TR-31 key block protection method - one
required |
VARXOR-A | Use the variant method corresponding to a TR-31
Key Block Version ID of “A" (0x41) |
VARDRV-B | Use the key derivation method corresponding
to a TR-31 Key Block Version ID of “B" (0x42) |
VARXOR-C | Use the variant method corresponding to a TR-31
Key Block Version ID of “C" (0x43) |
TR-31
key usage values for output key - one required
Note:
If ATTR-CV is specified from the Control Vector Transport
group, then usage keyword must not be specified. The proprietary usage ‘10'
will be used. |
BDK | Base Derivation Key (BDK) - ( B0 ) |
CVK | Card Verification Key (CVK) - ( C0 ) |
ENC | Data encryption key - ( D0 ) |
EMVACMK | EMV application cryptogram master key -
( E0 ) |
EMVSCMK | EMV secure messaging for confidentiality master
key - ( E1 ) |
EMVSIMK | EMV secure messaging for integrity master key -
( E2 ) |
EMVDAMK | EMV data authentication code key - (
E3 ) |
EMVDNMK | EMV dynamic numbers master key -
( E4 ) |
EMVCPMK | EMV card personalization master key -
( E5 ) |
KEK | Key-encrypting key - ( K0 ) |
KEK-WRAP | Key-encrypting key for wrapping TR-31 blocks
(for ‘B' and ‘C' TR-31 Key Block Version IDs only) -
( K1 ) |
ISOMAC0 | Key for ISO 16609 MAC algorithm 1 using TDES -
( M0 ) |
ISOMAC1 | Key for ISO 9797-1 MAC algorithm 1- (
M1 ) |
ISOMAC3 | Key for ISO 9797-1 MAC algorithm 3- (
M3 ) |
PINENC | PIN encryption key - ( P0 ) |
PINVO | PIN verification key, “other" algorithm -
( V0 ) |
PINV3624 | PIN verification key for IBM 3624 algorithm -
( V1 ) |
VISAPVV | PIN verification key, VISA PVV algorithm -
( V2 ) |
TR-31
modes of key use - one required
Note:
If ATTR-CV
is specified from the Control Vector Transport group, then mode keyword
must not be specified. The proprietary mode ‘1' will be used. |
ENCDEC | Encrypt and decrypt - ( B ) |
DEC-ONLY | Decrypt only - ( D ) |
ENC-ONLY | Encrypt only - ( E ) |
GENVER | MAC or PIN generate and verify - ( C
)
- MAC key must have Gen and Ver bits on
- PIN key must have any PINGEN bit and EPINVER bit on
|
GEN-ONLY | MAC or PIN generate only - ( G )
- MAC key must have only Gen bit on
- PIN key must have any PINGEN bit on and EPINVER bit off
|
VER-ONLY | MAC or PIN verify only- ( V )
- MAC key must have only Ver bit on
- PIN key must have all PINGEN bits off and EPINVER bit on
|
DERIVE | Key Derivation(for ‘B' and ‘C'
TR-31 Key Block Version IDs only) - ( X ) |
ANY | Any mode allowed - ( N ) |
Export
control to set export field in TR-31 key block - optional |
EXP-ANY | Export allowed using any key-encrypting key.
This is the default. |
EXP-TRST | Export allowed using a trusted key-encrypting
key, as defined in TR-31.
Note:
A CCA key wrapped in the
X9.24 compliant CCA key block is considered a trusted key. |
EXP-NONE | Export prohibited |
Control
vector transport control - optional
Note:
If
no keyword from this group is supplied, the CV in the source_key_identifier is
still verified to agree with the ‘key usage' and ‘mode
of use' keywords specified from the groups above. |
INCL-CV | Include the CCA Control Vector as an optional
field in the TR-31 key block header. The TR-31 usage and mode of
use fields will indicate the key attributes, and those attributes
(derived from the keywords passed from the above groups) will be verified
by the callable service to be compatible with the ones in the included
control vector. |
ATTR-CV | Include the CCA Control Vector as an optional
field in the TR-31 key block header. The TR-31 usage will be set
to the proprietary ASCII value “10" (‘3130'x) to
indicate usage information is specified in the included CV, and the
mode of use will be set to the proprietary ASCII value “1"
(‘31'x) to indicate that mode is likewise specified in the
CV.
Note:
If this keyword is specified, then usage and
mode keywords from the preceding groups must not be specified. The
proprietary values will be used. |