DUKPT icon indicating copy to clipboard operation
DUKPT copied to clipboard

Published 20 hours ago verified publisher icon mburshteyn1

What's the BDK and what does that look like?

Open ray-shawn opened this issue 6 years ago • 6 comments

ray-shawn avatar May 02 '18 03:05 ray-shawn

It's been a while... The BDK is the Base Derivation Key which is embedded in the card reader. It is what the scanner uses to generate the rest of the crypto routine. The application will store this BDK in a secure fashion and pass it into the library so that the encrypted data from the reader can be decrypted. Typically it is not something a consumer (developer) is exposed to, however in our case we ordered ~200 readers programmed with the same BDK and had the BDK mailed to us. It came in split in 2 separate envelopes and I believe the format was something like

XXXX-XXXX-XXXX-XXXX

for each. I don't remember whether just putting them together, or another crypto routine was needed to get the actual BDK.

more info here: https://en.wikipedia.org/wiki/Derived_unique_key_per_transaction

mburshteyn1 avatar May 02 '18 14:05 mburshteyn1

@mburshteyn1 Do you remember the process for generating the BDK from the 2 components Magtek mails in separate envelops?

mdimarca avatar Jul 27 '18 17:07 mdimarca

@mdimarca I'm sorry I don't. I think it may be specified in the IEEE DUKPT spec. I think it was something along the lines of how the single use keys are derived.

mburshteyn1 avatar Jul 27 '18 17:07 mburshteyn1

@mburshteyn1 I received two "Key Components" in the mail from Magtek. I XORed these keys together to generate a "Combined Key" (just as this website does with the "combine" button). Is that "Combined Key" in fact the BDK that should be input to the DUKPT library in the following method?

DUKPT *d = [[DUKPT alloc] initWithBDK:magtek KSN:[MTSCRA getKSN]]; NSString *decryptedTrack1 = [d decrypt:[MTSCRA getTrack1]];

When I used this "Combined Key" as the BDK in the preceding method and printed the output, the output was a series of machine code characters. I'm quite unsure how to proceed. Any tips or ideas would be greatly appreciated! Hopefully, future users will find this useful as well.

mdimarca avatar Jul 28 '18 19:07 mdimarca

Hmm, after searching for a while, we have to use another device which does not need to decrypt data with BDK, Magtek is really hard to use.

ray-shawn avatar Aug 02 '18 01:08 ray-shawn

@mdimarca if the output is not human readable that means the BDK is incorrect. I apologize again. I worked on this a very long time ago and do not remember a lot of the specifics.

@ray-shawn I agree. This project was the most intense 3 months of my career. I had almost given up multiple times.

mburshteyn1 avatar Aug 02 '18 15:08 mburshteyn1