|
|
| (11 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| == Description ==
| | {{Migrating|https://smartpossdk.gitbook.io/cloudpossdk/faq/key-injection/understand-master-and-session-keys}} |
| * Master Key
| |
| In a hierarchy of Key Encrypting Keys and Transaction Keys, the highest level of Key Encrypting
| |
| Key is known as a Master Key
| |
| | |
| * Transaction Key(Session Key)
| |
| A key used to cryptographically process the transaction. If more than one key is used for different
| |
| cryptographic functions, each may be a variant of the Transaction Key. A Transaction Key is
| |
| sometimes referred to as a Data Key, communications key, Session Key, or working key
| |
| | |
| * WizarPOS Master/Session Key hierarchy
| |
| In WizarPOS device, we uses a hierarchy of Key Encrypting Keys and Transaction Keys. The highest level of
| |
| Key Encrypting Key is known as a Master Key. Master Keys are distributed using some physical
| |
| process, e.g., the device keypad, magnetic cards, key loading device. Master Keys are replaced
| |
| by the same methods whenever compromise is known or suspected.
| |
| | |
| Transaction Keys are distributed and replaced encrypted under a Key Encrypting Key. In a '''two layer''' hierarchy, the Master Key is used to encrypt Transaction Keys directly. Alternatively, multiple
| |
| levels of Key Encrypting Keys may be used. Each Key Encrypting Key is distributed and replaced
| |
| encrypted under the next-higher level Key Encrypting Key.
| |
| | |
| WizarPOS suport two layer hierarchy, the the highest level Key Encrypting Key is sometimes referred to as a Master key, the lowest level Key we called Session Key, and Master key is used to encrypt the Session Key.
| |
| | |
| Actually, WizarPOS support '''three layer''' hierarchy too, the highest level Key Encrypting Key is sometimes referred to as a Transfer key; the middle level Key Encrypting Key is sometimes referred to as a Master Key; the lowest level Key we called Session Key, and Master key is used to encrypt the Session Key.
| |
| | |
| Usually there are 3 types of Session Keys. They are PIN key, MAC key and data key. PIN key is only used to encrypt PIN block. MAC is used to calculate MAC. Data key is used to encrypt the other data. All internal PINPad supports 3 slots of Session Key and some external PINPad only supports 2 slot of Session Keys.
| |
| | |
| There are 50 groups of Master/Session Key in WizarPOS.
| |
| | |
| == Inject ==
| |
| The Master key in the two layer hierarchy, and the Transfer key in the three layer hierarchy, please refer to [[How to inject test key(Master key or DUKPT key) remotly]] or use [ftp://sdkuser:wizsdkar@ftp.wizarpos.com/TMKDeliverSystemUsage_v1.0.pdf TMK Deliver System Usage -KeyLoader Tool in POS1 Usage].
| |
| | |
| The Session Key and the Master key in three layer, can inject by our SDK, please refer to the pinpad part.
| |
| | |
| == Usage ==
| |
| Please refer to our SDK, the description of the pinpad.
| |
