I finding hard to get the solution to encrypt the payment track details which I got from InfinieaTab device. I am using DUKPT key management with 3DES algorithm. It would be grateful if I find any code snippet on this.
Asked
Active
Viewed 179 times
1
-
Is my understanding correct that you have a plaintext track and want to use DUKPT to encrypt it? Or is it rather the other way around - you have an encrypted track that you are trying to decrypt? What encryption hardware are you going to use? – Michal Gluchowski Jan 22 '19 at 17:38
-
I'm getting plain text track details from the swipe device. Since my payment gateway supports the only P2PE, I need to send only data which is encrypted with the 3DES algorithm with DUKPT key management. – Bharath S.J Jan 23 '19 at 14:09
-
Are you using any hardware implementing DUKPT injected with DUKPT Initial Keys? What you'd need is to use DATA key variant to encrypt the track and send current value of Key Serial Number along with the encrypted track in the message to the gateway. If not using hardware, you would need to implement the DUKPT (as per ANSI X9.24) including handling of incrementation of KSN, rolling future keys, deriving transaction keys and masking them for the proper key variant. I hardly believe the gateway would allow such software implementation that is not X9.24 compliant – Michal Gluchowski Jan 23 '19 at 18:39
-
Thank you Michal for your explanation. I'm pretty much new to objective c. It would be really grateful if I find any reference library to implement encryption. – Bharath S.J Jan 24 '19 at 12:42
-
The implementation you'd need depends on what keys you'll have. Do you have a BDK key or just IPEK for a single device? There is an objective C implementation (assuming you have BDK) on github: https://github.com/mburshteyn1/DUKPT There is also a C implementation that can work with IPEK only https://github.com/aleksander0m/libdukpt I haven't used them and I'm unable to say whether they work correctly. From the security perspective I would not recommend handling BDK keys (quite honestly IPEK as well) on end devices as this compromises them. You might want to implement that on server side – Michal Gluchowski Jan 28 '19 at 12:33