Subject: Assistance Needed with TR-31 Key Block Implementation

322 views
Skip to first unread message

Robert Ronald

unread,
Dec 27, 2023, 9:38:11 AM12/27/23
to jPOS Users

Hi,

I have implemented dynamic key exchange for PINs using TR-31 key blocks in a Java application. I referred to this project for my implementation: GitHub Link because I don't have a document for TR-31.

However, when I compare the encrypted key block and decrypted key with BP Tool, there is a mismatch. Interestingly, it matches with the result from the above-mentioned project.

Details:

  • KBPK: 89E88CF7931444F334BD7547FC3F380C
  • Header: A0072P0TE00E0000
  • Plain Key: F039121BEC83D26B169BDCD5B22AAF8F

BPTool Result: A0072P0TE00E0000F5161ED902807AF26F1D62263644BD24C1E870E6F45869A71A2D1473

My Code Result: A0072P0TE00E00008A28CF44E6827C73490CE774C093461ECF5BAE517A79D35EF0BEA5E5

Issue:

  • KBPK: 89E88CF7931444F334BD7547FC3F380C
  • Key Block from BPTool: F5161ED902807AF26F1D62263644BD24C1E870E6F45869A71A2D1473

My Code Result: F03C141BEC83D26B169BDCD5B22AAF8F BPTool Result: F039121BEC83D26B169BDCD5B22AAF8F

Can anyone provide assistance with this?

Appreciate your support on this matter.

Best regards,

ROBERT RONALD

Alejandro Revilla

unread,
Dec 27, 2023, 10:43:01 AM12/27/23
to jPOS Users
How is this related to jPOS?

Mark Salter

unread,
Dec 27, 2023, 11:06:08 AM12/27/23
to jpos-...@googlegroups.com
On 27/12/2023 15:43, Alejandro Revilla wrote:
> How is this related to jPOS?


My fault for letting it through - I did pause...

... we have discussed this before and Chhil is the author of the
referenced githu repo, so I thought - 'Just this time'  ;-)


--

M


signature.asc

murtuza chhil

unread,
Dec 28, 2023, 5:08:49 AM12/28/23
to jPOS Users


There is a mention...

"The code does padding of the pan, it uses 0x0 to pad (spec says use random values). Byte 0x0 was used to make it deterministic for every run, it can be easily changed to populate the padding array with a secure random generation. Also, the EFTLAB tool uses random bytes, so it may appear the data is not consistent when compared to the code's output as it will vary for each time you generate the keyblock for the same keys. As long as the clear key is fine, and the MAC can be validated, you are good."

You may be running into the randomness that is required, but as long as your clear values can match you should be good.

-chhil

Robert Ronald

unread,
Dec 28, 2023, 6:13:19 AM12/28/23
to jPOS Users
@Mark Salter and @ Alejandro Revilla, yes, it is not related to JPOS. 

I apologize for this, not next time.

Mark S

unread,
Dec 29, 2023, 5:45:35 AM12/29/23
to jPOS Users
We do get all sorts, some of which does not make it to the list :-).  Here I recalled that Chhil had recently guided a TR31 question and that the repo referenced was Chhil's, so let this through.

Perhaps next time you have a question not directly related to jPOS, start the Subject with OT: or Off-Topic: and that will allow most of the membership to ignore it or choose to read if the rest of the subject interests them.

-- 
Mark

Reply all
Reply to author
Forward
0 new messages