Key-generating keys
Key-generating keys are used to derive unique-key-per transaction keys.
DES keys | Callable services |
---|---|
Key-generate key class:
|
|
KEYGENKY | Diversified Key Generate, Encrypted PIN Translate, Encrypted PIN Translate2, Encrypted PIN Translate Enhanced, Encrypted PIN Verify, Encrypted PIN Verify2, FPE Decipher, FPE Encipher, FPE Translate, Unique Key Derive |
DKYGENKY | Derive ICC MK, Derive Session Key, Diversified Key Generate, EMV Scripting Service, EMV Transaction (ARQC/ARPC) Service, EMV Verification Functions, Generate Issuer MK, PIN Change/Unblock |
AES keys | Callable services |
---|---|
Key-generate key class:
|
|
DKYGENKY | Diversified Key Generate2, Encrypted PIN Translate2, Encrypted PIN Translate Enhanced, Encrypted PIN Verify, Encrypted PIN Verify2, FPE Decipher, FPE Encipher, FPE Translate, PIN Change/Unblock, Unique Key Derive |
KDKGENKY | Diversify Directed Key |
Availability notes: AES DKYGENKY keys require IBM z114 or IBM z196
systems with a CEX3C coprocessor with the November 2013 or later licensed internal code (LIC) , or
zEC12, zBC12, and later systems with a CEX3C, CEX4C, or later coprocessor with September 2013 or
later licensed internal code (LIC). AES KDKGENKY keys require IBM z13, IBM z13s,
or later servers with the July 2019 or
later licensed internal code (LIC) or IBM z14 or later servers with the December 2018 or later licensed internal code
(LIC).