Scribd Logo
Upload

Welcome to Scribd!

  • KF311 Key Loading Windows Tool

    Uploaded by

    swagat098
    623 views14 pages
    KF311 Key Loading Windows Tool

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    KF311 Key Loading Windows Tool

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    623 views14 pages

    KF311 Key Loading Windows Tool

    Uploaded by

    swagat098
    KF311 Key Loading Windows Tool

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    Documentation for loading keys in KF311:

    Tool used: PCI-Test tool

    To load different key in the PINPAD device following methods are used.
    Method:
    1) Plain WK Key loading
    2) Plain MK-SK Key loading
    3) MK key Loading through TR-31
    4) Plain DUKPT key loading
    5) DUKPT key loading using TR-31

    Driver installation:
    To Install the PINPAD Driver in the window environment.

    Steps to be followed to load the working key in the device.

    Step1:Connect the KF311 device to the system (Preferably Windows XP/Windows 7).
    NOTE: Install the driver for the 1st time in order to get the COM port detection. After wards it will
    detect automatically.

    Step 2: Check the COM port connection in the Device Manager.

    Step 3: Open PCI-Test tool and configure the COM port in 'Setup COM'.
    Sample view of the PC Tool used to generate the keys for different purpose.
    Method 1:
    Direct WK key loading:

    In this case there in no requirement of master key. Directly working is loaded in the PINPAD device.
    This key will be used for Pin encryption.

    To generate working key and save it in the file, need to follow steps mention below.

    1. Goto 'edit key'.


    2. Browse the file WK.key
    3. Set Key Type as PIN_WK
    4. Select '0:PLAIN TEXT'.
    5. Select key length it can be 8/16/24 byte
    6. Set key index between 0-31.
    7. Enter the KEY
    8. Confirm with same key.
    9. Click on 'Save' to save the final key encryption.
    10. Click on 'Delete' button to erase the key from the file WK.key
    11: Please look the Warn Info for the success/failure message.

    To load the key in PINPAD device we need to follow below mentioned steps

    1. Goto the 'load Key'


    2. check the 'Key file' box
    3. Browse the same WK.key file used to save the working key in the previous section.
    4. click on 'start' button to load the key in the PINPAD.
    Method 2:
    Plain MK-SK key loading:

    In this case master key is used to encrypt the session key. Master key is loaded in the plain format but
    session key is loaded in encrypted format in PINPAD device.

    Steps to be followed to load the Master key in the device.

    NOTE: Master key can be loaded as two components. No encryption is required for the master key.

    1. Goto 'Edit Key' and Browse the MK.key


    2. Set Key Type; PIN_MK
    3. Select key length it can be 8/16/24 byte
    4. Set Key Index between 0-31
    5. Select Plain text
    6. Enter component 1 of Masterkey and its KCV also displays left to that Component1
    (i.e.,Check sum)
    7. Enter component 2 of MasterKey and its KCV also displays left to that Component2
    8. Save the key by clicking on 'Save' button(XOR of compoenent1 and component 2 will be the
    final key which will be saved by clicking the 'Save' button).

    To load the session key first encrypt the session key with master key.
    Note : This procedure should follow for any encrypted session key loading.

    NOTE: use 3amsystems.com/crypto-toolbox to encrypt the session key using master key.
    1. Browse the file WK.key
    2. Set Key Type as PIN_WK
    3. select '2:ECB DECRYPTION'
    4. Select key length it can be 8/16/24 byte
    5. Set key index between 0-31.
    6. Enter the Main Key Index same as Key Index.
    7. Enter Encrypted session key value. (use 3amsystems.com to encrypt the session key)
    8. confirm with same encrypted session key value.
    9. Click on 'Save' to save the final key encryption.
    To load the Master key in the PINPAD follow the below mentioned steps:
    1: Goto 'Load key'.
    2. Tick the Key file check box.
    3. Browse the MK.key file.
    4. click of start button to load the key in the pinpad.

    To load the working key in pinpad follow the below mentioned step:
    1. Goto the 'load Key'
    2. check the 'Key file' box
    3. Browse the same WK.key file used to save the working key in the previous section.
    4. click on 'start' button to load the key in the PINPAD.

    Method 3:
    MK key Loading through TR-31

    In this method MK is transferred using TR-31 protocol to the pinpad. The session key must be
    encrypted using Master key. The session key is sent directly to the pinpad device. There is no
    requirement of any kind of protocol or alternate method to load session key.

    NOTE: The pinpad must be in 'connected' mode before loading the master key in the pinpad device
    using TR-31 protocol.

    To enter in the 'Connected' Mode. Follow the below steps on the PINPAD
    1. press F2
    2. Enter admin A password as '111111111111' (12 ones)
    3, Enter admin B password as '222222222222' (12 twos)
    4. press 'cancel' on device if you want default KBPK ie all 0's. Otherwise set the KBPK in 2
    components and final key value will be the XOR of the both components.
    5. 'Connected' will be displayed on the screen.

    NOTE: for a new device default password will be all zeros (12 zeros) for both admin A and B.
    There is a provision to change the admin password also.
    To load the Master key using TR-31 follow the below mentioned steps:

    1.Goto Edit key section.


    2. Browse the file TR31.key
    3. Set Key Type as PIN_MK
    4. Choose 'TR-31' cipher Mode
    5. Select key length it can be 8/16/24 byte
    6. Set key index between 0-31.
    7. Enter random Key
    8. Confirm with the same random key entered above
    9. Click on 'Save' to save the final key encryption.

    NOTE: To load the session key, refer the session key loading in Method 2. Same procedure must be
    used in order to load the session key.

    Method 4:
    Plain DUKPT Loading

    In this method DUKPT is transferred in Plain format to the pinpad.

    NOTE: To load the DUKPT in PinPad, first DUKPT mode must be selected in the PINPAD.
    1.Goto Edit key section.
    2. Browse the file DUKPT.key
    3. Set Key Type as DUPKT
    4. Select key length it can be 16 bytes
    5. Set key index between 0-31.
    6. Set KSN value (generally 10 bytes value is entered)
    7. Choose 'PLAIN Text' cipher Mode.
    8. Enter Component1 value.
    9. Enter Component2 value.
    10. Click on 'Save' to save the final key encryption.

    To load the DUKPT key follow the below mention steps:

    1: Goto 'Load key'.


    2. Tick the Key file check box.
    3. Browse the DUKPT file.
    4. click of start button to load the key in the pinpad.
    Method 5:
    To load DUKPT using TR-31 protocol.

    To load the DUKPT in PinPad, first DUKPT mode must be initialized.

    NOTE: to go in the DUKPT mode


    1. press F3.
    2. enter admin A password and admin B password.
    3. Press option '1: choose Mode'
    4. choose DUKPT mode by pressing 1 and then ENTER.
    After that user will
    be in DUKPT mode.

    NOTE: DUKPT is
    sent using TR-31
    only. So set the
    PINPAD device in
    'Connected' Mode
    before loading
    DUKPT.

    To load the DUKPT


    follow the below
    mentioned steps:
    1.Goto Edit key section.
    2. Browse the file DUKPT.key
    3. Set Key Type as DUPKT
    4. Select key length it can be 16 bytes
    5. Set key index between 0-31.
    6. Set KSN value ( generally 16bit value is entered)
    7. Choose 'TR-31' cipher Mode ( default mode available to load DUKPT)
    8. Enter random Key
    9. Confirm with the same random key entered above
    10. Click on 'Save' to save the final key encryption.

    To load the DUKPT file in the PINPAD follow the same steps as mentioned in the previous method.

    Note :

    1: At time you can work in a single mode ie. Either DUKPT or PINK.
    2: Changing the mode from DUKPT to PIN or PIN to DUKPT all keys will be erased.
    3: KF311 support only one DUKPT key index.
    4: It is not possible to remotely load Master keys in KF311 pinpad.
    5: There is no magnetic data encryption in KAIFA.
    6: If some new requirement comes from any customer we need to inform the same to KAIFA
    vendor to do the changes. After the completion of changes the vendor will provide the new APP.
    Using the MTK3 tool update the APP.

    You might also like