IDTECH信用卡读卡器数据解密
[英]IDTECH credit card reader data decrypting
问题描述
I am trying to decrypted IDTECH credit card reader's encrypted data. 
我正在尝试解密IDTECH信用卡读卡器的加密数据。
This details has been encrypted using Triple DES with CBC cipher using DUKPT. 此详细信息已使用DU DES使用带有CBC密码的Triple DES加密。
Encrypted Swipe (coming from IDTECH credit card reader): 加密刷卡(来自IDTECH信用卡读卡器):
028801001F372300%*5150********7903^PAYPASS/MASTERCARD^************
***?*;5150********7903=***************?*8871B640F379F3BD8D057A13F81454
39B28D80BE8A43F3440D85928F576065EEE1BA54CAADFF67D552C2B0CBF1A9F
34B63402B967998FC7C80487C8A6DBFD46975985D3D7E865FEEF6A48930751DC9
71FDFCBC1989294B7EF6F0D0007AA731C31F574608EB85E57751DA48970F96B0E
8BECDB94D672D746C2CC75176FA6E0C9E6FEFE0B154A0959B6299490125000000
00197F6903
Available details for decryption:: 解密的可用细节::
Key Value: F5 BF 6B E8 55 AB 92 3A DE 7E 77 40 D8 46 F9 DE
KSN: 62 99 49 01 25 00 00 00 00 1A
Decrypted Data (Result): Data in ASCII Format 解密数据(结果):ASCII格式的数据
%B5150710200107903^PAYPASS/MASTERCARD^090910140000631??;5150710200
107903=090910140000631?0
Can any security algorithm or JAVA expert can guide me how I can go ahead for decryption of this data. 任何安全算法或JAVA专家都可以指导我如何继续解密这些数据。
I am looking for solution in java.
Is above information sufficient to decrypt data or need more info? 以上信息是否足以解密数据或需要更多信息?
1 个解决方案
解决方案1
6 已采纳 2013-04-23 12:51:35
It's highly unlikely you'll be able to decrypt it, as you would also need to know the Base Derivation Key (BDK) and/or the Inital PIN Encrypting Key (IPEK) which the manufacturer has embeded into the device. 您不太可能解密它,因为您还需要知道制造商已嵌入到设备中的基本衍生密钥(BDK)和/或初始PIN加密密钥(IPEK)。 You'd also need to know how they generate the KSN from the BDK. 您还需要知道他们如何从BDK生成KSN。 They're unlikely to share all that information with you, as it would render the encryption useless. 他们不太可能与您分享所有这些信息,因为这会使加密变得毫无用处。
Source: http://en.wikipedia.org/wiki/Derived_unique_key_per_transaction 资料来源: http : //en.wikipedia.org/wiki/Derived_unique_key_per_transaction
Which leads onto the next question. 这导致了下一个问题。 Why do you want to decrypt this information? 为什么要解密这些信息? The plain text portion of the returned data contains (PCI Compliant) segments of the card number (first four digits, last four digits). 返回数据的纯文本部分包含卡号的(PCI兼容)段(前四位,后四位)。 If you were able to decrypt the full card number, then the full weight of PCI compliance would fall on your shoulders, and consequently make using a 3rd party device useless. 如果你能够解密完整卡号,然后是PCI合规的全部重量会落在你的肩上,从而让使用第三方设备没用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.