developer:endtoendencryption

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
developer:endtoendencryption [2012/05/24 11:28]
tem created
developer:endtoendencryption [2014/12/02 16:17] (current)
tem [Generic Format]
Line 15: Line 15:
 </​code>​ </​code>​
  
 +====== Data Format ======
 +
 +The encrypted card data can be passed in several different formats. ​  If using a supported manufacturer,​ it is required that the developer pass the entire block of data as it was read from the reader. ​  It is important that the gateway receive all data components to be able to decrypt successfully. ​ The most common mistake made by developers is to send only the encrypted data and omit the KSN block which contains the key info necessary for decryption. ​ The following formats are supported:
 +
 +===== IDTech Format =====
 +
 +Devices that use IDTech heads will output DUKPT encrypted data.  The data block should start with \x02 followed by two bytes indicating length, followed by \x80 or \x85.  Some devices may output raw binary while others may return a binhex encoding.  ​
 +
 +===== Magtek Format =====
 +
 +Supported Magtek devices output a pipe "​|"​ delimited format. ​ The entire block of data is needed for decryption. ​ See below for an example.
 +
 +===== Generic Format =====
 +For developers implementing their own encryption or using an unsupported device, the data can be sent in json format with the fields below. ​ When using this format it is not necessary to base64 encode the entire block, just the encrypted data element.
 +
 +^Field ^Required ^Description ^
 +|k | yes |Key ID.   For DUKPT based encryption this should be the full KSN block in binhex format including the KSID, device serial and encryption counter |
 +|t | yes* |All tracks encrypted in one data block. ​ This should be either base64 or binhex encoded. |
 +|t1 | yes* |Encrypted track 1 data. This should be either base64 or binhex encoded. |
 +|t2 | yes* |Encrypted track 2 data. This should be either base64 or binhex encoded. |
 +|t3 | yes* |Encrypted track 3 data. This should be either base64 or binhex encoded. |
 +|m | no |Masked track data,  all tracks in single string |
 +|c | no |Encrypted, manually keyed card number and expiration. | 
 +
 +* Device will either concatenate all tracks together before encryption or encrypt each track individually. ​ Use t if encrypted all together in single block and use t1, t2, t3 if encrypted separately.
 +
 +<code json>
 +enc://​{"​k":"​FFFF9019F8E999000009","​t1":"​411785952BA27844F49434FFC261A5CE6E6F3F46BE836D8612B56A53DB480167FD63DA9892B0F471626CDC0B75376AF6759403CA58A4C263","​t2":"​350518BC1F8D63CBD2C47D19FC3C1824D3AFB5CC54AC878595902B927DE850D3","​m":"​%B4444*********7779^EXAMPLE TEST CARD^2512*********?;​4444*******7779=2512*********?"​}
 +</​code>​
 +====== iDynamo Library ======
 +
 +If you are using idynamo library, here is what you need to do:
 +<​code>​
 +NSString *responseString = [mtSCRALib getResponseData];​
 +NSData *responseData = [responseString dataUsingEncoding:​NSASCIIStringEncoding];​
 +NSString *encodedString = [NSString stringWithFormat:​@"​enc://​%@",​ [^] [responseData base64Encoding]];​
 +</​code>​
 +and then send encodedString to the gateway as MagStripe.
developer/endtoendencryption.1337884135.txt.gz ยท Last modified: 2012/05/24 11:28 by tem

Page Tools