25 August 2010

Key Derivation ... CPG 2.04

Key Derivation ...  CPG 2.04  found?

Caution: nowhere in the EMV docs is 'CPG' or 'CDK' mentioned,
remains to be seen how useful this is:
(we are not EMV?)

From
emvco

CPS1.x

EMV_CPS_v1.1_20070720_20090125100741.pdf
....2.1.1 Issuer Master Keys and Data

EMV personalization ..the card issuer creates master keys

..  The master keys are used in two ways, firstly to support secure transmission of personalization data and secondly to create application-level data for personalization of an EMV application.

... a method of importing or exporting master keys to allow appropriate data sharing between processes will be required.
Prior to the personalization process the identifier of the personalization master key KMCID, key version number, KEYDATA and the corresponding relevant keys, must be placed onto the card. KMCID and key version number are used to access (???)  the issuer personalization master key (KMC) in order to derive the card unique static keys using diversification data (KEYDATA).

The 6 byte KMCID (e.g. IIN right justified and left padded with 1111b per quartet)(?????)

concatenated with the 4 byte CSN (least significant bytes) form the key diversification data that must be placed in tag ‘CF’. This same data must be used toform the response to the INITIALIZE UPDATE command.
....................

Table 1 Data Content for tag ‘CF’

Data Element  Description  ...........Length  Format

KEYDATA ......Key derivation data:    10      binary

..............- KMCID (6 bytes)

..............- CSN (4 bytes)


 Table 13 INITIALIZE UPDATE Command Coding

 "8050 xx:00 08=cccccccccccccccc 00"

 cc.. = host challenge

 xx = 00..7f  see 3.2.5.3  Key Version Number  (use 00)


Table 14  Response to INITIALIZE UPDATE command

Field  Length

KEYDATA (See Table 15) ........................10

Version number of the master key (KMC) ..........1

Identifier for Secure Channel Protocol (ALGSCP = ‘02’) .......1

Sequence Counter ................2

Card challenge (R_CARD) .........6

Card cryptogram .................8

SW1 SW2 .........................2


Table 15  Initial Contents of KEYDATA

Field  Length  Format

Identifier of the KMC (e.g. IIN right     ..........6 BCD
justified and left padded with 1111b per quartet) (???)  what is a quartet??? some kind of Eurotrash choir??

Chip Serial Number (CSN) .................4 Binary

............................

 The first 6 bytes of KEYDATA returned from the INITIALIZE UPDATE command are used to identify (???) the master key for secure messaging (KMC).
The six least significant (??? they dont mean it) bytes of KEYDATA are used as key diversification data.  The personalization device must use the KMC and KEYDATA to generate the KENC, the KMAC and the KDEK for this IC card,is defined in section 4.1.  These keys must have been placed in the IC card

prior to the start of the personalization process.

.........................................

4.1 ..Pre-Personalization


Prior to personalization the ICC must be enabled/activated, the basic EMV

application loaded, and the file and data structure established. .....

..

4.1.1.2  Each application must be selectable by its AID.

4.1.1.3  If the File Control Information (FCI) for the application is not to be personalized, it must be created prior to personalization.

4.1.1.4  KEYDATA must be set as shown in Table 15.  KEYDATA is composed of KMCID and Chip Serial Number (CSN). KMCID is the identifier (???) of the master personalization key to be supplied by the card issuer or the personalizer.  The length of KMCID is 6 bytes. The CSN is rightmost 4

bytes(!!!  is rightmost most or least significant?? ) of the physical identifier of the card.

4.1.1.5  The version number of the personalization master key (KMC) used to generate the initial personalization keys (the KENC, the KMAC and the KDEK) for each application must be on the IC card.

4.1.1.6  A derived key (KENC) must be generated for each IC card and placed into the application.  This key is used to generate the card cryptogram and to verify the host cryptogram. This key is also used to decrypt the STORE DATA command data field in CBC mode if the security level of secure
messaging requires the command data field to be encrypted.


The KENC is a 16 byte (112 bits plus parity) DES key.

The KENC will be derived in the following way: KENC := DES3(KMC)[Six least  significant bytes of the KEYDATA || ’F0’ || ‘01’ ]|| DES3(KMC)[ Six least  significant bytes of the KEYDATA || ‘0F’ || ‘01’].

4.1.1.7  A derived key (KMAC) must be generated for each IC card and placed into the card.  This key is used to verify the C-MAC for the EXTERNAL AUTHENTICATE command and also to verify the C-MAC for the STORE DATA command(s) if the security level of secure messaging requires a MAC of the command data. 


The KMAC is a 16 byte (112 bits plus parity) DES key


The KMAC will be derived in the following way: KMAC := DES3(KMC)[ Six least significant bytes of the KEYDATA  || ’F0’ || ‘02’ ]|| DES3(KMC)[ Six least significant bytes of the KEYDATA || ‘0F’ || ‘02’].


4.1.1.8  A derived key (KDEK) must be generated for each IC card and placed into the card.  This key is used to decrypt in ECB mode secret data received in the STORE DATA command. 

The KDEK is a 16 byte (112 bits plus parity) DES key. 

The KDEK will be derived in the following way: KDEK := DES3(KMC)[ Six least significant bytes of the KEYDATA || ’F0’ || ‘03’ ]|| DES3(KMC)[ Six least significant bytes of the KEYDATA || ‘0F’ || ‘03’].


4.1.1.9  For each Secure Channel key set the sequence counter to be returned in the response to the INITIALIZE UPDATE command must be initialized to’0000’.

________________________________________

So we can 'identify'   the master key KMC'

we have  'the identifier (???) of the master personalization key'

but what the hell IS the KMC???

I suppose expensive English Publlic school or Ecole Normal education is a pre-requisite to write bad specifications  like the above......

The field of cryptography is stuffed with types of people who are incapable of clear thought or description, They get away with it because they appear to be guarding secrets.

A culture of 'Security through Oscurity impedes the progress of useful industries, and has a negative impact on security.

___________________________________

From:

pre-zombie sun forum thread:

forums.sun.com5

...

"The tool is "Jload2 advanced", I just choose a so-called key file named "GD_V_CDK (CPG 2.04).key", is defines a Master key (40:41:..:4F), the key set (0) and the key derivation method namely CDK04.

I could not find any information regarding CPG 2.04, neither for key derivation method CDK04.

spec name is EMV CPS 1.x). As Dan said, the static keys KMAC,KENC and KDEC are derived and there's a section in this spec that describes the derivation.

...Whoaaa... Yes, it does work, the answer lies in Section 4.1 of the CPS 1.1 document

__________________________________
Posted by C T Skinner at 6:17 PM

4 comments:

  1. C T SkinnerAugust 25, 2010 at 8:16 PM

    this blogger editor is so bad as to bring tears to my eyes,
    the old one was crude but workeable.

    ReplyDelete
  2. C T SkinnerAugust 25, 2010 at 8:28 PM

    In particular: the " quotes dont work, so I can t delineate the difference between my words and borrowed words. tNot hat I care much.

    ReplyDelete
  3. UnknownFebruary 17, 2011 at 2:18 AM

    shut up "C T Skinner" and say thanks to the guy who is sharing his information

    ReplyDelete
  4. Hai-Binh LEAugust 8, 2011 at 8:27 PM

    Basically, CPG stands for Card Production Guide, a document from Visa to help understanding how to derive static key set from KMC.

    CPG 2.0.4 is published in September 2002, fullname is Visa Card Production Guide version 1.4

    CPG 2.1.1 is published in January 2004, fullname is Visa Card Production Guide for GlobalPlatform 2.1.1

    Unfortunately, I don't have in hands these 2 documents and if you have them and are able to share with others, thank you for sharing them with me at haibinh.le@gmail.com

    ReplyDelete

Subscribe to: Post Comments (Atom)