Detailed study of the association between POS master key and work key (reproduced)

The following is a key logic record for POS card transactions:

1. Key introduction

Transaction master key: loaded into the Pos machine to verify whether the working key is legal, etc.;

working key: including PIN key, MAC key, track key, used to encrypt password, MAC, track information. Encrypt information before sending it to the server.

The order of loading is that the master key is loaded first, followed by the working key. If the two do not match, an error will be reported during the loading process.

2. Master key loading logic

We need to load two parts of the key into the POS machine. The master key is generally issued by a service provider with UnionPay-approved qualifications. The master key issued may be in two forms, ciphertext or plaintext.

If it is ciphertext, the service provider will provide an additional decryption key. For example Trading Master Key: E51D9047310F731798CF74AF483931B3712C8C734B2E669E (ciphertext), if the transaction master key to decrypt ciphertext, please use the decryption key service provider "31313131313131313131313131313131" the former 32-bit master key to decrypt the transaction, and expressly 1CF88AB5D64F314F9EF237FBD99E29CD. The plaintext is encrypted with 8 bytes of 0x00 by 3DES, and the result is 712C8C734B2E669E. The final value obtained is the last 16 bits of the transaction master key, so the verification is successful. If it is not equal, the validation is failed.

When we verify the master key of the transaction and it is correct, we proceed to load the working key.

3. Working key loading logic                                  

         The working key is also issued by the service provider, and the POS terminal obtains the working key (usually cipher text), if the following is used as an example, such as:

         PIN key: C1DDD6ED1CAB0F57ABD1CEC0370AB1C1 checkValue: AE103AE98D332DCB

MAC key: 9FBAC976C9257C5B1BAF05AFAD30DFFE checkValue: 0D71EFC36C294171

Track key: 7603E9E0EE8E8FE5DAB80C29B692DB86 checkValue: 3F5480EB4F2A29EE Encryption 

        and decryption key: transaction master key plaintext - this is why the master key must be loaded first

Verification method:

PIN key - pair PIN key The ciphertext is decrypted with the key (transaction master key plaintext), and the plaintext C7D50808A7DFFE62B9943B45A4C77FC7 is obtained. Then encrypt the plaintext with 8 bytes 0x00 by 3DES to get AE103AE98D332DCB. Equal to checkvalue.

If it is equal to the checkvalue, the verification is passed, and it can be loaded to the POS machine normally. If it is not equal, the verification fails and an error is reported.

4. Transaction

After the master key and work key are successfully loaded, when doing transactions, such as swiping cards for consumption, the key loaded into pos will encrypt your card information, and then upload it to the server to avoid your information leaked. 5. Summary process The process is as follows: (1) Obtain the transaction master key (ciphertext) -> decrypt to get the plaintext -> load the transaction master key to the POS. (2) The validity of the working key is verified in plaintext with the transaction master key, and it can be loaded into the POS if it is legal. (3) After all the above are successful, you can do card transaction. This blog post is reprinted from http://blog.csdn.net/yangzhaomuma/article/details/50164225