...
The format of the partial PIN block cryptogram is:
E(PIN block) = IDLength||ID(Kpin-pub)||ERSA-OAEP-SHA-1(Kpin-pub, Kpin-session)||Eaes-ecb(Kpin-session, pin-block) |
...
Object | Length (bytes) | Comments |
---|---|---|
ID length | 1 | Length of the key ID |
Key ID | 5var | RSA key ID used for the session key encryption |
Encrypted KEK | 256 | Encrypted KEK block:
|
Encrypted pseudo PIN block | 256 | Encrypted pseudo PIN block:
|
The pseudo PIN block is encoded in ISO-0 format, with the PIN set as expected and the PAN set to “F…F”:
...
Object
...
Length (bytes)
...
Comments
...
x
...
1
...
Length
...
1
...
PIN
...
4 to 16
...
the following way:
If N is the number of PIN digits, with N in the [4, 12] range, the PIN is encoded in a 16 bytes byte array with the following format:
A prefix of (16 - N) random bytes Bi:
B0 … B(16 - N - 2) = 0xmn where m and n denote the most and least significant nibbles
B(16 - N - 1) = 0xm0, end of prefix
The encoded PIN of N bytes, each byte encoding a PIN digit:
B0(16 - N) … B15 = 0xmd where m(random) and d(PIN digit) denote the most and least significant nibbles
The following table gives an example of the encoding of the encoding of the PIN value “1234”:
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
0xB9 | 0x6F | 0x4A | 0x31 | 0x06 | 0x9E | 0x73 | 0x48 | 0x9A | 0xA7 | 0xD3 | 0x60 | 0xD1 | 0x62 | 0xE3 | 0xD4 |
Example
Below is an example of data received after a successful PIN entry:
Code Block |
---|
3cb9dd2f5021af506a74a0b14bf1d67479173e1302404d645fe2ddd382a26097be43c799a6d79bd759e3a07544553544b45592cc79bfa8faf135681df750ad36f2bc347c48ba49f6a3d7d17df442f46edee2783b5f e0cabab835b31cb859ed8d900264522c2cef426de597becad0738c78578aa5538df3ad9f9f6a0c5c25e45f0b6e82d5f8be7eb47063a992f6e43f1303dc715eb1049b03a4465358485276304d3165e9bb877c864693 30d1754021c99faa037aabfe90cd1af8c3a68ebeabd9dce2df3cdf9208a55e7c94a13331b362fc3fedc577813dbb396b97a3570564e818c5df82b073a950022badb8c39ecf50e1366fb0bcc8e9474bc1bedba5da3d e766c8aa8bc3ce750196857b832ff81027bd4168422a7b8ca1334a9df358038c48f9fb3d96c80f06d2899feb298a300c90fd5b5c7cfc0f3ca88b6239fdf120a96083a22e0ce319c628b309519d9f1eaa675dd433d0 87ffd313984cd540faa08e280911524fde4956091c8704455d7c652022a244955d6c60407b32a31c52f23e7e5e8dbed56fc293431f7e5f57e76e9bd6930c89e268f07996f2275e76363250b437137942c0e42a5d83 c93896f292f489e9c9349047997024ae33cf997bb5436bfdfb53eed28021354baab0fecd30bf3c58cacf0b60a56862ad67d11254f1557eaeecc583f51d88719bcad3b09b262459a5a12ab30b18b02101cb17980749 d6a309d25919948c521e8d795d16b74a3fe4a114709e78f429eb06ad64439914b18234b1c80f9040f1649f1a2894e7 |
Which can be split into:
The key ID length:
Code Block |
---|
07 |
The key ID:
Code Block |
---|
3cb9dd2f50544553544b45 |
The encrypted KEK:
Code Block |
---|
21af506a74a0b14bf1d67479173e1302404d645fe2ddd382a26097be43c799a6d79bd759e3ae0cabab8352cc79bfa8faf135681df750ad36f2bc347c48ba49f6a3d7d17df442f46edee2783b5ff0b6e82d5f8be7eb b31cb859ed8d900264522c2cef426de597becad0738c78578aa5538df3ad9f9f6a0c5c25e4530d175402147063a992f6e43f1303dc715eb1049b03a4465358485276304d3165e9bb877c8646937813dbb396b97a35 c99faa037aabfe90cd1af8c3a68ebeabd9dce2df3cdf9208a55e7c94a13331b362fc3fedc57e766c8aa8b70564e818c5df82b073a950022badb8c39ecf50e1366fb0bcc8e9474bc1bedba5da3dfeb298a300c90fd5 c3ce750196857b832ff81027bd4168422a7b8ca1334a9df358038c48f9fb3d96c80f06d289987ffd31398b5c7cfc0f3ca88b6239fdf120a96083a22e0ce319c628b309519d9f1eaa675dd433d0e7e5e8dbed56fc29 4cd540faa08e280911524fde4956091c8704455d7c652022a244955d6c60407b32a31c52f23c93896f2923431f7e5f57e76e9bd6930c89e268f07996f2275e76363250b437137942c0e42a5d83b60a56862ad67d11 f489e9c9349047997024ae33cf997bb5436bfdfb53eed28021354baab0fecd30bf3c58cacf0d6a309d259254f1557eaeecc583f51d88719bcad3b09b262459a5a12ab30b18b02101cb1798074978f429eb06ad6443 1999 |
The encrypted pseudo PIN-block:
Code Block |
---|
948c521e8d795d16b74a3fe4a114709e14b18234b1c80f9040f1649f1a2894e7 |
Applying an RSA decryption (RSA/ECB/OAEPWithSHA-256AndMGF1Padding
) on the “encrypted KEK” block will lead to:
The KEK:
Code Block |
---|
eaa5e9bbd66899cc561ee20ca9b3e7757df1d2d78e33346c316c5099d4a7857b |
The IV:
Code Block |
---|
00000000000000000000000000000000 |
...
Applying a AES decryption (AES/CBC/NoPadding
) on the “encrypted pseudo PIN-block” will provide the following pseudo PIN block data:
Code Block |
---|
1415958944b2c2d77cb7fad1622bb2134ef90b543d09a8151fcefe0058585858 |
Which can be split into:
The PIN:
Code Block |
---|
1595 |
The random padding:
...
From which we can extract the PIN 8888