Cryptography Worked Examples for Book E
Extracted document text
EMVCo's index flattens the document's layout, so this text is best used for searching and comparing versions rather than reading end-to-end.
This document is large; EMVCo's index truncates its extracted text, so the excerpt below is partial.
EMV® Contactless Specifications for Payment Systems Book E Cryptography Worked Examples Version 1.0.1 December 2024 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 2 / 51 Legal Notice The EMV® Specifications are provided “AS IS” without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AS TO THESE SPECIFICATIONS. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to the Specifications. EMVCo undertakes no responsibility to determine whether any implementation of the EMV® Specifications may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of the EMV® Specifications should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, the Specifications may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement these Specifications is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party’s infringement of any intellectual property rights in connection with the EMV® Specifications. © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Revision Log – Version 1.0.1 Page 3 / 51 Version 1.0.1 of this document makes the following corrections to v1.0. In the AC Input Data in sections 8.2 and 9.2, the final data item Issuer Application Data with IAD-MAC has been corrected by deleting an extra '0' in the long string of '0's. Thus Issuer Application Data with IAD-MAC has been replaced with 2211A08003242000000000 0000000000000004E25BD7 ED9AA897A Issuer Application Data with IAD-MAC 2211A08003242000000000 000000000000004E25BD7E D9AA897A Consequently the following four AC computations in each of sections 8.2 and 9.2 have been corrected as have the EDA-MAC computations in sections 8.3 and 9.3. © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 4 / 51 Contents 1 1.1 1.2 1.3 1.4 1.5 2 3 3.1 3.2 3.3 4 4.1 4.2 4.3 5 5.1 5.2 5.3 6 6.1 6.2 7 7.1 7.2 8 8.1 Scope ........................................................................................................................7 Audience ................................................................................................................... 7 Related Information .................................................................................................7 Terminology .............................................................................................................8 Abbreviations ...........................................................................................................9 Notations ................................................................................................................10 Cryptographic Keys...............................................................................................12 ECC Certificate (P-256)..........................................................................................13 ECC Key Pair Generation ......................................................................................13 Issuer ECC Public Key Certificate........................................................................14 ICC ECC Public Key Certificate ............................................................................15 ECC Certificate (P-521)..........................................................................................19 ECC Key Pair Generation ......................................................................................19 Issuer ECC Public Key Certificate........................................................................20 ICC ECC Public Key Certificate ............................................................................22 RSA Certificate.......................................................................................................25 RSA Key Pair Examples ........................................................................................25 Issuer RSA Public Key Certificate........................................................................26 ICC RSA Public Key Certificate ............................................................................28 Secure Channel......................................................................................................32 BDH Key Agreement..............................................................................................32 Data Encryption and MAC.....................................................................................33 AC Key Management .............................................................................................35 Master Key Derivation ...........................................................................................35 Session Key Derivation .........................................................................................36 Using ECC Certificates..........................................................................................38 IAD-MAC Computation ..........................................................................................38 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 5 / 51 8.2 AC Computation.....................................................................................................39 8.3 EDA-MAC computation .........................................................................................40 9 9.1 9.2 9.3 Using RSA Certificates..........................................................................................41 IAD-MAC Computation ..........................................................................................41 AC Computation.....................................................................................................42 EDA-MAC Computation.........................................................................................43 Annex A Informative Section ............................................................................................44 A.1 Self-Signed CA Public Key Certificate .................................................................44 A.2 Self-Signed Issuer Public Key Certificate............................................................46 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 6 / 51 Tables Table 1.1 – Related Information...............................................................................................7 Table 1.2 – Terminology ..........................................................................................................8 Table 1.3 – Abbreviations ........................................................................................................9 Table 1.4 – Notations.............................................................................................................10 Table 2.1 – C-8 keys..............................................................................................................12 Table A.1 – Self-Signed CA Public Key Certificate ................................................................44 Table A.2 – Self-Signed Issuer Public Key Certificate ...........................................................46 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 7 / 51 1 Scope This document, EMV® Contactless Specifications for Payment Systems, Book E – Cryptography Worked Examples, provides worked examples of the security mechanisms described in the EMV® Book E specification. 1.1 Audience This specification is intended for use by manufacturers of contactless readers and terminals. It may also be of interest to manufacturers of contactless cards and to financial institution staff responsible for implementing financial applications in contactless cards. 1.2 Related Information The following references are used in this specification. It is noted that the latest version applies unless a publication date is explicitly stated. Table 1.1 – Related Information Reference [EMV Book E] [EMV Book C-8] Document Title EMV® Contactless Specifications for Payment Systems, Book E – Security and Key Management EMV® Contactless Specifications for Payment Systems, Book C-8 – Kernel 8 Specification © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 8 / 51 1.3 Terminology The following terms are used in this specification, carrying specialised meanings as indicated. Table 1.2 – Terminology Term Application Cryptogram Card Cardholder Certification Authority Issuer Kernel Local Cryptogram Payment System Reader Description The Application Cryptogram allows the authentication by the Issuer of a subset of the transaction data exchanged between the Reader and the Card. The Card, as used in these specifications, is a consumer device supporting contactless transactions. The Cardholder is the owner of the payment Card issued by the bank that holds the designated bank account. Trusted third party that establishes proof that links a public key and other related data to its owner via a certificate. The Issuer refers to the bank that holds the customer’s account, issuing the payment Card and accepting transactions with this Card. The Kernel contains the interface routines, security and control functions to interact with the payment Card. The Local Cryptogram (EDA-MAC) allows the authentication by the Reader of the transaction data exchanged between the Reader and the Card. The Payment System refers to the entity responsible for the rules and infrastructure used to perform, process and settle financial transactions. The Reader is the part of the payment terminal that provides the interface to the Card, via the contactless Kernel. © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 1.4 Abbreviations The following abbreviations are used in this specification. Table 1.3 – Abbreviations Abbreviation 3DES AC AES AID AIP ATC BDH CA CBC CDOL CMAC CMC CVM DES ECC EC-SDSA EDA ERRD IAD ICC ICCD IMK KMC MAC MK NC Description Triple DES Application Cryptogram Advanced Encryption Standard Application Identifier Application Interchange Profile Application Transaction Counter Blinded Diffie-Hellman Certification Authority Cipher Block Chaining Card Risk Management Data Object List Cipher-based Message Authentication Code Card Message Counter Cardholder Verification Method Data Encryption Standard Elliptic Curve Cryptography Elliptic Curve Schnorr Digital Signature Algorithm Enhanced Data Authentication Exchange Relay Resistance Data Issuer Application Data Integrated Circuit Card Issuer Certified Card Data Issuer Master Key Kernel Message Counter Message Authentication Code Card Master Key Length of Card Public Key Modulus Page 9 / 51 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 10 / 51 Abbreviation NCA NI NFIELD NHASH NSIG PAN PDOL PSN RID RMAC RSA SDA SHA SK TLV Description Length of Certification Authority Public Key Modulus Length of Issuer Public Key Modulus Elliptic Curve Field Size Length of the Hash Algorithm Output Length of the ECC Digital Signature Primary Account Number Processing Options Data Object List PAN Sequence Number Registered Application Provider Identifier Retail Message Authentication Code Rivest Shamir Adleman Algorithm Static Data to be Authenticated Secure Hash Algorithm Session Key Tag Length Value (of a data object) 1.5 Notations The following conventions are used in this specification. Table 1.4 – Notations Notation '6B75' 1001b 27509 A mod n Description Hexadecimal notation. Values expressed in hexadecimal form are enclosed in straight single quotes. Binary notation. Values expressed in binary form are followed by a lower case ‘b’. Decimal notation. Values expressed in decimal form are not enclosed in single quotes. The reduction of the integer A modulo the integer n, that is, the unique integer r, 0 ≤ r < n, for which there exists an integer d such that A = dn + r. Example: 54 mod 16 = 6. © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 11 / 51 Notation || A B A · B Description Two binary data objects are concatenated. Example: A = 'AB34' B = A || 'FFFF' means that B is assigned the value 'AB34FFFF'. A XOR B. Exclusive OR of A and B. Multiplication of A and B, which may be either a modular multiplication (if A and B are integers) or a scalar multiplication (if A is an integer and B is a point on an elliptic curve). © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 12 / 51 2 Cryptographic Keys C-8 keys used in this document. In the following sections all cryptographic inputs and outputs are expressed in hexadecimal. Table 2.1 – C-8 keys Description CA RSA key pair CA ECC key pair Label SCA PCA & ECA dCA, QCA Issuer RSA key pair Issuer ECC key pair SI PI & EI dI, QI ICC RSA key pair ICC ECC key pair SC PC & EC dC, QC Terminal ECC key pair (ephemeral) Issuer Master Key for AC dT, QT IMKAC Card Master Key for MKAC AC Session Key for AC SKAC Confidentiality SKC Session Key Integrity Session SKI Key Type RSA ECC RSA ECC RSA ECC Usage Signing and validation of Issuer certificates Signing and validation of Issuer certificates Signing and validation of Card certificates Signing and validation of Card certificates Signing and validation (legacy offline data authentication) BDH key agreement ECC BDH key agreement 3DES AES 3DES AES 3DES AES AES Derivation of MKAC Derivation of SKAC Generation of Application Cryptogram, Issuer Authentication, Encrypted Counters Data encryption AES IAD-MAC, EDA-MAC and data MAC Generation By the Certification Authority By the Certification Authority By the Issuer By the Issuer By the Issuer as part of the personalisation By the Issuer as part of the personalisation By the Terminal on a per transaction basis By the Issuer By the Issuer as part of the personalisation By the Card and Issuer on a per transaction basis By the Card and Terminal on a per transaction basis By the Card and Terminal on a per transaction basis © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 13 / 51 3 ECC Certificate (P-256) 3.1 ECC Key Pair Generation
• P-256 curve parameters Parameter p Value FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFF n FFFFFFFF 00000000 FFFFFFFF FFFFFFFF BCE6FAAD A7179E84 F3B9CAC2 FC632551 a FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFC b 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B G(x) 6B17D1F2 E12C4247 F8BCE6E5 63A440F2 77037D81 2DEB33A0 F4A13945 D898C296 G(y) 4FE342E2 FE1A7F9B 8EE7EB4A 7C0F9E16 2BCE3357 6B315ECE CBB64068 37BF51F5
• NFIELD = 32 bytes, NHASH = 32 bytes, NSIG = 64 bytes As described in [EMV Book E] section 8.8.5, ensure that Q(y) < (p+1)/2 (p+1)/2 dCA QCA = dCA·G dI QI = dI·G dC QC = dC·G 7FFFFFFF80000000800000000000000000000000800000000000 000000000000 723222B51845E8B41A66263AE90E962148F9CCC3BE45B3E5902C EC0195F2AEAF F60DAECD42B48FCCA547D942204D6098F1A353A5CD25CBDF2EC1 ABFD0170E0FC 6FD75EAAB356BE98BAA8E99A6FCE303F0C952BC02B4F566F096D D6EFF20C8FE8 DD5015968F6E10BE471523C58716FC0A36A40B309E62039DF6ED 9FC62C6EA5F8 CD7400578B1164FEA954658C763C5A94FB3514FA89DB5B3B447A E8F4D5DF870A 4CB6523AFD465E964F77A6DD5B67C79202E9B39892A8E9D45562 D1100493D215 9CCCF19E58228AED9CEEB7D48F69D3B37EE56F416D642E13D5F4 6FC9D198E08F 43CA1837F6B4321CA70262902037EFCE790DC583828AEA628FFA AEFC08618658 605F7182F9C750D70FE18DDDE9D8006F09A2F4732E538DBBCE6D F40B50B58C71 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 14 / 51 3.2 Issuer ECC Public Key Certificate The Issuer ECC Public Key Certificate described in [EMV Book E] section 5.1 authenticates the 32-byte Issuer ECC Public Key QI(x).
• Issuer certificate Name Length Example 1 Issuer Certificate Format 1 12 2 Issuer Certificate Encoding 1 00 3 Issuer Identifier 5 54133390FF 4 Issuer Public Key Algorithm 1 10 Suite Indicator 5 Issuer Certificate Expiration 4 20301231 Date 6 Issuer Certificate Serial Number 3 123456 7 RID 5 A000000004 8 Certification Authority Public Key Index 1 E0 9 Issuer Public Key 32 CD7400578B1164FEA954658C763C5A94FB351 4FA89DB5B3B447AE8F4D5DF870A 10 Issuer Public Key Certificate Signature 64 R || S (see below)
• EC-SDSA signature generation with CA private key M (items 1-9) k k·G = (x1, y1) X1 || M R = SHA-256 [X1 || M] dCA r·dCA mod n 120054133390FF1020301231123456A000000004E0CD7400578B 1164FEA954658C763C5A94FB3514FA89DB5B3B447AE8F4D5DF87 0A 049916F4FD4046C1DBA9FBBD41C5A9643BDC6978C42371DDCD5D 725E144B6446 97A53F70D17035261E0A55D2A4037AB055D8DDD4C8E4B98ECA3E 95C179A50140 6E2976CD7B2749F0CA2B2867C824C5F4A00FBD8B6A35EEABF332 3460333263E7 97A53F70D17035261E0A55D2A4037AB055D8DDD4C8E4B98ECA3E 95C179A50140120054133390FF1020301231123456A000000004 E0CD7400578B1164FEA954658C763C5A94FB3514FA89DB5B3B44 7AE8F4D5DF870A 739061ADBC6FC71C8864EA9D3D6BAB5C9501C058D895FE0F69D9 2E22412953DC 723222B51845E8B41A66263AE90E962148F9CCC3BE45B3E5902C EC0195F2AEAF 1633B4C963405594B91D3E0D13069690932CFB68F523520F3367 731490B6B542 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 15 / 51 s = (k + r·dCA) mod n R || S 1ACCCBBE60809C5694C739CA54CC3FF4CF0964E1B946C3ED00C4 E572A5021988 739061ADBC6FC71C8864EA9D3D6BAB5C9501C058D895FE0F69D9 2E22412953DC1ACCCBBE60809C5694C739CA54CC3FF4CF0964E1 B946C3ED00C4E572A5021988
• EC-SDSA signature verification with CA public key s·G QCA r·QCA s·G – r·QCA = (x2, y2) X2 || M R’ = SHA-256 [X2 || M] D782AE7280E820DC4F51F1E5BE775E750B756D874FEDD3F6104F 82DD3A4A86EC02CB063AED492FBDAF1F73E649665EC88286CE01 3AA494E9A3C4265E463598F9 F60DAECD42B48FCCA547D942204D6098F1A353A5CD25CBDF2EC1 ABFD0170E0FC6FD75EAAB356BE98BAA8E99A6FCE303F0C952BC0 2B4F566F096DD6EFF20C8FE8 A1BD2E078921006B5F53FEF262F682AA5A01603C4DC97F699C33 D70552A7E712DE42737E502464EBB015854BB57DC010D73CE639 3C5C600F7E57E6B545BD7B0E 97A53F70D17035261E0A55D2A4037AB055D8DDD4C8E4B98ECA3E 95C179A50140 6E2976CD7B2749F0CA2B2867C824C5F4A00FBD8B6A35EEABF332 3460333263E7 97A53F70D17035261E0A55D2A4037AB055D8DDD4C8E4B98ECA3E 95C179A50140120054133390FF1020301231123456A000000004 E0CD7400578B1164FEA954658C763C5A94FB3514FA89DB5B3B44 7AE8F4D5DF870A 739061ADBC6FC71C8864EA9D3D6BAB5C9501C058D895FE0F69D9 2E22412953DC 3.3 ICC ECC Public Key Certificate The ICC ECC Public Key Certificate described in [EMV Book E] section 5.3 authenticates the 32-byte ICC ECC Public Key QC(x).
• ICC (or Card) certificate Name 1 ICC Certificate Format 2 ICC Certificate Encoding 3 ICC Public Key Algorithm Suite Indicator 4 ICC Certificate Expiration Date 5 ICC Certificate Expiration Time 6 ICC Certificate Serial Number 7 ICCD Hash Encoding Length 1 14 1 00 1 00 Example 4 20291231 2 2359 6 987654321000 1 01 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 16 / 51 8 ICCD Hash Algorithm Indicator 9 ICCD Hash (see below) 10 ICC Public Key 11 ICC Public Key Certificate Signature 1 02 32 60D3FB0E45A5E64834880571152BE93E241D2 16D407F6F000C263B1CC87517AF 32 43CA1837F6B4321CA70262902037EFCE790DC 583828AEA628FFAAEFC08618658 64 R || S (see below)
• CDOL1 content Reference Amount, Authorised Amount, Other Terminal Country Code Terminal Verification Results Transaction Currency Code Transaction Date Transaction Type Unpredictable Number CVM Results Terminal Risk Management Data Relay Resistance Time Excess (optional) Tag 9F02 9F03 9F1A 95 5F2A 9A 9C 9F37 9F34 9F1D 9F810C Length 06 06 02 05 02 03 01 04 03 08 02 Value 000000010000 000000001000 0840 0000000082 0840 241115 00 97576168 000000 F780800000000000 0000
• SDA content and ICCD Hash computation The ICC ECC Public Key is included as a certificate item (not as an SDA data element). All the SDA data elements in the following table are in TLV format except the AIP. Application PAN Track 2 Equivalent Data Application Expiration Date Application Currency Code Application Usage Control Application PSN Extended SDA Tag List CDOL1 AID AIP (Value only) 5A085413339000001513 57125413339000001513D2912201000000000000 5F2403291231 9F42020978 9F0702FF00 5F340101 9F810A038C9F06 8C1F9F02069F03069F1A0295055F2A029A039C019F37049 F34039F1D089F810C02 9F0607A0000000041010 0103 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 17 / 51 SDA ICCD Hash = SHA-256 [SDA] 5A08541333900000151357125413339000001513D291220 10000000000005F24032912319F420209789F0702FF005F 3401019F810A038C9F068C1F9F02069F03069F1A0295055 F2A029A039C019F37049F34039F1D089F810C029F0607A0 0000000410100103 60D3FB0E45A5E64834880571152BE93E241D216D407F6F0 00C263B1CC87517AF
• EC-SDSA signature generation with P-256 Issuer private key M (items 1-10) k k·G = (x1, y1) X1 || M R = SHA-256 [X1 || M] dI r·dI mod n s = (k + r·dI) mod n R || S 140000202912312359987654321000010260D3FB0E45A5E64834 880571152BE93E241D216D407F6F000C263B1CC87517AF43CA18 37F6B4321CA70262902037EFCE790DC583828AEA628FFAAEFC08 618658 93C1BB40E845B014C0CE00325A2E89642B891EBF0265F16A1531 671467909371 779D75F98D9111B38AD5A15DC037347A1CEB73E96C6798D479FC AC4B56AA230C 99BBDDC5F7828C4491D1E6B50F4BC7F22826A1506CD3F3D22928 750D34552929 779D75F98D9111B38AD5A15DC037347A1CEB73E96C6798D479FC AC4B56AA230C140000202912312359987654321000010260D3FB 0E45A5E64834880571152BE93E241D216D407F6F000C263B1CC8 7517AF43CA1837F6B4321CA70262902037EFCE790DC583828AEA 628FFAAEFC08618658 035824B9DD96765B97A0CC52C1B668B075ED86BE31DA1159C6F9 128863B75A80 DD5015968F6E10BE471523C58716FC0A36A40B309E62039DF6ED 9FC62C6EA5F8 29C47543B983B5B1C0E072ACE12A20665F6365A4DC8AB690208F 876F3D960BF4 BD863084A1C965C681AE72DF3B58A9CA8AEC8463DEF0A7FA35C0 EE83A5269F65 035824B9DD96765B97A0CC52C1B668B075ED86BE31DA1159C6F9 128863B75A80BD863084A1C965C681AE72DF3B58A9CA8AEC8463 DEF0A7FA35C0EE83A5269F65
• EC-SDSA signature verification with P-256 Issuer public key s·G E7B20AE396A941777EADBE8529A2D79916A01E7023D21F94B470 694EB06E995E,2A0E3B1BAC261EE2C5B7C7A9B84641268E5171B 2AEFD779432C80B6029C25804 QI CD7400578B1164FEA954658C763C5A94FB3514FA89DB5B3B447A E8F4D5DF870A4CB6523AFD465E964F77A6DD5B67C79202E9B398 92A8E9D45562D1100493D215 r·QI B65F477A3E412246361480FE299145F982A616B08576C05E7E17 9B601C812DC1,28FD4627D83E6CE60BC436785D98547CEEE4179 57C13AB33F8D099B56F28B716 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 18 / 51 s·G – r·QI = (x2, y2) X2 || M R’ = SHA-256 [X2 || M] 779D75F98D9111B38AD5A15DC037347A1CEB73E96C6798D479FC AC4B56AA230C 99BBDDC5F7828C4491D1E6B50F4BC7F22826A1506CD3F3D22928 750D34552929 779D75F98D9111B38AD5A15DC037347A1CEB73E96C6798D479FC AC4B56AA230C140000202912312359987654321000010260D3FB 0E45A5E64834880571152BE93E241D216D407F6F000C263B1CC8 7517AF43CA1837F6B4321CA70262902037EFCE790DC583828AEA 628FFAAEFC08618658 035824B9DD96765B97A0CC52C1B668B075ED86BE31DA1159C6F9 128863B75A80 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 19 / 51 4 ECC Certificate (P-521) Whilst P-521 is supported for contingency purposes only, testing and type approval may be introduced in the future. 4.1 ECC Key Pair Generation
• P-521 curve parameters Parameter p Value 01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF n 01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFA 51868783 BF2F966B 7FCC0148 F709A5D0 3BB5C9B8 899C47AE BB6FB71E 91386409 a 01FF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFC b 0051 953EB961 8E1C9A1F 929A21A0 B68540EE A2DA725B 99B315F3 B8B48991 8EF109E1 56193951 EC7E937B 1652C0BD 3BB1BF07 3573DF88 3D2C34F1 EF451FD4 6B503F00 G(x) 00C6 858E06B7 0404E9CD 9E3ECB66 2395B442 9C648139 053FB521 F828AF60 6B4D3DBA A14B5E77 EFE75928 FE1DC127 A2FFA8DE 3348B3C1 856A429B F97E7E31 C2E5BD66 G(y) 0118 39296A78 9A3BC004 5C8A5FB4 2C7D1BD9 98F54449 579B4468 17AFBD17 273E662C 97EE7299 5EF42640 C550B901 3FAD0761 353C7086 A272C240 88BE9476 9FD16650 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 20 / 51
• NFIELD = 66 bytes, NHASH = 64 bytes, NSIG = 130 bytes As described in [EMV Book E] section 8.8.5, ensure that Q(y) < (p+1)/2 (p+1)/2 dCA QCA = dCA·G dI QI = dI·G 0100000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000 018B05B1953B24AC49B340C24D6DD42CCFFDD795F6879C4B2847 5375CEEA2440D6180E7733BA7423B9CF9A61AAA6A3480B882BA6 F9497F09613451877120383FF2BC 00C39043668D6993CB1E0ED903D3660937577DB1CD98EDE1F832 88873E8BC17E45B8F084010366B08E5C90FFF151069A7BA8B6D2 956D4AE8D72AA927FE5C424FA450 00F6AB193BCB3776C632E8EC07DE7395D27BFD001C91C095B571 3E50E41AE468EE90787DD73E67A6CA9C8F164310AB61358F4AC4 8B1F1BB1B1C7C3EE6945BDEEF5CC 00D069CF714C812DE247A3546AEA2A8098D707031FCB2EB93629 255305FA6C6FFB8944E7FCF8C0D5C1115F5801797E49D61A562B CA08ACB61B1F756A3A3D9AF33635 009C0AE6DC43AC03AA8285C9C67962B0B426587EB50DB41F7A5D D37BBB7E95831C8742384A1C880A561CE775946D473E4CD12FC0 3E4345ED93A515C6FAF722FA13E7 004560B292F499E3204F3F4E2BAC48E1DCA59EA221CD4546E2F3 182EBCDE8CA3FD61427DF6EB2EEA1C68738DDE411C084F94C1B0 69C84A4BFDC7E38214554DEB4681
• The length of the ICC ECC Public Key is always 32 bytes (P-256 curve). dC QC = dC·G 9CCCF19E58228AED9CEEB7D48F69D3B37EE56F416D642E13D5F4 6FC9D198E08F 43CA1837F6B4321CA70262902037EFCE790DC583828AEA628FFA AEFC08618658 605F7182F9C750D70FE18DDDE9D8006F09A2F4732E538DBBCE6D F40B50B58C71 4.2 Issuer ECC Public Key Certificate The Issuer ECC Public Key Certificate described in [EMV Book E] section 5.1 authenticates the 66-byte Issuer ECC Public Key QI(x).
• Issuer certificate Name Length 1 Issuer Certificate Format 1 12 2 Issuer Certificate Encoding 1 00 3 Issuer Identifier 5 54133390FF 4 Issuer Public Key Algorithm 1 11 Suite Indicator 5 Issuer Certificate Expiration 4 20301231 Date Example © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 21 / 51 Name 6 Issuer Certificate Serial Number 7 RID 8 Certification Authority Public Key Index 9 Issuer Public Key 10 Issuer Public Key Certificate Signature Length 3 123456 Example 5 A000000004 1 E1 66 009C0AE6DC43AC03AA8285C9C67962B0B4265 87EB50DB41F7A5DD37BBB7E95831C8742384A 1C880A561CE775946D473E4CD12FC03E4345E D93A515C6FAF722FA13E7 130 R || S (see below)
• EC-SDSA signature generation with CA private key M (items 1-9) k k·G = (x1, y1) X1 || M R = SHA-512 [X1 || M] dCA r·dCA mod n s = (k + r·dCA) mod n R || S 120054133390FF1120301231123456A000000004E1009C0AE6DC 43AC03AA8285C9C67962B0B426587EB50DB41F7A5DD37BBB7E95 831C8742384A1C880A561CE775946D473E4CD12FC03E4345ED93 A515C6FAF722FA13E7 01CEC53C7A0FC68F914CB3B06AAF89B04622B465AB8CB52DA2FA E7B2BF3E7754B1866900AEE2AFF453C8199617EC6E23E111CC81 3F622EEBECC51B4516CC37569D09 00DD39601954C318E51C9C254FC626F246E4EE5437F7464614CB A85010849B5CE76C4D6941CE666139A4E5FA40BCA47F61E3D3DC 11D83D14E6B3C600C0E4B653EF9C 008BD9A8608EC30BB85836AAA13791D8DAF45CBC368091AAF960 DA9E285F7A3992E1948AD512F54DCA255D0B7F9FAACB5C202057 6A48B7AF26609B308B95776413C0 00DD39601954C318E51C9C254FC626F246E4EE5437F7464614CB A85010849B5CE76C4D6941CE666139A4E5FA40BCA47F61E3D3DC 11D83D14E6B3C600C0E4B653EF9C120054133390FF1120301231 123456A000000004E1009C0AE6DC43AC03AA8285C9C67962B0B4 26587EB50DB41F7A5DD37BBB7E95831C8742384A1C880A561CE7 75946D473E4CD12FC03E4345ED93A515C6FAF722FA13E7 DCB625B0FC3F87241D38565B4CAE9B1B9D00A70B71EAF6F54ACD E94EEFE49C514724FAF5F7A4A25606F0CE7C89DC6EE4403D841E F7155B87363E8CE39EB7FEAC 018B05B1953B24AC49B340C24D6DD42CCFFDD795F6879C4B2847 5375CEEA2440D6180E7733BA7423B9CF9A61AAA6A3480B882BA6 F9497F09613451877120383FF2BC 018A134FF114108EEB0ED99E255A30FD93475A67F5347B29D1FC E5B33ECC19225F99767FC9DBACABF0B14835F99BF8DF9CBED71A FCFCDEA93F7FA323899EBFF779EB 0158D88C6B23D71E7C5B8D4E9009BAADD96A0ECDA0C1305774F7 CD65FE0A907711258DF9F13A9D70AE0DE200103F6FF9D80067E6 72A683F8E49602F8E94C6615B2EB DCB625B0FC3F87241D38565B4CAE9B1B9D00A70B71EAF6F54ACD E94EEFE49C514724FAF5F7A4A25606F0CE7C89DC6EE4403D841E F7155B87363E8CE39EB7FEAC0158D88C6B23D71E7C5B8D4E9009 BAADD96A0ECDA0C1305774F7CD65FE0A907711258DF9F13A9D70 AE0DE200103F6FF9D80067E672A683F8E49602F8E94C6615B2EB © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 22 / 51
• EC-SDSA signature verification with CA public key s·G QCA r·QCA s·G – r·QCA = (x2, y2) X2 || M R’ = SHA-512 [X2 || M] 0124CB62782B5F8CFE3B449994CCC4EF8EABDA82396128C3BED4 49513BDA59679788B90A06E54E6E6480421E436DDCAB59DD3612 7335B25996789F3427B495CBCA650193DAD92B6318E697D99535 CCC595B648ED8AC509FD653259CCAABE91C08864024C76364436 ADF16A463903E2075BFA9A1BE5DAE1922B91CD1A2242624786AD 6B59 00C39043668D6993CB1E0ED903D3660937577DB1CD98EDE1F832 88873E8BC17E45B8F084010366B08E5C90FFF151069A7BA8B6D2 956D4AE8D72AA927FE5C424FA45000F6AB193BCB3776C632E8EC 07DE7395D27BFD001C91C095B5713E50E41AE468EE90787DD73E 67A6CA9C8F164310AB61358F4AC48B1F1BB1B1C7C3EE6945BDEE F5CC 00234DB8AC6520EF78CA95A8CA790C31DEFB55ECAA69CD636B14 13560E263FD7A4EAE87788D86F408EA9CC36376F631BB2D6B990 42A45C97E6126328AE38AFA378D501449738C4364C6D1EF7C927 7E1A48994749FF9D06E272BB1EB15AF18343D7EE32E48A978223 22C17A82CD444BF336F1BEEE5D47032DDC4F815C9E4964952731 A67C 00DD39601954C318E51C9C254FC626F246E4EE5437F7464614CB A85010849B5CE76C4D6941CE666139A4E5FA40BCA47F61E3D3DC 11D83D14E6B3C600C0E4B653EF9C 008BD9A8608EC30BB85836AAA13791D8DAF45CBC368091AAF960 DA9E285F7A3992E1948AD512F54DCA255D0B7F9FAACB5C202057 6A48B7AF26609B308B95776413C0 00DD39601954C318E51C9C254FC626F246E4EE5437F7464614CB A85010849B5CE76C4D6941CE666139A4E5FA40BCA47F61E3D3DC 11D83D14E6B3C600C0E4B653EF9C120054133390FF1120301231 123456A000000004E1009C0AE6DC43AC03AA8285C9C67962B0B4 26587EB50DB41F7A5DD37BBB7E95831C8742384A1C880A561CE7 75946D473E4CD12FC03E4345ED93A515C6FAF722FA13E7 DCB625B0FC3F87241D38565B4CAE9B1B9D00A70B71EAF6F54ACD E94EEFE49C514724FAF5F7A4A25606F0CE7C89DC6EE4403D841E F7155B87363E8CE39EB7FEAC 4.3 ICC ECC Public Key Certificate The ICC ECC Public Key Certificate described in [EMV Book E] section 5.3 authenticates the 32-byte ICC ECC Public Key QC(x).
• ICC (or Card) certificate Name 1 ICC Certificate Format 2 ICC Certificate Encoding 3 ICC Public Key Algorithm Suite Indicator 4 ICC Certificate Expiration Date Length 1 14 1 00 1 00 4 20291231 Example © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 23 / 51 Name 5 ICC Certificate Expiration Time 6 ICC Certificate Serial Number 7 ICCD Hash Encoding 8 ICCD Hash Algorithm Indicator 9 ICCD Hash (see section 3.3) 10 ICC Public Key 11 ICC Public Key Certificate Signature Length 2 2359 Example 6 987654321000 1 01 1 02 32 60D3FB0E45A5E64834880571152BE93E241D2 16D407F6F000C263B1CC87517AF 32 43CA1837F6B4321CA70262902037EFCE790DC 583828AEA628FFAAEFC08618658 130 R || S (see below)
• EC-SDSA signature generation with P-521 Issuer private key M (items 1-10) k k·G = (x1, y1) X1 || M R = SHA-512 [X1 || M] dI r·dI mod n s = (k + r·dI) mod n 140000202912312359987654321000010260D3FB0E45A5E64834 880571152BE93E241D216D407F6F000C263B1CC87517AF43CA18 37F6B4321CA70262902037EFCE790DC583828AEA628FFAAEFC08 618658 01EC03A29BF1F9CBA1EB306F4A3D63AB4C9B8955AEE4CBDFCA5A 248B5CBC8DA0C4951E5565CC8BD025E0CF4D227B51B66DC628DB 7D51723F82409D738599C9C96D43 00DB779BCBBC7698BEC7DAE0566E33DE3832F2EB7B897A45AF9E DE43761CECF41E46B641736FBF132DAE69A4EF84C4D383A7C0AC 369F1540E3C95EC8E0B10215512E 00D878F5EC1AFDEDD683FB94CA812008985EFA25FF7A53C15C37 1CD2704899D28B65D6F57F70DA613C1E4B331F5B919ACF409F4E 9A2535BFD7A79B3A58133F021B68 00DB779BCBBC7698BEC7DAE0566E33DE3832F2EB7B897A45AF9E DE43761CECF41E46B641736FBF132DAE69A4EF84C4D383A7C0AC 369F1540E3C95EC8E0B10215512E140000202912312359987654 321000010260D3FB0E45A5E64834880571152BE93E241D216D40 7F6F000C263B1CC87517AF43CA1837F6B4321CA70262902037EF CE790DC583828AEA628FFAAEFC08618658 AEE9050995E9DA36D574942FC1F0F6C1ABC085904CB124B66878 8681E4BC84B6FCB7F7DA9A01561C7F7F2318A1E03A52E76F7297 55D2F9279EEE1185DE31401C 00D069CF714C812DE247A3546AEA2A8098D707031FCB2EB93629 255305FA6C6FFB8944E7FCF8C0D5C1115F5801797E49D61A562B CA08ACB61B1F756A3A3D9AF33635 004C53FE78473FE0B2068CD84033CDC9F50CEF104D91F4BDC533 E7759025ED402FCC6344478F3B132380B52A043094F507287425 A1B716645C0840770EA71B099ED3 003857A1143939AC53F1BD478A71317541A87865FC76C09D8F8E 0C00ECE27AE0F467301325D807B3B2F604AB2562EFA1CF1E614B 554FFF07969A227ADD22539AA80D © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 24 / 51 R || S AEE9050995E9DA36D574942FC1F0F6C1ABC085904CB124B66878 8681E4BC84B6FCB7F7DA9A01561C7F7F2318A1E03A52E76F7297 55D2F9279EEE1185DE31401C003857A1143939AC53F1BD478A71 317541A87865FC76C09D8F8E0C00ECE27AE0F467301325D807B3 B2F604AB2562EFA1CF1E614B554FFF07969A227ADD22539AA80D
• EC-SDSA signature verification with P-521 Issuer public key s·G QI r·QI s·G – r·QI = (x2, y2) X2 || M R’ = SHA-512 [X2 || M] 0101FF8C563242F9EA1DCD3687E775B6DCDB3642677010EC5EB9 856E2AEF904714065CC8B974412A8C685E1421F2D33276F6C6A2 41AD99692C567E6DE0AC41642B570020D2DF62D1A1CBD5C79875 B13CE09FC2E8944D75549CC4BF5A14A1D25C0EADE492DE6F8C01 E960DF9B447706F6B999972F4DE852AF77BA511A06E29D5B15A8 5D28 009C0AE6DC43AC03AA8285C9C67962B0B426587EB50DB41F7A5D D37BBB7E95831C8742384A1C880A561CE775946D473E4CD12FC0 3E4345ED93A515C6FAF722FA13E7004560B292F499E3204F3F4E 2BAC48E1DCA59EA221CD4546E2F3182EBCDE8CA3FD61427DF6EB 2EEA1C68738DDE411C084F94C1B069C84A4BFDC7E38214554DEB 4681 016B150B88C46DCB2F8D97BBC4CF3476AF56B951EE5AC76D458C C53B703E3307F510FB457F9C3F921C39E59F0AABE6FE176125D4 2D01EF3FCB28C60F7E28873E795E0153CC988C4429DE1324305D 10F82461A054DECF5DB16E6411496CA6D56A57951D819AC1DF98 3B541798798049662D4BE7F827F40698A8DEA6D58204E642FF6A C2EF 00DB779BCBBC7698BEC7DAE0566E33DE3832F2EB7B897A45AF9E DE43761CECF41E46B641736FBF132DAE69A4EF84C4D383A7C0AC 369F1540E3C95EC8E0B10215512E 00D878F5EC1AFDEDD683FB94CA812008985EFA25FF7A53C15C37 1CD2704899D28B65D6F57F70DA613C1E4B331F5B919ACF409F4E 9A2535BFD7A79B3A58133F021B68 00DB779BCBBC7698BEC7DAE0566E33DE3832F2EB7B897A45AF9E DE43761CECF41E46B641736FBF132DAE69A4EF84C4D383A7C0AC 369F1540E3C95EC8E0B10215512E140000202912312359987654 321000010260D3FB0E45A5E64834880571152BE93E241D216D40 7F6F000C263B1CC87517AF43CA1837F6B4321CA70262902037EF CE790DC583828AEA628FFAAEFC08618658 AEE9050995E9DA36D574942FC1F0F6C1ABC085904CB124B66878 8681E4BC84B6FCB7F7DA9A01561C7F7F2318A1E03A52E76F7297 55D2F9279EEE1185DE31401C © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 25 / 51 5 RSA Certificate 5.1 RSA Key Pair Examples
• NCA = 1984 bits (248 bytes) SCA 1A1F7B253395D8D5C287223FD8D567FEB9E6AED23CC116A1187DC38CC06D2 2B3BC6BF71F5AF2A9FC658C00C0235A183536F966F6BA6E9EE4AB05148C00 FC95EC926421052DA37C8535BDE5F2F9B9A939B1AF90203F302F665DF00A8 57AA5A720F2C038A68ED58381835A77CB0E36C50E05D32527705E11AE4A2A F547A5107458EFDE22F52E824E372F9787F02417440504F288760995CF83C 12E55016BD83255DC0D778127BAFC9D0CF860067EA3EF46A4D90C24CB7207 84D4B6C000BDFCEE20537193632A1F18AF4466D2E57B7F92C91A426D0C996 D2B59F042299F2743452C722563BDA90B42CAD8F7CF3E2748810A659AAFC9 780A3733 PCA 9CBCE2DF358315028F2ACD7F15006FF85B6818ED6C8687C692F2954C828ED 0366A87CABC21AFFBEA61480480D41C913F49D869C85E97B95C021E7B4805 EB838B6E58C61F11D4EB1F427363B1DA59F75A2A1D60C17B211C6633A03F2 0DFE1EAC5B08153E759011509141ECEC255489E5422F2DEECA2346A15BD01 BFAF6FE36BEAF696F4B7CD258D46550F2902A9B2F5152EBF5BEE67BE65AF2 BA308E62536C3EBF55CF59E4CA7AC76FFB8719A35E4692919B73CDE3526C7 2014C77F7D40EB6C67996D07E4FE48C8BBA56B16F00DE4BB1A36EC0353EE1 DAA91EAC36B28A2AD8E0B77196524747F0A404F9397967D2430E0433F4617 FC7B9DBF ECA 03
• NI = 1408 bits (176 bytes) SI 1AADA7763151D4D75A171A414E61D739FAEC2D1A2B4A7B08171B995FDCAEC D680A24BF435FAFF55723B439C275BA286836C3FA18D704EE9CDF09851DA1 C4171B4F773F21FEAFA4E8826B1799A7E4B11559C34874247A3EDE89B08B3 9DD655D7570EED1EC6DCA0D83197669CD409DBD5A7967EC909C41B511AE02 8B1B482CEB078567CB47E707FAD7EB228FCF171C0664174180E3063668B16 C15C49320C33A3DAF7534FD8E1F254A4D5EBF8997CCBDD3 PI A011ECC527EAFD0C1C8A9D87D64B0B5BE1890E9D03BEE2308AA5983F2C18D 0703CDC7B943E1FC00AD6395A8EC25CF2714897DC950A1D97AD3A391EB1CA 988AA3DCCB7ACBF81DDD730E828D99EF5C26801A93B2B8DADD7938CF035A8 534EF839410383AE43CC1A8694984A8E8577CB5F370201D866D9618EC05BD 9A95A6EF4545CFB354D9C61E2082B183BC476E8042D075DDC54E51300D03E 44EBFF7140C0556B39CA0D78B28553644A12365F40FA547 EI 03 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 26 / 51
• NC = 1152 bits (144 bytes) SC 2132900B4758D455BE0911D0BB81F680DED5D6385CD7ADC850F2C0459556C 8F934A17A8C3AAC3A650E1672D01B25F1BE1396CE9F851A46BBAF362ADD83 F108E52FAF49A7305830A0321E91BF8D721FE306987E33AD6A0986F9AEDD4 529299CA413771B5F5C93551490F71CD6F1A6189D617D3CBDECC21CB67731 37B85FAC61EF32E62229EC56E591E9F3A4D0093A24D1 PC C72F6043AC14FA0274366AE4650BC705390305522D0E12B1E5B081A18008B 5D73BC8DF4960095E5E5486B0E0A2E3AA747588D7BD1E9DA8661B45013117 A6355F1E1BB9EB221123C2F0FBE73C75D31EF175BC2B40B557030041F6501 64D69DFD0DDB970E09C8C90D7F218810692DAF16F4C96556A52580868BA23 8CF64EB72732D334CE32927DDAB7C9C871735F764F59 EC 03 5.2 Issuer RSA Public Key Certificate The Issuer RSA Public Key Certificate described in [EMV Book E] section 6.1 authenticates the Issuer RSA Public Key PI.
• Issuer certificate Name Length Example 1 Issuer Certificate Format 1 02 2 Issuer Identifier 4 54133390 3 Issuer Certificate Expiration 2 1230 Date 4 Issuer Certificate Serial Number 3 234567 5 Issuer Hash Algorithm Indicator 1 01 6 Issuer Public Key Algorithm 1 01 Indicator 7 Issuer Public Key Length 1 B0 8 Issuer Public Key Exponent 1 01 Length 9a Issuer Public Key Leftmost Digits 212 A011ECC527EAFD0C1C8A9D87D64B0B5BE1890 E9D03BEE2308AA5983F2C18D0703CDC7B943E 1FC00AD6395A8EC25CF2714897DC950A1D97A D3A391EB1CA988AA3DCCB7ACBF81DDD730E82 8D99EF5C26801A93B2B8DADD7938CF035A853 4EF839410383AE43CC1A8694984A8E8577CB5 F370201D866D9618EC05BD9A95A6EF4545CFB 354D9C61E2082B183BC476E8042D075DDC54E 51300D03E44EBFF7140C0556B39CA0D78B285 53644A12365F40FA547BBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBB 10 Issuer Public Key Certificate Signature 248 S (see below) © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 27 / 51
• Issuer certificate related data Name Length 9b Issuer Public Key 0 Remainder 9c Issuer Public Key Exponent 1 03 Example
• RSA signature generation with CA private key M (items 1-9a, 9b, 9c) H = SHA-1 [M] M1 M2 X = 6A || M1 || H || BC S = Sign (SCA) [X] 025413339012302345670101B001A011ECC527EAFD0C1C8A9D87 D64B0B5BE1890E9D03BEE2308AA5983F2C18D0703CDC7B943E1F C00AD6395A8EC25CF2714897DC950A1D97AD3A391EB1CA988AA3 DCCB7ACBF81DDD730E828D99EF5C26801A93B2B8DADD7938CF03 5A8534EF839410383AE43CC1A8694984A8E8577CB5F370201D86 6D9618EC05BD9A95A6EF4545CFB354D9C61E2082B183BC476E80 42D075DDC54E51300D03E44EBFF7140C0556B39CA0D78B285536 44A12365F40FA547BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB03 149E9C93A0B3B7971392B84304DAE15E67D57D30 025413339012302345670101B001A011ECC527EAFD0C1C8A9D87 D64B0B5BE1890E9D03BEE2308AA5983F2C18D0703CDC7B943E1F C00AD6395A8EC25CF2714897DC950A1D97AD3A391EB1CA988AA3 DCCB7ACBF81DDD730E828D99EF5C26801A93B2B8DADD7938CF03 5A8534EF839410383AE43CC1A8694984A8E8577CB5F370201D86 6D9618EC05BD9A95A6EF4545CFB354D9C61E2082B183BC476E80 42D075DDC54E51300D03E44EBFF7140C0556B39CA0D78B285536 44A12365F40FA547BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB 03 6A025413339012302345670101B001A011ECC527EAFD0C1C8A9D 87D64B0B5BE1890E9D03BEE2308AA5983F2C18D0703CDC7B943E 1FC00AD6395A8EC25CF2714897DC950A1D97AD3A391EB1CA988A A3DCCB7ACBF81DDD730E828D99EF5C26801A93B2B8DADD7938CF 035A8534EF839410383AE43CC1A8694984A8E8577CB5F370201D 866D9618EC05BD9A95A6EF4545CFB354D9C61E2082B183BC476E 8042D075DDC54E51300D03E44EBFF7140C0556B39CA0D78B2855 3644A12365F40FA547BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB149E9C93A0B3B7 971392B84304DAE15E67D57D30BC 37D754A2D4FFB3A84ACB12E1AE3D3EF61321179437A3AC77265B 67617D9F4417230D5CF3FB54C1CC1628299A501CDB3E0638E6EE 54873E2C6055D806D861FB1286EEF9F1D6CCBA18ABBA3830196A 1969B12551929F3DBB6F6BB85E85ACFB565FD98C9884D37EADF1 4118B0C00C91394D903CD8BA188C004134FD7E4E5955D054BE0A 5BDFC141E6C8EEC6350F812EC36EDF7FD5044D50F1F71BB657A3 D369E8BB5A0893840A30769E74DF8DA03C254FA33A480277EB8B 546CFB5EDFB7C70B2A0C726D2237E8364B303CC0999918051FAA 9CA69F06C1EBC71854185BB36D2D557C44B4495F6171A202DCCF 5B1A2578B48D3B047E36A74607B5 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 28 / 51
• RSA signature verification with CA public key M2 X = Recover (PCA) [S] M1 M = M1 || M2 H’ = SHA-1 [M] = H 03 6A025413339012302345670101B001A011ECC527EAFD0C1C8A9D 87D64B0B5BE1890E9D03BEE2308AA5983F2C18D0703CDC7B943E 1FC00AD6395A8EC25CF2714897DC950A1D97AD3A391EB1CA988A A3DCCB7ACBF81DDD730E828D99EF5C26801A93B2B8DADD7938CF 035A8534EF839410383AE43CC1A8694984A8E8577CB5F370201D 866D9618EC05BD9A95A6EF4545CFB354D9C61E2082B183BC476E 8042D075DDC54E51300D03E44EBFF7140C0556B39CA0D78B2855 3644A12365F40FA547BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB149E9C93A0B3B7 971392B84304DAE15E67D57D30BC 025413339012302345670101B001A011ECC527EAFD0C1C8A9D87 D64B0B5BE1890E9D03BEE2308AA5983F2C18D0703CDC7B943E1F C00AD6395A8EC25CF2714897DC950A1D97AD3A391EB1CA988AA3 DCCB7ACBF81DDD730E828D99EF5C26801A93B2B8DADD7938CF03 5A8534EF839410383AE43CC1A8694984A8E8577CB5F370201D86 6D9618EC05BD9A95A6EF4545CFB354D9C61E2082B183BC476E80 42D075DDC54E51300D03E44EBFF7140C0556B39CA0D78B285536 44A12365F40FA547BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB 025413339012302345670101B001A011ECC527EAFD0C1C8A9D87 D64B0B5BE1890E9D03BEE2308AA5983F2C18D0703CDC7B943E1F C00AD6395A8EC25CF2714897DC950A1D97AD3A391EB1CA988AA3 DCCB7ACBF81DDD730E828D99EF5C26801A93B2B8DADD7938CF03 5A8534EF839410383AE43CC1A8694984A8E8577CB5F370201D86 6D9618EC05BD9A95A6EF4545CFB354D9C61E2082B183BC476E80 42D075DDC54E51300D03E44EBFF7140C0556B39CA0D78B285536 44A12365F40FA547BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB03 149E9C93A0B3B7971392B84304DAE15E67D57D30 5.3 ICC RSA Public Key Certificate The ICC RSA Public Key Certificate described in [EMV Book E] section 6.3 authenticates the ICC RSA Public Key PC and the 32-byte ICC ECC Public Key QC(x).
• ICC (or Card) certificate Name 1 ICC Certificate Format 2 Application PAN 3 ICC Certificate Expiration Date 4 ICC Certificate Serial Number 5 ICC Hash Algorithm Indicator Length 1 10 2 Example 04 5413339000001513FFFF 1229 3 345678 1 01 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 29 / 51 Name 6 ICC Public Key Algorithm Indicator 7 ICC Public Key Length 8 ICC Public Key Exponent Length 9a ICC Public Key Leftmost Digits 10 ICC Public Key Certificate Signature Length 1 01 Example 1 90 1 01 134 C72F6043AC14FA0274366AE4650BC70539030 5522D0E12B1E5B081A18008B5D73BC8DF4960 095E5E5486B0E0A2E3AA747588D7BD1E9DA86 61B45013117A6355F1E1BB9EB221123C2F0FB E73C75D31EF175BC2B40B557030041F650164 D69DFD0DDB970E09C8C90D7F218810692DAF1 6F4C96556A52580868BA238CF64EB72732D33 4CE32927D 176 S (see below)
• Card certificate related data Name 9b ICC Public Key Remainder 9c ICC Public Key Exponent 9d SDA Length 10 3 107 Example DAB7C9C871735F764F59 03 5A08541333900000151357125413339000001 513D29122010000000000009F810B2043CA18 37F6B4321CA70262902037EFCE790DC583828 AEA628FFAAEFC086186585F24032912319F42 0209789F0702FF005F3401019F810A038C9F0 68C1F9F02069F03069F1A0295055F2A029A03 9C019F37049F34039F1D089F810C029F0607A 00000000410100103
• SDA content The ICC ECC Public Key is included as an SDA data element (not as a certificate item). All the SDA data elements in the following table are in TLV format except the AIP. Application PAN Track 2 Equivalent Data ICC ECC Public Key Application Expiration Date Application Currency Code Application Usage Control Application PSN Extended SDA Tag List CDOL1 (see section 3.3) AID 5A085413339000001513 57125413339000001513D2912201000000000000 9F810B2043CA1837F6B4321CA70262902037EFCE790DC583 828AEA628FFAAEFC08618658 5F2403291231 9F42020978 9F0702FF00 5F340101 9F810A038C9F06 8C1F9F02069F03069F1A0295055F2A029A039C019F37049F 34039F1D089F810C02 9F0607A0000000041010 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 30 / 51 AIP (Value only) SDA 0103 5A08541333900000151357125413339000001513D2912201 0000000000009F810B2043CA1837F6B4321CA70262902037 EFCE790DC583828AEA628FFAAEFC086186585F2403291231 9F420209789F0702FF005F3401019F810A038C9F068C1F9F 02069F03069F1A0295055F2A029A039C019F37049F34039F 1D089F810C029F0607A00000000410100103
• RSA signature generation with Issuer private key M (items 1-9a, 9b-9d) H = SHA-1 [M] M1 M2 X = 6A || M1 || H || BC S = Sign (SI) [X] 045413339000001513FFFF122934567801019001C72F6043AC14 FA0274366AE4650BC705390305522D0E12B1E5B081A18008B5D7 3BC8DF4960095E5E5486B0E0A2E3AA747588D7BD1E9DA8661B45 013117A6355F1E1BB9EB221123C2F0FBE73C75D31EF175BC2B40 B557030041F650164D69DFD0DDB970E09C8C90D7F218810692DA F16F4C96556A52580868BA238CF64EB72732D334CE32927DDAB7 C9C871735F764F59035A08541333900000151357125413339000 001513D29122010000000000009F810B2043CA1837F6B4321CA7 0262902037EFCE790DC583828AEA628FFAAEFC086186585F2403 2912319F420209789F0702FF005F3401019F810A038C9F068C1F 9F02069F03069F1A0295055F2A029A039C019F37049F34039F1D 089F810C029F0607A00000000410100103 0F85B1D052E11543DF22BE93C428D167DDC75E8A 045413339000001513FFFF122934567801019001C72F6043AC14 FA0274366AE4650BC705390305522D0E12B1E5B081A18008B5D7 3BC8DF4960095E5E5486B0E0A2E3AA747588D7BD1E9DA8661B45 013117A6355F1E1BB9EB221123C2F0FBE73C75D31EF175BC2B40 B557030041F650164D69DFD0DDB970E09C8C90D7F218810692DA F16F4C96556A52580868BA238CF64EB72732D334CE32927D DAB7C9C871735F764F59035A0854133390000015135712541333 9000001513D29122010000000000009F810B2043CA1837F6B432 1CA70262902037EFCE790DC583828AEA628FFAAEFC086186585F 24032912319F420209789F0702FF005F3401019F810A038C9F06 8C1F9F02069F03069F1A0295055F2A029A039C019F37049F3403 9F1D089F810C029F0607A00000000410100103 6A045413339000001513FFFF122934567801019001C72F6043AC 14FA0274366AE4650BC705390305522D0E12B1E5B081A18008B5 D73BC8DF4960095E5E5486B0E0A2E3AA747588D7BD1E9DA8661B 45013117A6355F1E1BB9EB221123C2F0FBE73C75D31EF175BC2B 40B557030041F650164D69DFD0DDB970E09C8C90D7F218810692 DAF16F4C96556A52580868BA238CF64EB72732D334CE32927D0F 85B1D052E11543DF22BE93C428D167DDC75E8ABC 3FA12171851BDDB007CC8F8318D503FE3CFB1B40ED4A40D2F42B BBB00AAF8C337A9F5D2FBB774DAFE96F640EE50792CF76E7DD71 8FB10242FB607AB56B2D6FC657015173F6379CA543749526B032 0EA590FEA1ADFBE0C600EA50EE3BE5F3A20ACFC9B6C1C49D5C3E BAEC1310F28D09EE591E5EFE87F7228552DC864B15B2177E4E26 B85936351B6C2ABF52C160689F03837BF6FD22DC93158134F23A F13F4390BF4C3A447F9D6086EF9E4CD0F99E30BC © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 31 / 51
• RSA signature verification with Issuer public key M2 X = Recover (PI) [S] M1 M = M1 || M2 H’ = SHA-1 [M] = H DAB7C9C871735F764F59035A0854133390000015135712541333 9000001513D29122010000000000009F810B2043CA1837F6B432 1CA70262902037EFCE790DC583828AEA628FFAAEFC086186585F 24032912319F420209789F0702FF005F3401019F810A038C9F06 8C1F9F02069F03069F1A0295055F2A029A039C019F37049F3403 9F1D089F810C029F0607A00000000410100103 6A045413339000001513FFFF122934567801019001C72F6043AC 14FA0274366AE4650BC705390305522D0E12B1E5B081A18008B5 D73BC8DF4960095E5E5486B0E0A2E3AA747588D7BD1E9DA8661B 45013117A6355F1E1BB9EB221123C2F0FBE73C75D31EF175BC2B 40B557030041F650164D69DFD0DDB970E09C8C90D7F218810692 DAF16F4C96556A52580868BA238CF64EB72732D334CE32927D0F 85B1D052E11543DF22BE93C428D167DDC75E8ABC 045413339000001513FFFF122934567801019001C72F6043AC14 FA0274366AE4650BC705390305522D0E12B1E5B081A18008B5D7 3BC8DF4960095E5E5486B0E0A2E3AA747588D7BD1E9DA8661B45 013117A6355F1E1BB9EB221123C2F0FBE73C75D31EF175BC2B40 B557030041F650164D69DFD0DDB970E09C8C90D7F218810692DA F16F4C96556A52580868BA238CF64EB72732D334CE32927D 045413339000001513FFFF122934567801019001C72F6043AC14 FA0274366AE4650BC705390305522D0E12B1E5B081A18008B5D7 3BC8DF4960095E5E5486B0E0A2E3AA747588D7BD1E9DA8661B45 013117A6355F1E1BB9EB221123C2F0FBE73C75D31EF175BC2B40 B557030041F650164D69DFD0DDB970E09C8C90D7F218810692DA F16F4C96556A52580868BA238CF64EB72732D334CE32927DDAB7 C9C871735F764F59035A08541333900000151357125413339000 001513D29122010000000000009F810B2043CA1837F6B4321CA7 0262902037EFCE790DC583828AEA628FFAAEFC086186585F2403 2912319F420209789F0702FF005F3401019F810A038C9F068C1F 9F02069F03069F1A0295055F2A029A039C019F37049F34039F1D 089F810C029F0607A00000000410100103 0F85B1D052E11543DF22BE93C428D167DDC75E8A © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 32 / 51 6 Secure Channel 6.1 BDH Key Agreement The BDH key agreement is described in [EMV Book E] section 2 and the BDH primitives in section 7.
• Initialisation dK QK = dK·G(x) QC(x) r PC(x) = r·QC(x) 7D6FD7D5B428CF88A1A8B0F2A6A0DC563B6882CBCB09DB8C63E0 5E78B008C2E7 B3B037BB4E599B3E7392332CE9DEC1D388EF551C9B8FDE20D5AB AE5B8464707E 43CA1837F6B4321CA70262902037EFCE790DC583828AEA628FFA AEFC08618658 8C5AE5C30D3164A755D101C50646F405A06761562EC0CCF940D2 B6E67CE2F1F8 D4D37071C5EC5AC817FE5B7500E623A1323DEC9241DE35099834 FB0618A062EC Optimised alternative dC r·dC mod n PC(x) = r·dC·G(x) 9CCCF19E58228AED9CEEB7D48F69D3B37EE56F416D642E13D5F4 6FC9D198E08F 1A744661E7E04FDD3C8A58F1D4A197D4A07944CD0D1A7E963B45 ACE047810FF5 D4D37071C5EC5AC817FE5B7500E623A1323DEC9241DE35099834 FB0618A062EC
• Key derivation dK PC(x) z(x) = dK·PC(x) V KD = AES-CMAC (V) [Z] C1 SKC = AES (KD) [C1] C2 SKI = AES (KD) [C2] C3 SKR = AES (KD) [C3] 7D6FD7D5B428CF88A1A8B0F2A6A0DC563B6882CBCB09DB8C63E0 5E78B008C2E7 D4D37071C5EC5AC817FE5B7500E623A1323DEC9241DE35099834 FB0618A062EC 154CC3AAB0FCCC8F94FF3CFEE1BFD5AE4498AFF011CA027D1860 FFF10F7C296D 00000000000000000000000000000000 602A2FC322991249E47991E4B6952D38 01010054334A325957773DA5A5A50180 88655CFD79DF9E9DDDEAF9EC0C538DC5 02010054334A325957773DA5A5A50180 642373F56192B09B132C7E024164D3A7 03010054334A325957773DA5A5A50180 55042AA8CF1F193EC435A449493C177D © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 33 / 51
• Blinding factor validation R CMC SV SKC E(R) R’ QC(x) r’·QC(x) = PC(x) 8C5AE5C30D3164A755D101C50646F405A06761562EC0CCF940D2 B6E67CE2F1F8 8000 80000000000000000000000000000000 88655CFD79DF9E9DDDEAF9EC0C538DC5 4A7653A86A6AE421DB875BF695F31C8631C1EDB721EBFCBB3057 C87DB03EEA7A 8C5AE5C30D3164A755D101C50646F405A06761562EC0CCF940D2 B6E67CE2F1F8 43CA1837F6B4321CA70262902037EFCE790DC583828AEA628FFA AEFC08618658 D4D37071C5EC5AC817FE5B7500E623A1323DEC9241DE35099834 FB0618A062EC 6.2 Data Encryption and MAC The data encryption and MAC operations are described in [EMV Book E] section 2.
• Record encryption CMC SV SKC Record Data Encrypted Data 8001 80010000000000000000000000000000 88655CFD79DF9E9DDDEAF9EC0C538DC5 5A08541333900000151357125413339000001513D29122010000 000000005F24032912319F420209789F0702FF005F3401019F81 0A038C9F06 0179C459B24A72C6D9359091CFE515E67FC1F8CD1C980DDB5585 F82D6C4234A409185CC388AAF6E9D7636FC6E6A1A702F47625A5 951A7908D0
• Data storage READ DATA operations CMC SV SKC Plaintext (Card) Ciphertext C = CMC || Ciphertext SKI AES-CMAC (SKI) [C] MAC 8003 80030000000000000000000000000000 88655CFD79DF9E9DDDEAF9EC0C538DC5 9F8113081122334455AABBCC 44BD326A7CF2529D815B0868 800344BD326A7CF2529D815B0868 642373F56192B09B132C7E024164D3A7 197B3882007367D1456F3F79B01EA949 197B3882007367D1 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Decrypted Plaintext 9F8113081122334455AABBCC WRITE DATA operations KMC SV SKC Plaintext (Reader) Ciphertext Decrypted Plaintext CMC P = CMC || Plaintext SKI AES-CMAC (SKI) [P] MAC 0000 00000000000000000000000000000000 88655CFD79DF9E9DDDEAF9EC0C538DC5 9F81120411FF00EE AA0DC8BFDD582802 9F81120411FF00EE 8004 80049F81120411FF00EE 642373F56192B09B132C7E024164D3A7 480814635965B2E55A689163EF3BDCEF 480814635965B2E5 Page 34 / 51 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 35 / 51 7 AC Key Management 7.1 Master Key Derivation The Card Master Key derivation is described in [EMV Book E] section 4.1.
• When using 3DES, MK is computed as follows: IMK PAN PSN X = PAN || PSN Y = Rightmost 16 digits of X M Y* = Y XOR M 3DES (IMK) [Y] 3DES (IMK) [Y*] Z = 3DES (IMK) [Y] || 3DES (IMK) [Y*] MK = Z’ 01102332455467768998ABBACDDCEFFE 1122334455667788 00 112233445566778800 2233445566778800 FFFFFFFFFFFFFFFF DDCCBBAA998877FF 4F5377A384D26074 DC4E516ABF80CA1B 4F5377A384D26074DC4E516ABF80CA1B 4F5276A285D36175DC4F516BBF80CB1A
• When using AES-128, MK is computed as follows: IMK PAN PSN X = PAN || PSN Y MK = AES (IMK) [Y] 01102332455467768998ABBACDDCEFFE 1122334455667788 00 112233445566778800 00000000000000112233445566778800 2EF6E07ECBA86BCF3C3CFF7BBEBE6F38
• When using AES-192, MK is computed as follows: IMK PAN PSN X = PAN || PSN Y M Y* = Y XOR M MKL = AES (IMK) [Y] MKR = AES (IMK) [Y*] 01102332455467768998ABBACDDCEFFE1 001322354457667 1122334455667788 00 112233445566778800 00000000000000112233445566778800 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFEEDDCCBBAA998877FF 7481B0525D05D393D6DCBADD333C6BC5 14087C6BF5FA10C4FD7CA565EAEE5FC2 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 36 / 51 MKL || MKR MK 7481B0525D05D393D6DCBADD333C6BC51 4087C6BF5FA10C4FD7CA565EAEE5FC2 7481B0525D05D393D6DCBADD333C6BC51 4087C6BF5FA10C4
• When using AES-256, MK is computed as follows: IMK PAN PSN X Y M Y* = Y XOR M MKL = AES (IMK) [Y] MKR = AES (IMK) [Y*] MK = MKL || MKR 01102332455467768998ABBACDDCEFFE1 0013223544576679889BAABDCCDFEEF 1122334455667788 00 112233445566778800 00000000000000112233445566778800 FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF FFFFFFFFFFFFFFEEDDCCBBAA998877FF 14D63F23982740AC65B482BAF5913092 D8132BAA4143A24D3CF437232711A507 14D63F23982740AC65B482BAF5913092D 8132BAA4143A24D3CF437232711A507 7.2 Session Key Derivation The Session Key derivation is described in [EMV Book E] section 4.2.
• When using 3DES, SKAC is computed as follows: EMV CSK Method ATC MKAC P’ P’’ R’ = ATC || P’ R” = ATC || P’’ SKACL = 3DES (MKAC) [R’] SKACR = 3DES (MKAC) [R”] SKAC = SKACL || SKACR 0001 4F5276A285D36175DC4F516BBF80CB1A F00000000000 0F0000000000 0001F00000000000 00010F0000000000 5B10C70AFEE94975 A345C69888048FF9 5B10C70AFEE94975A345C69888048FF9
• When using AES-128, SKAC is computed as follows: ATC MKAC P R = ATC || P 0001 2EF6E07ECBA86BCF3C3CFF7BBEBE6F38 0000000000000000000000000000 00010000000000000000000000000000 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 37 / 51 SKAC = AES (MKAC) [R] 89F7B697A028A93345BE7A409665B9A4
• When using AES-192, SKAC is computed as follows: ATC MKAC P’ P’’ R’ = ATC || P’ R” = ATC || P’’ SKACL = AES (MKAC) [R’] SKACR = AES (MKAC) [R”] SKACL || SKACR SKAC 0001 7481B0525D05D393D6DCBADD333C6BC514087 C6BF5FA10C4 F000000000000000000000000000 0F00000000000000000000000000 0001F000000000000000000000000000 00010F00000000000000000000000000 78429FD2061D24B1F8830B2C91D3ED95 ED9D4B069A7C27075D84A83F333ACD91 78429FD2061D24B1F8830B2C91D3ED95ED9D4 B069A7C27075D84A83F333ACD91 78429FD2061D24B1F8830B2C91D3ED95ED9D4 B069A7C2707
• When using AES-256, SKAC is computed as follows: ATC MKAC P’ P’’ R’ = ATC || P’ R” = ATC || P’’ SKACL = AES (MKAC) [R’] SKACR = AES (MKAC) [R”] SKAC = SKACL || SKACR 0001 14D63F23982740AC65B482BAF5913092D8132 BAA4143A24D3CF437232711A507 F000000000000000000000000000 0F00000000000000000000000000 0001F000000000000000000000000000 00010F00000000000000000000000000 A99C5840A0CBFBF093DEA740FFFFF5A2 41BFE9472968CC6E0B9EC76BA280CE0F A99C5840A0CBFBF093DEA740FFFFF5A241BFE 9472968CC6E0B9EC76BA280CE0F © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 38 / 51 8 Using ECC Certificates The ICC ECC Public Key is included as a certificate item (not as an SDA data element). 8.1 IAD-MAC Computation The IAD-MAC computation is described in [EMV Book E] section 3.2. SDA (see section 3.3) PDOL Values CDOL1 Related Data (see section 3.3) Terminal Entropy Last ERRD Response Generate AC Response without AC, EDA-MAC, tag '77' and length SDA Hash = SHA-256 [SDA] I = 0000 || Input Data SKI Hn = AES-CMAC (SKI) [I] AES-CBC-Decrypt (SKI) [Hn] with IV = Hn IAD-MAC 5A08541333900000151357125413339000001513D2912201 0000000000005F24032912319F420209789F0702FF005F34 01019F810A038C9F068C1F9F02069F03069F1A0295055F2A 029A039C019F37049F34039F1D089F810C029F0607A00000 000410100103 0280000110FF0000515B6EEC6CAA4A0B7445902CA236965C F9C24E002F94ED6267F258173B39BAF32C7902D36621252E E62A1BF6FA0787F19EEB523D716122CFC88704B067D0AB7A 000000010000000000001000084000000000820840241115 0097576168000000F7808000000000000000 20800451 4CD3B3C700440058000F 9F2701809F360200029F810201009F101A2211A080032420 00000000000000000000000000000000000000 60D3FB0E45A5E64834880571152BE93E241D216D407F6F00 0C263B1CC87517AF 00000280000110FF0000515B6EEC6CAA4A0B7445902CA236 965CF9C24E002F94ED6267F258173B39BAF32C7902D36621 252EE62A1BF6FA0787F19EEB523D716122CFC88704B067D0 AB7A00000001000000000000100008400000000082084024 11150097576168000000F780800000000000000020800451 4CD3B3C700440058000F9F2701809F360200029F81020100 9F101A2211A0800324200000000000000000000000000000 000000000060D3FB0E45A5E64834880571152BE93E241D21 6D407F6F000C263B1CC87517AF 642373F56192B09B132C7E024164D3A7 3CBDC86E9353E72241BFC1C04F317AB8 4E25BD7ED9AA897A68FC66E63A21E2CE 4E25BD7ED9AA897A © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 39 / 51 8.2 AC Computation The Application Cryptogram computation is described in [EMV Book E] section 4.2.
• AC input data Amount, Authorised Amount, Other Terminal Country Code Terminal Verification Results Transaction Currency Code Transaction Date Transaction Type Unpredictable Number Application Interchange Profile Application Transaction Counter Issuer Application Data with IAD-MAC 000000010000 000000001000 0840 0000000082 0840 241115 00 97576168 010B 0001 2211A08003242000000000 000000000000004E25BD7E D9AA897A
• When using DES-RMAC (3DES), AC is computed as follows: I = AC Input Data SKAC AC = DES-RMAC (SKAC) [I] 00000001000000000000100008400000000082 08402411150097576168010B00012211A08003 242000000000000000000000004E25BD7ED9AA 897A 5B10C70AFEE94975A345C69888048FF9 D57662E3C49381E9
• When using AES-CMAC (AES-128), AC is computed as follows: SKAC AES-CMAC (SKAC) [I] AC 89F7B697A028A93345BE7A409665B9A4 45B53B28AE92F9B8AA50CBF792E2B684 45B53B28AE92F9B8
• When using AES-CMAC (AES-192), AC is computed as follows: SKAC AES-CMAC (SKAC) [I] AC 78429FD2061D24B1F8830B2C91D3ED95ED9D4B 069A7C2707 A32E7F58F4B7C7032402D71FDF877D5B A32E7F58F4B7C703 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 40 / 51
• When using AES-CMAC (AES-256), AC is computed as follows: SKAC AES-CMAC (SKAC) [I] AC A99C5840A0CBFBF093DEA740FFFFF5A241BFE9 472968CC6E0B9EC76BA280CE0F E9CA46A1B7533CD97EA42BECF338BCE3 E9CA46A1B7533CD9 8.3 EDA-MAC computation The EDA-MAC computation is described in [EMV Book E] section 3.2. AC (using AES-128) IAD-MAC J = 0000 || AC || IAD-MAC SKI AES-CMAC (SKI) [J] EDA-MAC 45B53B28AE92F9B8 4E25BD7ED9AA897A 000045B53B28AE92F9B84E25BD7ED9AA897A 642373F56192B09B132C7E024164D3A7 601CC9A330D932BECA26A979F95D2207 601CC9A330D932BE © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 41 / 51 9 Using RSA Certificates The ICC ECC Public Key is included as an SDA data element (not as a certificate item). 9.1 IAD-MAC Computation The IAD-MAC computation is described in [EMV Book E] section 3.2. SDA (see section 5.3) PDOL Values CDOL1 Related Data (see section 3.3) Terminal Entropy Last ERRD Response Generate AC Response without AC, EDA-MAC, tag '77' and length SDA Hash = SHA-256 [SDA] I = 0000 || Input Data SKI Hn = AES-CMAC (SKI) [I] AES-CBC-Decrypt (SKI) [Hn] with IV = Hn IAD-MAC 5A08541333900000151357125413339000001513D2912201 0000000000009F810B2043CA1837F6B4321CA70262902037 EFCE790DC583828AEA628FFAAEFC086186585F2403291231 9F420209789F0702FF005F3401019F810A038C9F068C1F9F 02069F03069F1A0295055F2A029A039C019F37049F34039F 1D089F810C029F0607A00000000410100103 0280000110FF0000515B6EEC6CAA4A0B7445902CA236965C F9C24E002F94ED6267F258173B39BAF32C7902D36621252E E62A1BF6FA0787F19EEB523D716122CFC88704B067D0AB7A 000000010000000000001000084000000000820840241115 0097576168000000F7808000000000000000 20800451 4CD3B3C700440058000F 9F2701809F360200029F810201009F101A2211A080032420 00000000000000000000000000000000000000 5866EFC183F905F0797A7F41811B32A71EC2F8428F69E775 A46943133839A9D0 00000280000110FF0000515B6EEC6CAA4A0B7445902CA236 965CF9C24E002F94ED6267F258173B39BAF32C7902D36621 252EE62A1BF6FA0787F19EEB523D716122CFC88704B067D0 AB7A00000001000000000000100008400000000082084024 11150097576168000000F780800000000000000020800451 4CD3B3C700440058000F9F2701809F360200029F81020100 9F101A2211A0800324200000000000000000000000000000 00000000005866EFC183F905F0797A7F41811B32A71EC2F8 428F69E775A46943133839A9D0 642373F56192B09B132C7E024164D3A7 B3283075D175D88172D39FE039C4B2B3 38264BCF18380F10C213C62F1D4C7DB2 38264BCF18380F10 © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries.
EMV® Contactless Book E Cryptography Worked Examples v1.0.1 Page 42 / 51 9.2 AC Computation The Application Cryptogram computation is described in [EMV Book E] section 4.2.
• AC input data Amount, Authorised Amount, Other Terminal Country Code Terminal Verification Results Transaction Currency Code Transaction Date Transaction Type Unpredictable Number Application Interchange Profile Application Transaction Counter Issuer Application Data with IAD-MAC 000000010000 000000001000 0840 0000000082 0840 241115 00 97576168 010B 0001 2211A08003242000000000 0000000000000038264BCF 18380F10
• When using DES-RMAC (3DES), AC is computed as follows: I = AC Input Data SKAC AC = DES-RMAC (SKAC) [I] 00000001000000000000100008400000000082 08402411150097576168010B00012211A08003 2420000000000000000000000038264BCF1838 0F10 5B10C70AFEE94975A345C69888048FF9 D45535CB9147AFE3
• When using AES-CMAC (AES-128), AC is computed as follows: SKAC AES-CMAC (SKAC) [I] AC 89F7B697A028A93345BE7A409665B9A4 3AC508533D4F7C8733795C63D2C2713C 3AC508533D4F7C87
• When using AES-CMAC (AES-192), AC is computed as follows: SKAC AES-CMAC (SKAC) [I] AC 78429FD2061D24B1F8830B2C91D3ED95ED9D4B 069A7C2707 7C1357B9F3F2109FB7138E58F7F68417 7C1357B9F3F2109F © 2024 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use