Hello hexdrill
online reading e.g. http://stackoverflow.com/questions/17362567/how-ciphertext-was-generated-in-card-reader-using-dukpt-encryption discusses the process though never specifies where BDK/KSN/IPEK generation actually takes place.
interestingly, my reader expects me to provide a BDK and initial KSN, and will then generate the IPEK itself. it therefore assumes we have access to the clear BDK. now it sense that we will not have access to clear BDK, and we might need to change the firmware.
does command OC (or A2) print clear BDK to an attached printer, or is BDK only ever exposed under LMK 28-29?
i've been unable to find any reference on generating IPEK on HSM. any experience or guidance?
many thanks!
online reading e.g. http://stackoverflow.com/questions/17362567/how-ciphertext-was-generated-in-card-reader-using-dukpt-encryption discusses the process though never specifies where BDK/KSN/IPEK generation actually takes place.
interestingly, my reader expects me to provide a BDK and initial KSN, and will then generate the IPEK itself. it therefore assumes we have access to the clear BDK. now it sense that we will not have access to clear BDK, and we might need to change the firmware.
does command OC (or A2) print clear BDK to an attached printer, or is BDK only ever exposed under LMK 28-29?
i've been unable to find any reference on generating IPEK on HSM. any experience or guidance?
many thanks!