MAC Verify (CSNBMVR)

Edit online

When the receiver gets a message, an application program calls the MAC Verify verb.

This verb verifies a 4-byte, 6-byte, or 8-byte Message Authentication Code (MAC) for an application-supplied text string. This verb verifies a MAC by generating another MAC and comparing it with the MAC received with the message. This process takes place entirely within the secure module on the coprocessor. If the two codes are the same, the message sent was the same one received. A return code indicates whether the MACs are the same. The generated MAC never appears in storage and is not revealed outside the cryptographic feature.

The MAC Verify verb can use any of the following methods to generate the MAC for authentication:
  • The ANSI X9.9-1 single key algorithm, a single-length MAC verification or MAC generation key (or a data-encrypting key), and the message text.
  • The ANSI X9.19 optional double key algorithm, a double-length MAC verification or MAC generation key and the message text.
  • Using the Europay, MasterCard and Visa (EMV) padding rules.

The method used to verify the MAC should correspond with the method used to generate the MAC.

Note: This verb supports PCI-HSM 2016 compliant-tagged key tokens.