These files are a supplement to ANSI X9.24-3-2017 and are a set of source code that can be used as a reference implementation of the AES DUKPT algorithm on a transaction-originating SCD or a receiving SCD. AES DUKPT is used to derivive transaction key(s) from an initial terminal DUKPT key based on the transaction number. Keys that can be derived include symmetric encryption/decryption keys, authentication keys, and HMAC (keyed hash message authentication code) keys. AES DUKPT supports the derivation of AES-128, AES-192, AES-256, double length TDEA, and triple length TDEA keys from AES-128, AES-192, and AES-256 initial keys.
While the included source code contains a reference implementation of the AES DUKPT algorithm, in no way should the included source code be considered an implementation of the entirety of the requirements of the ANSI X9.24 Part 3 standard. Care must be taken to follow all requirements when deploying a complete implementation of the standard.
- Description of Python source code. Click here to download python source code document.
- Python source code that was used to generate the test vectors. Click here to download python source code.
- Test vectors for validating the algorithm described in ANSI X9.24-3-2017. Click here to download vectors.