EMV CAPK选择 [英] EMV CAPK Selection

问题描述

我正在使用移动支付终端和用于测试EMV交易的测试工具.终端设置的一部分涉及将许多CAP密钥加载到终端中，以用于不同类型的卡.

I'm working with a mobile payment terminal and a testing tool for testing EMV transactions. Part of the setup of the terminal involves loading a number of CAP keys into the terminal for use with different types of cards.

我很好奇，终端如何选择合适的CAP密钥?我可以从APDU日志中获得任何信息，这些信息可以指示我将使用哪个CAP密钥吗?

I'm curious, how does the terminal go about selecting an appropriate CAP key? Is there any information I could obtain from the APDU logs that would indicate to me which CAP key will be used?

我遇到的具体问题是我有一个演示项目，该项目正在成功处理AMEX卡，但无法在自己的项目中对其进行处理.我收到诸如找不到密钥进行验证(65)"之类的错误.我认为匹配应用程序标识符就足够了，但是即使演示项目正在运行(A0 00 00 00 25)，我也没有在演示项目中看到任何AMEX标识符.

The specific problem I'm running into is I have a demo project that is processing AMEX cards with success, but I'm not able to process them in my own project. I'm getting errors such as, "No key was found to do the verification (65)". I thought it would be enough to match the Application Identifier, but I'm not seeing any AMEX identifiers in the demo project, even though it's working (A0 00 00 00 25).

推荐答案

问:终端如何选择合适的CAP密钥?

A :通常在EMV/NFC内核初始化期间添加的终端CAP密钥记录.为了确定键，记录通常具有下一个值:

A: The terminal CAP Key records usually added during the EMV/NFC kernel initialization. For the key determination the records usually have next values:

• RID-注册的应用程序ID.您的情况为"A000000025".
• 关键索引.您的情况为"65"(0x65).
• 关键指数.此键为"03".
• 键模量-恰好是键值.此测试Amex密钥为"E53E ... 400D".

根据您的EMV内核要求，还可能需要:

Depending of your EMV Kernel requirements can require also:

• 密钥激活和到期日期.
• 密钥校验和算法
• 关键校验和

问:我可以从APDU日志中获得任何信息，这些信息可以指示我将使用哪个CAP密钥吗?

A :是的，您可以从卡APDU跟踪中确定所需的密钥索引，密钥指数和RID.搜索下一个标签:

A: Yes you can determine required Key Index, Key Exponent and RID from the Card APDU traces. Search for next tags:

• 标签0x9F32:颁发者公共密钥指数.
• 标签0x8F:证书颁发机构公钥索引.
• RID是应用程序ID(AID)的前5个字节.标记0x4F:应用程序标识符(AID).

这篇关于EMV CAPK选择的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！