Key checksum value explained

In cryptography, a Key Checksum Value (KCV) is the checksum of a cryptographic key.[1] It is used to validate the key integrity or compare keys without knowing their actual values. The KCV is computed by encrypting a block of bytes, each with value '00' or '01', with the cryptographic key and retaining the first 6 hexadecimal characters of the encrypted result. It is used in key management in different ciphering devices, like SIM-cards or Hardware Security Modules (HSM).

In the GlobalPlatform technical specifications the KCV is defined for DES/3DES and AES keys as follows:[2]

The same definition is used by the GSMA.[3]

KCV for symmetric key management in retail financial services

The payments cards industry uses the following definition, as documented in requirement 15-1 of PCI PIN Security standard.[4] The same definitions can also be found in the ASC X9 standards under ANSI x9.24-1-2017 Retail Financial Services Symmetric Key Management Part 1[5]

Check values may be computed by two methods. TDEA may use either method. AES must only use the CMAC method. In the first method, check values are computed by encrypting an all binary zeros block using the key or component as the encryption key, using the leftmost n-bits of the result; where n is at most 24 bits (6 hexadecimal digits/3 bytes). In the second method the KCV is calculated by MACing an all binary zeros block using the CMAC algorithm as specified in ISO 9797-1 (see also NIST SP 800-38B). The check value will be the leftmost n-bits of the result, where n is at most 40 bits (10 hexadecimal digits). The block cipher used in the CMAC function is the same as the block cipher of the key itself. A TDEA key or a component of a TDEA key will be MACed using the TDEA block cipher, while a 128-bit AES key or component will be MACed using the AES-128 block cipher.

Notes and References

  1. Web site: Cryptography - Detecting incorrect key using AES/GCM in JAVA.
  2. GPC_SPE_034, "GlobalPlatform Card Specification 2.3.1", GlobalPlatform, March 2018, Section B5
  3. https://www.gsma.com/newsroom/wp-content/uploads/SGP.02_v3.1.pdf "Remote Provisioning Architecture for Embedded UICC 3.1"
  4. https://docs-prv.pcisecuritystandards.org/PIN/Standard/PCI_PIN_Security_Requirements_Testing_v3_1.pdf PCI PIN Security, requirements and testing procedures version 3.1
  5. https://x9.org/standard-release-ansi-x9-24-1-2017/ ANSI x9.24-1-2017 Retail Financial Services Symmetric Key Management Part 1