Key type vectors

Edit online

The values of the keys that are calculated while diversification depend on their intended key usage. Therefore, a DK key type vector (KTV) is being introduced to define how to generate or derive (Diversify Directed Key) the intended AES variable-length symmetric key. The KTV is a parameter that defines the rules for the key to be generated or derived. It also contains information that is needed by the HSM to restrict the usage of the key to be generated or derived.

Table 1 defines the layout of the KTV.

Table 1. Key type vector format
Key type vector format in three table columns: offset, length, and description. The final table row contains notes across the table columns.
Offset (bytes)	Length (bytes)	Description
0	2	Structure version number: Value Meaning X'0000' Version 0 structure format
2	2	Key type of the key to be derived or generated: Value Meaning X'0000' MAC X'0001' Data encryption (cipher) X'0003' PIN encryption X'0004' Key wrapping All other values are reserved and undefined.
4	2	Underlying algorithm: Value Meaning X'0002' AES X'0003' HMAC (only valid with key type indicator MAC, that is, value at offset 2 = X’0000’) – currently not supported. All other values are reserved and undefined.
6	2	Length of key in bits to be derived or generated: Value Meaning X'0080' 128 (for example, AES-128) – currently not supported. X'00C0' 192 (for example, AES-192) – currently not supported. X'0100' 256 (for example, AES-256) All other values are reserved and undefined.
8	2	Key usage restriction 1 of the key to be derived or generated, based on the key type field (value at offset 2). For MAC key type (value at offset 2 = X'0000'): Value Meaning X'0001' Key can derive or generate a CMAC mode key only. X'0002' Key can derive or generate an HMAC mode key only – currently not supported. All other values are reserved and undefined. For data encryption (cipher) key type (value at offset 2 = X'0001'): Value Meaning X'0000' Key can derive or generate any mode key – currently not supported. X'0001' Key can derive or generate an ECB mode key only – currently not supported. X'0002' Key can derive or generate a CBC mode key only. X'0003' Key can derive or generate a CTR mode key only – currently not supported. All other values are reserved and undefined. For PIN encryption key type (value at offset 2 = X'0003'): Value Meaning X'0000' or X'0002' Key can derive or generate an ISO-4 format PIN block. All other values are reserved and undefined. For key wrap key type (value at offset 2 = X'0004'): Value Meaning X'0001' Key can derive or generate a VARDRV-D key only, where "D" stands for DK Key Block Protection according to ISO TC 68/SC 2 Nxxxx, 2016-08-17, ISO DIS 20038 to wrap AES and TDES keys in CBC mode. For all other key types not listed above: Value Meaning X'0000' No key usage restriction 1. All other values are reserved and undefined.
10	2	Key usage restriction 2 of the key to be derived or generated, depending on the key type (offset 2) and key usage restriction 1 (offset 8): For MAC key type and HMAC mode (value at offset 2 = X'0000' and offset 8 = X'0001'): Value Meaning X'0002' SHA-256 X'0003' SHA-384 X'0004' SHA-512 All other values are reserved and undefined. Key-wrap key type and VARDRV-D mode (value at offset 2 = X'0004' and offset 8 = X'0001'): Value Meaning X'0080' Maximum key length of the protected keys is 128 bits – currently not supported. X'00C0' Maximum key length of the protected keys is 192 bits – currently not supported. X'0100' Maximum key length of the protected keys is 256 bits. All other values are reserved and undefined. For all other values at offset 2 and offset 8: Value Meaning X'0000' Undefined. All other values are reserved and undefined. For all other key types and key usage restriction 1 combinations that are not listed above: Value Meaning X'0000' No key usage restriction 2. All other values are reserved and undefined.
12	3	Reserved, must be binary zeros.
15	1	Key direction variant indicator. Diversifies the key to be derived or generated depending on the permitted use of direction. The HSM has to restrict the usage of the key depending on this value and the type of entity (A or B) which is an additional parameter in the process of deriving or generating the key. Thus this value affects a key usage attribute of the key to be derived or generated. Value Meaning X'00' A↔B (undirected use of key). This is defined but unsupported. X'01' A→B (A active, B passive use of key). X'10' A←B or equivalent (A passive, B active use of key). X'FF' System is to determine key direction from entity usage of the KDKGENKY and rule array keywords. KDK-A + GENERATE rule array keyword Direction set to X'01' (A→B). KDK-B + GENERATE rule array keyword Direction set to X'10' (A←B). KDK-A + DERIVE rule array keyword Direction set to X'10' (A←B). KDK-B + DERIVE rule array keyword Direction set to X'01' (A→B). All other values are reserved and undefined.
Note: All numbers are in big endian format. In addition to a key type that can be requested, there is also the option to return the key wrapped using the key wrapping method specified in ISO 20038. ISO 20038 defines a key-wrapping method for banking and related financial services.

For each of the four key types that are defined at KTV offset 2 (MAC, data encryption, PIN encryption, and key wrapping), two KTVs are defined. The only difference between them is the key direction variant indicator (KTV offset 15). Either entity Type A is active and Type B is passive (A→B), or Type B is active and Type A is passive (A←B).

Table 2. Summary of KTV tables
The second and third header column of this table are subdivided into two columns each: KTM vector and reference to table with details.
Key type of key to be derived	A→B (A active)		A←B (B active)
MAC (generate/verify)	KTV_M1	See Table 3.	KTV_M2	See Table 4.
Data encryption (encipher/decipher)	KTV_C1	See Table 5.	KTV_C2	See Table 6.
PIN encryption (encipher/decipher)	KTV_P1	See Table 9.	KTV_P2	See Table 10.
Key wrapping (wrap/unwrap)	KTV_W1	See Table 11.	KTV_W2	See Table 12.

Table 3. KTV for MAC generate/verify, Type A active and Type B passive
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	MAC	AES	AES-256	CMAC	'else'	-	A→B
00 00	00 00	00 02	01 00	00 01	00 00	00 00 00	01
KTV_M1 = X'00 00 00 00 00 02 01 00 00 01 00 00 00 00 00 01'

Table 4. KTV for MAC generate/verify, Type B active and Type A passive
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	MAC	AES	AES-256	CMAC	'else'	-	A←B
00 00	00 00	00 02	01 00	00 01	00 00	00 00 00	10
KTV_M2 = X'00 00 00 00 00 02 01 00 00 01 00 00 00 00 00 10'

Table 5. KTV for data encryption (cipher), Type A active and Type B passive
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	Cipher	AES	AES-256	CBC	'else'	-	A→B
00 00	00 01	00 02	01 00	00 02	00 00	00 00 00	01
KTV_C1 = X'00 00 00 01 00 02 01 00 00 02 00 00 00 00 00 01'

Table 6. KTV for data encryption (cipher), Type B active and Type A passive
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	Cipher	AES	AES-256	CBC	'else'	-	A←B
00 00	00 01	00 02	01 00	00 02	00 00	00 00 00	10
KTV_C2 = X'00 00 00 01 00 02 01 00 00 02 00 00 00 00 00 10'

For PIN encryption key type, the key usage indicator 1 (offset 8) for ISO-4 format can have the value of '0000' or '0002' for a pair of KTVs. The caller is not allowed to mix pairs of KTVs because the KTV is used as the IV in the key creating process. This is the responsibility of the caller of the service.

KTV pair for PIN encryption key type with key usage indicator 1 with '0000' value.

Table 7. KTV for PIN encryption, Type A active and Type B passive - with key usage indicator 1 with '0000' value.
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	PIN-Enc	AES	AES-256	ISO-4	'else'	-	A→B
00 00	00 03	00 02	01 00	00 00	00 00	00 00 00	01
KTV_P1 = X'X'00 00 00 03 00 02 01 00 00 00 00 00 00 00 00 01''

Table 8. KTV for PIN encryption, Type B active and Type A passive - with key usage indicator 1 with '0000' value.
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	PIN-Enc	AES	AES-256	ISO-4	'else'	-	A←B
00 00	00 03	00 02	01 00	00 00	00 00	00 00 00	10
KTV_P2 = X'00 00 00 03 00 02 01 00 00 00 00 00 00 00 00 10'

KTV pair for PIN encryption key type with key usage indicator 1 with '0002' value.

Table 9. KTV for PIN encryption, Type A active and Type B passive - with key usage indicator 1 with '0002' value.
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	PIN-Enc	AES	AES-256	ISO-4	'else'	-	A→B
00 00	00 03	00 02	01 00	00 02	00 00	00 00 00	01
KTV_P3 = X'00 00 00 03 00 02 01 00 00 02 00 00 00 00 00 01'

Table 10. KTV for PIN encryption, Type B active and Type A passive - with key usage indicator 1 with '0002' value.
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	PIN-Enc	AES	AES-256	ISO-4	'else'	-	A←B
00 00	00 03	00 02	01 00	00 02	00 00	00 00 00	10
KTV_P4 = X'00 00 00 03 00 02 01 00 00 02 00 00 00 00 00 10'

Entity Type A must use an AES EXPORTER key with usage of EXPTT31D. Entity Type B must use an IMPORTER key with usage of IMPTT31D. Key wrapping with key block protection (ISO TC 68/SC 2 Nxxxx, 2016-08-17, ISO DIS 20038).

Table 11. KTV for key wrapping, Type A active and Type B passive
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	Key wrap	AES	AES-256	VARDRV-D	Maximum bit length of the protected keys	-	A→B
00 00	00 04	00 02	01 00	00 01	01 00	00 00 00	01
KTV_W1 = X'00 00 00 04 00 02 01 00 00 01 01 00 00 00 00 01'

Entity Type B must use an AES EXPORTER key with usage of EXPTT31D. Entity Type A must use an IMPORTER key with usage of IMPTT31D.

Table 12. KTV for key wrapping, Type B active and Type A passive
The final table row extends across the table columns and specifies the KTV.
Version (offset 0)	Key type indicator (offset 2)	Algorithm indicator (offset 4)	Key length (offset 6)	Key usage indicator 1 (offset 8)	Key usage restriction 2 (offset 10)	RFU (offset 12)	Key direction variant indicator (offset 15)
0	Key wrap	AES	AES-256	VARDRV-D	Maximum bit length of the protected keys	-	A←B
00 00	00 04	00 02	01 00	00 01	01 00	00 00 00	10
KTV_W2 = X'00 00 00 04 00 02 01 00 00 01 01 00 00 00 00 10'

Table 13 shows the key usage mapping of the output key from Diversify Directed Key, based on the KTV input to that verb.

Table 13. KTV to CCA key type and usage mapping
This table contains eight columns: KTV key type, KTV key direction variant indicator, Algorithm (offset 4 = X’0002’), KDKGENKY KUF1 HOB (entity type), CCA AES key type, KUF1 HOB, KUF2 HOB. Entries in the first column span 4 rows, entries in the 3rd, forth, and eighth column span 2 rows.
KTV key type	KTV	KTV key direction variant indicator	Algorithm (offset 4 = X’0002’)	KDKGENKY KUF1 HOB (entity type)	CCA AES key type	KUF1 HOB	KUF2 HOB
MAC (offset 2 = X’0000’)	KTV_M1	A→B (offset 15 = X'01')	AES	A	MAC	GENONLY	CMAC
	KTV_M2	A→B (offset 15 = X'01')	AES	B	MAC	VERIFY	CMAC
	KTV_M2	A←B (offset 15 = X'10')	AES	A	MAC	VERIFY	CMAC
	KTV_M1	A←B (offset 15 = X'10')	AES	B	MAC	GENONLY	CMAC
Cipher (offset 2 = X’0001’)	KTV_C1	A→B (offset 15 = X'01')	AES	A	CIPHER	ENCRYPT	CBC
	KTV_C2	A→B (offset 15 = X'01')	AES	B	CIPHER	DECRYPT	CBC
	KTV_C2	A←B (offset 15 = X'10')	AES	A	CIPHER	DECRYPT	CBC
	KTV_C1	A←B (offset 15 = X'10')	AES	B	CIPHER	ENCRYPT	CBC
PIN encryption (offset 2 = X'0003')	KTV_P1	A→B (offset 15 = X’01’)	AES	A	PINPROT	ENCRYPT	CBC
	KTV_P2	A→B (offset 15 = X’01’)	AES	B	PINPROT	DECRYPT	CBC
	KTV_P2	A←B (offset 15 = X’10’)	AES	A	PINPROT	DECRYPT	CBC
	KTV_P1	A←B (offset 15 = X’10’)	AES	B	PINPROT	ENCRYPT	CBC
Key wrapping (offset 2 = X’0004’)	KTV_W1	A→B (offset 15 = X’01’)	AES	A	EXPORTER	EXPTT31D	N/A
	KTV_W2	A→B (offset 15 = X’01’)	AES	B	IMPORTER	IMPTT31D	N/A
	KTV_W2	A←B (KTV offset 15 = X’10’)	AES	A	IMPORTER	IMPTT31D	N/A
	KTV_W1	A←B (KTV offset 15 = X’10’)	AES	B	EXPORTER	EXPTT31D	N/A