mN...R.Y|
1908 0480 E0 4C 1E AA E8 19 F9 94 52 94 99 FF 38 2B 90 37 |.L......R...8+.7|
1909 0490 52 B7 FE E1 BD B1 96 F9 C9 A2 28 01 9D BD 82 1A |R.........(.....|
1910 04A0 E2 71 71 10 EF 3F 59 A9 9E 61 A7 5F 23 5D 61 65 |.qq..?Y..a._#]ae|
1911 04B0 6E A3 6C 6F 76 05 46 C0 FC 12 A1 0D E5 52 24 16 |n.lov.F......R$.|
1912 04C0 3C 28 14 00 B4 FC 64 13 4A 2A 9E 05 EE 4F 62 19 |<(....d.J*...Ob.|
1913 04D0 69 AA E1 B2 20 EF 9F 5A 9B A6 FB 1F 14 A0 7B 0F |i... ..Z......{.|
1914 04E0 EF F1 94 DE B5 62 6D AF 84 F2 DD 6D FD A5 EF 76 |.....bm....m...v|
1915 04F0 A2 5F 34 FA 78 19 0B 96 A0 FF A4 3A B4 D4 9A 07 |._4.x......:....|
1916 0500 47 68 AD 3E A1 22 27 CE 9B 24 56 E2 FA B0 34 BB |Gh.>."'..$V...4.|

3 Key Management Mechanisms - 71 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

1917 0510 E2 E4 B0 27 1A 96 D2 2E 8C D3 79 8C D3 73 25 A0 |...'......y..s%.|

1918 0520 28 04 9D 01 C8 01 60 0D F7 |(.....`.. |
1919
1920 The RSA key of the certificate authority signing this X.509 certificate has a key length of 4096 bits with
1921 the components dumped below:
RSA Key Component Value
Modulus A97F45122196E7353C89C240F5D163CF7B9B6A0899440C3D3F3C431BF898BFDE
121407E57E4B6EA2A85E52742659E05087CBC69E2EF6A301B9000A9DA4216951
B793B70B3D27EA9BD6E80584929C55AA5D315CF691F789E677E52105065CC79C
20C58384DF934640A80E7F970088650663610B80B478B17E5863B910332C89DF
3F1FEE47E8A96E9A413CD69410693FECBA0388D2DDB4B6B33341CF9D523AC561
729C5854512EDE984AEB1D937E3C8F74F527FFEFE710CBD2A6819CA0A3C8C7CB
C237E1B60A66D790E5DFFCE5EF1B8BA241E284FBF32345AC74D179382DA7D714
E63CE04084FD904C3AAE0CAC44CCB17A4DFB4B5917971BE12B24FBC17E1E20DD
DC363E45D1659C80D5FF087C51FBED5846C43C0D3580C1C7E8BE91629FDE96F7
A5E531E0166AFE88CC3AFE4EB642F9E51F02E007CB482B4E91D588965F53C73D
8CA2A2D4F7A8663F492CB1623906417A553C9D4DFB2CF55CE6290956C5E80009
7F0E8C974E879BCB981977377FA6A3750DBF478F57C0C7338F45BA83F54670E3
5DDBAC4E30665338A75C0D61DF6918721E885054C85BC3CACD2206468C8A84BB
8B3432CE2D8B2F46B3E25124E956E401AA4194066C01ADC9E633DD2BFE794C87
10F3B94766986465135B8B395F832166A17F9E7EDD8DCB0D19125307CC32B76B
7009113A1BD91C5A2815E0A5A533B8A6ABFC47F0D11A668A2791E9F2F6088A5D
Public Exponent 010001
Private Exponent 2329168FF34DD57A92AB55139AAAAC14CF6466F38FAFB1064786DDB900B1D723
5F06AEB8A9A1463B11C8373C86F41FF734A44DF8646F9F52ED28980B299010C3
F5DBFB9DA63B108CF160C23C45198F1FBF234D508CE917BF2A61EA9E9B3A45E2
1A5E3EB1229BEF77DC24DDCCDA3C7110892F096ED28132F8ADA74A2D9520091D
B97F8B33798D2437758F044844BB409A7FDFD9D33C508F91CEF138FB3EA2986D
65940F32B6808D86740C1FDF87D1524505D21D628BC14D36CE79969F303AA74F
9A63733C0B1E585B63843A770C49DF86723A6631C9B7286DE4F1CB3E9F21F119
11C5D1133143545AABD58D2573442F10DAFA651FFF27C68DC8206CE52F9F5A5B
B51BEDC9E488312A3B6FEB3C3F216C06B1DEAC0EEFBF0923146338A642D98136
45AD19BA6F057946FB7DD6C590E232ED8B7B41431D6970362F0D4DBCBD9B24E7
4C3B3339B312D350DF8CB61DED711FCDC184F06FB9D8F89E68BAC2ABBFADDF52
88946DE053723075CD4F429B413D7FD870A104145A6ACE893A20258864FAD2A8
6A1F5AD252269AF71283593929304F86D9720A43161E26ABA6B19E9E870B1B39
952B6D97EAA88904F8D5D33BC00C87AC207D30EB07FC90FC5EA1423AA7AED534
30DAA12A68E5FA78CC42336D34273F6530BFA098085990EA2A12252E68B5E166
67086DB85B22FF747ECC0AA74F3687A9C058ABF9B891CE423FDE410D6E3CE121
Prime 1 C68BEBAFB00F0A1B7150AB24BDFC6E9ACCB413951857EEF62EC81D78B7F4E432
CF653F969F81F6C26FB6ACC300302F583853C654B823E48EA617540F2EAE10A9
D46C005A539F270AFC86E8A1FDA9B66960B5C4B6D1746F5B616A6B90D8B1E822
C3AF0ED1097550D87B55C5B6651CBFE769A16051FAA4F416DEECBA79FD9252BC
D99694FEA3981A50E329ECB367988A5FAEEB7C81FDAD8276B11CFC3AD0A85E65
53AB5D661EFA4D26A30157BD9FEA3428EB452F20D33525B2A9151BF542885B38
BF2FDAFA3CD3C3B48754822A5EF648D91A4CB3F98BCD222CC1497CB530A91B29
F1C52ED3F3242E1D6AB0A790708A3CB96D6DD718A7F1B4579EE6D0941DC06CE5
Prime 2 DA8B67A93CB27D2F5B7D2F86454FD2A57D20258058B3AE74999665E03C8A95A4
739D338B1312AD7E39EDBECADB3151A5172D198ABA2D1D6C88DFBA3462D52805
ADCF44070423098B0DC7D12CC767109860B1D1674F37CA2A3E03A425A76ECAB5
2737392460DB0221E90E099F02623FC93631E34C146B8DBD7367C0365C329704
C6D2304E0B4A8519737162556E0D36952D24A830DC8BDB1EDE7062C0DA000C26
44653F9F6043452EC676F51E3CF8EC2AC4B9249630CE522E2E754D5A0629612D
5D7180EBA39802E9DA665C6EA661A8483AB688D5B525B2EB0521BFF5E37211FA
7E882FE3F2FA109CC53800A902296BA6E4C3CCDC84E8EBAAB9EB59A03CCFC819
Exponent 1 9D26A8D1319865D69CD54DF1521358F45BEC78C77D3234A95513FE07CC0B2108
7A91D847FF4EDE22BE4BA7E8DCE046C91C246B0A2989F7615563879C50C563D9
1892B7A0C72964BCD46E6FF9B00EC19C1CF9228FD5AFC4685EEDDDE0133495D9
D66B5C5DE68F9E030B74337F0FFF36821360B11D923738205628A7DCE0F10D5D
FF17AA2CF70DF05E6FBF8263EA2E99EFEC42E614F9D6793A3B2C0715028D11D2
3FEC968BBB1F412BC0BFD253FC1C6356B409D9A8B0A413879B3F6316B8A7B714
6E77916A99F4BFA5C7AC032F4864C5FA594FB6F0615067A96700249E41BAC80E
66183DDD734902DB33D4497D1126C9B3B742C68AF47B62D42BA8E415288B6365

3 Key Management Mechanisms - 72 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

1923 3.4.5.2 Encryption step

1924 The transport key KT to encrypt is the following 112 bits triple DES key:
1925 0000 AE EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |.....=..[.&dX...|

1926
1927 Step (i): We generate PS
1928 0000 9F 15 79 F3 28 09 85 62 4C 16 F1 6A BE 14 A5 0F |..y.(..bL..j....|
1929 0010 FD 2B 80 40 BA 40 12 19 1B D4 B2 98 BF D2 F5 0B |.+.@.@..........|
1930 0020 28 3D 80 89 9C F2 1D 0A 20 C3 39 57 72 83 57 F5 |(=...... .9Wr.W.|
1931 0030 20 B4 D4 5C 9F 8F 35 05 AC D5 64 5C 49 40 BE 9C | ..\..5...d\I@..|
1932 0040 D8 8F 6D EB 3C 85 F0 7F 1E AF DA 8E 5D 28 2E 2B |..m.<.......](.+|
1933 0050 EF FD 43 6D EF 10 D2 66 61 11 84 26 4A 67 06 7C |..Cm...fa..&Jg.||
1934 0060 DB A5 63 E7 B5 DB CD D4 54 31 0E ED 71 E8 76 D3 |..c.....T1..q.v.|
1935 0070 38 03 91 F8 C8 F7 DC 06 CF 9E DF CC 0D 10 F4 75 |8..............u|
1936 0080 46 BB 68 60 BC 81 AE 3C E6 2E 92 9C B0 65 1F 2C |F.h`...<.....e.,|
1937 0090 60 03 42 B3 DC 61 3B 95 EA 21 F8 B8 06 51 31 B2 |`.B..a;..!...Q1.|
1938 00A0 0B 71 82 B6 25 1B FA 69 3C 89 7F C0 76 30 6F 50 |.q..%..i<...v0oP|
1939 00B0 0A B0 35 E3 D1 9F 64 06 DA 43 94 8A 2D C6 50 57 |..5...d..C..-.PW|
1940 00C0 22 3D AD AE F3 E6 C1 4D B2 AE 42 5D 1F 83 BD 0B |"=.....M..B]....|
1941 00D0 70 04 E9 4D 15 19 87 AF 73 EA ED 49 0D 60 C3 E2 |p..M....s..I.`..|
1942 00E0 F4 E9 95 99 DA 79 5E BC 3B 2F 5F 20 B2 A3 55 38 |.....y^.;/_ ..U8|
1943 00F0 99 B6 A8 59 69 D1 08 4C 0D D3 3A D1 04 8D E8 9B |...Yi..L..:.....|
1944 0100 FE 97 28 3B 84 EB 70 D0 17 10 BE 3B 07 11 EF A3 |..(;..p....;....|
1945 0110 81 A8 4B 43 2F 4C 5A 97 14 DD 42 D0 4C D7 A7 30 |..KC/LZ...B.L..0|
1946 0120 C6 0B D3 60 95 57 43 A0 C6 79 94 43 68 21 2D 59 |...`.WC..y.Ch!-Y|
1947 0130 71 48 AE 7A F6 09 7B FB 48 9E 27 54 E7 E5 AD ED |qH.z..{.H.'T....|
1948 0140 49 FD 36 43 C3 5D 2C 70 A8 7B B9 B2 0C 10 B0 7B |I.6C.],p.{.....{|
1949 0150 3B 62 8A E4 77 22 25 73 4C 85 39 D4 E7 B0 C0 1E |;b..w"%sL.9.....|
1950 0160 3C 6A 90 41 E9 63 D4 86 E0 CD 46 01 7F |<j.A.c....F.. |
1951
1952

3 Key Management Mechanisms - 73 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

1953
1954 Step (ii): We build the EM block
1955 The block EM, result of the concatenation of 00 || 02 || PS || 00 || Kt is then:
1956 0000 00 02 9F 15 79 F3 28 09 85 62 4C 16 F1 6A BE 14 |....y.(..bL..j..|
1957 0010 A5 0F FD 2B 80 40 BA 40 12 19 1B D4 B2 98 BF D2 |...+.@.@........|
1958 0020 F5 0B 28 3D 80 89 9C F2 1D 0A 20 C3 39 57 72 83 |..(=...... .9Wr.|
1959 0030 57 F5 20 B4 D4 5C 9F 8F 35 05 AC D5 64 5C 49 40 |W. ..\..5...d\I@|
1960 0040 BE 9C D8 8F 6D EB 3C 85 F0 7F 1E AF DA 8E 5D 28 |....m.<.......](|
1961 0050 2E 2B EF FD 43 6D EF 10 D2 66 61 11 84 26 4A 67 |.+..Cm...fa..&Jg|
1962 0060 06 7C DB A5 63 E7 B5 DB CD D4 54 31 0E ED 71 E8 |.|..c.....T1..q.|
1963 0070 76 D3 38 03 91 F8 C8 F7 DC 06 CF 9E DF CC 0D 10 |v.8.............|
1964 0080 F4 75 46 BB 68 60 BC 81 AE 3C E6 2E 92 9C B0 65 |.uF.h`...<.....e|
1965 0090 1F 2C 60 03 42 B3 DC 61 3B 95 EA 21 F8 B8 06 51 |.,`.B..a;..!...Q|
1966 00A0 31 B2 0B 71 82 B6 25 1B FA 69 3C 89 7F C0 76 30 |1..q..%..i<...v0|
1967 00B0 6F 50 0A B0 35 E3 D1 9F 64 06 DA 43 94 8A 2D C6 |oP..5...d..C..-.|
1968 00C0 50 57 22 3D AD AE F3 E6 C1 4D B2 AE 42 5D 1F 83 |PW"=.....M..B]..|
1969 00D0 BD 0B 70 04 E9 4D 15 19 87 AF 73 EA ED 49 0D 60 |..p..M....s..I.`|
1970 00E0 C3 E2 F4 E9 95 99 DA 79 5E BC 3B 2F 5F 20 B2 A3 |.......y^.;/_ ..|
1971 00F0 55 38 99 B6 A8 59 69 D1 08 4C 0D D3 3A D1 04 8D |U8...Yi..L..:...|
1972 0100 E8 9B FE 97 28 3B 84 EB 70 D0 17 10 BE 3B 07 11 |....(;..p....;..|
1973 0110 EF A3 81 A8 4B 43 2F 4C 5A 97 14 DD 42 D0 4C D7 |....KC/LZ...B.L.|
1974 0120 A7 30 C6 0B D3 60 95 57 43 A0 C6 79 94 43 68 21 |.0...`.WC..y.Ch!|
1975 0130 2D 59 71 48 AE 7A F6 09 7B FB 48 9E 27 54 E7 E5 |-YqH.z..{.H.'T..|
1976 0140 AD ED 49 FD 36 43 C3 5D 2C 70 A8 7B B9 B2 0C 10 |..I.6C.],p.{....|
1977 0150 B0 7B 3B 62 8A E4 77 22 25 73 4C 85 39 D4 E7 B0 |.{;b..w"%sL.9...|
1978 0160 C0 1E 3C 6A 90 41 E9 63 D4 86 E0 CD 46 01 7F 00 |..<j.A.c....F...|
1979 0170 AE EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |.....=..[.&dX...|
1980
1981 Step (iii): Encryption of the block EM
1982
1983 The encryption of the block EM by the public RSA key is:
1984 0000 CB E3 AB C8 FF CF E4 33 AB 1C 5D 50 43 2F C6 9A |.......3..]PC/..|
1985 0010 49 3D BF FD C1 92 BE 33 13 C2 31 90 06 F5 1C 9C |I=.....3..1.....|
1986 0020 06 44 91 BC 26 06 33 4F 00 B4 84 C4 4E B5 72 03 |.D..&.3O....N.r.|
1987 0030 9B 98 91 08 18 BF D1 00 6F 9B 90 E1 B6 19 81 DA |........o.......|
1988 0040 F2 EC 9A 1A D7 AB 19 EC 60 AB B4 C9 24 C9 74 F8 |........`...$.t.|
1989 0050 79 CF 7D 80 88 B7 A2 63 AA 18 42 3C C8 DD DF 20 |y.}....c..B<... |
1990 0060 54 C9 63 4C A2 A0 13 A3 10 99 C3 9E 2C 94 3E AC |T.cL........,.>.|
1991 0070 80 D2 A5 BD 9C B6 C4 AF ED 8F EB EB C5 9F F1 03 |................|
1992 0080 53 B6 70 03 55 84 B7 A0 0F 41 DD 7F A1 32 24 B2 |S.p.U....A...2$.|
1993 0090 1B 49 24 33 F4 28 CF 0E 1B C6 E5 B2 05 0A DE B5 |.I$3.(..........|
1994 00A0 77 79 A0 48 BB 68 03 E8 CD E6 AA 88 E8 56 C7 F3 |wy.H.h.......V..|
1995 00B0 68 80 9A DE D3 AC 8E 74 9E 60 5B 16 FF 3B DA E8 |h......t.`[..;..|
1996 00C0 4B 6B A9 AB DA 58 2B 13 B1 ED 1E 0B 40 94 1E 75 |[email protected]|
1997 00D0 39 88 9C 12 61 69 D2 64 91 C3 F9 6D C2 C0 EA 08 |9...ai.d...m....|
1998 00E0 C4 5B 21 33 C1 0C 7C 43 03 34 C7 43 C2 3F 58 19 |.[!3..|C.4.C.?X.|
1999 00F0 53 70 3B 02 38 D2 2E 62 A3 F2 EA 1E 0B A8 DA 56 |Sp;.8..b.......V|
2000 0100 76 8E DF 86 18 22 FB CF 72 0A EA 1B A8 28 3E D8 |v...."..r....(>.|
2001 0110 36 4E D5 E3 72 6E CA 9F CF F8 D8 16 CD 24 58 62 |6N..rn.......$Xb|
2002 0120 92 9F 81 52 1B 6E 45 90 DF 5B A3 4B 00 6B 49 2E |...R.nE..[.K.kI.|
2003 0130 7B 55 2E D4 B4 59 97 C7 83 81 D2 35 05 18 99 89 |{U...Y.....5....|
2004 0140 F8 C0 FC 32 E6 55 2A 3E 96 98 B1 B5 31 A7 3C 50 |...2.U*>....1.<P|
2005 0150 11 F0 4B 44 22 3A D9 84 44 24 D0 8F 57 78 0C 5F |..KD":..D$..Wx._|
2006 0160 77 B8 28 91 A3 AD 44 39 CB A9 83 F9 58 24 A3 53 |w.(...D9....X$.S|
2007 0170 8F F3 8D 2E A6 32 DC C8 A6 BF 84 02 3D AB 54 A5 |.....2......=.T.|
2008
2009

3 Key Management Mechanisms - 74 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

2010
2011 Inside the EnvelopedData CMS data structure, the Recipient data structure is presented in the table
2012 below:
Message Item Value
Recipient
KeyTransport
Version 0
RecipientIdentification
IssuerAndSerialNumber
Issuer
RelativeDistinguishedName
AtributeType CountryName
AttributeName BE
RelativeDistinguishedName
AtributeType OrganisationName
AttributeName EPASOrg
RelativeDistinguishedName
AtributeType OrganisationUnitName
AttributeName Technical Center of Expertise
RelativeDistinguishedName
AtributeType CommonName
AttributeName EPAS Protocols Test CA
SerialNumber 7895CA35014C3D2F1E11B10D
KeyEncryptionAlgorithm
Algorithm RSAEncryption
EncryptedKey CBE3ABC8FFCFE433AB1C5D50432FC69A
493DBFFDC192BE3313C2319006F51C9C
064491BC2606334F00B484C44EB57203
9B98910818BFD1006F9B90E1B61981DA
F2EC9A1AD7AB19EC60ABB4C924C974F8
79CF7D8088B7A263AA18423CC8DDDF20
54C9634CA2A013A31099C39E2C943EAC
80D2A5BD9CB6C4AFED8FEBEBC59FF103
53B670035584B7A00F41DD7FA13224B2
1B492433F428CF0E1BC6E5B2050ADEB5
7779A048BB6803E8CDE6AA88E856C7F3
68809ADED3AC8E749E605B16FF3BDAE8
4B6BA9ABDA582B13B1ED1E0B40941E75
39889C126169D26491C3F96DC2C0EA08
C45B2133C10C7C430334C743C23F5819
53703B0238D22E62A3F2EA1E0BA8DA56
768EDF861822FBCF720AEA1BA8283ED8
364ED5E3726ECA9FCFF8D816CD245862
929F81521B6E4590DF5BA34B006B492E
7B552ED4B45997C78381D23505189989
F8C0FC32E6552A3E9698B1B531A73C50
11F04B44223AD9844424D08F57780C5F
77B82891A3AD4439CBA983F95824A353
8FF38D2EA632DCC8A6BF84023DAB54A5
2013

3 Key Management Mechanisms - 75 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

2014 The XML encoded structure of the Recipient data structure in the EnvelopedData CMS data structure
2015 is:
2016 <Rcpt>
2017 <KeyTrnsprt>
2018 <Vrsn>0</Vrsn>
2019 <RcptId>
2020 <IssrAndSrlNb>
2021 <Issr>
2022 <RltvDstngshdNm>
2023 <AttrTp>CATT</AttrTp>
2024 <AttrVal>BE</AttrVal>
2025 </RltvDstngshdNm>
2026 <RltvDstngshdNm>
2027 <AttrTp>OATT</AttrTp>
2028 <AttrVal>EPASOrg</AttrVal>
2029 </RltvDstngshdNm>
2030 <RltvDstngshdNm>
2031 <AttrTp>OUAT</AttrTp>
2032 <AttrVal>Technical Center of Expertise</AttrVal>
2033 </RltvDstngshdNm>
2034 <RltvDstngshdNm>
2035 <AttrTp>CNAT</AttrTp>
2036 <AttrVal>EPAS Protocols Test CA</AttrVal>
2037 </RltvDstngshdNm>
2038 </Issr>
2039 <SrlNb>eJXKNQFMPS8eEbEN</SrlNb>
2040 </IssrAndSrlNb>
2041 </RcptId>
2042 <KeyNcrptnAlgo>
2043 <Algo>ERSA</Algo>
2044 </KeyNcrptnAlgo>
2045 <NcrptdKey>
2046 y+OryP/P5DOrHF1QQy/Gmkk9v/3Bkr4zE8IxkAb1HJwGRJG8JgYzTwC0hMROtXIDm5iRCBi/0QBvm5D
2047 hthmB2vLsmhrXqxnsYKu0ySTJdPh5z32AiLeiY6oYQjzI3d8gVMljTKKgE6MQmcOeLJQ+rIDSpb2ctsS
2048 v7Y/r68Wf8QNTtnADVYS3oA9B3X+hMiSyG0kkM/Qozw4bxuWyBQretXd5oEi7aAPozeaqiOhWx/NogJr
2049 e06yOdJ5gWxb/O9roS2upq9pYKxOx7R4LQJQedTmInBJhadJkkcP5bcLA6gjEWyEzwQx8QwM0x0PCP1g
2050 ZU3A7AjjSLmKj8uoeC6jaVnaO34YYIvvPcgrqG6goPtg2TtXjcm7Kn8/42BbNJFhikp+BUhtuRZDfW6N
2051 LAGtJLntVLtS0WZfHg4HSNQUYmYn4wPwy5lUqPpaYsbUxpzxQEfBLRCI62YREJNCPV3gMX3e4KJGjrUQ
2052 5y6mD+Vgko1OP840upjLcyKa/hAI9q1Sl
2053 </NcrptdKey>
2054 </KeyTrnsprt>
2055 </Rcpt>
2056
2057

3 Key Management Mechanisms - 76 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

3 Key Management Mechanisms - 77 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

2125 0410 39 71 31 53 6C 3C 2F 4E 63 72 70 74 64 4B 65 79 |9q1Sl</NcrptdKey|

2126 0420 3E 3C 2F 4B 65 79 54 72 6E 73 70 72 74 3E 3C 2F |></KeyTrnsprt></|
2127 0430 52 63 70 74 3E 20 |Rcpt> |
2128
2129

3 Key Management Mechanisms - 78 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

2130 3.4.5.3 Decryption step

2131 We use the result of the previous section with the EncryptedKey message item value:
2132 0000 CB E3 AB C8 FF CF E4 33 AB 1C 5D 50 43 2F C6 9A |.......3..]PC/..|
2133 0010 49 3D BF FD C1 92 BE 33 13 C2 31 90 06 F5 1C 9C |I=.....3..1.....|
2134 0020 06 44 91 BC 26 06 33 4F 00 B4 84 C4 4E B5 72 03 |.D..&.3O....N.r.|
2135 0030 9B 98 91 08 18 BF D1 00 6F 9B 90 E1 B6 19 81 DA |........o.......|
2136 0040 F2 EC 9A 1A D7 AB 19 EC 60 AB B4 C9 24 C9 74 F8 |........`...$.t.|
2137 0050 79 CF 7D 80 88 B7 A2 63 AA 18 42 3C C8 DD DF 20 |y.}....c..B<... |
2138 0060 54 C9 63 4C A2 A0 13 A3 10 99 C3 9E 2C 94 3E AC |T.cL........,.>.|
2139 0070 80 D2 A5 BD 9C B6 C4 AF ED 8F EB EB C5 9F F1 03 |................|
2140 0080 53 B6 70 03 55 84 B7 A0 0F 41 DD 7F A1 32 24 B2 |S.p.U....A...2$.|
2141 0090 1B 49 24 33 F4 28 CF 0E 1B C6 E5 B2 05 0A DE B5 |.I$3.(..........|
2142 00A0 77 79 A0 48 BB 68 03 E8 CD E6 AA 88 E8 56 C7 F3 |wy.H.h.......V..|
2143 00B0 68 80 9A DE D3 AC 8E 74 9E 60 5B 16 FF 3B DA E8 |h......t.`[..;..|
2144 00C0 4B 6B A9 AB DA 58 2B 13 B1 ED 1E 0B 40 94 1E 75 |[email protected]|
2145 00D0 39 88 9C 12 61 69 D2 64 91 C3 F9 6D C2 C0 EA 08 |9...ai.d...m....|
2146 00E0 C4 5B 21 33 C1 0C 7C 43 03 34 C7 43 C2 3F 58 19 |.[!3..|C.4.C.?X.|
2147 00F0 53 70 3B 02 38 D2 2E 62 A3 F2 EA 1E 0B A8 DA 56 |Sp;.8..b.......V|
2148 0100 76 8E DF 86 18 22 FB CF 72 0A EA 1B A8 28 3E D8 |v...."..r....(>.|
2149 0110 36 4E D5 E3 72 6E CA 9F CF F8 D8 16 CD 24 58 62 |6N..rn.......$Xb|
2150 0120 92 9F 81 52 1B 6E 45 90 DF 5B A3 4B 00 6B 49 2E |...R.nE..[.K.kI.|
2151 0130 7B 55 2E D4 B4 59 97 C7 83 81 D2 35 05 18 99 89 |{U...Y.....5....|
2152 0140 F8 C0 FC 32 E6 55 2A 3E 96 98 B1 B5 31 A7 3C 50 |...2.U*>....1.<P|
2153 0150 11 F0 4B 44 22 3A D9 84 44 24 D0 8F 57 78 0C 5F |..KD":..D$..Wx._|
2154 0160 77 B8 28 91 A3 AD 44 39 CB A9 83 F9 58 24 A3 53 |w.(...D9....X$.S|
2155 0170 8F F3 8D 2E A6 32 DC C8 A6 BF 84 02 3D AB 54 A5 |.....2......=.T.|

2156
2157 The value of mLen is 384 (or 180)
2158
2159

3 Key Management Mechanisms - 79 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

2160 Step (i): Decryption of the block EncryptedKey

2161
2162 The decryption of the EncryptedKey message item by the private RSA key provides the following
2163 block EM by:
2164 0000 00 02 9F 15 79 F3 28 09 85 62 4C 16 F1 6A BE 14 |....y.(..bL..j..|
2165 0010 A5 0F FD 2B 80 40 BA 40 12 19 1B D4 B2 98 BF D2 |...+.@.@........|
2166 0020 F5 0B 28 3D 80 89 9C F2 1D 0A 20 C3 39 57 72 83 |..(=...... .9Wr.|
2167 0030 57 F5 20 B4 D4 5C 9F 8F 35 05 AC D5 64 5C 49 40 |W. ..\..5...d\I@|
2168 0040 BE 9C D8 8F 6D EB 3C 85 F0 7F 1E AF DA 8E 5D 28 |....m.<.......](|
2169 0050 2E 2B EF FD 43 6D EF 10 D2 66 61 11 84 26 4A 67 |.+..Cm...fa..&Jg|
2170 0060 06 7C DB A5 63 E7 B5 DB CD D4 54 31 0E ED 71 E8 |.|..c.....T1..q.|
2171 0070 76 D3 38 03 91 F8 C8 F7 DC 06 CF 9E DF CC 0D 10 |v.8.............|
2172 0080 F4 75 46 BB 68 60 BC 81 AE 3C E6 2E 92 9C B0 65 |.uF.h`...<.....e|
2173 0090 1F 2C 60 03 42 B3 DC 61 3B 95 EA 21 F8 B8 06 51 |.,`.B..a;..!...Q|
2174 00A0 31 B2 0B 71 82 B6 25 1B FA 69 3C 89 7F C0 76 30 |1..q..%..i<...v0|
2175 00B0 6F 50 0A B0 35 E3 D1 9F 64 06 DA 43 94 8A 2D C6 |oP..5...d..C..-.|
2176 00C0 50 57 22 3D AD AE F3 E6 C1 4D B2 AE 42 5D 1F 83 |PW"=.....M..B]..|
2177 00D0 BD 0B 70 04 E9 4D 15 19 87 AF 73 EA ED 49 0D 60 |..p..M....s..I.`|
2178 00E0 C3 E2 F4 E9 95 99 DA 79 5E BC 3B 2F 5F 20 B2 A3 |.......y^.;/_ ..|
2179 00F0 55 38 99 B6 A8 59 69 D1 08 4C 0D D3 3A D1 04 8D |U8...Yi..L..:...|
2180 0100 E8 9B FE 97 28 3B 84 EB 70 D0 17 10 BE 3B 07 11 |....(;..p....;..|
2181 0110 EF A3 81 A8 4B 43 2F 4C 5A 97 14 DD 42 D0 4C D7 |....KC/LZ...B.L.|
2182 0120 A7 30 C6 0B D3 60 95 57 43 A0 C6 79 94 43 68 21 |.0...`.WC..y.Ch!|
2183 0130 2D 59 71 48 AE 7A F6 09 7B FB 48 9E 27 54 E7 E5 |-YqH.z..{.H.'T..|
2184 0140 AD ED 49 FD 36 43 C3 5D 2C 70 A8 7B B9 B2 0C 10 |..I.6C.],p.{....|
2185 0150 B0 7B 3B 62 8A E4 77 22 25 73 4C 85 39 D4 E7 B0 |.{;b..w"%sL.9...|
2186 0160 C0 1E 3C 6A 90 41 E9 63 D4 86 E0 CD 46 01 7F 00 |..<j.A.c....F...|
2187 0170 AE EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |.....=..[.&dX...|
2188
2189 The EM block is split in 5 blocks: 00 || 02 || PS || 00 || Kt
2190
2191 Step (ii): Retrieving the data (KT key)
2192
2193 0000 AE EF 80 98 A7 3D E9 D6 5B BF 26 64 58 04 02 16 |.....=..[.&dX...|
2194
2195
2196

2197

3 Key Management Mechanisms - 80 - 3.4 RSAEncryption Key Encryption

Card Payment Protocols Security Version 2.1

2198 4 Encryption Mechanisms

2199

2200 4.1 Introduction

2201 Data encryption uses only the CBC (Cypher Block Chaining) encryption mode as defined in ISO/IEC
2202 18033-3.
2203 The following encryption cryptographic algorithms are supported:
2204 1. Triple DES encryption with key of 112 bits as defined by the Federal Information Processing
2205 Standards in FIPS PUB 46-3 Data Encryption Standard (DES), using the Keying option 2,
2206 2. AES encryption with key of 128 bits as defined by the Federal Information Processing
2207 Standards in FIPS 197 - November 6, 2001 - Advanced Encryption Standard.
2208
2209
2210
2211 Encryption uses the EnvelopedData CMS structure
2212
2213

4 Encryption Mechanisms - 81 - 4.1 Introduction

Card Payment Protocols Security Version 2.1

2214 4.2 Resulting CMS Structure

2215 Data encryption is transported inside the EnvelopedData choice of the generic CMS data structure
2216 ContentInformationType.
2217 The EnvelopedData CMS data structure, used for encryption, is detailed in the table below.
SensitiveData Mult. Usage
ContentType [1..1] Value "EnvelopedData"
EnvelopedData [1..1] Data protection by encryption.
Version [0..1] default 0
Version of the data structure, current version is 0.
Recipient [1..1] Information related to the encryption key as defined by the key
management.
... see:
section 3.1: DUKPT Key Management,
section 3.2: UKPT Key Management,
section 3.3: RSAES-OAEP Key Encryption.
EncryptedContent [1..1] Encrypted data with the data encryption key.
ContentType [1..1] Type of encrypted data. Allowed values:
EnvelopedData: Encrypted data content is a CMS
EnvelopedData structure.
AuthenticatedData: Encrypted data content is a CMS
AuthenticatedData structure.
SignedData: Encrypted data content is a CMS SignedData
structure.
DigestedData: Encrypted data content is a CMS DigestedData
structure.
PlainData: Encrypted application data is not a CMS data
structure.
ContentEncryptionAlgorithm [1..1] Algorithm used to encrypt the data.
Algorithm [1..1] Encryption algorithm:
DES112CBC CBC mode with Triple DES encryption using a
double length cryptographic key (112 bits)
AES128CBC CBC mode with AES encryption using a 128 bits
cryptographic key.
AES192CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 192 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 –
November 6, 2001 - Advanced Encryption
Standard).
AES256CBC AES (Advanced Encryption Standard) CBC
(Chaining Block Cypher) encryption with a 256 bits
cryptographic key as defined by the Federal
Information Processing Standards (FIPS 197 –
November 6, 2001 - Advanced Encryption
Standard).

Parameter [0..1] Optional Initial Value of the CBC encryption.

If Parameter is absent, a sequence of null bytes have to be used,
with the length of block defined by the encryption algorithm (8 bytes
for DES and 16 bytes for AES).
EncryptionFormat [0..1] see KeyTransport/KeyEncryptionAlgorithm/EncryptionFormat.
InitialisationVector [1..1] The 8-bytes-length (DES) or 16-bytes-length (AES) initial value of
the CBC mode.
BytePadding [0..1] see KeyTransport/KeyEncryptionAlgorithm/BytePadding.
EncryptedData [1..1] Result of the encryption.

2218
2219
2220
2221
4 Encryption Mechanisms - 82 - 4.2 Resulting CMS Structure
Card Payment Protocols Security Version 2.1

2222 4.3 Encryption/Decryption

2223

2224 4.3.1 CBC Encryption Process

2225
2226 (i) The encoded plaintext data, including the envelope, forms the data M to encrypt.
2227 (ii) Padding of the data before M encryption:
2228 a. LB is the number of bytes of an encryption block (8 for DES and 16 for AES)
2229 b. The hexadecimal byte 80 is added at the end of M according to ISO/IEC 9797-1 method
2230 2.
2231 c. If the new length of M is not a multiple of LB, M is extended by null bytes (hexadecimal
2232 00), to reach a length which is a multiple of LB.
2233 (iii) The result M of the padded data is split into blocks of LB bytes M1...Mn
2234 (iv) With the encryption key K, and initialising C0 by the value of InitialisationVector, the encrypted
2235 data is the concatenation of C1...Cn, where
2236 Ci = EK (Ci-1 xor Mi)
2237 EK being the encryption algorithm (TDES or AES) with K
2238

M1 M2 Mn

Initialisation
Vector C0 xor xor xor

K E K E K E

C1 C2 Cn
2239
2240 Figure 17 : CBC Encryption Process
2241

4 Encryption Mechanisms - 83 - 4.3 Encryption/Decryption

Card Payment Protocols Security Version 2.1

2242 4.3.2 CBC Decryption Process:

2243 (i) LB is the number of bytes of an encryption block (8 for DES and 16 for AES)
2244 The encrypted data C is split into blocks of LB bytes C1...Cn
2245 (ii) With the encryption key K, and initialising C0 by the value of InitialisationVector, compute the
2246 following blocs M1...Mn, where
2247 Mi = DK (Ci) xor Ci-1
2248 DK being the decryption algorithm (TDES or AES) with K
2249 (iii) The last block Mn is right padded with the hexadecimal byte 80 according to ISO/IEC 9797-1
2250 method 2, followed by a sequence of 0 to LB-1 null bytes, hexadecimal 00 (if this not the case,
2251 decryption has failed, most probably because a wrong encryption key).
2252 Remove the byte(s) of padding of the block Mn. The decrypted data is the concatenation of the
2253 blocs M1...Mn to form the data block M.
2254
2255 (iv) M is the encoded plaintext data, including the envelope. M must be parsed.

C1 C2 Cn

K D K D K D

Initialisation
Vector C0 xor xor xor

M1 M2 Mn
2256
2257 Figure 18 : CBC Decryption Process
2258
2259
2260
2261

4 Encryption Mechanisms - 84 - 4.3 Encryption/Decryption

Card Payment Protocols Security Version 2.1

2262 4.3.3 Special Encryption/Decryption

2263 As introduced in the beginning of the section, a deviation of the CBC mode is used for the transport of
2264 encrypted cardholder PIN.
2265 The EnvelopedData/EncryptedContent CMS data structure is the same without the presence of
2266 Algorithm/Parameter, as presented in the table below.
SensitiveData Mult. Usage
ContentType [1..1] Value "EnvelopedData"
EnvelopedData [1..1] Data protection by encryption.
Version [0..1] see EnvelopedData
Recipient [1..1] see EnvelopedData
...
EncryptedContent [1..1] see EnvelopedData
ContentType [1..1] see EnvelopedData
ContentEncryptionAlgorithm [1..1] Algorithm used to encrypt the data.
Algorithm [1..1] Encryption algorithm without padding:
DES112CBC Triple DES encryption using a double length
cryptographic key (112 bits)
AES128CBC AES encryption using a 128 bits cryptographic
key.
EncryptedData [1..1] Result of the encryption block (8 bytes for triple DES, 16 bytes for
AES).

2267
2268 The encryption process encrypts directly the plaintext data M (8 bytes for DES and 16 bytes for AES)
2269 without padding and InitialisationVector. The encrypted data is C = EK (M), EK being the encryption
2270 algorithm (TDES or AES) with K.
2271 The decryption process decrypts directly the encrypted data C (8 bytes for DES and 16 bytes for AES)
2272 without InitialisationVector. The decrypted data is M = DK (C), DK being the decryption algorithm
2273 (TDES or AES) with K.
M C

K E K D

C M
2274
2275 Figure 19 : Special Encryption/Decryption
2276
2277
2278

4 Encryption Mechanisms - 85 - 4.3 Encryption/Decryption

Card Payment Protocols Security Version 2.1

2279 4.4 Examples

2280

2281 4.4.1 Data to Encrypt

2282 As an example of input, we will use the PlainCardData data structure of the Acquirer protocol, using
2283 the XML/Schema encoding of the ISO 20022 ca.001.001.02 message.
2284
2285 The card data contains:
2286  The PAN: 9913 3300 8057 4602
2287  A card sequence number of 00
2288  The expiration date in December 2014
2289
2290 The content value of the PlainCardDatadata structure is then presented in the table below.
2291
Message Item Value
PlainCardData
PAN 9913330080574602
CardSequenceNumber 00
ExpiryDate 2014-12
CardSecurityCode
CSCManagement CSCPresent
CSCValue 9915

2292
2293 The resulting XML encoded structure is:
2294 <PlainCardData>
2295 <PAN>9913330080574602</PAN>
2296 <CardSeqNb>00</CardSeqNb>
2297 <XpryDt>2014-12</XpryDt>
2298 <CardSctyCd>
2299 <CSCMgmt>PRST</CSCMgmt>
2300 <CSCVal>9915</CSCVal>
2301 </CardSctyCd>
2302 </PlainCardData>
2303
2304 Once unnecessary spaces and carriage returns are removed, PlainCardData is:
2305 0000 3C 50 6C 61 69 6E 43 61 72 64 44 61 74 61 3E 3C |<PlainCardData><|
2306 0010 50 41 4E 3E 39 39 31 33 33 33 30 30 38 30 35 37 |PAN>991333008057|
2307 0020 34 36 30 32 3C 2F 50 41 4E 3E 3C 43 61 72 64 53 |4602</PAN><CardS|
2308 0030 65 71 4E 62 3E 30 30 3C 2F 43 61 72 64 53 65 71 |eqNb>00</CardSeq|
2309 0040 4E 62 3E 3C 58 70 72 79 44 74 3E 32 30 31 34 2D |Nb><XpryDt>2014-|
2310 0050 31 32 3C 2F 58 70 72 79 44 74 3E 3C 43 61 72 64 |12</XpryDt><Card|
2311 0060 53 63 74 79 43 64 3E 3C 43 53 43 4D 67 6D 74 3E |SctyCd><CSCMgmt>|
2312 0070 50 52 53 54 3C 2F 43 53 43 4D 67 6D 74 3E 3C 43 |PRST</CSCMgmt><C|
2313 0080 53 43 56 61 6C 3E 39 39 31 35 3C 2F 43 53 43 56 |SCVal>9915</CSCV|
2314 0090 61 6C 3E 3C 2F 43 61 72 64 53 63 74 79 43 64 3E |al></CardSctyCd>|
2315 00A0 3C 2F 50 6C 61 69 6E 43 61 72 64 44 61 74 61 3E |</PlainCardData>|

2316
2317
2318

4 Encryption Mechanisms - 86 - 4.4 Examples

Card Payment Protocols Security Version 2.1

2319 4.4.2 Triple DES Encryption with a 112 bits Key

2320
2321 The encryption block length of the Triple DES cryptographic algorithm is 8 bytes.
2322 The length of the data M to encrypt is 176 bytes.
2323
2324 Applying the padding process, the hexadecimal byte 80 is appended according to ISO/IEC 9797-1
2325 method 2, followed by 7 null bytes to reach a length of 184 bytes which is a multiple of the encryption
2326 block length, 8 bytes:
2327
2328 0000 3C 50 6C 61 69 6E 43 61 72 64 44 61 74 61 3E 3C |<PlainCardData><|
2329 0010 50 41 4E 3E 39 39 31 33 33 33 30 30 38 30 35 37 |PAN>991333008057|
2330 0020 34 36 30 32 3C 2F 50 41 4E 3E 3C 43 61 72 64 53 |4602</PAN><CardS|
2331 0030 65 71 4E 62 3E 30 30 3C 2F 43 61 72 64 53 65 71 |eqNb>00</CardSeq|
2332 0040 4E 62 3E 3C 58 70 72 79 44 74 3E 32 30 31 34 2D |Nb><XpryDt>2014-|
2333 0050 31 32 3C 2F 58 70 72 79 44 74 3E 3C 43 61 72 64 |12</XpryDt><Card|
2334 0060 53 63 74 79 43 64 3E 3C 43 53 43 4D 67 6D 74 3E |SctyCd><CSCMgmt>|
2335 0070 50 52 53 54 3C 2F 43 53 43 4D 67 6D 74 3E 3C 43 |PRST</CSCMgmt><C|
2336 0080 53 43 56 61 6C 3E 39 39 31 35 3C 2F 43 53 43 56 |SCVal>9915</CSCV|
2337 0090 61 6C 3E 3C 2F 43 61 72 64 53 63 74 79 43 64 3E |al></CardSctyCd>|
2338 00A0 3C 2F 50 6C 61 69 6E 43 61 72 64 44 61 74 61 3E |</PlainCardData>|
2339 00B0 80 00 00 00 00 00 00 00 |........ |
2340
2341 The test key that will be used is the data encryption DUKPT key for request:
2342 A75D 20F7 0451 7545 3E29 259D 3B08 A72A
2343
2344 Using the Initialisation Vector value A27BB46D1C306E09, the encryption of the padded card data
2345 provides the values below:
2346
2347 0000 CB 85 48 F2 F3 63 3C 4D E9 71 8E 0B F1 85 E8 74 |..H..c<M.q.....t|
2348 0010 F9 5A D4 0B EE 69 BF CF 4E BD 24 05 21 BA 28 5B |.Z...i..N.$.!.([|
2349 0020 3E 94 ED F9 A5 3C F7 0B 6F 1B FB A0 B2 BB 8E 4B |>....<..o......K|
2350 0030 F1 DB D3 FC 64 BF 70 24 AC 19 62 80 1F 10 83 DF |....d.p$..b.....|
2351 0040 66 15 84 94 09 C4 82 C4 0E 5F 1D 4B 8B 85 30 BE |f........_.K..0.|
2352 0050 F2 B0 91 6E E7 F8 8E 30 71 67 9F 71 61 C0 68 C2 |...n...0qg.qa.h.|
2353 0060 67 F0 EA A6 4B 43 70 AF 93 C2 1A 1E A9 29 D6 34 |g...KCp......).4|
2354 0070 59 7D CC BB D6 47 E0 CB 08 92 21 20 33 CC 38 4E |Y}...G....! 3.8N|
2355 0080 8F B4 94 E2 F1 1E 55 D0 F9 12 9B FC 4B 3C BC A4 |......U.....K<..|
2356 0090 0A 0D B0 E8 3F FA 77 F1 2B 7A 1A BF 6A 91 25 68 |....?.w.+z..j.%h|
2357 00A0 6F C4 3A 9A 09 C0 58 17 D9 DC 1E 61 96 7B D5 29 |o.:...X....a.{.)|
2358 00B0 BB 2C D3 D6 17 D3 78 BB |.,....x. |
2359
2360

4 Encryption Mechanisms - 87 - 4.4 Examples

Card Payment Protocols Security Version 2.1

2361 Without the content value of Recipient, the EnvelopedData CMS data structure would be :
2362
Message Item Value
ProtectedCardData
ContentType EnvelopedData
EnvelopedData
Recipient
…
EncryptedContent
ContentType PlainData
ContentEncryptionAlgorithm
Algorithm DES112CBC
Parameter
InitialisationVector A27BB46D1C306E09
EncryptedData CB8548F2F3633C4DE9718E0BF185E874
F95AD40BEE69BFCF4EBD240521BA285B
3E94EDF9A53CF70B6F1BFBA0B2BB8E4B
F1DBD3FC64BF7024AC1962801F1083DF
6615849409C482C40E5F1D4B8B8530BE
F2B0916EE7F88E3071679F7161C068C2
67F0EAA64B4370AF93C21A1EA929D634
597DCCBBD647E0CB0892212033CC384E
8FB494E2F11E55D0F9129BFC4B3CBCA4
0A0DB0E83FFA77F12B7A1ABF6A912568
6FC43A9A09C05817D9DC1E61967BD529
BB2CD3D617D378BB
2363
2364
2365
2366

4 Encryption Mechanisms - 88 - 4.4 Examples

Card Payment Protocols Security Version 2.1

2367 4.4.3 AES Encryption with a 128 bits Key

2368
2369 The encryption block length of the AES cryptographic algorithm is 16 bytes.
2370 The length of the data M to encrypt is 176 bytes.
2371
2372 Applying the padding process, the hexadecimal byte 80 is appended according to ISO/IEC 9797-1
2373 method 2, followed by 15 null bytes to reach a length of 192 bytes which is a multiple of the encryption
2374 block length, 16 bytes:
2375
2376 0000 3C 50 6C 61 69 6E 43 61 72 64 44 61 74 61 3E 3C |<PlainCardData><|
2377 0010 50 41 4E 3E 39 39 31 33 33 33 30 30 38 30 35 37 |PAN>991333008057|
2378 0020 34 36 30 32 3C 2F 50 41 4E 3E 3C 43 61 72 64 53 |4602</PAN><CardS|
2379 0030 65 71 4E 62 3E 30 30 3C 2F 43 61 72 64 53 65 71 |eqNb>00</CardSeq|
2380 0040 4E 62 3E 3C 58 70 72 79 44 74 3E 32 30 31 34 2D |Nb><XpryDt>2014-|
2381 0050 31 32 3C 2F 58 70 72 79 44 74 3E 3C 43 61 72 64 |12</XpryDt><Card|
2382 0060 53 63 74 79 43 64 3E 3C 43 53 43 4D 67 6D 74 3E |SctyCd><CSCMgmt>|
2383 0070 50 52 53 54 3C 2F 43 53 43 4D 67 6D 74 3E 3C 43 |PRST</CSCMgmt><C|
2384 0080 53 43 56 61 6C 3E 39 39 31 35 3C 2F 43 53 43 56 |SCVal>9915</CSCV|
2385 0090 61 6C 3E 3C 2F 43 61 72 64 53 63 74 79 43 64 3E |al></CardSctyCd>|
2386 00A0 3C 2F 50 6C 61 69 6E 43 61 72 64 44 61 74 61 3E |</PlainCardData>|
2387 00B0 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
2388
2389 The AES 128 bits test key has the same value as the DUKPT test base key:
2390 3723 3E89 0B01 04E9 BC94 3D0E 45EA E5A7
2391
2392 Using the Initialisation Vector value A27BB46D1C306E09 7E26BE8E9363DB28, the encryption of the
2393 padded card data provides the values below:
2394
2395 0000 74 51 17 83 80 EC 03 3B 36 25 31 53 0A 96 5E D5 |tQ.....;6%1S..^.|
2396 0010 30 69 87 17 00 A0 97 6F 8F 3E DB 1E C2 6E 89 7A |0i.....o.>...n.z|
2397 0020 E9 81 DF 67 D6 CE 39 00 97 95 C2 37 35 29 1F E5 |...g..9....75)..|
2398 0030 D1 35 EB E4 B2 6F FA E0 96 39 67 D3 DB C8 C2 7D |.5...o...9g....}|
2399 0040 F2 63 17 38 7B D7 0D 90 58 4C 5A 3E D0 9F 10 1C |.c.8{...XLZ>....|
2400 0050 F2 48 4D 7A 95 B4 60 57 1F 8D 16 8B 38 73 BC 32 |.HMz..`W....8s.2|
2401 0060 E0 CD C6 32 84 D3 5B 36 75 98 3B 75 4F DD 41 90 |...2..[6u.;uO.A.|
2402 0070 B5 3D 4C EF 13 DD 91 3A 86 52 88 C0 B3 A4 F0 97 |.=L....:.R......|
2403 0080 17 E4 AA 76 85 C7 17 5F B8 11 2C 77 4F 54 93 97 |...v..._..,wOT..|
2404 0090 EB B7 94 5B 55 AC D0 F4 3D 9C F0 20 FA 4F 94 C2 |...[U...=.. .O..|
2405 00A0 CF 81 B6 AC AA 45 41 3A 25 6B 3B 7F B3 D1 23 55 |.....EA:%k;...#U|
2406 00B0 04 C5 31 6E 57 DA 0C 28 D5 AC 2F D5 75 DA F7 5B |..1nW..(../.u..[|
2407
2408

4 Encryption Mechanisms - 89 - 4.4 Examples

Card Payment Protocols Security Version 2.1

2409 Without the content value of Recipient, the EnvelopedData CMS data structure would be :
2410
Message Item Value
ProtectedCardData
ContentType EnvelopedData
EnvelopedData
Recipient
…
EncryptedContent
ContentType PlainData
ContentEncryptionAlgorithm
Algorithm AES128CBC
Parameter
InitialisationVector A27BB46D1C306E097E26BE8E9363DB28
EncryptedData 7451178380EC033B362531530A965ED5
3069871700A0976F8F3EDB1EC26E897A
E981DF67D6CE39009795C23735291FE5
D135EBE4B26FFAE0963967D3DBC8C27D
F26317387BD70D90584C5A3ED09F101C
F2484D7A95B460571F8D168B3873BC32
E0CDC63284D35B3675983B754FDD4190
B53D4CEF13DD913A865288C0B3A4F097
17E4AA7685C7175FB8112C774F549397
EBB7945B55ACD0F43D9CF020FA4F94C2
CF81B6ACAA45413A256B3B7FB3D12355
04C5316E57DA0C28D5AC2FD575DAF75B
2411
2412

4 Encryption Mechanisms - 90 - 4.4 Examples

Card Payment Protocols Security Version 2.1

2413 4.4.4 Special Encryption/Decryption

2414 Taking an example of PIN encryption with the following elements:
2415  A Triple DES encryption,
2416  The test PIN encryption DUKPT key: 5E64 F1AB F25D C45E 7F62 9EC2 B302 0715
2417  A PIN block value of: 3408 667E EBDD BCAD
2418
2419 The result of the triple DES encryption is: 4560 A060 B4C6 727F
2420
2421 Without the content value of Recipient, the EnvelopedData CMS data structure would be :
Message Item Value
EncryptedPINBlock
ContentType EnvelopedData
EnvelopedData
Recipient
…
EncryptedContent
ContentType PlainData
ContentEncryptionAlgorithm
Algorithm DES112CBC
EncryptedData 4560A060B4C6727F

2422
2423

2424

4 Encryption Mechanisms - 91 - 4.4 Examples

Card Payment Protocols Security Version 2.1

2425 5 MAC Mechanisms

2426

2427 5.1 Introduction

2428 The following MAC cryptographic algorithms are supported by nexo implementations:
2429 1. Triple DES algorithm with double length key (112 Bit), using the retail CBC (Cipher Block
2430 Chaining) mode as defined in ISO 9807 and ANSI X9.19 with the padding method 2 from
2431 ISO9797-1, on the result of the SHA-256 digest of the message body as defined in FIPS 180-
2432 2. This is used by legacy system, and will disappear after their upgrade.
2433 2. Triple DES algorithm with double length key, using the retail CBC mode, applied to the SHA-
2434 256 digest of the data.
2435 3. The CMAC authentication mode as defined by the NIST recommendation 800-38B, using the
2436 AES encryption algorithm with 128 bits key length, applied to the SHA-256 digest of the data.
2437 4. The CMAC authentication mode as defined by the NIST recommendation 800-38B, using the
2438 Triple DES encryption algorithm with double length key, applied to the SHA-256 digest of the
2439 data.
2440
2441

2442 5.2 Resulting CMS Structure

2443 MAC is transported inside the AuthenticatedData alternative of the generic CMS data structure
2444 ContentInformationType.
2445 The AuthenticatedData CMS data structure is detailed in the table below.
SecurityTrailer Mult. Usage
ContentType [1..1] Value "AuthenticatedData"
AuthenticatedData [1..1] Message Authentication Code.
Version [0..1] default 0
Version of the data structure, current version is 0.
Recipient [1..1] Information related to the MAC generation key as defined by the
key management.
... see:
section 3.1: DUKPT Key Management

MACAlgorithm [1..1] Algorithm to compute message authentication code (MAC).

Algorithm [1..1] Cryptographic algorithms for the MAC. Allowed values:
RetailCBCMAC: Retail CBC (Chaining Block Cypher) MAC
(Message Authentication Code) (cf. ISO 9807, ANSI
X9.19) - (ASN.1 Object Identifier: id-retail-cbc-mac).
RetailSHA1MAC: Retail-CBC-MAC with SHA-1 (Secure Hash
standard) - (ASN.1 Object Identifier: id-retail-cbc-mac-
sha-1) with padding Method 2 from ISO9797-1.
RetailSHA256MAC Retail-CBC-MAC with SHA-256 (Secure
Hash standard) - (ASN.1 Object Identifier: id-retail-cbc-
macsha-256).
SHA256CMACwithAES128: CMAC (Cipher based Message
Authentication Code) defined by the National Institute of
Standards and Technology (NIST 800-38B - May 2005),
using the block cipher Advanced Encryption Standard
with a 128 bits cryptographic key, approved by the
Federal Information Processing Standards (FIPS 197 -
November 6, 2001 - Advanced Encryption Standard).

5 MAC Mechanisms - 92 - 5.1 Introduction

Card Payment Protocols Security Version 2.1

SecurityTrailer Mult. Usage

SHA384CMACwithAES192: CMAC (Cipher based Message
Authentication Code) defined by the National Institute of
Standards and Technology (NIST 800-38B - May 2005),
using the block cipher Advanced Encryption Standard
with a 192 bits cryptographic key, approved by the
Federal Information Processing Standards (FIPS 197 -
November 6, 2001 - Advanced Encryption Standard).
The CMAC algorithm is computed on the SHA-384
digest of the message.
SHA512CMACwithAES256: CMAC (Cipher based Message
Authentication Code) defined by the National Institute of
Standards and Technology (NIST 800-38B - May 2005),
using the block cipher Advanced Encryption Standard
with a 256 bits cryptographic key, approved by the
Federal Information Processing Standards (FIPS 197 -
November 6, 2001 - Advanced Encryption Standard).
The CMAC algorithm is computed on the SHA-512
digest of the message.

Parameter [0..1] Optional Initial Value of the CBC encryption.

If Parameter is absent, a sequence of null bytes have to be used,
with the length of block defined by the encryption algorithm (8 bytes
for DES and 16 bytes for AES).
InitialisationVector [1..1] The 8-bytes-length (DES) or 16-bytes-length (AES) initial value of
the CBC mode.
BytePadding [0..1]
EncapsulatedContent [1..1] Data to authenticate, Content item is absent as this is a detached
MAC.
ContentType [1..1] Type of authenticated data. Allowed values:
EnvelopedData: Authenticated data content is a CMS
EnvelopedData structure.
SignedData: Authenticated data content is a CMS
SignedData structure.
DigestedData: Authenticated data content is a CMS
DigestedData structure.
PlainData: Authenticated application data is not a CMS data
structure.
MAC [1..1] Result of the MAC generation.

2446
2447
2448
2449

5 MAC Mechanisms - 93 - 5.2 Resulting CMS Structure

Card Payment Protocols Security Version 2.1

2450 5.3 MAC Generation and Verification Processes

2451
2452 MAC generation and MAC verification use the same algorithms. MAC is verified by generating the
2453 MAC from the received message, and compared to the received MAC.
2454

2455 5.3.1 Retail-CBC-MAC with SHA-256

2456
2457 (i) Compute the SHA-256 digest D on the encoded body of the message, including the envelope,
2458 as transmitted by the transport level:
2459  For the MAC verification of a received message, the digest is computed on the body as
2460 received by the transport level.
2461  For the MAC generation of a message to send, the body shall have no change after the
2462 generation of the digest.
2463 (ii) Padding of the data D: the hexadecimal byte 80 is appended to D according to ISO/IEC 9797-
2464 1 method 2. If the new length is not a multiple of 8, D is padded by null bytes (hexadecimal
2465 00), to reach a length multiple of 8.
2466 (iii) The result D of the padded data is split into blocks of 8 bytes D1...Dn
2467 (iv) With the left part KL of the MAC key K, and initialising C0 by 8 null bytes, compute the
2468 sequence C1...Cn-1, where
2469 Ci = EKL (Ci-1 xor Di)
2470 EKL being the DES encryption with KL
2471 (v) The MAC is the result of:
2472 MAC = EK (Cn-1 xor Dn)
2473 EK being the Triple-DES encryption with K
2474
D1 D2 Dn-1 Dn

C0 xor xor xor xor

00...00

KL DES KL DES KL DES K 3DES

C1 C2 Cn-1 MAC
2475
2476 Figure 20 : Retail-CBC-MAC with SHA-256
2477
2478
2479

5 MAC Mechanisms - 94 - 5.3 MAC Generation and Verification Processes

Card Payment Protocols Security Version 2.1

2480 5.3.2 CMAC with SHA256

2481
2482 CMAC generation and CMAC verification use the same algorithms. CMAC is verified by generating
2483 the MAC from the received message, and compared to the received MAC.
2484 CMAC can be used with a Triple DES or an AES encryption algorithm.
2485
2486 (i) Compute the SHA-256 digest D on the encoded body of the message, including the envelope,
2487 as transmitted by the transport level:
2488  For the MAC verification of a received message, the digest is computed on the body as
2489 received by the transport level.
2490  For the MAC generation of a message to send, the body shall have no change after the
2491 generation of the digest.
2492 (ii) Generate the subkeys K1 and K2 from the key K (see the algorithm below).
2493 (iii) Let b the block size of the encryption algorithm (64 bits for Triple DES, and 128 bits for AES)
2494 Split the digest D into blocks of size b: D1... Dn-1 D*n
2495 If the block D*n has the same size as b (complete block)
2496 Dn = D*n xor K1
2497 (iv) If the size of D*n is lower than b: 1
2498 According to ISO/IEC 9797-1 method 2 add the byte 80 at the end of D*n and complete if
2499 necessary with null bytes 00 to reach the length of a block size b
2500 Dn = D*n xor K2
2501 (v) Initialising C0 by null bytes, compute the sequence C1...Cn-1, where
2502 Ci = EK (Ci-1 xor Di)
2503 EK being the encryption (Triple DES or an AES) with KL
2504 (vi) The MAC is the block Cn:
2505 MAC = Cn
2506
D1 D2 Dn-1 Dn

C0 xor xor xor xor

00...00

K Enc K Enc K Enc K Enc

C1 C2 Cn-1 MAC
2507
2508 Figure 21 : CMAC with SHA-256
2509
2510

1
This case never happens for D which has the size of an SHA-256 digest.

5 MAC Mechanisms - 95 - 5.3 MAC Generation and Verification Processes

Card Payment Protocols Security Version 2.1

2511 Generation of CMAC Subkeys K1 and K2

2512
2513 (i) Build the block L, result of the encryption by K of a block containing null bytes.
2514 (ii) If the most significant bit of L is 0, K1 = L<<1
2515 else K1 = (L<<1) xor R
2516 (X<<1 is the bit string resulting from discarding the leftmost bit of X and appending a bit 0 at
2517 the right)
2518 where R=00…001B for b=8 bytes, and R=00…0087 for b=16 bytes)
2519 (iii) If the most significant bit of K1 is 0, K2 = K1<<1
2520 else K2 = (K1<<1) xor R
b

00 00

K Enc

<<1

L’

yes most significant bit

of L = 0 ?
no b = 8 bytes
R 00 00 1B
xor
00 00 87
b = 16 bytes
K1

<<1

K 1’

yes most significant bit

of K1 = 0 ?
no

xor

K2
2521
2522 Figure 22 : Generation of CMAC Subkeys
2523
2524

5 MAC Mechanisms - 96 - 5.3 MAC Generation and Verification Processes

Card Payment Protocols Security Version 2.1

2525 5.4 Examples

2526

2527 5.4.1 Message Body

2528 As an example of message body to compute a MAC example, we will use the
2529 AcceptorDiagnosticRequest message of the Acquirer protocol, with the XML/Schema encoding of the
2530 ISO 20022 caaa.013.001.02 message.
2531
2532 As input of the AcceptorDiagnosticRequest MAC, the XML encoded body DiagnosticRequest of the
2533 message is:
2534 <DgnstcReq>
2535 <Envt>
2536 <AcqrrParamsVrsn>2010-01-01T08:00:00</AcqrrParamsVrsn>
2537 <MrchntId>
2538 <Id>EPASMER001</Id>
2539 <Tp>MERC</Tp>
2540 </MrchntId>
2541 <POIId>
2542 <Id>66000001</Id>
2543 <Tp>OPOI</Tp>
2544 <Issr>ACQR</Issr>
2545 </POIId>
2546 </Envt>
2547 </DgnstcReq>
2548
2549 Once unnecessary spaces and carriage returns are removed, AcceptorDiagnosticRequest is:
2550 0000 3C 44 67 6E 73 74 63 52 65 71 3E 3C 45 6E 76 74 |<DgnstcReq><Envt|
2551 0010 3E 3C 41 63 71 72 72 50 61 72 61 6D 73 56 72 73 |><AcqrrParamsVrs|
2552 0020 6E 3E 32 30 31 30 2D 30 31 2D 30 31 54 30 38 3A |n>2010-01-01T08:|
2553 0030 30 30 3A 30 30 3C 2F 41 63 71 72 72 50 61 72 61 |00:00</AcqrrPara|
2554 0040 6D 73 56 72 73 6E 3E 3C 4D 72 63 68 6E 74 49 64 |msVrsn><MrchntId|
2555 0050 3E 3C 49 64 3E 45 50 41 53 4D 45 52 30 30 31 3C |><Id>EPASMER001<|
2556 0060 2F 49 64 3E 3C 54 70 3E 4D 45 52 43 3C 2F 54 70 |/Id><Tp>MERC</Tp|
2557 0070 3E 3C 2F 4D 72 63 68 6E 74 49 64 3E 3C 50 4F 49 |></MrchntId><POI|
2558 0080 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C |Id><Id>66000001<|
2559 0090 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 |/Id><Tp>OPOI</Tp|
2560 00A0 3E 3C 49 73 73 72 3E 41 43 51 52 3C 2F 49 73 73 |><Issr>ACQR</Iss|
2561 00B0 72 3E 3C 2F 50 4F 49 49 64 3E 3C 2F 45 6E 76 74 |r></POIId></Envt|
2562 00C0 3E 3C 2F 44 67 6E 73 74 63 52 65 71 3E |></DgnstcReq> |

2563
2564
2565
2566

5 MAC Mechanisms - 97 - 5.4 Examples

Card Payment Protocols Security Version 2.1

2567 5.4.2 Retail-CBC-MAC

2568
2569 Applying the padding process from ISO/IEC 9797-1 method 2, the hexadecimal byte 80 is appended,
2570 followed by 2 null bytes to reach a length of 208 bytes, multiple of 8:
2571 0000 3C 44 67 6E 73 74 63 52 65 71 3E 3C 45 6E 76 74 |<DgnstcReq><Envt|
2572 0010 3E 3C 41 63 71 72 72 50 61 72 61 6D 73 56 72 73 |><AcqrrParamsVrs|
2573 0020 6E 3E 32 30 31 30 2D 30 31 2D 30 31 54 30 38 3A |n>2010-01-01T08:|
2574 0030 30 30 3A 30 30 3C 2F 41 63 71 72 72 50 61 72 61 |00:00</AcqrrPara|
2575 0040 6D 73 56 72 73 6E 3E 3C 4D 72 63 68 6E 74 49 64 |msVrsn><MrchntId|
2576 0050 3E 3C 49 64 3E 45 50 41 53 4D 45 52 30 30 31 3C |><Id>EPASMER001<|
2577 0060 2F 49 64 3E 3C 54 70 3E 4D 45 52 43 3C 2F 54 70 |/Id><Tp>MERC</Tp|
2578 0070 3E 3C 2F 4D 72 63 68 6E 74 49 64 3E 3C 50 4F 49 |></MrchntId><POI|
2579 0080 49 64 3E 3C 49 64 3E 36 36 30 30 30 30 30 31 3C |Id><Id>66000001<|
2580 0090 2F 49 64 3E 3C 54 70 3E 4F 50 4F 49 3C 2F 54 70 |/Id><Tp>OPOI</Tp|
2581 00A0 3E 3C 49 73 73 72 3E 41 43 51 52 3C 2F 49 73 73 |><Issr>ACQR</Iss|
2582 00B0 72 3E 3C 2F 50 4F 49 49 64 3E 3C 2F 45 6E 76 74 |r></POIId></Envt|
2583 00C0 3E 3C 2F 44 67 6E 73 74 63 52 65 71 3E 80 00 00 |></DgnstcReq>...|
2584
2585 The test key that will be used is the message authentication DUKPT key for request message:
2586 5E64 F1AB F25D 3BA1 7F62 9EC2 B302 F8EA
2587
2588 The Retail CBC encryption of the padded data provides the value below2:
2589 0000 0D 0F 6E 5B E4 35 AB ED 84 E9 91 6E AF 21 51 06 |..n[.5.....n.!Q.|
2590 0010 7A DD 45 72 21 8A 9C 01 C7 34 BE 57 A5 D1 09 5C |z.Er!....4.W...\|
2591 0020 E6 22 34 30 BB 15 25 31 DF 26 64 37 44 17 4F E7 |."40..%1.&d7D.O.|
2592 0030 94 F4 EE 59 03 BB 5A 6C 65 30 F0 A5 F3 09 98 32 |...Y..Zle0.....2|
2593 0040 14 C1 F9 FE C3 61 F8 48 30 7D 48 34 41 17 C4 8A |.....a.H0}H4A...|
2594 0050 05 A6 BA FB 76 DA 30 68 4C C9 F3 DF DA AF 80 BE |....v.0hL.......|
2595 0060 B9 C4 DD 77 DE CC 6E 53 90 22 E7 05 49 A1 31 6A |...w..nS."..I.1j|
2596 0070 6B 7C 08 F3 55 B1 E5 50 B0 9E 2A 92 9E 3B E1 38 |k|..U..P..*..;.8|
2597 0080 5D 54 9A 6A 23 46 09 9A FC 44 96 1E B5 44 74 36 |]T.j#F...D...Dt6|
2598 0090 B0 DE A0 CC AC 46 2D 6A 06 90 C5 92 59 B9 69 12 |.....F-j....Y.i.|
2599 00A0 84 D9 7B 4B A8 CA 20 1F D7 A3 9F 85 41 D9 58 B1 |..{K.. .....A.X.|
2600 00B0 CE 6F 95 FA B6 F7 B0 33 E5 DA 35 A1 25 52 4B D8 |.o.....3..5.%RK.|
2601 00C0 B8 70 28 8A 6A F5 77 09 E7 4F 47 FE 22 BA 78 E3 |.p(.j.w..OG.".x.|
2602
2603 The MAC of the message is the last 8 bytes: E7 4F 47 FE 22 BA 78 E3
2604 The SecurityTrailer data structure with the MAC information is presented in the table below.
Message Item Value
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
…
MACAlgorithm
Algorithm RetailCBCMAC
EncapsulatedContent
ContentType PlainData
MAC E74F47FE22BA78E3

2605
2606
2
Since the padding Method 2 is applied, the Retail CBC-MAC follow the algorithm described in section
5.3.1 (Retail-CBC-MAC with SHA-256) without computing the SHA-256 in the step (i) of the algorithm.

5 MAC Mechanisms - 98 - 5.4 Examples

Card Payment Protocols Security Version 2.1

2607 5.4.3 Retail-CBC-MAC with SHA-256

2608
2609 The SHA256 digest of the DiagnosticRequest message body is:
2610 0000 C4 11 A9 4F 56 97 8E A1 8B 9D CA F4 A0 DE 5B 44 |...OV.........[D|
2611 0010 09 BE A9 93 87 58 1A CA E5 01 3D 4A 55 38 AF B0 |.....X....=JU8..|

2612
2613 Applying the padding process from ISO/IEC 9797-1 method 2, the hexadecimal byte 80 is appended,
2614 followed by 7 null bytes to reach a length of 40 bytes, multiple of 8:
2615 0000 C4 11 A9 4F 56 97 8E A1 8B 9D CA F4 A0 DE 5B 44 |...OV.........[D|
2616 0010 09 BE A9 93 87 58 1A CA E5 01 3D 4A 55 38 AF B0 |.....X....=JU8..|
2617 0020 80 00 00 00 00 00 00 00 |........ |
2618
2619 The test key that will be used is the message authentication DUKPT key for request message:
2620 5E64 F1AB F25D 3BA1 7F62 9EC2 B302 F8EA
2621
2622
2623 The Retail CBC encryption of the padded SHA256 digest provides the value below:
2624 0000 0C 39 D3 CF 05 F9 F4 97 E0 1E 69 DE 5F 23 F8 72 |.9........i._#.r|
2625 0010 81 EC 98 C5 B4 12 CD A4 19 E8 06 D6 F2 03 9F B3 |................|
2626 0020 21 86 58 17 8E B7 E8 F6 |!.X..... |
2627
2628 The MAC of the message is the last 8 bytes: 21 86 58 17 8E B7 E8 F6
2629
2630 The SecurityTrailer data structure with the MAC information is presented in the table below.
2631
2632 Without the content value of Recipient, the AuthenticatedData CMS data structure would be:
Message Item Value
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
…
MACAlgorithm
Algorithm RetailSHA256MAC
EncapsulatedContent
ContentType PlainData
MAC 218658178EB7E8F6

2633
2634

2635

5 MAC Mechanisms - 99 - 5.4 Examples

Card Payment Protocols Security Version 2.1

2636 5.4.4 SHA-256 CMAC with AES

2637
2638 The hereby displayed example uses for AES 128 bits test key the same value as the test DUKPT base
2639 derivation key. The MAC AES key K is then:
2640 37233E89 0B0104E9 BC943D0E 45EAE5A7
2641
2642 Generation of CMAC Subkeys
2643 The AES encryption of the null block with the key K is the block L with the following value:
2644 0000 4B 4F F0 2B 0C F5 10 FC 6E 0D 62 86 D4 33 FD B4 |KO.+....n.b..3..|

2645
2646 The most significant bit of L is 0, K1 is then the value of L<<1:
2647 0000 96 9F E0 56 19 EA 21 F8 DC 1A C5 0D A8 67 FB 68 |...V..!......g.h|

2648
2649 The value of K1 is then:
2650 0000 96 9F E0 56 19 EA 21 F8 DC 1A C5 0D A8 67 FB 68 |...V..!......g.h|

2651
2652 The most significant bit of K1 is 1, the value of K1 <<1 is then:
2653 0000 2D 3F C0 AC 33 D4 43 F1 B8 35 8A 1B 50 CF F6 D0 |-?..3.C..5..P...|

2654
2655 The value of K2 = (K1<<1) xor 87 is then:
2656 0000 2D 3F C0 AC 33 D4 43 F1 B8 35 8A 1B 50 CF F6 57 |-?..3.C..5..P..W|

2657
2658 The value of K2 is then:
2659 0000 2D 3F C0 AC 33 D4 43 F1 B8 35 8A 1B 50 CF F6 57 |-?..3.C..5..P..W|

2660
2661
2662

5 MAC Mechanisms - 100 - 5.4 Examples

Card Payment Protocols Security Version 2.1

2663 Generation of the MAC

2664
2665 The SHA256 digest of the DiagnosticRequest message body is:
2666 0000 C4 11 A9 4F 56 97 8E A1 8B 9D CA F4 A0 DE 5B 44 |...OV.........[D|
2667 0010 09 BE A9 93 87 58 1A CA E5 01 3D 4A 55 38 AF B0 |.....X....=JU8..|

2668
2669 The digest is split in 2 blocks, the last one being a complete block D*2:
2670 0010 09 BE A9 93 87 58 1A CA E5 01 3D 4A 55 38 AF B0 |.....X....=JU8..|

2671
2672 The block D2 = D*2 xor K1, is then:
2673 0000 9F 21 49 C5 9E B2 3B 32 39 1B F8 47 FD 5F 54 D8 |.!I...;29..G._T.|

2674
2675 The blocks D1 to D2 are then:
2676 0000 C4 11 A9 4F 56 97 8E A1 8B 9D CA F4 A0 DE 5B 44 |...OV.........[D|
2677 0010 9F 21 49 C5 9E B2 3B 32 39 1B F8 47 FD 5F 54 D8 |.!I...;29..G._T.|
2678
2679 The CBC encryption provides the value C1 to C2 below:
2680 0000 10 B0 E4 4F BE E2 92 C8 BA 31 07 81 36 AC 52 DE |...O.....1..6.R.|
2681 0010 4B C1 AA 74 F2 BB 58 03 D1 41 EA 97 42 2B 4B 73 |K..t..X..A..B+Ks|
2682
2683 The MAC of the message is the last 16 bytes:
2684 4B C1 AA 74 F2 BB 58 03 D1 41 EA 97 42 2B 4B 73
2685
2686 The SecurityTrailer data structure with the MAC information is presented in the table below.
2687
2688 Without the content value of Recipient, the AuthenticatedData CMS data structure would be :
Message Item Value
SecurityTrailer
ContentType AuthenticatedData
AuthenticatedData
Recipient
…
MACAlgorithm
Algorithm SHA256CMACwithAES128
EncapsulatedContent
ContentType PlainData
MAC 4BC1AA74F2BB5803D141EA97422B4B73

2689
2690

2691

5 MAC Mechanisms - 101 - 5.4 Examples

Card Payment Protocols Security Version 2.1

2692 6 Digital Signature Mechanisms

2693

2694 6.1 Introduction

2695 The following digital signature cryptographic algorithms are supported by nexo implementations:
2696 1. Signature algorithm with RSA (PKCS #1 version 2.1), using SHA-256 digest algorithm (ASN.1
2697 Object Identifier: sha256WithRSAEncryption), in conformance to the RFC 3447 (section 9.2
2698 Encoding methods for signatures with appendix-PKCS1-v1_5).
2699
2700 The digital signature is used to sign nexo messages or subset of the message, and only one signer
2701 provides a digital signature in a SignedData data structure.
2702
2703 The following chapters will focus on solutions where the signerIdentification is given by an
2704 IssuerAndSerialNumber element rather than a KEKIdentifier. Nevertheless, the example on chapter
2705 6.4.3 SHA-256 with RSA is also valid for this kind of key identification.
2706
2707

6 Digital Signature Mechanisms - 102 - 6.1 Introduction

Card Payment Protocols Security Version 2.1

2708 6.2 Resulting CMS Structure

2709 Digital signature is transported inside the SignedData choice of the generic CMS data structure
2710 ContentInformationType. The SignedData CMS data structure is detailed in the table below.
Or SecurityTrailer Mult. Usage
ContentType [1..1] Value "SignedData"
SignedData [1..1] Message Authentication Code.
Version [0..1] default 1
Version of the data structure, current version is 1.
DigestAlgorithm [1..1] Digest algorithm used by the signer to perform its digital signature.
Algorithm [1..1] Cryptographic algorithms for digests, allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
EncapsulatedContent [1..1] Data that have been signed, i.e. input of the digital signature
generation.
ContentType [1..1] Type of signed data. Allowed values:
EnvelopedData: Signed data content is a CMS EnvelopedData
structure.
AuthenticatedData: Signed data content is a CMS
AuthenticatedData structure.
DigestedData: Signed data content is a CMS DigestedData
structure.
PlainData: Signed application data is not a CMS data
structure.
Certificate [0..*] Collection of certificates.
Signer [1..1] Identification of the signing and digital signature of the signer.
Version [0..1] default 1
Version of the data structure, current version is 1.
SignerIdentification [1..1] Identification of the signing key.
Or IssuerAndSerialNumber [1..1] Issuer name and serial number of the certificate.
Issuer [1..1] Issuer Name
RelativeDistinguishedName [1..*] X.500 attribute.
AttributeType [1..1] Type of attribute, allowed values:
CountryName Country name of the attribute (ASN.1 Object
Identifier: id-at-countryName).
CommonName Common name of the attribute (ASN.1 Object
Identifier: id-at-commonName).
Locality Locality of the attribute (ASN.1 Object Identifier: id-
atlocalityName).
OrganisationName Organization name of the attribute
(ASN.1 Object Identifier: id-at-organizationName).
OrganisationUnitName Organization unit name of the attribute
(ASN.1 Object Identifier: id-at-
organizationalUnitName).
AttributeValue [1..1] Value of the attribute.
SerialNumber [1..1] Serial number of the certificate.
Or KeyIdentifier [1..1] Identifier of a cryptographic asymmetric key, previously exchanged
between parties.
KeyIdentification [1..1] Identification of the key.
KeyVersion [1..1] Version of the key.
SequenceNumber [0..1] Number of usages of the cryptographic key.
DerivationIdentification [0..1] Information to perform key derivation.

6 Digital Signature Mechanisms - 103 - 6.2 Resulting CMS Structure

Card Payment Protocols Security Version 2.1

Or SecurityTrailer Mult. Usage

DigestAlgorithm [1..1] Digest algorithm to apply to the data (EncapsulatedContent) before
private encryption.
Algorithm [1..1] Identifiation of the algorithm, allowed values:
Cryptographic algorithms for digests, allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
SignatureAlgorithm [1..1] Digital signature algorithm to apply to the data
(EncapsulatedContent).
Algorithm [1..1] Digital signature algorithm, allowed values:
RSASSA-PSS Signature algorithm with Appendix,
Probabilistic Signature Scheme (PKCS #1
version 2.1), - (ASN.1 Object Identifier: id-
RSASSA-PSS).
SHA1WithRSA Signature algorithms with RSA (PKCS #1
version 2.1), using SHA-1 digest algorithm -
(ASN.1 Object Identifier:
sha1WithRSAEncryption).
SHA256WithRSA Signature algorithms with RSA (PKCS #1
version 2.1), using SHA-256 digest algorithm -
(ASN.1 Object Identifier:
sha256WithRSAEncryption).
Parameter [0..1] Parameter of the RSASSA-PSS signature algorithm.
DigestAlgorithm [0..1] Cryptographic algorithm for computing the digest of the label in the
RSASSA-PSS encryption algorithm. Allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
MaskGeneratorAlgorithm [1..1] Mask generator function algorithm used by the RSASSA-PSS
signature algorithm.
Algorithm [1..1] Algorithm of the mask generator function, allowed value:
MGF1 Mask Generator Function, used for RSA encryption and
RSA igital signature (PKCS #1 version 2.1) - (ASN.1 Object
Identifier: id-mgf1).
Parameter [0..1] Parameters associated to the mask generator function
cryptographic algorithm.
DigestAlgorithm [0..1] Digest algorithm used in the mask generator function. Allowed
values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
SaltLength [1..1] Length of the salt to include in the signature.
TrailerField [0..1] Trailer field number.
Signature [1..1] Digital signature value.

2711
2712

6 Digital Signature Mechanisms - 104 - 6.2 Resulting CMS Structure

Card Payment Protocols Security Version 2.1

2713 6.3 Digital Signature Generation and Verification Processes

2714
2715 To provide a digital signature, the signer computes a digest of the data to sign, and encrypts the
2716 formatted digest with its private key. The digital signature may be verified by any party with the public
2717 key of the signer.
2718

2719 6.3.1 SHA-256 with RSA

2720 The generation of the digital signature follows the PKCS1-v1_5 specifications:
2721 (i) The length mLen of the RSA signing key modulus have to be larger or equal to 496 bits, and
2722 the length of the data input cannot be greater than 264 bits.
2723 (ii) Compute the SHA-256 digest D on the encoded body of the message, including the envelope,
2724 as transmitted by the transport level:
2725  For the digital signature generation of a message to send, the body shall have no change
2726 after the generation of the digest.
2727 (iii) Encode the ASN.1 value of type DigestInfo, with the OID id-sha256, a null parameter, and
2728 the digest D using the DER encoding. This operation is identical to the concatenation of
2729  the hexadecimal string T: 3031 300D 0609 60 86 48 01 65 03 04 02 01 0500 0420,
2730 and
2731  the digest D
2732 (iv) Generate a padding string PS of length mLen-51 bytes with the hexadecimal value FF.
2733 (v) Encrypt with the private RSA signing key the block EM, where
2734 EM = 00 || 01 || PS || 00 || T || D
2735 || being the concatenation operator
2736 (the first 00 allows an integer value strictly lower than the RSA key modulus, 01 indicates an
2737 RSA encryption with a private key, the second 00 delimits the Padding String from the data to
2738 encrypt)
2739

Private signing key

00 01 FF

FF 00
RSA
T
D
Message Body

SHA256 Digital Signature

2740
2741 Figure 23 : SHA-256 with RSA Digital Signature
2742
2743

6 Digital Signature Mechanisms - 105 - 6.3 Digital Signature Generation and Verification Processes
Card Payment Protocols Security Version 2.1

2744 The verification of the digital signature:

2745 (i) The length mLen of the RSA signing key modulus have to be larger or equal to the length of
2746 the signature S, and the length of the data input cannot be greater than 2 64 bits.
2747 (ii) Compute the SHA-256 digest H on the encoded body of the message, including the envelope,
2748 as transmitted by the transport level:
2749  For the digital signature verification of a received message, the digest is computed on the
2750 body as received by the transport level.
2751 (iii) Decrypt with the public RSA signing key the signature S, to obtain the data block EM.
2752 (iv) Verify that the block EM has the format:
2753 EM = 00 || 01 || PS || 00 || T || D
2754 The first byte has the value 00,
2755 The second byte has the value 01,
2756 PS of length mLen-51 bytes, with the hexadecimal value FF, and is followed by 00,
2757 T has the hexadecimal value: 3031 300D 0609 60 86 48 01 65 03 04 02 01 0500 0420,
2758 D has the same value that the digest H of the message body.
2759

6 Digital Signature Mechanisms - 106 - 6.3 Digital Signature Generation and Verification Processes
Card Payment Protocols Security Version 2.1

2760 6.4 Example

2761 6.4.1 Signing Key and Certificate

2762 The RSA key to generate the digital signature has a key length of 3072 bits with the components
2763 dumped below:
RSA Key Component Value
Modulus BD095898F981BAF42BE20E19339B396C59626690BDF396D20C503CA57C688AF4
1E50552CF1B9DDC4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B
8F835AE60D9E057EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40
F4D482F5EBC9754F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27
457693B41E7BF2CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98D
BA3047F2C0CDCD9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70
A9548D7804B5E4A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659
D828A94C5544AEBBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD
810E43D574DD7BE664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD
791AB5718F1FA19673EBAF7ABF3CCD732F31D397FCE790869D2A682DF2324514
181CCE1CDB4E7A4036DABAC26276EE0A3A2D2BE04FB52E58128FF4086C7417CD
ECE75B18783DFA2C05D4A51899307FDCC4A00701300D73B45FFD52E396758CC5
Public Exponent 010001
Private Exponent 17D112A18B6605E8F7926E964C433553EA5B14730E0B9FA7ED373ABCDAD4CD14
FEB0BE5A80461BA3B550F5CF2B665363D9C3215071A4DF795A556ABA51DF99BD
E121FA94DB885A46E6AD9FE84FED25F10C224F86E22E71ADB632C78E61B057B1
936726ECD6FD35D3862B10D9B706732D16DC98C8D53D82841617151935E6B58E
FA187B798911B2C06826AE2CD89F75B96483D3FF4201410E25815DAA59F70C4B
D7F6774A2572888228DDF7B0F778D0537A038B245C21FA3E37C69D17D92CEFAE
0999568D7ED81EE98DD3529FD19C52E890CABB99538A8AAD768E2CA7A1F2191A
8A4C0D1C1431A90C7A8AD3240349E7B30344E9F946EBF9CA556B1348936C04C0
24D45C87204F7E04C828A6A781085E5541451C4111A0AA63F807E32D0F941611
8E9F395E936D5AE530F490B05F76337B4AD6C79CACBFB65A12BC137A5B98F02B
8E7456A123F4C43AC50E2244344A3D86402B74E2A66A28EF69095D0A044D14D9
E164F9F67561B462EB95B65A6298BA636BD9E4A150D02357FB293F0B5CF0C5AD
Prime 1 E67D8DC159476C2CB803BA39BBF3606B3F45434FC07AF91368406B57095D205B
AC88BFAF9462B458F9B4DCC26078B27040766510A19F317021AC87B5BDD618BE
95850BC5A895787F6D134C578F9218EAD686EFED14EAA84804F749794288E24C
EA2A955AA3473EF99A0D536A7AA13E0DFAD7739A42F46C98C55C8066FBA20EDB
91D587A966F061351A46141CEBCFD944E766FBCAA19F251A09BF6BD7E3B8A8FD
F3AD572B7B7FEC9B160C8F8A6FDE5E029D7942A45F5572BD40B04F3CF59F4BF7
Prime 2 D1F548FB2D1A25B094040F6B26B051F99F6E7C9DB34148A458393C08BC2232EB
CDB9E98BD8CB7E1E1A5D133F668E535E1A27FAF807C253057438ADF7846AA656
7E03A4879248DF06A9A8E413F8125CAC14B2093EB043AB4831F16EF7DB04FD34
855D525A6C5BE4E7D2C6B6F02C97BF975BE971C5F8515BBE2FE9BD894B39DF74
CED4BE6BEEF5D35C5D420BDD29111EDCE556D1DC38669AC9D5136FAF44951381
BE2B1F51DD150EB1A591C46242E54715550710E7AB20BAFC50B6D31469F4A623
Exponent 1 5E579BD33D40DFC53A18C47BE7338A0EBBDA14E02AEFEACD87C97E6624BE0A85
9B8C69B16B722F518FFBF8B4531A7427402B75D8A5DEEC34728415144DBCB96A
20F751473966DCE88373F7B68B5C88786F10D259DF4AE150813FDAC2187AC0EE
2C96FB851AFA098BCF038F56311598B9CE27ABF8C3591AAE3972505856BD1189
CC1A73A9E22998104D4DCBE3BE9DD7D7BD43C8E23ADF5227634007DB5929777A
62E85B9ABFB52FDA96DED34E1DD60DF2D214153404958C1E6CC0FDDDFCC79427
Exponent 2 80A494A9E9B19AA43D9CDB41A0FBE9CE53E463905093D08979D0DFBACE62F9E6
4730012C0192755CC6747EE59AD5DBB8CDB7EF6AE77E26563226C458E3166182
9F45661AF703953B44DAC99C7EA3E98A3A47F7A82461E1E1A35035D8C1A6A5E9
F748FDBB8FA72272F44F732967793717EB65F6A3010A0077606E0C06C243DC69
7A8D197B9277A6A07237948356B539BEC8FA502D69955C840BFD13B245083E62
817D747C3944BCB3162A61347F9E71D65D39AE1EF4586299546F2097E26FD717
Coefficient D175B7C635A4E77C5140848E541B1F75EF83ADEDF347B1727A332FC292142080
8225783A23F9475692A0E14425BEDD0CD72342F243AC24D0901778B91C58A9A2
515F72538BC0F1DC7167FF598247F1CE2A475967256AA3FA63EC1008C8B7FF90
51DF38D7B9B7AC0B86CBDFA141DC22D755898FB471818202734F761D3464C9B0
5E7F0119E80F7BD4F205233B020DB1EEA7CC8DE11BB68CF8A0F82CE8CD3E33C5
2472FC11229F8C0A56F85189D0B7868958E1987D7B7819EB85C5B05FB1CD0448

6 Digital Signature Mechanisms - 107 - 6.4 Example

Card Payment Protocols Security Version 2.1

2764
2765 This RSA key is authenticated by a certificate authority with the following information:
Certificate Information Value
serialNumber 2ABC 40F4 D482 F5EB C975
Issuer
Country Name BE
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocols Test CA
Validity
notBefore 20130418100646+0100
notAfter 20181001182005+0100
Subject
Country Name FR
Organisation Name EPASOrg
Organisation Unit Name Technical Center of Expertise
Common Name EPAS Protocol Test Host Authentication
Extensions
keyUsage DigitalSign

2766
2767 The dump of the X.509 certificate is:
2768 0000 30 82 05 23 30 82 03 0B A0 03 02 01 02 02 0A 2A |0..#0..........*|
2769 0010 BC 40 F4 D4 82 F5 EB C9 75 30 0D 06 09 2A 86 48 |[email protected]...*.H|
2770 0020 86 F7 0D 01 01 0B 05 00 30 68 31 0B 30 09 06 03 |........0h1.0...|
2771 0030 55 04 06 13 02 42 45 31 10 30 0E 06 03 55 04 0A |U....BE1.0...U..|
2772 0040 13 07 45 50 41 53 4F 72 67 31 26 30 24 06 03 55 |..EPASOrg1&0$..U|
2773 0050 04 0B 13 1D 54 65 63 68 6E 69 63 61 6C 20 43 65 |....Technical Ce|
2774 0060 6E 74 65 72 20 6F 66 20 45 78 70 65 72 74 69 73 |nter of Expertis|
2775 0070 65 31 1F 30 1D 06 03 55 04 03 13 16 45 50 41 53 |e1.0...U....EPAS|
2776 0080 20 50 72 6F 74 6F 63 6F 6C 73 20 54 65 73 74 20 | Protocols Test |
2777 0090 43 41 30 2A 17 13 32 30 31 33 30 34 31 38 31 30 |CA0*..2013041810|
2778 00A0 31 38 32 33 2B 30 31 30 30 17 13 32 30 31 38 31 |1823+0100..20181|
2779 00B0 30 30 31 31 38 32 30 30 35 2B 30 31 30 30 30 78 |001182005+01000x|
2780 00C0 31 0B 30 09 06 03 55 04 06 13 02 46 52 31 10 30 |1.0...U....FR1.0|
2781 00D0 0E 06 03 55 04 0A 13 07 45 50 41 53 4F 72 67 31 |...U....EPASOrg1|
2782 00E0 26 30 24 06 03 55 04 0B 13 1D 54 65 63 68 6E 69 |&0$..U....Techni|
2783 00F0 63 61 6C 20 43 65 6E 74 65 72 20 6F 66 20 45 78 |cal Center of Ex|
2784 0100 70 65 72 74 69 73 65 31 2F 30 2D 06 03 55 04 03 |pertise1/0-..U..|
2785 0110 13 26 45 50 41 53 20 50 72 6F 74 6F 63 6F 6C 20 |.&EPAS Protocol |
2786 0120 54 65 73 74 20 48 6F 73 74 20 4B 65 79 20 45 6E |Test Host Key En|
2787 0130 63 72 79 70 74 69 6F 6E 30 82 01 A2 30 0D 06 09 |cryption0...0...|
2788 0140 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 8F 00 |*.H.............|
2789 0150 30 82 01 8A 02 82 01 81 00 D7 2C CF 63 FB 2F 86 |0.........,.c./.|
2790 0160 6A 18 F2 19 DC 91 93 16 49 5F F6 6C 90 6F 90 4D |j.......I_.l.o.M|
2791 0170 7B 26 65 25 C3 7F AB E7 D4 ED 99 EA 04 24 33 6D |{&e%.........$3m|
2792 0180 99 B0 B7 97 9D E1 76 4E 7C D1 6B 64 B9 BA 95 46 |......vN|.kd...F|
2793 0190 10 BC AC BB 6C FD A4 CB 90 6A A7 5B ED 58 B9 A0 |....l....j.[.X..|
2794 01A0 03 71 52 54 1E B1 DC 3D D0 B6 21 4E B3 1B E9 7A |.qRT...=..!N...z|
2795 01B0 4F 91 07 34 12 DE 04 22 16 FA 8F 82 6D 24 C7 F2 |O..4..."....m$..|
2796 01C0 D3 05 D4 BF 63 46 5B F8 99 DC 6F 07 3F F6 AA 33 |....cF[...o.?..3|
2797 01D0 8E A4 4D B6 BE 51 A6 35 8C AA 3C CB 85 28 E5 8B |..M..Q.5..<..(..|
2798 01E0 55 54 0E D2 23 25 23 33 33 D3 D6 D2 B8 2E D7 A5 |UT..#%#33.......|
2799 01F0 8D 49 9F 44 5F F8 35 C3 EB D5 B5 15 37 9A 7C 2B |.I.D_.5.....7.|+|
2800 0200 5B 41 D3 5F 3D FD 5A 1A 2D 61 49 10 38 FD D1 9E |[A._=.Z.-aI.8...|
2801 0210 18 EF 67 8F D7 94 87 2A CC 8B 81 29 AF A0 D0 2F |..g....*...).../|
2802 0220 CD 6E 4A DE 91 84 D5 FE C2 38 64 41 29 3B 16 BB |.nJ......8dA);..|
2803 0230 76 B8 E2 E4 F8 E8 02 76 36 68 55 A8 80 E0 EF AC |v......v6hU.....|
2804 0240 44 9E 76 12 4C 4B F7 FF 2B A1 5E 67 4B 62 A5 63 |D.v.LK..+.^gKb.c|

6 Digital Signature Mechanisms - 108 - 6.4 Example

Card Payment Protocols Security Version 2.1

2805 0250 7D 26 60 0A A3 A0 13 E1 53 0E 11 F4 BF 98 4E 53 |}&`.....S.....NS|

2806 0260 3F 52 0A 2E 74 BD 82 6D D5 07 C2 83 D2 F5 63 C2 |?R..t..m......c.|
2807 0270 28 48 E0 5D 84 D2 B7 D2 22 1F 4B 63 B5 67 97 E6 |(H.]....".Kc.g..|
2808 0280 AF B4 25 D5 67 E5 F9 16 E3 AB 4E 2C 48 6E C8 14 |..%.g.....N,Hn..|
2809 0290 89 46 9C 17 DA 2D FA F7 AB 49 6E E7 C2 4E 43 95 |.F...-...In..NC.|
2810 02A0 1F FE 28 00 6B FF 96 E2 D1 58 38 AC 72 52 F3 D4 |..(.k....X8.rR..|
2811 02B0 5E 8F EB EF 0F 7E EF 97 4F FE 0A 38 C3 89 26 CF |^....~..O..8..&.|
2812 02C0 A0 68 31 98 CA 8F D0 8C 8B 24 27 B9 1A 0B 16 F7 |.h1......$'.....|
2813 02D0 9A 71 86 DE 7D AB 9D FF 3D 02 03 01 00 01 A3 33 |.q..}...=......3|
2814 02E0 30 31 30 0E 06 03 55 1D 0F 01 01 00 04 04 03 02 |010...U.........|
2815 02F0 05 80 30 1F 06 03 55 1D 23 04 18 30 16 80 14 A0 |..0...U.#..0....|
2816 0300 6F 83 79 EF C4 EB 3C 73 78 4C A4 98 E5 18 4E E0 |o.y...<sxL....N.|
2817 0310 50 D9 AC 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B |P..0...*.H......|
2818 0320 05 00 03 82 02 01 00 56 E4 8B D5 EE 2A 4F F4 E0 |.......V....*O..|
2819 0330 8B 65 72 D2 6B F9 75 F2 1D 56 7F 30 74 56 E3 17 |.er.k.u..V.0tV..|
2820 0340 5A 91 DD C5 27 6D C1 DD 1F C6 3B EC C4 23 DF 89 |Z...'m....;..#..|
2821 0350 68 E9 59 63 9B 7A F0 3E 65 FD 03 9A D6 97 76 47 |h.Yc.z.>e.....vG|
2822 0360 66 11 D7 24 C2 14 31 20 4C B6 D3 CC 7C A8 C4 24 |f..$..1 L...|..$|
2823 0370 ED 9E AF 46 F4 F6 83 C2 32 9E 3B 93 73 7C A2 3A |...F....2.;.s|.:|
2824 0380 34 84 58 C7 57 7C DE 55 83 34 EC F7 7F 4D B2 17 |4.X.W|.U.4...M..|
2825 0390 49 99 5A 16 4C DD 2F AA 77 57 3C 85 93 90 53 DA |I.Z.L./.wW<...S.|
2826 03A0 C9 96 0E F1 CE A7 C3 4E 17 F1 EF 8D 88 66 0A 50 |.......N.....f.P|
2827 03B0 7C 65 3E 97 B4 FB 7B 6B B2 E4 9A 84 78 69 D7 9A ||e>...{k....xi..|
2828 03C0 E6 33 E3 45 6C 40 7C 06 73 72 14 9D C2 26 40 85 |.3.El@|.sr...&@.|
2829 03D0 FA 30 58 2C 2B C8 E7 02 22 2F C4 03 BC A5 FA A8 |.0X,+..."/......|
2830 03E0 AC 91 A5 54 4E 97 A0 49 65 0C ED 55 D2 D8 F7 A9 |...TN..Ie..U....|
2831 03F0 7A 13 4E 8B 05 0E 93 42 C6 57 09 4E A5 A6 E6 7B |z.N....B.W.N...{|
2832 0400 23 FE 83 62 0E 96 CF 5A 4B 50 54 34 9E 08 B1 BD |#..b...ZKPT4....|
2833 0410 2B 3E 71 7F 3E B2 87 E5 6B 18 49 47 EB BA A6 47 |+>q.>...k.IG...G|
2834 0420 C8 26 E2 F2 26 C9 7C 55 D9 9A 7A 18 25 A4 95 D1 |.&..&.|U..z.%...|
2835 0430 E5 1C 56 61 85 5F 83 1B CC 9F D5 B1 A9 0F AE 57 |..Va._.........W|
2836 0440 78 79 C9 CA 39 96 F0 A1 A8 5F D2 66 E2 C2 71 63 |xy..9...._.f..qc|
2837 0450 A8 5B 5B 92 71 F9 36 91 9E 1B B1 99 E0 54 A8 65 |.[[.q.6......T.e|
2838 0460 E0 13 93 18 6C 1F 86 D7 DB E5 C7 58 FE DB 87 0E |....l......X....|
2839 0470 11 49 9C EF 53 24 21 3D 11 66 AE 48 6A 3B 28 98 |.I..S$!=.f.Hj;(.|
2840 0480 A7 D9 33 FD 65 AB EF 5F 66 A5 5E C0 CE 47 AB 4B |..3.e.._f.^..G.K|
2841 0490 85 E6 54 CF 27 AA B6 90 AA 47 CE CE 45 99 CD 75 |..T.'....G..E..u|
2842 04A0 28 44 86 AF ED 1F 3D 40 1C 30 59 5E FE E6 A8 A5 |([email protected]^....|
2843 04B0 FE 59 36 BB B2 59 E1 AB E5 A6 56 B1 57 E2 AD F3 |.Y6..Y....V.W...|
2844 04C0 5D 9A E5 6C 94 79 31 79 B0 DE 0C 74 05 33 5F 61 |]..l.y1y...t.3_a|
2845 04D0 85 8B 19 60 89 FB 90 8A 45 C1 82 3B D8 8A D3 7D |...`....E..;...}|
2846 04E0 A6 58 72 62 3E 60 94 97 7F 86 9C 12 F7 5F FD F5 |.Xrb>`......._..|
2847 04F0 A8 52 7C 8C 9A 01 6F 3A B6 8E 9D D9 43 40 A8 88 |.R|...o:....C@..|
2848 0500 BF 45 1C 6D 98 96 54 1A 02 E6 5F 11 5D 87 47 E5 |.E.m..T..._.].G.|
2849 0510 BE 45 A1 C6 13 CE F0 C3 86 F0 23 A7 C4 00 7A F0 |.E........#...z.|
2850 0520 64 3E 82 79 CE E9 CF |d>.y... |
2851
2852

6 Digital Signature Mechanisms - 109 - 6.4 Example

Card Payment Protocols Security Version 2.1

2853 The RSA key of the certificate authority signing this X.509 certificate has a key length of 4096 bits with
2854 the components dumped below:
RSA Key Component Value
Modulus A97F45122196E7353C89C240F5D163CF7B9B6A0899440C3D3F3C431BF898BFDE
121407E57E4B6EA2A85E52742659E05087CBC69E2EF6A301B9000A9DA4216951
B793B70B3D27EA9BD6E80584929C55AA5D315CF691F789E677E52105065CC79C
20C58384DF934640A80E7F970088650663610B80B478B17E5863B910332C89DF
3F1FEE47E8A96E9A413CD69410693FECBA0388D2DDB4B6B33341CF9D523AC561
729C5854512EDE984AEB1D937E3C8F74F527FFEFE710CBD2A6819CA0A3C8C7CB
C237E1B60A66D790E5DFFCE5EF1B8BA241E284FBF32345AC74D179382DA7D714
E63CE04084FD904C3AAE0CAC44CCB17A4DFB4B5917971BE12B24FBC17E1E20DD
DC363E45D1659C80D5FF087C51FBED5846C43C0D3580C1C7E8BE91629FDE96F7
A5E531E0166AFE88CC3AFE4EB642F9E51F02E007CB482B4E91D588965F53C73D
8CA2A2D4F7A8663F492CB1623906417A553C9D4DFB2CF55CE6290956C5E80009
7F0E8C974E879BCB981977377FA6A3750DBF478F57C0C7338F45BA83F54670E3
5DDBAC4E30665338A75C0D61DF6918721E885054C85BC3CACD2206468C8A84BB
8B3432CE2D8B2F46B3E25124E956E401AA4194066C01ADC9E633DD2BFE794C87
10F3B94766986465135B8B395F832166A17F9E7EDD8DCB0D19125307CC32B76B
7009113A1BD91C5A2815E0A5A533B8A6ABFC47F0D11A668A2791E9F2F6088A5D
Public Exponent 010001
Private Exponent 2329168FF34DD57A92AB55139AAAAC14CF6466F38FAFB1064786DDB900B1D723
5F06AEB8A9A1463B11C8373C86F41FF734A44DF8646F9F52ED28980B299010C3
F5DBFB9DA63B108CF160C23C45198F1FBF234D508CE917BF2A61EA9E9B3A45E2
1A5E3EB1229BEF77DC24DDCCDA3C7110892F096ED28132F8ADA74A2D9520091D
B97F8B33798D2437758F044844BB409A7FDFD9D33C508F91CEF138FB3EA2986D
65940F32B6808D86740C1FDF87D1524505D21D628BC14D36CE79969F303AA74F
9A63733C0B1E585B63843A770C49DF86723A6631C9B7286DE4F1CB3E9F21F119
11C5D1133143545AABD58D2573442F10DAFA651FFF27C68DC8206CE52F9F5A5B
B51BEDC9E488312A3B6FEB3C3F216C06B1DEAC0EEFBF0923146338A642D98136
45AD19BA6F057946FB7DD6C590E232ED8B7B41431D6970362F0D4DBCBD9B24E7
4C3B3339B312D350DF8CB61DED711FCDC184F06FB9D8F89E68BAC2ABBFADDF52
88946DE053723075CD4F429B413D7FD870A104145A6ACE893A20258864FAD2A8
6A1F5AD252269AF71283593929304F86D9720A43161E26ABA6B19E9E870B1B39
952B6D97EAA88904F8D5D33BC00C87AC207D30EB07FC90FC5EA1423AA7AED534
30DAA12A68E5FA78CC42336D34273F6530BFA098085990EA2A12252E68B5E166
67086DB85B22FF747ECC0AA74F3687A9C058ABF9B891CE423FDE410D6E3CE121
Prime 1 C68BEBAFB00F0A1B7150AB24BDFC6E9ACCB413951857EEF62EC81D78B7F4E432
CF653F969F81F6C26FB6ACC300302F583853C654B823E48EA617540F2EAE10A9
D46C005A539F270AFC86E8A1FDA9B66960B5C4B6D1746F5B616A6B90D8B1E822
C3AF0ED1097550D87B55C5B6651CBFE769A16051FAA4F416DEECBA79FD9252BC
D99694FEA3981A50E329ECB367988A5FAEEB7C81FDAD8276B11CFC3AD0A85E65
53AB5D661EFA4D26A30157BD9FEA3428EB452F20D33525B2A9151BF542885B38
BF2FDAFA3CD3C3B48754822A5EF648D91A4CB3F98BCD222CC1497CB530A91B29
F1C52ED3F3242E1D6AB0A790708A3CB96D6DD718A7F1B4579EE6D0941DC06CE5
Prime 2 DA8B67A93CB27D2F5B7D2F86454FD2A57D20258058B3AE74999665E03C8A95A4
739D338B1312AD7E39EDBECADB3151A5172D198ABA2D1D6C88DFBA3462D52805
ADCF44070423098B0DC7D12CC767109860B1D1674F37CA2A3E03A425A76ECAB5
2737392460DB0221E90E099F02623FC93631E34C146B8DBD7367C0365C329704
C6D2304E0B4A8519737162556E0D36952D24A830DC8BDB1EDE7062C0DA000C26
44653F9F6043452EC676F51E3CF8EC2AC4B9249630CE522E2E754D5A0629612D
5D7180EBA39802E9DA665C6EA661A8483AB688D5B525B2EB0521BFF5E37211FA
7E882FE3F2FA109CC53800A902296BA6E4C3CCDC84E8EBAAB9EB59A03CCFC819
Exponent 1 9D26A8D1319865D69CD54DF1521358F45BEC78C77D3234A95513FE07CC0B2108
7A91D847FF4EDE22BE4BA7E8DCE046C91C246B0A2989F7615563879C50C563D9
1892B7A0C72964BCD46E6FF9B00EC19C1CF9228FD5AFC4685EEDDDE0133495D9
D66B5C5DE68F9E030B74337F0FFF36821360B11D923738205628A7DCE0F10D5D
FF17AA2CF70DF05E6FBF8263EA2E99EFEC42E614F9D6793A3B2C0715028D11D2
3FEC968BBB1F412BC0BFD253FC1C6356B409D9A8B0A413879B3F6316B8A7B714
6E77916A99F4BFA5C7AC032F4864C5FA594FB6F0615067A96700249E41BAC80E
66183DDD734902DB33D4497D1126C9B3B742C68AF47B62D42BA8E415288B6365

6 Digital Signature Mechanisms - 110 - 6.4 Example

Card Payment Protocols Security Version 2.1

6 Digital Signature Mechanisms - 111 - 6.4 Example

Card Payment Protocols Security Version 2.1

2857 6.4.2 Message Body to Sign

2858
2859 As example of message body to compute a digital signature example, we will use the
2860 ManagementPlanReplacement message of the TMS protocol, with the XML/Schema encoding of the
2861 ISO 20022 catm.002.001.02 message.
2862
2863 As input of the ManagementPlanReplacement digital signature, the XML encoded body
2864 ManagementPlan of the message is:
2865
2866 <MgmtPlan>
2867 <POIId>
2868 <Id>66000001</Id>
2869 <Tp>OPOI</Tp>
2870 <Issr>TMGT</Issr>
2871 </POIId>
2872 <TermnlMgrId>
2873 <Id>epas-acquirer-TM1</Id>
2874 <Tp>TMGT</Tp>
2875 </TermnlMgrId>
2876 <DataSet>
2877 <Id>
2878 <Tp>AQPR</Tp>
2879 <CreDtTm>2013-04-18T10:52:27.95+02:00</CreDtTm>
2880 </Id>
2881 <Cntt>
2882 <Actn>
2883 <Tp>DWNL</Tp>
2884 <Adr>
2885 <PmryAdr>TM1.Test.EPASOrg.eu</PmryAdr>
2886 <PmryPortNb>5001</PmryPortNb>
2887 </Adr>
2888 <DataSetId>
2889 <Tp>MGTP</Tp>
2890 </DataSetId>
2891 <Trggr>DATE</Trggr>
2892 <TmCond>
2893 <StartTm>2013-04-24T22:45:00</StartTm>
2894 <Prd>10000</Prd>
2895 <ReTry>
2896 <Dely>10</Dely>
2897 <MaxNb>2</MaxNb>
2898 </ReTry>
2899 </TmCond>
2900 </Actn>
2901 </Cntt>
2902 </DataSet>
2903 </MgmtPlan>
2904
2905

6 Digital Signature Mechanisms - 112 - 6.4 Example

Card Payment Protocols Security Version 2.1

2942
2943
2944

6 Digital Signature Mechanisms - 113 - 6.4 Example

Card Payment Protocols Security Version 2.1

2945 6.4.3 SHA-256 with RSA

2946
2947 The SHA256 digest of the ManagementPlanReplacement message body is:
2948 0000 C3 61 49 C6 87 19 B1 CC 56 8E 25 69 26 ED 8D 81 |.aI.....V.%i&...|
2949 0010 CE 66 90 6B 44 BE 43 9D BA 97 3B 63 8E 6D 45 35 |.f.kD.C...;c.mE5|

2950
2951 Applying the padding process, the block result is dumped below:
2952 0000 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2953 0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2954 0020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2955 0030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2956 0040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2957 0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2958 0060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2959 0070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2960 0080 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2961 0090 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2962 00A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2963 00B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2964 00C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2965 00D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2966 00E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2967 00F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2968 0100 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2969 0110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2970 0120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2971 0130 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF |................|
2972 0140 FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 |.............010|
2973 0150 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 |...`.H.e....... |
2974 0160 C3 61 49 C6 87 19 B1 CC 56 8E 25 69 26 ED 8D 81 |.aI.....V.%i&...|
2975 0170 CE 66 90 6B 44 BE 43 9D BA 97 3B 63 8E 6D 45 35 |.f.kD.C...;c.mE5|
2976
2977 After encryption by the RSA signing private key, we have the digital signature of the
2978 ManagementPlanReplacement message body:
2979 0000 A7 86 B8 7F 27 5D 3C 75 C1 C4 FF 76 C4 63 70 5D | ']<u v cp]|
2980 0010 17 BD 77 1A 1A AB 95 95 7A 87 41 6C 0F 2B 91 34 | w z Al + 4|
2981 0020 3D 8C CF E7 C6 2C E2 E0 0F 9E 75 B2 F1 8D 7F 1A |= , u |
2982 0030 7D 16 46 E0 44 16 E2 C9 9C C5 3B 0D 0C 37 E4 0D |} F D ; 7 |
2983 0040 D0 53 36 42 77 65 8F 82 C3 DA 93 7D 4F 6E 51 36 | S6Bwe }OnQ6|
2984 0050 A7 F0 2F 1B E1 54 B1 9C 60 19 96 83 0C A7 C6 B2 | / T ` |
2985 0060 EA 1A DF 5F 69 21 A2 B5 96 AC 90 D0 FB DC 04 EF | _i! |
2986 0070 24 C2 C8 AA CE B9 66 78 AF 3A E8 A8 1A F9 0F 04 |$ fx : |
2987 0080 DE 7D 00 CA 0A 20 06 55 19 5A 48 78 74 8A 89 B4 | } U ZHxt |
2988 0090 1F 74 86 8D F1 EF 8E F9 0A 3E 89 26 45 F1 D4 F0 | t > &E |
2989 00A0 46 91 E9 C4 65 40 28 8B 2A 29 4C F2 39 65 20 61 |F e@( *)L 9e a|
2990 00B0 29 26 09 67 E4 41 65 B8 81 30 65 AC 18 38 12 01 |)& g Ae 0e 8 |
2991 00C0 4E 13 BB BE 8E F9 5D 34 12 43 70 7E F3 76 28 C7 |N ]4 Cp~ v( |
2992 00D0 84 CD C0 F2 1C F5 CB 29 B9 C4 89 B3 CC 98 5B 25 | ) [%|
2993 00E0 D2 7C DB 5C 95 A8 27 FD E5 A5 DA 20 70 4E 04 C1 | | \ ' pN |
2994 00F0 70 66 45 01 31 9C C2 C4 44 D0 F8 9E 8C 7C F8 96 |pfE 1 D | |
2995 0100 EE D1 5F 5B C8 35 ED 3A 9F B8 F3 73 9D 96 1B F8 | _[ 5 : s |
2996 0110 28 CE BF EA F1 BD 40 95 D0 F5 F7 00 B7 6F 68 1A |( @ oh |
2997 0120 D7 A3 C6 46 76 9F 61 15 A1 6F 4C F1 B7 7B 2A BA | Fv a oL {* |
2998 0130 EB 49 BB 0C 0D A1 EB 0F 48 C3 32 05 F4 97 95 FC | I H 2 |
2999 0140 9E 74 6C 72 44 C4 1F 01 9D F3 B2 C0 7F EF 19 21 | tlrD !|
3000 0150 BE A1 4C 81 6C 6A 55 A0 F4 C6 1F 0B DA 83 3D 01 | L ljU = |
3001 0160 8D 54 36 08 74 CF 1C 1D 32 7C 33 18 31 19 4D 4D | T6 t 2|3 1 MM|
3002 0170 82 83 AF 9A 2B AC 1E 63 ED 48 03 0B 32 4D 10 CB | + c H 2M |
3003
3004

6 Digital Signature Mechanisms - 114 - 6.4 Example

Card Payment Protocols Security Version 2.1

3005
3006 Inside the SecurityTrailer, the SignedData CMS data structure is presented in the table below:
Message Item Value
SecurityTrailer
SignedData
ContentType SignedData
DigestAlgorithm
Algorithm SHA256
EncapsulatedContent
ContentType PlainData
Certificate 308204FF308202E7A003020102020A2ABC40F4D482F5EBC975300D06092A8648
86F70D01010B05003068310B300906035504060C0242453110300E060355040A
0C07455041534F726731263024060355040B0C1D546563686E6963616C204365
6E746572206F6620457870657274697365311F301D06035504030C1645504153
2050726F746F636F6C732054657374204341302A181332303133303431383130
303634362B30313030181332303138313030313138323030352B303130303078
310B300906035504060C0246523110300E060355040A0C07455041534F726731
263024060355040B0C1D546563686E6963616C2043656E746572206F66204578
70657274697365312F302D06035504030C26455041532050726F746F636F6C20
5465737420486F73742041757468656E7469636174696F6E308201A2300D0609
2A864886F70D01010105000382018F003082018A0282018100BD095898F981BA
F42BE20E19339B396C59626690BDF396D20C503CA57C688AF41E50552CF1B9DD
C4116209DD00C26B673F7EDEE7D0CA6DC2DAA9FF2F8C3A860B8F835AE60D9E05
7EDDF1625FAC55A102837FC1C7EF8C0A6C137C5973972ABC40F4D482F5EBC975
4F964B6EECEDBE66DB62AD0DA7B38E05917562E899DF717D27457693B41E7BF2
CBA98855AE2C97DE4B48FD812A520D6D356010F6E8355EC98DBA3047F2C0CDCD
9BE655277F3ED69A788DD80A6A12BCA3D4C7F08662B99D3F70A9548D7804B5E4
A2913A3EC02525BE639ED7D9B986556C5932675642FCC4E659D828A94C5544AE
BBC5446EE6B96A04A0185470296DFC2FFBA73D4074930968DD810E43D574DD7B
E664899DA6E48EB4B3B590E2CAA97C75015C735093AD62E3FD791AB5718F1FA1
9673EBAF7ABF3CCD732F31D397FCE790869D2A682DF2324514181CCE1CDB4E7A
4036DABAC26276EE0A3A2D2BE04FB52E58128FF4086C7417CDECE75B18783DFA
2C05D4A51899307FDCC4A00701300D73B45FFD52E396758CC50203010001A30F
300D300B0603551D0F040403020780300D06092A864886F70D01010B05000382
0201007604AD896554B8D71E07076970E14C3F42E6638B758E50C305C3E1DD8A
BC3ECA02150AF5101D36814638150E4FA73E5D92E579983B498BDA29FBE9CE14
A793F12F5FB08961B73DC1C83FB37467B2C5BAFFF61CF61B793638EA21E3418B
CAB5C71EBA2025230CECF6A0B9893013F7F5B4E66419A60455CC90C5FEF596B7
6FA914F35ADFE088E1525B34E1C3F1192BF81D59FF67F311A1F7E614E9332F9C
6CEA0DDB9F0C0EEB5708AC2DB20F017F06079A1B7C03254F25BBA13E214185A0
567AAC722003504888AB4A9F5ACFD0C3ACD4D4C3C3A75D830B96B1792077DD6F
F00C6FDA53CCB1FA6A2FF1C856F7798BF83132F623840FB212E710C6FE505AC6
45380383E5EBA7ECCF08E22622CCD8748DD04CD6ECDA3508D83A4DEBA96D0523
DB8764395EDAB59A424217805BD8D715F401D5442727B06D07CBC2D605E0CA4E
47F7527A3E300EA69675EB77714598971B2653DD0B734043365FAFA45909314A
85FFB46BA34F88B228E99D53739D3F00E78D3CEADEE736DAAE115CE50AC10EBF
B0AC5871244BBA0711071B1E40FA1CC60E1258D6D49788F723B14E04F48D5889
8261C37398B5510DC47F5C5EF6D7D27B0C80F2876F2B02571C8BACE29174221B
DCB5647042B4B67DF7D131E9324670CB64D2E1B15977D651FCA48FEF628EA2B1
37A9236FEB7C34E19D8FDF437C8408A56CE062B2CC435D85EC65A25D8B41B512
067CAB
Signer
SignerIdentification
IssuerAnd-
SerialNumber
Issuer

6 Digital Signature Mechanisms - 115 - 6.4 Example

Card Payment Protocols Security Version 2.1

RelativeDistin-
guishedName
AttributeType CountryName
AttributeValue BE
RelativeDistin-
guishedName
AttributeType OrganisationName
AttributeValue EPASOrg
RelativeDistin-
guishedName
AttributeType OrganisationUnitName
AttributeValue Technical Center of Expertise
RelativeDistin-
guishedName
AttributeType CommonName
AttributeValue EPAS Protocols Test CA
SerialNumber 2ABC40F4D482F5EBC975
DigestAlgorithm
Algorithm SHA256
SignatureAlgorithm
Algorithm SHA256WithRSA
Signature A786B87F275D3C75C1C4FF76C463705D17BD771A1AAB95957A87416C0F2B9134
3D8CCFE7C62CE2E00F9E75B2F18D7F1A7D1646E04416E2C99CC53B0D0C37E40D
D053364277658F82C3DA937D4F6E5136A7F02F1BE154B19C601996830CA7C6B2
EA1ADF5F6921A2B596AC90D0FBDC04EF24C2C8AACEB96678AF3AE8A81AF90F04
DE7D00CA0A200655195A4878748A89B41F74868DF1EF8EF90A3E892645F1D4F0
4691E9C46540288B2A294CF23965206129260967E44165B8813065AC18381201
4E13BBBE8EF95D341243707EF37628C784CDC0F21CF5CB29B9C489B3CC985B25
D27CDB5C95A827FDE5A5DA20704E04C170664501319CC2C444D0F89E8C7CF896
EED15F5BC835ED3A9FB8F3739D961BF828CEBFEAF1BD4095D0F5F700B76F681A
D7A3C646769F6115A16F4CF1B77B2ABAEB49BB0C0DA1EB0F48C33205F49795FC
9E746C7244C41F019DF3B2C07FEF1921BEA14C816C6A55A0F4C61F0BDA833D01
8D54360874CF1C1D327C331831194D4D8283AF9A2BAC1E63ED48030B324D10CB
3007
3008

6 Digital Signature Mechanisms - 116 - 6.4 Example

Card Payment Protocols Security Version 2.1

3009 The XML encoded structure of the digital signature in the SecurityTrailer with the certificate of the
3010 signer is:
3011 <SctyTrlr>
3012 <CnttTp>SIGN</CnttTp>
3013 <SgndData>
3014 <DgstAlgo>
3015 <Algo>HS25</Algo>
3016 </DgstAlgo>
3017 <NcpsltdCntt>
3018 <CnttTp>DATA</CnttTp>
3019 </NcpsltdCntt>
3020 <Cert>
3021 MIIE/zCCAuegAwIBAgIKKrxA9NSC9evJdTANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGDAJCRTEQMA
3022 4GA1UECgwHRVBBU09yZzEmMCQGA1UECwwdVGVjaG5pY2FsIENlbnRlciBvZiBFeHBlcnRpc2UxHzAd
3023 BgNVBAMMFkVQQVMgUHJvdG9jb2xzIFRlc3QgQ0EwKhgTMjAxMzA0MTgxMDA2NDYrMDEwMBgTMjAxOD
3024 EwMDExODIwMDUrMDEwMDB4MQswCQYDVQQGDAJGUjEQMA4GA1UECgwHRVBBU09yZzEmMCQGA1UECwwd
3025 VGVjaG5pY2FsIENlbnRlciBvZiBFeHBlcnRpc2UxLzAtBgNVBAMMJkVQQVMgUHJvdG9jb2wgVGVzdC
3026 BIb3N0IEF1dGhlbnRpY2F0aW9uMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvQlYmPmB
3027 uvQr4g4ZM5s5bFliZpC985bSDFA8pXxoivQeUFUs8bndxBFiCd0AwmtnP37e59DKbcLaqf8vjDqGC4
3028 +DWuYNngV+3fFiX6xVoQKDf8HH74wKbBN8WXOXKrxA9NSC9evJdU+WS27s7b5m22KtDaezjgWRdWLo
3029 md9xfSdFdpO0Hnvyy6mIVa4sl95LSP2BKlINbTVgEPboNV7JjbowR/LAzc2b5lUnfz7WmniN2ApqEr
3030 yj1MfwhmK5nT9wqVSNeAS15KKROj7AJSW+Y57X2bmGVWxZMmdWQvzE5lnYKKlMVUSuu8VEbua5agSg
3031 GFRwKW38L/unPUB0kwlo3YEOQ9V03XvmZImdpuSOtLO1kOLKqXx1AVxzUJOtYuP9eRq1cY8foZZz66
3032 96vzzNcy8x05f855CGnSpoLfIyRRQYHM4c2056QDbausJidu4KOi0r4E+1LlgSj/QIbHQXzeznWxh4
3033 PfosBdSlGJkwf9zEoAcBMA1ztF/9UuOWdYzFAgMBAAGjDzANMAsGA1UdDwQEAwIHgDANBgkqhkiG9w
3034 0BAQsFAAOCAgEAdgStiWVUuNceBwdpcOFMP0LmY4t1jlDDBcPh3Yq8PsoCFQr1EB02gUY4FQ5Ppz5d
3035 kuV5mDtJi9op++nOFKeT8S9fsIlhtz3ByD+zdGeyxbr/9hz2G3k2OOoh40GLyrXHHrogJSMM7PaguY
3036 kwE/f1tOZkGaYEVcyQxf71lrdvqRTzWt/giOFSWzThw/EZK/gdWf9n8xGh9+YU6TMvnGzqDdufDA7r
3037 VwisLbIPAX8GB5obfAMlTyW7oT4hQYWgVnqsciADUEiIq0qfWs/Qw6zU1MPDp12DC5axeSB33W/wDG
3038 /aU8yx+mov8chW93mL+DEy9iOED7IS5xDG/lBaxkU4A4Pl66fszwjiJiLM2HSN0EzW7No1CNg6Teup
3039 bQUj24dkOV7atZpCQheAW9jXFfQB1UQnJ7BtB8vC1gXgyk5H91J6PjAOppZ163dxRZiXGyZT3QtzQE
3040 M2X6+kWQkxSoX/tGujT4iyKOmdU3OdPwDnjTzq3uc22q4RXOUKwQ6/sKxYcSRLugcRBxseQPocxg4S
3041 WNbUl4j3I7FOBPSNWImCYcNzmLVRDcR/XF7219J7DIDyh28rAlcci6zikXQiG9y1ZHBCtLZ999Ex6T
3042 JGcMtk0uGxWXfWUfykj+9ijqKxN6kjb+t8NOGdj99DfIQIpWzgYrLMQ12F7GWiXYtBtRIGfKs=
3043 </Cert>
3044 <Sgnr>
3045 <SgnrId>
3046 <IssrAndSrlNb>
3047 <RltvDstngshdNm>
3048 <AttrTp>CATT</AttrTp>
3049 <AttrVal>BE</AttrVal>
3050 </RltvDstngshdNm>
3051 <RltvDstngshdNm>
3052 <AttrTp>OATT</AttrTp>
3053 <AttrVal>EPASOrg</AttrVal>
3054 </RltvDstngshdNm>
3055 <RltvDstngshdNm>
3056 <AttrTp>OUAT</AttrTp>
3057 <AttrVal>Technical Center of Expertise</AttrVal>
3058 </RltvDstngshdNm>
3059 <RltvDstngshdNm>
3060 <AttrTp>CNAT</AttrTp>
3061 <AttrVal>EPAS Protocols Test CA</AttrVal>
3062 </RltvDstngshdNm>
3063 <SrlNb>KrxA9NSC9evJdQ==</SrlNb>
3064 </IssrAndSrlNb>
3065 <DgstAlgo>
3066 <Algo>HS25</Algo>
3067 </DgstAlgo>

6 Digital Signature Mechanisms - 117 - 6.4 Example

Card Payment Protocols Security Version 2.1

3068 <SgntrAlgo>
3069 <Algo>ERS2</Algo>
3070 </SgntrAlgo>
3071 <Sgntr>
3072 p4a4fyddPHXBxP92xGNwXRe9dxoaq5WVeodBbA8rkTQ9jM/nxizi4A+edbLxjX8afRZG4EQW4s
3073 mcxTsNDDfkDdBTNkJ3ZY+Cw9qTfU9uUTan8C8b4VSxnGAZloMMp8ay6hrfX2khorWWrJDQ+9wE
3074 7yTCyKrOuWZ4rzroqBr5DwTefQDKCiAGVRlaSHh0iom0H3SGjfHvjvkKPokmRfHU8EaR6cRlQC
3075 iLKilM8jllIGEpJgln5EFluIEwZawYOBIBThO7vo75XTQSQ3B+83Yox4TNwPIc9cspucSJs8yY
3076 WyXSfNtclagn/eWl2iBwTgTBcGZFATGcwsRE0PiejHz4lu7RX1vINe06n7jzc52WG/gozr/q8b
3077 1AldD19wC3b2ga16PGRnafYRWhb0zxt3squutJuwwNoesPSMMyBfSXlfyedGxyRMQfAZ3zssB/
3078 7xkhvqFMgWxqVaD0xh8L2oM9AY1UNgh0zxwdMnwzGDEZTU2Cg6+aK6weY+1IAwsyTRDL
3079 </Sgntr>
3080 </SgnrId>
3081 </Sgnr>
3082 </SgndData>
3083 </SctyTrlr>
3084
3085

6 Digital Signature Mechanisms - 118 - 6.4 Example

Card Payment Protocols Security Version 2.1

6 Digital Signature Mechanisms - 119 - 6.4 Example

Card Payment Protocols Security Version 2.1

3153 0420 49 62 48 51 58 7A 65 7A 6E 57 78 68 34 50 66 6F |IbHQXzeznWxh4Pfo|

6 Digital Signature Mechanisms - 120 - 6.4 Example

Card Payment Protocols Security Version 2.1

3221 0860 74 6E 67 73 68 64 4E 6D 3E 3C 41 74 74 72 54 70 |tngshdNm><AttrTp|

6 Digital Signature Mechanisms - 121 - 6.4 Example

Card Payment Protocols Security Version 2.1

3271

3272 7 Digest Mechanisms

3273

3274 7.1 Introduction

3275 The following message digest algorithms are supported by nexo implementations:
3276 1. SHA1 Message digest algorithm SHA-1 as defined in FIPS 180-2 - (ASN.1 Object Identifier:
3277 id-sha1).
3278 2. SHA256 Message digest algorithm SHA-256 as defined in FIPS 180-2 - (ASN.1 Object
3279 Identifier: id-sha256).
3280 3. SHA384 Message digest algorithm SHA-384 as defined in FIPS 180-2 - (ASN.1 Object
3281 Identifier: id-sha384).
3282 4. SHA512 Message digest algorithm SHA-512 as defined in FIPS 180-2 - (ASN.1 Object
3283 Identifier: id-sha512).
3284

3285 7.2 Resulting CMS Structure

3286 Digest is transported inside the DigestedData alternative of the generic CMS data structure
3287 ContentInformationType.
3288 The DigestedData CMS data structure is detailed in the table below.
SecurityTrailer Mult. Usage
ContentType [1..1] Value "DigestedData"
DigestedData [1..1] Digest computed on identified data.
Version [0..1] default 0
Version of the data structure, current version is 0.
DigestAlgorithm [1..1] Algorithm to compute digest message
Algorithm [1..1] Cryptographic algorithms for the digests. Allowed values:
SHA1 Message digest algorithm SHA-1 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha1).
SHA256 Message digest algorithm SHA-256 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha256).
SHA384 Message digest algorithm SHA-384 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha384).
SHA512 Message digest algorithm SHA-512 as defined in FIPS
180-2 - (ASN.1 Object Identifier: id-sha512).
EncapsulatedContent [1..1] Data to authenticate, Content item is absent as this is a detached
MAC.
ContentType [1..1] Type of digested data. Allowed values:
EnvelopedData: Digested data content is a CMS EnvelopedData
structure.
SignedData: Digested data content is a CMS SignedData
structure.
AuthenticatedData: Digested data content is a CMS
AuthenticatedData structure.
PlainData: Digested application data is not a CMS data
structure.
Content [0..1] Data that have been digested.
Absent if the digest is detached, i.e. if the content to hash is
implicitly in another location of the message.
Digest [1..1] Digest value.

3289
3290

7 Digest Mechanisms - 122 - 7.1 Introduction

Card Payment Protocols Security Version 2.1

3291 7.3 Digest test vectors

3292
3293 The test vectors, given by the RFC 3447, are listed here as a reminder. Only values for message
3294 digest algorithms supported by nexo protocols are presented.
3295
Input SHA-1 Output SHA-256 Output SHA-384 Output SHA-512 Output
Empty DA39A3EE 5E6B4B0D E3B0C442 98FC1C14 38B060A7 51AC9638 CF83E135 7EEFB8BD
message 3255BFEF 95601890 9AFBF4C8 996FB924 4CD9327E B1B1E36A F1542850 D66D8007
“” AFD80709 27AE41E4 649B934C 21FDB711 14BE0743 D620E405 0B5715DC
A495991B 7852B855 4C0CC7BF 63F6E1DA 83F4A921 D36CE9CE
274EDEBF E76F65FB 47D0D13C 5D85F2B0
D51AD2F1 4898B95B FF8318D2 877EEC2F
63B931BD 47417A81
A538327A F927DA3E
“abc” A9993E36 4706816A BA7816BF 8F01CFEA CB00753F 45A35E8B DDAF35A1 93617ABA
BA3E2571 7850C26C 414140DE 5DAE2223 B5A03D69 9AC65007 CC417349 AE204131
9CD0D89D B00361A3 96177A9C 272C32AB 0EDED163 12E6FA4E 89A97EA2
B410FF61 F20015AD 1A8B605A 43FF5BED 0A9EEEE6 4B55D39A
8086072B A1E7CC23 2192992A 274FC1A8
58BAECA1 34C825A7 36BA3C23 A3FEEBBD
454D4423 643CE80E
2A9AC94F A54CA49F
"abcdbcd 84983E44 1C3BD26E 248D6A61 D20638B8
ecdefdefg BAAE4AA1 F95129E5 E5C02693 0C3E6039
efghfghig E54670F1 A33CE459 64FF2167
hijhijkijklj F6ECEDD4 19DB06C1
klmklmnl
mnomnop
nopq"
"abcdefgh 09330C33 F71147E8 8E959B75 DAE313DA
bcdefghic 3D192FC7 82CD1B47 8CF4F728 14FC143F
defghijdef 53111B17 3B3B05D2 8F7779C6 EB9F7FA1
ghijkefghi 2FA08086 E3B0F712 7299AEAD B6889018
jklfghijklm FCC7C71A 557E2DB9 501D289E 4900F7E4
ghijklmnh 66C3E9FA 91746039 331B99DE C4B5433A
ijklmnoijkl C7D329EE B6DD2654
mnopjklm 5E96E55B 874BE909
nopqklmn
opqrlmno
pqrsmnop
qrstnopqr
stu"
3296
3297

7 Digest Mechanisms - 123 - 7.3 Digest test vectors

ANSI_X9.24_3_2017
No ratings yet
ANSI_X9.24_3_2017
83 pages
Payment Technology Standards Manual PDF
No ratings yet
Payment Technology Standards Manual PDF
172 pages
THE LTSPICE XVII SIMULATOR: Commands and Applications
From Everand
THE LTSPICE XVII SIMULATOR: Commands and Applications
Gilles Brocard
5/5 (1)
CAN and FPGA Communication Engineering: Implementation of a CAN Bus based Measurement System on an FPGA Development Kit
From Everand
CAN and FPGA Communication Engineering: Implementation of a CAN Bus based Measurement System on an FPGA Development Kit
Yu Zhu
No ratings yet
Mobile Payments On COTS v1 0 1
No ratings yet
Mobile Payments On COTS v1 0 1
253 pages
InfyTQ Coding Questions Set 1 PDF
67% (3)
InfyTQ Coding Questions Set 1 PDF
39 pages
Prediction of Burnout: An Artificial Neural Network Approach
From Everand
Prediction of Burnout: An Artificial Neural Network Approach
Felix Ladstätter
No ratings yet
Facility Management: Business Process Integration
From Everand
Facility Management: Business Process Integration
Alexander Redlein
No ratings yet
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
From Everand
Securing ChatGPT: Best Practices for Protecting Sensitive Data in AI Language Models
Matthew C. Smith
No ratings yet
Teardowns: Learn How Electronics Work by Taking Them Apart
From Everand
Teardowns: Learn How Electronics Work by Taking Them Apart
Bryan Bergeron
No ratings yet
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Benefits of semantic data models. A study in the European goods transport industry
From Everand
Benefits of semantic data models. A study in the European goods transport industry
Andreas A. Pelekies
No ratings yet
Entering the Brazilian Market: A guide for LEAN Consultants
From Everand
Entering the Brazilian Market: A guide for LEAN Consultants
Kristina Erikson
No ratings yet
Neuromarketing in the B-to-B-Sector: Importance, potential and its implications for Brand Management
From Everand
Neuromarketing in the B-to-B-Sector: Importance, potential and its implications for Brand Management
Friedrich Gentner
No ratings yet
Drafting Purchase Price Adjustment Clauses in M&A: Guarantees, retrospective and future oriented Purchase Price Adjustment Tools
From Everand
Drafting Purchase Price Adjustment Clauses in M&A: Guarantees, retrospective and future oriented Purchase Price Adjustment Tools
Alexander W. Nürk
No ratings yet
Content Creation Revolution with chatGPT
From Everand
Content Creation Revolution with chatGPT
Maria Cowen
No ratings yet
How Useful is the Information Ratio to Evaluate the Performance of Portfolio Managers?
From Everand
How Useful is the Information Ratio to Evaluate the Performance of Portfolio Managers?
Christoph Schneider
No ratings yet
Pollution Prevention: Methodology, Technologies and Practices
From Everand
Pollution Prevention: Methodology, Technologies and Practices
Kenneth L. Mulholland
No ratings yet
Basic Research and Technologies for Two-Stage-to-Orbit Vehicles: Final Report of the Collaborative Research Centres 253, 255 and 259
From Everand
Basic Research and Technologies for Two-Stage-to-Orbit Vehicles: Final Report of the Collaborative Research Centres 253, 255 and 259
Dieter Jacob
No ratings yet
Software Patterns Made Easy
From Everand
Software Patterns Made Easy
Justice Nanhou
No ratings yet
Re-Cording Lives: Governing Asylum in Switzerland and the Need to Resolve
From Everand
Re-Cording Lives: Governing Asylum in Switzerland and the Need to Resolve
Ephraim Pörtner
No ratings yet
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
From Everand
The Linux Terminal for Advanced Users - The Command Line Made Easy: First Edition
Michael Basler
No ratings yet
ChatGPT for Business: Strategies for Success
From Everand
ChatGPT for Business: Strategies for Success
Matthew C. Smith
1/5 (1)
Nuclear Commerce: Its Control Regime and the Non-Proliferation Treaty
From Everand
Nuclear Commerce: Its Control Regime and the Non-Proliferation Treaty
Thomas Berndorfer
No ratings yet
Study on the enterprise growth under the transformation economy environment: Taking China`s first joint-stock enterprise as an example
From Everand
Study on the enterprise growth under the transformation economy environment: Taking China`s first joint-stock enterprise as an example
Wendong Shi
No ratings yet
United under SAP: The process of eliminating information islands for ThyssenKrupp in China (Zhongshan)
From Everand
United under SAP: The process of eliminating information islands for ThyssenKrupp in China (Zhongshan)
Marcel Gundlach
No ratings yet
Zero Lower Bound and Monetary Policy in the Euro Area: Optimal Monetary Policy in a Low Inflation Environment
From Everand
Zero Lower Bound and Monetary Policy in the Euro Area: Optimal Monetary Policy in a Low Inflation Environment
Lars Protze
No ratings yet
Price formation in the cryptocurrency market. A hypotheses driven econometric analysis of cryptocurrency price determinants
From Everand
Price formation in the cryptocurrency market. A hypotheses driven econometric analysis of cryptocurrency price determinants
Lukas M. König
No ratings yet
Open Innovation and Business Success
From Everand
Open Innovation and Business Success
Monika Gawarzynska
No ratings yet
Marketing strategies of Chinese companies: Focus on Germany und Europe
From Everand
Marketing strategies of Chinese companies: Focus on Germany und Europe
Fenghua Tang
No ratings yet
Six Sigma for IT Management
From Everand
Six Sigma for IT Management
Melvin Harteveld
No ratings yet
Cybersecurity for Executives: A Guide to Protecting Your Business
From Everand
Cybersecurity for Executives: A Guide to Protecting Your Business
Matthew C. Smith
No ratings yet
IBM DS8000 Encryption For Data at Rest, Transparent Cloud Tiering and Endpoint Security (DS8000 Release 9.2)
No ratings yet
IBM DS8000 Encryption For Data at Rest, Transparent Cloud Tiering and Endpoint Security (DS8000 Release 9.2)
252 pages
Redp 4500
No ratings yet
Redp 4500
260 pages
Dubinsky i Cryptography for Payment Professionals
No ratings yet
Dubinsky i Cryptography for Payment Professionals
204 pages
Assymetric Publickeyinfra
No ratings yet
Assymetric Publickeyinfra
460 pages
Zos Encryption
No ratings yet
Zos Encryption
274 pages
Bsi TR 02102 1
No ratings yet
Bsi TR 02102 1
88 pages
EMV v4.3 Book2 Security and Key Management 20111130035544327
No ratings yet
EMV v4.3 Book2 Security and Key Management 20111130035544327
174 pages
Crypto
No ratings yet
Crypto
34 pages
Tms Messageusageguide 7.0 Key Downloading
No ratings yet
Tms Messageusageguide 7.0 Key Downloading
198 pages
TR-31_Key_Block_Implementation-Whitepaper-Excrypt
No ratings yet
TR-31_Key_Block_Implementation-Whitepaper-Excrypt
16 pages
nisClassNotes
No ratings yet
nisClassNotes
42 pages
IBM System Storage DS8700 Disk Encryption Redp4500
No ratings yet
IBM System Storage DS8700 Disk Encryption Redp4500
176 pages
Interactive Encryption and Message Authentication: Yevgeniy Dodis and Dario Fiore
No ratings yet
Interactive Encryption and Message Authentication: Yevgeniy Dodis and Dario Fiore
32 pages
TTT PDF
No ratings yet
TTT PDF
28 pages
A Proposal For An ISO Standard For Public Key Encryption (Version 2.1)
No ratings yet
A Proposal For An ISO Standard For Public Key Encryption (Version 2.1)
63 pages
02 - Luna EFT2 Functionality
No ratings yet
02 - Luna EFT2 Functionality
17 pages
Preneel Cryptography Best Practices 2011
No ratings yet
Preneel Cryptography Best Practices 2011
60 pages
Confidential Data Storage and Deletion
No ratings yet
Confidential Data Storage and Deletion
22 pages
(Slides) Authenticated Encryption GCM - CCM
100% (1)
(Slides) Authenticated Encryption GCM - CCM
48 pages
Crug 2009 11 Digital Certificate Quickstart
No ratings yet
Crug 2009 11 Digital Certificate Quickstart
65 pages
Design and Implementation of AES and SHA-256 Cryptography For Securing Multimedia File Over Android Chat Application
No ratings yet
Design and Implementation of AES and SHA-256 Cryptography For Securing Multimedia File Over Android Chat Application
6 pages
VPN Comparison Chart
No ratings yet
VPN Comparison Chart
50 pages
A Comparison of Stream and Block Ciphers
No ratings yet
A Comparison of Stream and Block Ciphers
2 pages
PRISM TSM500i NSS STS6 Datasheet - Sep - 2019 - Digital
0% (1)
PRISM TSM500i NSS STS6 Datasheet - Sep - 2019 - Digital
2 pages
AES Presentation
No ratings yet
AES Presentation
28 pages
Keykeriki v2 Cansec v1.1
No ratings yet
Keykeriki v2 Cansec v1.1
63 pages
Computer Security Module@2022 - 23
No ratings yet
Computer Security Module@2022 - 23
51 pages
Ans Lab Record
100% (3)
Ans Lab Record
26 pages
Secret Key Cryptography
No ratings yet
Secret Key Cryptography
32 pages
Cloud Based Multimedia Content Protection System
No ratings yet
Cloud Based Multimedia Content Protection System
21 pages
Double
No ratings yet
Double
3 pages
5701BHRF20BC Specifications
No ratings yet
5701BHRF20BC Specifications
1 page
Data Encryption Routines For Pic24 and Dspic Devices: Background
No ratings yet
Data Encryption Routines For Pic24 and Dspic Devices: Background
18 pages
CNS
No ratings yet
CNS
26 pages
Chapter One General Introduction
No ratings yet
Chapter One General Introduction
10 pages
Cryptography
No ratings yet
Cryptography
31 pages
Comparative Analysis of AES and RC4 Algorithms For Better Utilization
No ratings yet
Comparative Analysis of AES and RC4 Algorithms For Better Utilization
9 pages
Unit Ii - Block Ciphers & Public Key Cryptography
No ratings yet
Unit Ii - Block Ciphers & Public Key Cryptography
60 pages
Design and Analysis of Cryptographic Algrithm
100% (1)
Design and Analysis of Cryptographic Algrithm
273 pages
Advanced Encryption Standard
No ratings yet
Advanced Encryption Standard
11 pages
A Novel Parity Bit Scheme For Sbox in Aes Circuits: 'L1Dwdoh0/) Orwwhv%5Rx) H/Uh
No ratings yet
A Novel Parity Bit Scheme For Sbox in Aes Circuits: 'L1Dwdoh0/) Orwwhv%5Rx) H/Uh
5 pages
Small Tweaks Do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G/4G USIM Cards
No ratings yet
Small Tweaks Do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G/4G USIM Cards
14 pages
Ch06 Crypto7e
No ratings yet
Ch06 Crypto7e
34 pages
Fortigate FIPS Mode
No ratings yet
Fortigate FIPS Mode
30 pages
Final Ngongwa Nana Grace Report 2024-Edit
No ratings yet
Final Ngongwa Nana Grace Report 2024-Edit
51 pages
C&ns Lab Manual (24-25)
No ratings yet
C&ns Lab Manual (24-25)
45 pages
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA) For Cloud Data Encoding, Encrypting and Forwarding
No ratings yet
Role Based Access Control Model (RBACM) With Efficient Genetic Algorithm (GA) For Cloud Data Encoding, Encrypting and Forwarding
8 pages
IOT Security
No ratings yet
IOT Security
28 pages