Key Derivation ... CPG 2.04 found?
Caution: nowhere in the EMV docs is 'CPG' or 'CDK' mentioned,
remains to be seen how useful this is:
(we are not EMV?)
From
emvco
CPS1.x
EMV_CPS_v1.1_20070720_20090125100741.pdf
....2.1.1 Issuer Master Keys and Data
EMV personalization ..the card issuer creates master keys
.. The master keys are used in two ways, firstly to support secure transmission of personalization data and secondly to create application-level data for personalization of an EMV application.
... a method of importing or exporting master keys to allow appropriate data sharing between processes will be required.
Prior to the personalization process the identifier of the personalization master key KMCID, key version number, KEYDATA and the corresponding relevant keys, must be placed onto the card. KMCID and key version number are used to access
(???) the issuer personalization master key (KMC) in order to derive the card unique static keys using diversification data (KEYDATA).
The 6 byte KMCID (e.g. IIN right justified and left padded with 1111b per quartet)
(?????)
concatenated with the 4 byte CSN (least significant bytes) form the key diversification data that must be placed in tag ‘CF’. This same data must be used toform the response to the INITIALIZE UPDATE command.
....................
Table 1 Data Content for tag ‘CF’
Data Element Description ...........Length Format
KEYDATA ......Key derivation data: 10 binary
..............- KMCID (6 bytes)
..............- CSN (4 bytes)
Table 13 INITIALIZE UPDATE Command Coding
"8050 xx:00 08=cccccccccccccccc 00"
cc.. = host challenge
xx = 00..7f see 3.2.5.3 Key Version Number (use 00)
Table 14 Response to INITIALIZE UPDATE command
Field Length
KEYDATA (See Table 15) ........................10
Version number of the master key (KMC) ..........1
Identifier for Secure Channel Protocol (ALGSCP = ‘02’) .......1
Sequence Counter ................2
Card challenge (R_CARD) .........6
Card cryptogram .................8
SW1 SW2 .........................2
Table 15 Initial Contents of KEYDATA
Field Length Format
Identifier of the KMC (e.g. IIN right ..........6 BCD
justified and left padded with 1111b per quartet)
(???) what is a quartet??? some kind of Eurotrash choir??
Chip Serial Number (CSN) .................4 Binary
............................
The first 6 bytes of KEYDATA returned from the INITIALIZE UPDATE command are used to identify
(???) the master key for secure messaging (KMC).
The six least significant
(??? they dont mean it) bytes of KEYDATA are used as key diversification data. The personalization device must use the KMC and KEYDATA to generate the KENC, the KMAC and the KDEK for this IC card,is defined in section 4.1. These keys must have been placed in the IC card
prior to the start of the personalization process.
.........................................
4.1 ..Pre-Personalization
Prior to personalization the ICC must be enabled/activated, the basic EMV
application loaded, and the file and data structure established. .....
..
4.1.1.2 Each application must be selectable by its AID.
4.1.1.3 If the File Control Information (FCI) for the application is not to be personalized, it must be created prior to personalization.
4.1.1.4 KEYDATA must be set as shown in Table 15. KEYDATA is composed of KMCID and Chip Serial Number (CSN). KMCID is the identifier
(???) of the master personalization key to be supplied by the card issuer or the personalizer. The length of KMCID is 6 bytes. The CSN is rightmost 4
bytes
(!!! is rightmost most or least significant?? ) of the physical identifier of the card.
4.1.1.5 The version number of the personalization master key (KMC) used to generate the initial personalization keys
(the KENC, the KMAC and the KDEK) for each application must be on the IC card.
4.1.1.6 A derived key (KENC) must be generated for each IC card and placed into the application. This key is used to generate the card cryptogram and to verify the host cryptogram. This key is also used to decrypt the STORE DATA command data field in CBC mode if the security level of secure
messaging requires the command data field to be encrypted.
The KENC is a 16 byte (112 bits plus parity) DES key.
The KENC will be derived in the following way:
KENC := DES3(KMC)[Six least significant bytes of the KEYDATA || ’F0’ || ‘01’ ]|| DES3(KMC)[ Six least significant bytes of the KEYDATA || ‘0F’ || ‘01’].
4.1.1.7 A derived key (KMAC) must be generated for each IC card and placed into the card. This key is used to verify the C-MAC for the EXTERNAL AUTHENTICATE command and also to verify the C-MAC for the STORE DATA command(s) if the security level of secure messaging requires a MAC of the command data.
The KMAC is a 16 byte (112 bits plus parity) DES key
The KMAC will be derived in the following way:
KMAC := DES3(KMC)[ Six least significant bytes of the KEYDATA || ’F0’ || ‘02’ ]|| DES3(KMC)[ Six least significant bytes of the KEYDATA || ‘0F’ || ‘02’].
4.1.1.8 A derived key (KDEK) must be generated for each IC card and placed into the card. This key is used to decrypt in ECB mode secret data received in the STORE DATA command.
The KDEK is a 16 byte (112 bits plus parity) DES key.
The KDEK will be derived in the following way:
KDEK := DES3(KMC)[ Six least significant bytes of the KEYDATA || ’F0’ || ‘03’ ]|| DES3(KMC)[ Six least significant bytes of the KEYDATA || ‘0F’ || ‘03’].
4.1.1.9 For each Secure Channel key set the sequence counter to be returned in the response to the INITIALIZE UPDATE command must be initialized to’0000’.
________________________________________
So we can 'identify' the master key KMC'
we have 'the identifier (???) of the master personalization key'
but what the hell IS the KMC???
I suppose expensive English Publlic school or Ecole Normal education is a pre-requisite to write bad specifications like the above......
The field of cryptography is stuffed with types of people who are incapable of clear thought or description, They get away with it because they appear to be guarding secrets.
A culture of 'Security through Oscurity impedes the progress of useful industries, and has a negative impact on security.
___________________________________
From:
pre-zombie sun forum thread:
forums.sun.com5
...
"The tool is "Jload2 advanced", I just choose a so-called key file named "GD_V_CDK (CPG 2.04).key", is defines a Master key (40:41:..:4F), the key set (0) and the key derivation method namely CDK04.
I could not find any information regarding CPG 2.04, neither for key derivation method CDK04.
spec name is EMV CPS 1.x). As Dan said, the static keys KMAC,KENC and KDEC are derived and there's a section in this spec that describes the derivation.
...Whoaaa... Yes, it does work, the answer lies in Section 4.1 of the CPS 1.1 document
__________________________________
