EMV CAPK选择
[英]EMV CAPK Selection
问题描述
I'm working with a mobile payment terminal and a testing tool for testing EMV transactions. 
我正在使用移动支付终端和用于测试EMV交易的测试工具。 Part of the setup of the terminal involves loading a number of CAP keys into the terminal for use with different types of cards. 终端设置的一部分涉及将许多CAP密钥加载到终端中,以用于不同类型的卡。
I'm curious, how does the terminal go about selecting an appropriate CAP key? 我很好奇,终端如何选择合适的CAP密钥? Is there any information I could obtain from the APDU logs that would indicate to me which CAP key will be used? 我是否可以从APDU日志中获得任何信息,这些信息可以指示我将使用哪个CAP密钥?
The specific problem I'm running into is I have a demo project that is processing AMEX cards with success, but I'm not able to process them in my own project. 我遇到的特定问题是我有一个演示项目,该项目正在成功处理AMEX卡,但无法在自己的项目中对其进行处理。 I'm getting errors such as, "No key was found to do the verification (65)". 我收到诸如“找不到密钥进行验证(65)”之类的错误。 I thought it would be enough to match the Application Identifier, but I'm not seeing any AMEX identifiers in the demo project, even though it's working (A0 00 00 00 25). 我认为匹配应用程序标识符就足够了,但是即使它正在工作(A0 00 00 00 25),我也没有在演示项目中看到任何AMEX标识符。
2 个解决方案
解决方案1
3 已采纳 2017-01-30 09:25:18
Q: How does the terminal go about selecting an appropriate CAP key? 问:终端如何选择合适的CAP密钥?
A : The terminal CAP Key records usually added during the EMV/NFC kernel initialization. 答 :通常在EMV / NFC内核初始化期间添加终端CAP密钥记录。 For the key determination the records usually have next values: 为了确定关键,记录通常具有下一个值:
- RID - Registered Application ID. RID-注册的应用程序ID。 'A000000025' in your case. 您的情况为“ A000000025”。
- Key Index. 关键索引。 '65' (0x65) in your case. 您的情况为“ 65”(0x65)。
- Key Exponent. 关键指数。 '03' for this key. 此键为“ 03”。
- Key Modulus - exactly the key value. 关键模量-恰好是关键值。 "E53E...400D" for this test Amex key. 此测试Amex密钥的“ E53E ... 400D”。
Depending of your EMV Kernel requirements can require also: 根据您的EMV内核要求,还可能需要:
- Key Activation and Expiry Date. 密钥激活和有效期。
- Key Checksum Algorithm 密钥校验和算法
- Key Checksum 关键校验和
Q: Is there any information I could obtain from the APDU logs that would indicate to me which CAP key will be used? 问:我是否可以从APDU日志中获得任何信息,这些信息可以指示我将使用哪个CAP密钥?
A : Yes you can determine required Key Index, Key Exponent and RID from the Card APDU traces. 答 :是的,您可以从卡APDU跟踪中确定所需的密钥索引,密钥指数和RID。 Search for next tags: 搜索下一个标签:
- Tag 0x9F32: Issuer Public Key Exponent. 标记0x9F32:发行者公共密钥指数。
- Tag 0x8F: Certification Authority Public Key Index. 标签0x8F:证书颁发机构公钥索引。
- RID is the first 5 Bytes of Application ID (AID). RID是应用程序ID(AID)的前5个字节。 Tag 0x4F: Application Identifier (AID). 标签0x4F:应用程序标识符(AID)。
解决方案2
2 2017-01-28 09:01:52
I believe you know how to do READ using the AFL(Application file locator) information. 我相信您知道如何使用AFL(应用程序文件定位器)信息进行读取。 Read all the files and you will come across an element Certification authority public key index. 阅读所有文件,您将遇到一个元素证书颁发机构公钥索引。 This is linked to application RID. 这链接到应用程序RID。 Just browse this link and you will understand. 只需浏览此链接 ,您就会了解。 It has most CA PKs. 它具有大多数CA PK。
In your case you need to add the selected PK for A000000025 with Index 65 在您的情况下,您需要为索引为65的A000000025添加选定的PK
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.