Page 1 of 1
How to diversify the KMC
Posted: Sat Oct 08, 2016 11:19 pm
by Erisaron
Could anyone tell me how to diversify the KMC which complies to EMV CPS v1.1 using Key Derivation Data?
Afaik, the key diversification needs to use Key Derivation Data.
Assume that KMC is
ENC Key = 101112131415161718191A1B1C1D1E1F
MAC Key = 202122232425262728292A2B2C2D2E2F
DEK Key = 303132333435363738393A3B3C3D3E3F
Key Derivation Data = 000002004540C882DE13
How can I diversify KMC?
Re: How to diversify the KMC
Posted: Sun Oct 09, 2016 4:09 am
by popmun09
Check section 4.1 of EMV CPS 1.1 document, you can get the answer.
The KENC will be derived in the following way:
KENC := DES3(KMC)[Six least significant bytes of the KEYDATA || 'F0' || '01' ] || DES3(KMC)[ Six least significant bytes of the KEYDATA || '0F' || '01'].
The KMAC will be derived in the following way:
KMAC := DES3(KMC)[ Six least significant bytes of the KEYDATA || 'F0' || '02' ]|| DES3(KMC)[ Six least significant bytes of the KEYDATA || '0F' || '02'].
The KDEK will be derived in the following way:
KDEK := DES3(KMC)[ Six least significant bytes of the KEYDATA || 'F0' || '03' ]|| DES3(KMC)[ Six least significant bytes of the KEYDATA || '0F' || '03'].
DES3 encrypt 4540C882DE13 F0 01 for first half of KENC and DES3 encrypt 4540C882DE13 0F 01 for second half of key. The key for this encryption is the ENC master key.
For other two keys, it's just in the same way.
Re: How to diversify the KMC
Posted: Sun Oct 09, 2016 4:39 am
by Erisaron
Thanks for your help. I see.
And I still have a problem. When checking EMV CPS 1.1 document, I found 2 terms
Key Diversification Data and Key Derivation Data
Do the two terms have the same meaning?
Re: How to diversify the KMC
Posted: Mon Oct 10, 2016 3:59 am
by popmun09
I'm not sure. But they all are written as KDD in the document. Maybe they have the same meaning.