5 - Encryption, Decryption, and Key Management
eDynamo| Secure Card Reader Authenticator | Programmer’s Manual (COMMANDS)
Page 37 of 245 (
D998200115-17
)
5.2
Decrypting Data
and encrypted EMV data in
Transaction Result Messages (EMV Only)
, the device begins by encrypting the first 8 bytes of clear
text track data. The 8-byte result of this encryption is placed in an encrypted data buffer. The process
continues using the DES CBC (Cipher Block Chaining) method with the encrypted 8 bytes XORed with
the next 8 bytes of clear text. That result is placed in next 8 bytes of the encrypted data buffer, and the
device continues until all clear text bytes have been encrypted. If the final block of clear text contains
fewer than 8 bytes, the device pads the end of the block to make 8 bytes. After the final clear text block is
XORed with the prior 8 bytes of encrypted data, the device encrypts it and places it in the encrypted data
value. No Initial Vector is used in the process.
The host must decrypt the data in 8 byte blocks, ignoring any final unused bytes in the last block. When a
value consists of more than one block, the host should use the CBC method to decrypt the data by
following these steps:
1)
Start decryption on the last block of 8 bytes (call it block N) using the key.
2)
XOR the result of the decryption with the next-last block of 8 bytes (block N-1).
3)
Repeat until reaching the first block.
4)
Do not XOR the first block with anything.
5)
Concatenate all blocks.
6)
Determine the expected length of the decrypted data. In some cases this may be a standard field
length, and in other cases the expected data length may accompany the encrypted data. When
decrypting track data where no length is available, the host software can use the End Sentinel to find
the actual end of the data (ignoring the padding at the end, which contains all zeroes).
7)
Truncate the end of the decrypted data block to the expected data length, which discards the padding
at the end.
