← Back to Home

🔑 Key Management Tools

Cryptographic Key Generation, Derivation, and Management Utilities

⚠️ Security Warning: This is an educational tool. Never use production keys in any online tool. All calculations are performed locally in your browser.

DUKPT Key Derivation

What is DUKPT?

Derived Unique Key Per Transaction (DUKPT) is a key management scheme used in financial applications where a unique key is derived for each transaction. It's commonly used in PIN pad devices and payment terminals to protect cardholder data.

Base Derivation Key (BDK) Input

Example: 0123456789ABCDEFFEDCBA9876543210
Example: FFFF9876543210E00000

DUKPT Key Structure

Key Serial Number (KSN) Format - 10 bytes (80 bits)

Bytes Bits Field Description
0-2 24 IIN/BIN Issuer Identification Number (Key Set ID high order)
3-4 16 Device ID Unique device identifier (Key Set ID low order)
5-9 40 Transaction Counter 21-bit counter (0x00000 to 0xFFFFF) + encryption register

DUKPT Key Hierarchy

Base Derivation Key (BDK)

Master key stored securely in HSM

Initial PIN Encryption Key (IPEK)

Derived: IPEK = 3DES(BDK, KSN[0:7])

Future Keys (FK)

Derived through BlackBox algorithm using transaction counter

Session Key

XOR with key variant mask for specific use (PIN, MAC, Data)

Key Variants (ANSI X9.24-1)

Usage Variant Mask Description
PIN Encryption 0x00000000 00000000 00FF00FF 00FF00FF Used for PIN block encryption
MAC Generation 0x00000000 00000000 FF00FF00 FF00FF00 Used for message authentication
Data Encryption 0x00000000 00000000 FFFFFFFF FFFFFFFF Used for data confidentiality

TR-31 Key Block Format

What is TR-31?

TR-31 (also known as ANSI X9.143) is a standard for symmetric key exchange using a key block format. It provides a secure method to protect cryptographic keys during distribution and storage. TR-31 is widely used in payment systems for key injection and key exchange.

Create TR-31 Key Block

The key used to encrypt the key block
The cryptographic key to be protected
Optional: 2 hex digits (00-FF)
Optional: Additional data formatted as TLV blocks

TR-31 Key Block Structure

Key Block Format (Version D)

D[Length][Key Usage][Algorithm][Mode of Use][Key Version][Exportability][Opt Blocks Len][Reserved][Optional Blocks][Encrypted Key][MAC]
Field Length Description
Version ID 1 char Key block version (A, B, C, D, E)
Key Block Length 4 digits Total length of key block in ASCII
Key Usage 2 chars Purpose of the key (P0, D0, M0, etc.)
Algorithm 1 char Cryptographic algorithm (T, A, D, R, E)
Mode of Use 1 char Permitted operations (E, D, B, G, V, etc.)
Key Version Number 2 chars Optional version identifier (00-99, hex)
Exportability 1 char Export restrictions (E, N, S)
Num Optional Blocks 2 digits Number of optional header blocks
Reserved 2 chars Reserved for future use (00)
Optional Blocks Variable TLV formatted optional data
Encrypted Key Data Variable The wrapped key (CBC encrypted, padded)
MAC 8 bytes Message Authentication Code (CMAC or HMAC)

Key Block Versions

Version Key Encryption MAC Status
A TDEA 2-key ECB None Legacy (deprecated)
B TDEA 3-key ECB TDEA CBC MAC Legacy
C TDEA 3-key ECB TDEA CMAC Legacy
D AES Key Wrap (RFC 3394) AES CMAC Current (recommended)
E AES Key Wrap HMAC-SHA256 Current

PIN Block Generation & Encryption

What is a PIN Block?

A PIN block is a formatted and encrypted representation of a customer's Personal Identification Number (PIN). It protects the PIN during transmission and storage in payment systems.

Format PIN Block

4-12 digits (commonly 4 or 6 digits)
Required for ISO-0, ISO-1, ISO-3 formats

PIN Block Format Reference

ISO Format 0 (ISO 9564-1 Format 0)

Most Common Format - Used Worldwide

PIN Block = P || PIN || F... (padding) PAN Block = 0000 || PAN[3:14] Clear PIN Block = PIN Block XOR PAN Block
Step Description Example (PIN=1234, PAN=4111111111111111)
1 Control Field + PIN Length + PIN + Padding 0 4 1234 FFFFFFFFFF → 041234FFFFFFFFFF
2 Extract PAN[3:14] (12 digits, right-aligned) 4111111111111111 → 000011111111111
3 XOR PIN Block with PAN Block 041234FFFFFFFFFF XOR 0000111111111111
4 Result: Clear PIN Block 041225EEEEEEEEEE

Format Structure:

  • Byte 0 (nibble 0): Control field = 0
  • Byte 0 (nibble 1): PIN length (4-12)
  • Bytes 1-6: PIN digits, left-justified
  • Remaining bytes: Padding with 'F'

ISO Format 1 (ISO 9564-1 Format 1)

Enhanced Security - Random Padding

PIN Block = 1 || PIN Length || PIN || Random PAN Block = 0000 || PAN[3:14] Clear PIN Block = PIN Block XOR PAN Block

Key Differences from Format 0:

  • Control field = 1 (instead of 0)
  • Random padding: Uses random hex digits instead of 'F' padding
  • Better security: Random padding prevents pattern analysis
  • Same XOR operation: XORed with PAN block same as Format 0

ISO Format 2 (ISO 9564-1 Format 2)

No PAN Required

PIN Block = 2 || PIN Length || PIN || Random No XOR with PAN - Direct encryption

Characteristics:

  • Control field = 2
  • No PAN dependency: Can be used without PAN
  • Random padding: Remaining bytes filled with random data
  • Less common: Not widely used in payment systems

ISO Format 3 (ISO 9564-1 Format 3)

EMV & Chip Cards

PIN Block = 3 || PIN Length || PIN || Random PAN Block = 3333 || PAN[0:11] Clear PIN Block = PIN Block XOR PAN Block

Key Features:

  • Control field = 3
  • Different PAN extraction: Uses PAN[0:11] instead of PAN[3:14]
  • PAN Block prefix: 0x3333 instead of 0x0000
  • Used in EMV: Common in chip card transactions

ISO Format 4 (ISO 9564-1 Format 4)

AES Encryption (128-bit blocks)

PIN Block = 4 || Reserved || PIN Length || PIN || Padding || MAC 16-byte block for AES encryption

Modern Standard:

  • 16-byte block: Designed for AES encryption
  • Includes MAC: Message Authentication Code for integrity
  • Future standard: Recommended for new implementations
  • Not yet widely deployed

Format Comparison

Format Control PAN Required Padding Usage
ISO-0 0 Yes 0xF Most common, ATMs, POS
ISO-1 1 Yes Random Enhanced security
ISO-2 2 No Random Rarely used
ISO-3 3 Yes Random EMV, chip cards
ISO-4 4 Optional Structured AES, future standard

Security Best Practices:

  • Never store clear PINs: Always encrypt immediately after entry
  • Use strong keys: 3DES (168-bit) or AES (128/192/256-bit)
  • Key management: Store encryption keys in HSMs
  • DUKPT recommended: Use DUKPT for PIN pad devices
  • PCI DSS compliance: Follow PCI PIN Security requirements
  • No clear text transmission: Encrypt at point of entry
  • Secure key exchange: Use TR-31 key blocks for key distribution

Cryptographic Calculators

Educational Crypto Tools

Common cryptographic operations used in payment systems. These tools demonstrate encryption, encoding, and hashing algorithms.

DES / 3DES Encryption/Decryption

⚠️ Note: DES is deprecated for new applications. Use AES for modern systems. 3DES is still used in legacy payment systems.
DES = 8 bytes, 3DES = 16 or 24 bytes
Required for CBC mode
Must be multiple of 16 hex digits (8 bytes for DES/3DES)

Algorithm Comparison

Algorithm Type Key Size Security Speed Usage
DES Symmetric 56-bit ❌ Broken Fast Legacy only
3DES Symmetric 168-bit ⚠️ Weak Slow Legacy payments
AES-128 Symmetric 128-bit ✅ Strong Very Fast General purpose
AES-256 Symmetric 256-bit ✅ Very Strong Fast High security
RSA-2048 Asymmetric 2048-bit ✅ Strong Slow Key exchange, signatures
SHA-256 Hash N/A ✅ Strong Fast Integrity, signatures

Cryptographic Key Generation

⚠️ Important: Keys generated here are for testing purposes only. Production keys must be generated in Hardware Security Modules (HSMs) with proper security controls.

Key Generation Best Practices

Production Requirements:

  • HSM Generation: All production keys must be generated within FIPS 140-2 Level 3 certified HSMs
  • True Random Numbers: Use hardware random number generators (TRNG), not pseudo-random (PRNG)
  • Dual Control: Key generation requires presence of at least two authorized custodians
  • Key Ceremony: Follow documented procedures for key generation events
  • No Clear Text Export: Keys should never leave the HSM in clear text
  • Audit Logging: All key generation events must be logged
  • Backup Keys: Generate backup key components stored separately

DES Parity Bits:

Each byte in a DES key has odd parity (LSB is parity bit). When generating DES/3DES keys:

  • Generate 7 random bits per byte
  • Calculate parity to make odd parity (count of 1's must be odd)
  • Set the LSB to achieve odd parity

Key Check Value (KCV)

What is KCV?

Key Check Value (KCV) is a cryptographic checksum used to verify that a key has been correctly received or entered. It's derived by encrypting a known plaintext (usually zero block) with the key and taking the first 3-6 bytes of the result.

DES: 16 hex digits, 3DES: 32 or 48 hex digits, AES: 32, 48, or 64 hex digits
Default: 0000000000000000 (8 zero bytes for DES/3DES, 16 for AES)

KCV Standards

Common KCV Methods

Method Algorithm Plaintext Length
ANSI X9.24-1 3DES ECB 0000000000000000 3 bytes (6 hex)
Visa CVV/CVC 3DES ECB 0000000000000000 6 bytes (12 hex)
CMAC (AES) AES CMAC 0000...0000 (16 bytes) 4 bytes (8 hex)
Legacy DES DES ECB 0000000000000000 3 bytes (6 hex)

KCV Use Cases:

  • Key Entry Verification: Confirm correct manual key entry
  • Key Component Verification: Verify key components before combination
  • Key Exchange: Confirm key was correctly received after transmission
  • HSM Key Storage: Verify key integrity after storage/retrieval
  • Key Ceremony: Document key values without exposing the actual key

📚 Key Management Reference

Key Types and Usage

Key Type Size Usage Standard
BDK 16/24 bytes DUKPT Base Derivation Key ANSI X9.24-1
IPEK 16/24 bytes Initial PIN Encryption Key ANSI X9.24-1
KEK 16/24/32 bytes Key Encryption Key ANSI X9.24
DEK 16/24/32 bytes Data Encryption Key Various
MAC Key 16/24 bytes Message Authentication ISO 9797
AC Master Key 16/24 bytes EMV Application Cryptogram EMV Book 2
ZMK 16 bytes Zone Master Key Legacy
ZPK 16 bytes Zone PIN Key Legacy

Relevant Standards

ANSI X9.24-1:2017

Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques

  • DUKPT key derivation
  • Key encryption methods
  • KCV calculation
  • Key hierarchy

ANSI X9.143 (TR-31)

Interoperable Secure Key Exchange Key Block Specification

  • Key block format
  • Key wrapping methods
  • Optional header blocks
  • Key usage definitions

PCI PIN Security Requirements

Requirements for secure PIN handling in payment systems

  • Key generation in HSMs
  • Dual control requirements
  • Key lifecycle management
  • DUKPT implementation

FIPS 140-2/140-3

Security Requirements for Cryptographic Modules

  • HSM certification levels
  • Physical security requirements
  • Random number generation
  • Key zeroization

Quick Reference Commands

Common HSM Commands (Thales/SafeNet)

A0 - Generate Key A2 - Generate Key Component BK - Generate DUKPT Key M0 - Generate MAC CA - Translate Key Scheme EE - Encrypt PIN DA - Decrypt PIN KQ - Derive DUKPT Key

Key Injection Process

  1. Generate BDK in HSM under dual control
  2. Export BDK wrapped in TR-31 key block
  3. Transfer key block to device over secure channel
  4. Device unwraps BDK using KBPK
  5. Device derives IPEK from BDK + KSN
  6. Verify with KCV
  7. Zeroize BDK, retain only IPEK