Versions Compared

Old Version 3

changes.mady.by.user Alexandre Munsch

Saved on

compared with

New Version 4

changes.mady.by.user Alexandre Munsch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The format of the partial PIN block cryptogram is:

E(PIN block) = IDLength||ID(Kpin-pub)||ERSA-OAEP-SHA-1(Kpin-pub, Kpin-session)||Eaes-ecb(Kpin-session, pin-block)

...

Object

Length (bytes)

Comments

ID length

1

Length of the key ID

Key ID

5var

RSA key ID used for the session key encryption

Encrypted KEK

256

Encrypted KEK block:

  • encrypted with RSA key (RSA/ECB/OAEPWithSHA-256AndMGF1Padding)

  • cleartext contains the KEK (16 bytes) and the IV (16 bytes)

Encrypted pseudo PIN block

256

Encrypted pseudo PIN block:

  • encrypted with KEK key (AES/CBC/NoPadding)

  • cleartext contains the pseudo PIN block (see below)

The pseudo PIN block is encoded in ISO-0 format, with the PIN set as expected and the PAN set to “F…F”:

...

Object

...

Length (bytes)

...

Comments

...

x

...

1

...

Length

...

1

...

PIN

...

4 to 16

...

the following way:

If N is the number of PIN digits, with N in the [4, 12] range, the PIN is encoded in a 16 bytes byte array with the following format:

  • A prefix of (16 - N) random bytes Bi:

    • B0 … B(16 - N - 2) = 0xmn where m and n denote the most and least significant nibbles

    • B(16 - N - 1) = 0xm0, end of prefix

  • The encoded PIN of N bytes, each byte encoding a PIN digit:

    • B0(16 - N) … B15 = 0xmd where m(random) and d(PIN digit) denote the most and least significant nibbles

The following table gives an example of the encoding of the encoding of the PIN value “1234”:

0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

0xB9

0x6F

0x4A

0x31

0x06

0x9E

0x73

0x48

0x9A

0xA7

0xD3

0x60

0xD1

0x62

0xE3

0xD4

Example

Below is an example of data received after a successful PIN entry:

Code Block
3cb9dd2f5021af506a74a0b14bf1d67479173e1302404d645fe2ddd382a26097be43c799a6d79bd759e3a07544553544b45592cc79bfa8faf135681df750ad36f2bc347c48ba49f6a3d7d17df442f46edee2783b5f
e0cabab835b31cb859ed8d900264522c2cef426de597becad0738c78578aa5538df3ad9f9f6a0c5c25e45f0b6e82d5f8be7eb47063a992f6e43f1303dc715eb1049b03a4465358485276304d3165e9bb877c864693
30d1754021c99faa037aabfe90cd1af8c3a68ebeabd9dce2df3cdf9208a55e7c94a13331b362fc3fedc577813dbb396b97a3570564e818c5df82b073a950022badb8c39ecf50e1366fb0bcc8e9474bc1bedba5da3d
e766c8aa8bc3ce750196857b832ff81027bd4168422a7b8ca1334a9df358038c48f9fb3d96c80f06d2899feb298a300c90fd5b5c7cfc0f3ca88b6239fdf120a96083a22e0ce319c628b309519d9f1eaa675dd433d0
87ffd313984cd540faa08e280911524fde4956091c8704455d7c652022a244955d6c60407b32a31c52f23e7e5e8dbed56fc293431f7e5f57e76e9bd6930c89e268f07996f2275e76363250b437137942c0e42a5d83
c93896f292f489e9c9349047997024ae33cf997bb5436bfdfb53eed28021354baab0fecd30bf3c58cacf0b60a56862ad67d11254f1557eaeecc583f51d88719bcad3b09b262459a5a12ab30b18b02101cb17980749
d6a309d25919948c521e8d795d16b74a3fe4a114709e78f429eb06ad64439914b18234b1c80f9040f1649f1a2894e7

Which can be split into:

  • The key ID length:

Code Block
07

  • The key ID:

Code Block
3cb9dd2f50544553544b45

  • The encrypted KEK:

Code Block
21af506a74a0b14bf1d67479173e1302404d645fe2ddd382a26097be43c799a6d79bd759e3ae0cabab8352cc79bfa8faf135681df750ad36f2bc347c48ba49f6a3d7d17df442f46edee2783b5ff0b6e82d5f8be7eb
b31cb859ed8d900264522c2cef426de597becad0738c78578aa5538df3ad9f9f6a0c5c25e4530d175402147063a992f6e43f1303dc715eb1049b03a4465358485276304d3165e9bb877c8646937813dbb396b97a35
c99faa037aabfe90cd1af8c3a68ebeabd9dce2df3cdf9208a55e7c94a13331b362fc3fedc57e766c8aa8b70564e818c5df82b073a950022badb8c39ecf50e1366fb0bcc8e9474bc1bedba5da3dfeb298a300c90fd5
c3ce750196857b832ff81027bd4168422a7b8ca1334a9df358038c48f9fb3d96c80f06d289987ffd31398b5c7cfc0f3ca88b6239fdf120a96083a22e0ce319c628b309519d9f1eaa675dd433d0e7e5e8dbed56fc29
4cd540faa08e280911524fde4956091c8704455d7c652022a244955d6c60407b32a31c52f23c93896f2923431f7e5f57e76e9bd6930c89e268f07996f2275e76363250b437137942c0e42a5d83b60a56862ad67d11
f489e9c9349047997024ae33cf997bb5436bfdfb53eed28021354baab0fecd30bf3c58cacf0d6a309d259254f1557eaeecc583f51d88719bcad3b09b262459a5a12ab30b18b02101cb1798074978f429eb06ad6443
1999

  • The encrypted pseudo PIN-block:

Code Block
948c521e8d795d16b74a3fe4a114709e14b18234b1c80f9040f1649f1a2894e7

Applying an RSA decryption (RSA/ECB/OAEPWithSHA-256AndMGF1Padding) on the “encrypted KEK” block will lead to:

  • The KEK:

Code Block
eaa5e9bbd66899cc561ee20ca9b3e7757df1d2d78e33346c316c5099d4a7857b

  • The IV:

Code Block
00000000000000000000000000000000

...

Applying a AES decryption (AES/CBC/NoPadding) on the “encrypted pseudo PIN-block” will provide the following pseudo PIN block data:

Code Block
1415958944b2c2d77cb7fad1622bb2134ef90b543d09a8151fcefe0058585858

Which can be split into:

  • The PIN:

Code Block
1595

  • The random padding:

...

From which we can extract the PIN 8888