Tools for Payment Device Integration: Encrypt/Decrypt Tool

ID TECH makes available a number of excellent free utilities for anyone involved in developing payment apps using our products. In recent posts, I talked about Parsomatic, our free data parser (implemented as a web form), and UDemo, the Universal SDK test app that works with all of our non-legacy products (implemented in C# for Windows). I’d be remiss if I didn’t also encourage you to try our Encrypt/Decrypt Tool, which you can load in your browser by clicking this link.

The Encrypt/Decrypt Tool is a powerful, self-contained single-page HTML app with a native JavaScript implementation of AES encryption, Triple DES, DUKPT key derivation, SHA hashing, HMAC, and much more. All the logic is contained in a single page (there are no server-side bits), which means you can download the HTML file and inspect the logic right in your browser (using, for example, Chrome’s excellent developer tools).

As you can see from the screenshot above, the top button of the Encrypt/Decrypt Tool exposes a dropdown menu showing some of the things you can do with the tool. A common request we get from customers is “How can I decrypt the track data coming from my reader?” (referring to credit-card track information that might occur in magstripe data, or might be part of an EMV tag). Such data is typically encrypted either with AES, or with Triple DES encryption (although ID TECH also supports other algorithms as well). It can be a little tricky to decrypt such data, not because of the decryption operation itself, but because of how keys are generated and used.

In most credit-card scenarios throughout the industry, the reader encrypts sensitive card data using a one-time key that’s unique to the transaction. This is the so-called DUKPT scheme. In DUKPT (Derived Unique Key Per Transaction), a new key is derived for every transaction, so that no key can be used twice (thus preventing replay attacks). The reader starts life with a unique 128-bit key, and then, each time a card is read, a counter increments. The counter is in a value called the Key Serial Number (KSN). Bear in mind, the KSN itself is public. (It will get sent, with the encrypted data, to the decrypting party, in a real-world decryption scenario.) At transaction time, the KSN is combined, using a special algorithm, with the reader’s original encryption key in a such a way as to derive a unique new key (using one-way hashes, so that if a particular key is ever stolen, it can’t be used to calculate any other keys). The algorithm in question is defined by ANSI X.9-24. It’s quite a clever symmetric key-management scheme, but it’s also a little tricky to implement. Which is why we’ve done it for you. (Note: The UDemo program mentioned in my last post also contains a decryption feature that will do the DUKPT magic, although it doesn’t come with source code.)

To decrypt encrypted track data, you need the KSN for the transaction, and a BDK, and the encrypted data. Using the Encrypt/Decrypt Tool, you would choose “Encrypt or decrypt data” as shown in the screenshot above, then click the little Derive . . . button that appears. This brings up a small dialog where you enter the KSN (ten hex bytes), and a 16-byte Base Derivation Key  (representing the original key that was used to create the Initial PIN Encryption Key, or IPEK, that was injected in the reader at birth). For testing and development, most people use the so-called ANSI standard test key (with a value of 0123456789ABCDEFFEDCBA9876543210) as the BDK. That value is the default BDK value in the Encrypt/Decrypt Tool (although it can be overridden easily).

After entering a 10-byte KSN (as hex bytes, with or without spaces), you can select the key variant you wish to generate (PIN, Data, or MAC), then click the large Derive Key button. A 16-byte key will be calculated (and will appear in the main screen). If you’re following along at home, you might want to enter a KSN of 62 99 49 01 19 00 00 00 00 02 (and accept the default BDK), then click Derive Key and check to see that you got a derived data key value of 1A994C3E09D9ACEF3EA9BD4381EFA334.

With the key thus obtained, it’s possible to decrypt a raw data block of:

DA 7F 2A 52 BD 3F 6D D8 B9 6C 50 FC 39 C7 E6 AF 22 F0 6E D1 F0 33 BE 0F B2 3D 6B D3 3D C5 A1 F8 08 51 2F 7A E1 8D 47 A6 0C C3 F4 55 9B 1B 09 35 63 BE 7E 07 45 90 72 AB F8 FA AB 53 38 C6 CC 88 15 FF 87 79 7A E3 A7 BE

As shown below under Output, the decrypted data begins with ‘%B42’ (notice the tooltip, which contains an ASCII readout of the decrypted data) and contains the card data of a Mr. George W. Bush, Jr.:

 

If even one bit of the key had been incorrect, we would have gotten unrecognizable garbage during decryption. (Try it: Run this example in the tool yourself, and randomly flip one bit in the key.)

That’s just a small sample of what the Encrypt/Decrypt Tool can do. For more detail on how DUKPT works (and how to decrypt credit card data), be sure to see my earlier two-part post on the subject, starting here.

Have questions about key injection? Encryption? MSR or EMV? Get in touch with our experts. Call us any time at 1-800-984-1010.