On a note of the MAC algorithm, followed by notes PIN Block.
- MAC(ISO9807、CNS13526)
- PIN Block(ISO9564-1、CNS13798)
- ARQC/ARPC
PIN is a P ersonal the I dentification N Umber came abbreviation, Chinese as a personal identification number, PIN card transaction applications in the financial industry ATM or POS PIN Pad external input.
- PIN is rather privacy information, business equipment would be an appropriate PIN encryption algorithm and covered up, and also similar to MAC operations before transmission, PIN also were using DES or 3DES Encryption algorithm, the working group for a certain period through code (Working Key) exchange ( AWK / the IWK ), to ensure the security of confidential information.
- Card issuing financial institution received ATM / POS terminal after the authorization request encrypted password to unlock value for verification to confirm.
In ISO8583, the cryptographic block encrypted in DE (52) Element , it is also referred to as the PIN Block , calculation method in accordance with international standard ISO9564 CNS13798 or national standards.
Note here first encryption process, it is assumed ISO9564-1 Format 0 Standard (ANSI X9.8, VISA-1, and ECI-0)
Step1, Step2 expressly preparation examples:
Operator 1: PIN string group
| Element | Length | Sample |
| ISO9564 version format 0 | 1 | 0 |
| PIN Length (16 hex) | 1 | 6 |
| PIN | 4-12 | 123456 |
| Padding (fill less than the median F) | 2-10 | FFFFFFFF |
| Overall Length | 16 | 06123456FFFFFFFF |
Operator 2: card number of strings
| Element | Length | Sample |
| fIxed character | 4 | 0000 |
| card number (excluding check code, taken from the right 12 bits) | 12 | 4567890123456789 789012345678 |
| Overall Length | 16 | 0000789012345678 |
3. PIN string string card Exclusive OR the operation: the Clear PIN Block.
| Item | value |
| Sanko 1 | 06123456FFFFFFFF |
| Sanko 2 | 0000789012345678 |
| XOR result | 06124CC6EDCBA987 |
Security on the naked eye, but still unsafe to continue the encryption step
4. Perform the DES encryption algorithm, it is assumed here to 2TDEA operation.
Program portion required XOR, Hex string conversion, string functions, and to take the right DES calculation function, the XOR of this reference , Hex String and Byte [] conversion, taking reference to the right of this character string , TripleDES algorithm refer to the following:
public static byte[] Encryption(byte[] Deskey, byte[] plainText)
{
SymmetricAlgorithm TdesAlg = new TripleDESCryptoServiceProvider();
//设定基码
TdesAlg.Key = Deskey;
//加密工作模式:CBC
TdesAlg.Mode = CipherMode.CBC;
//补充符方式:0
TdesAlg.Padding = PaddingMode.Zeros;
//初始向量IV = 0
TdesAlg.IV = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
ICryptoTransform ict = TdesAlg.CreateEncryptor(TdesAlg.Key, TdesAlg.IV);
MemoryStream mStream = new MemoryStream();
CryptoStream cStream = new CryptoStream(mStream, ict, CryptoStreamMode.Write);
cStream.Write(plainText, 0, plainText.Length);
cStream.FlushFinalBlock();
cStream.Close();
return mStream.ToArray();
}Generated PIN Block Program
public static string GenPinBlock(string CardNbr, string PIN, string keyA, string KeyB)
{
//1.算子1:将PIN依照规范组成16进制数值字符串
//(0)ISO9564 Format version(Format 0固定为0)
//(1)PIN Length(最长12,超过时截掉后面的)
//(2)PIN
//(3)Padding value "F" (Format 0 固定结尾补F)
string PinPrepare = string.Format("{0}{1}{2}{3}",
"0",
PIN.Length.ToString("X"),
PIN,
"".PadRight(16 - 2 - PIN.Length, 'F'));
//2.算子2:将PAN依照规范组成16进制数值字符串
//(0)固定0000
//(1)卡片卡号PAN(去除检查码)
string CardNumberPrepare = string.Format("{0}{1}",
"0000",
CardNbr.Right(12, 1));
//3.进行XOR运算
byte[] ClearPinBlockByte = XOR(PinPrepare.HexToByte(), CardNumberPrepare.HexToByte());
//4.进行3DES加密运算
byte[] EncryptPinBlockByte = Encryption((keyA + KeyB).HexToByte(), ClearPinBlockByte);
//回传16进制字符串结果
return EncryptPinBlockByte.BToHex();
}test program:
string CardNumber = "4567890123456789";
string ClearPin = "123456";
string KeyA = "1234567890123456";
string KeyB = "0123456789012345";
string PinBlock = GenPinBlock(CardNumber, ClearPin, KeyA, KeyB);
Console.WriteLine("ISO 9564-2 Format 0 (ISO-0) Encrypt"); //与ANSI X9.8相同
Console.WriteLine("===============================");
Console.WriteLine("PAN: {0}", CardNumber);
Console.WriteLine("Clear PIN: {0}", ClearPin);
Console.WriteLine("Encrypt PIN block: {0}", PinBlock);
Console.WriteLine("");Test Results:
summary:
- DEA-based encryption PIN code used requires periodic replacement, World War II, Germany submarine Enigma the cipher machine daily cipher .
- Decryption process: first implementation of TripleDES decryption, decryption result of the XOR operator 2: card PIN string to string back calculus
Hunt U571
reference:
TripleDESCryptoServiceProvider 类
CNS national standard
Complete list of PIN-blocks
ISO 9564-1, Banking — Personal Identification Number (PIN) management and security — Part 1: Basic
principles and requirements for online PIN handling in ATM and POS systems
原文:大专栏 [.NET][C#]Parse ISO8583笔记(三)PIN Block