TRANSLATE

English French German Spain Italian Dutch
Russian Portuguese Japanese Korean Arabic Chinese Simplified

Tuesday, July 26, 2016

MasterCard Key using HSM

1 Loading the MasterCard Transport Key using 3 clear components provided by MasterCard

Online-AUTH>FK

Enter key length [1,2,3]: 2
Enter key type: 000
Enter key scheme: U
Enter component type [X,H,T,E,S]: X
Enter number of components [1-9]: 3
Enter component 1: ********************************
Enter component 2: ********************************
Enter component 3: ********************************
Encrypted key: U xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx  (Transport key encrypted)
Key check value: xxxx xx


2 Generating a key (If the key is already in you HSM, this step does not need to be done)

Online-AUTH>FK

Enter key length [1,2,3]: 2
Enter key type: ??? (select correct key type)
Enter key scheme: U
Enter component type [X,H,T,E,S]: X
Enter number of components [1-9]: 3
Enter component 1: ********************************
Enter component 2: ********************************
Enter component 3: ********************************
Encrypted key: U xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx  (CVK encrypted)
Key check value: xxxx xx



3 Exporting the key under LMK to encryption under ZMK using a X schema.

This export utilizes an X scheme encrypting using double length key using ANSI X9.17.

Online-AUTH>KE

Enter key type: ??? - (select type as required)
Enter key scheme: X

X Encryption of a double length key using ANSI X9.17 methods only available for import and export of keys.

This mode is enabled within the Configure Security command

Enter ZMK: U xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx ((Transport key encrypted))
Enter key: U xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx  (CVK encrypted)
Key under ZMK: X xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx (this value must be entered in index 10 of the CSTT file)
Key check value: xxxx xx (this value must be entered in index 11 of the CSTT file)


When you downloaded the CSTT application, the CSTT walkthrough guide should have been automatically downloaded. In this document, you will find a test transport key (3 components). As it is the first time that you generate a key file, I strongly suggest you to use the test transport key for step 1. For step 2 generate a dummy key. No change in step 3.
Generate you key file with the test data. Save the file.  And open it using the CSTT application but select "Test keys". If there is anything in red, it means that there are some mistakes. If nothing in red, that's fine and then you can create the production file.