Filter
Top Products
CCA Release 2.54 Diversified_Key_Generate
Keyword Meaning
TDES-XOR Note: This option is available starting with Release 2.50.
Specifies that 10 or 18 bytes of clear (not encrypted) data
shall be processed as described at “VISA and EMV-Related
Smart Card Formats and Processes” on page E-17 to create
the generated key. The data variable contains either 8 or 16
bytes of data to be triple-encrypted to which you append a
2-byte Application Transaction Counter value (previously
received from the smart card). The counter value shall be in
a string construct with the high-order counter bit first in the
string.
The key selected by the generating_key_identifier parameter
must specify a DKYGENKY key-type at level-0 (bits 12 to 14
B'000') and indicate permission to create one of several key
types in bits 19 to 22:
B'0001' DDATA, to generate a DATA key
B'0001' DMAC, to generate a MAC key
B'0001' DMV, to generate a MACVER key
B'1000' DMKEY, to generate a SECMSG SMKEY (used
in secure messaging, key encryption, see the
Secure_Messaging_for_Keys verb)
B'1001' DMPIN, to generate a SECMSG SMPIN (used in
secure messaging, PIN encryption, see the
Secure_Messaging_for_PINs verb).
The data_decrypting_key_identifier must identify a null
key-token.
A key token or key-token record identified by the
generated_key_identifier parameter that is not a null
key-token. The token must contain a control vector that
specifies a key type conforming to that specified in
control-vector bits 19-22 for the key-generating key. The
control vector must specify a double-length key.
SESS-XOR Specifies the VISA method for session-key generation, namely
that 8 or 16 bytes of data shall be exclusive-ORed with the
clear value of the session key contained in the key token
specified by the generating_key_identifier parameter. If the
generating_key_identifier parameter specifies a single-length
key, then 8 bytes of data are exclusive-ORed. If the
generating_key_identifier parameter specifies a double-length
key, then 16 bytes of data are exclusive-ORed.
The key token specified by the generating_key_identifier
parameter must be of key type DATA, DATAC, MAC, DATAM,
MACVER, or DATAMV.
The key identified by the data_decrypting_key_identifier must
identify a null key-token.
On input, the token identified by the generated_key_identifier
parameter must identify a null key-token. The control vector
contained in the output key token identified by the
generated_key_identifier parameter will be the same as the
control vector contained in the key token specified by the
generating_key_identifier parameter.
Chapter 5. DES Key-Management 5-39