Secure messaging keys

These keys are used to encrypt keys and PINs for incorporation into a text block. The text block is then encrypted to preserve the security of the key value. The encrypted text block, normally the value field in a TLV item, can be incorporated into a message sent to an EMV smart card.

Table 1. DES secure messaging keys
DES keys	Callable services
Secure-messaging class (data operation keys): These keys are used to encrypt keys or PINs. The keys are double-length keys. The key usage flags in the control vector determine which services the key may be used with.
SECMSG	Diversified Key Generate, Secure Messaging for Keys, Secure Messaging for PINs

Table 2. AES secure messaging keys
AES keys	Callable services
Secure-messaging class (data operation keys): These keys are used to encrypt keys or PINs. The keys can be 128, 192, or 256 bits in length.
SECMSG	DK PIN Change

Availability notes: AES secure-messaging class keys require IBM z114 or IBM z196 systems with a CEX3C coprocessor with the November 2013 or later licensed internal code (LIC) , or zEC12, zBC12, and later systems with a CEX3C, CEX4C, or later coprocessor with September 2013 or later licensed internal code (LIC).