MAC Generate (CSNBMGN)
When a message is sent, an application program can generate an authentication code for it using the MAC Generate verb.
This verb generates a 4-byte, 6-byte, or 8-byte Message Authentication Code (MAC) for an application-supplied text string.
This verb computes the message authentication code (MAC) using one of the following methods:
- Using the ANSI X9.9-1 single key algorithm, a single-length MAC generation key or data-encrypting key, and the message text.
- Using the ANSI X9.19 optional double key algorithm, a double-length MAC generation key and the message text.
- Using the Europay, MasterCard and Visa (EMV) padding rules.
The MAC can be the leftmost 32 or 48 bits of the last block of the ciphertext or the entire last block (64 bits) of the ciphertext. The originator of the message sends the Message Authentication Code with the message text.
The MAC Generate verb also supports the TDES-CMAC algorithm specified in NIST SP800-38B (2005). For the TDES-CMAC procedure, you identify a double-length, or triple-length MAC key and the message text.
Note: This verb supports PCI-HSM 2016
compliant-tagged key tokens.
This verb does not need to document any Usage notes.