How ciphertext was generated in card reader using DUKPT encryption?

后端 未结 4 832
眼角桃花
眼角桃花 2021-02-02 03:17

For

`BDK = \"0123456789ABCDEFFEDCBA9876543210\"` `KSN = \"FFFF9876543210E00008\"` 

The ciphertext generated was below

\"C25C1D         


        
4条回答
  •  囚心锁ツ
    2021-02-02 03:34

    First, let me quote the complete sourcecode you linked and of which you provided only 3 lines...

    require 'bundler/setup'
    require 'test/unit'
    require 'dukpt'
    
    class DUKPT::DecrypterTest < Test::Unit::TestCase
    
          def test_decrypt_track_data
            bdk = "0123456789ABCDEFFEDCBA9876543210"
            ksn = "FFFF9876543210E00008"
            ciphertext = "C25C1D1197D31CAA87285D59A892047426D9182EC11353C051ADD6D0F072A6CB3436560B3071FC1FD11D9F7E74886742D9BEE0CFD1EA1064C213BB55278B2F12"
            plaintext = "%B5452300551227189^HOGAN/PAUL ^08043210000000725000000?\x00\x00\x00\x00"
    
            decrypter = DUKPT::Decrypter.new(bdk, "cbc")
            assert_equal plaintext, decrypter.decrypt(ciphertext, ksn)
          end
    end
    

    Now, you're asking is how the "ciphertext" was created...

    Well, first thing we know is that it is based on "plaintext", which is used in the code to verify if decryption works.

    The plaintext is 0-padded - which fits the encryption that is being tested by verifying decryption with this DecrypterTest TestCase.

    Let's look at the encoding code then...

    I found the related encryption code at https://github.com/Shopify/dukpt/blob/master/lib/dukpt/encryption.rb.

    As the DecrypterTEst uses "cbc", it becomes apparent that the encrypting uses:

     @cipher_type_des = "des-cbc"
     @cipher_type_tdes = "des-ede-cbc"
    

    A bit more down that encryption code, the following solves our quest for an answer:

    ciphertext = des_encrypt(...
    

    Which shows we're indeed looking at the result of a DES encryption.

    Now, DES has a block size of 64 bits. That's (64/8=) 8 bytes binary, or - as the "ciphertext" is a hex-encoded text representation of the bytes - 16 chars hex.

    The "ciphertext" is 128 hex chars long, which means it holds (128 hex chars/16 hex chars=) 8 DES blocks with each 64 bits of encrypted information.

    Wrapping all this up in a simple answer:

    When looking at "ciphertext", you are looking at (8 blocks of) DES encrypted data, which is being represented using a human-readable, hexadecimal (2 hex chars = 1 byte) notation instead of the original binary bytes that DES encryption would produce.

    As for the steps involved in "recreating" the ciphertext, I tend to tell you to simply use the relevant parts of the ruby project where you based your question upon. Simply have to look at the sourcecode. The file at "https://github.com/Shopify/dukpt/blob/master/lib/dukpt/encryption.rb" pretty much explains it all and I'm pretty sure all functionality you need can be found at the project's GitHub repository. Alternatively, you can try to recreate it yourself - using the preferred programming language of your choice. You only need to handle 2 things: DES encryption/decryption and bin-to-hex/hex-to-bin translation.

提交回复
热议问题