Command: B (Generate ZPK). Can be used in online, offline or secure state.
Function: To generate a random ZPK and return it encrypted under the LMK and under a ZMK (for transmission to another party). The ZPK can be a VISA Acquirer or Issuer Working key.
Inputs: The ZMK
(VISA Zone Control Master Key, ZCMK) encrypted under LMK pair 04-05 (as
generated using the D command): 16 or 32 hexadecimal characters.
The ZMK key check value (as generated using the D command or by extracting the
first 6 digits generated using the CK command): 6 hexadecimal characters.
The ZMK variant: 1 or 2 digit, value 0-99 (or <Enter> to ignore). Used
only when interworking with Atalla systems. Refer to the CS command. Note that
this input is not requested when the ZMK variant support is set to off.
Outputs: The ZPK
encrypted under the ZMK: 16 hexadecimal characters.
The ZPK encrypted under LMK pair 06-07: 16 hexadecimal characters.
The ZPK check value, formed by encrypting 64 binary zeros with the ZPK and
returning the left-most 48 bits: 12 hexadecimal characters.
Errors: Data invalid; please re-enter: - the encrypted ZMK does not contain 16 or 32 hexadecimal characters, or the key check value is not 6 characters or the ZMK variant is invalid. Re-enter the correct number of hexadecimal characters.
Key parity error; re-enter: - the ZMK does not have odd parity on each byte. Re-enter the encrypted ZMK and check for typographic errors.
Check failed, re-enter check value or abort: - invalid 6 character check value has been entered.
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online> B <Return>
Enter encrypted ZMK: XXXX XXXX XXXX XXXX <Return>
Enter ZMK check value: XXXXXX <Return>
(Enter ZMK variant: X <Return>, if enabled by CS command)
ZPK encrypted for transmission: XXXX XXXX XXXX XXXX
ZPK encrypted for bank: XXXX XXXX XXXX XXXX
Key check value: XXXX XXXX XXXX XXXX