AES key types
The AES keys are 128-bit, 192-bit, and 256-bit keys that use the AES algorithm to perform the cryptographic function.
| AES key type | Usable with services |
|---|---|
| Fixed-length AES key-token, version X'04' | |
| DATA | Field Level Decipher, Field Level Encipher, Symmetric Algorithm Decipher, Symmetric Algorithm Encipher |
| Variable-length AES key-token, version X'05' | |
Cipher class (data operation keys)
These keys are used to cipher text. |
|
| CIPHER | Cipher Text Translate2, Symmetric Algorithm Decipher, Symmetric Algorithm Encipher, Symmetric Key Decipher, Symmetric Key Encipher |
Key-encrypting key class
These keys are used to cipher other keys. |
|
| EXPORTER | Key Generate2, Key Translate2, PKA Key Generate, Symmetric Key Export, TR-31 Export, TR-31 Import, TR-34 Key Distribution |
| IMPORTER | Key Generate2, PKA Key Generate, Key Test2, Key Translate2, Restrict Key Attribute, Secure Key Import2, Symmetric Key Import2, TR-31 Export, TR-31 Import |
MAC class
These keys are used to generate and verify a message authentication code (MAC). |
|
| MAC | DK Deterministic PIN Generate, DK Migrate PIN, DK PIN Change, DK PAN Modify in Transaction, DK PAN Translate, DK PRW Card Number Update, DK PRW Card Number Update2, DK PRW CMAC Generate, DK Random PIN Generate, DK Random PIN Generate2, DK Regenerate PRW, MAC Generate2, MAC Verify2 |
PIN class
These keys are used in various financial-PIN processing services. |
|
| PINCALC | DK Deterministic PIN Generate |
| PINPROT | Clear PIN Encrypt, DK Deterministic PIN Generate, DK Migrate PIN, DK PAN Modify in Transaction, DK PAN Translate, DK PIN Change, DK PIN Verify, DK PRW Card Number Update, DK PRW Card Number Update2, DK Random PIN Generate, DK Random PIN Generate2, DK Regenerate PRW, Encrypted PIN Translate2 |
| PINPRW | DK Deterministic PIN Generate, DK Migrate PIN, DK PAN Modify in Transaction, DK PAN Translate, DK PIN Change, DK PIN Verify, DK PRW Card Number Update, DK PRW Card Number Update2, DK Random PIN Generate, DK Random PIN Generate2, DK Regenerate PRW |
Key generating class
These keys are used to derive operational keys. |
|
| DKYGENKY | Diversified Key Generate2 |
| KDKGENKY | Diversify Directed Key |
Secure-messaging class (data operation keys)
These keys are used to encrypt keys or PINs in an EMV script. |
|
| SECMSG | DK PIN Change |