Generate/Verify a MAC using a Triple-DES DUKPT MAC Key

Command:

Generate or Verify a MAC on Message Data using a MAC Key derived according to ANSI X9.24-2002 DUKPT method

Notes:

The HSM derives a unique PIN Key, then applies variant 0000 0000 0000 FF00 0000 0000 0000 FF00 to create the unique MAC key.

The command also supports the verification and generation of Approval MAC and Decline MAC for Base24.

Currently only X9.19 MAC method is supported..

Field	Length & Type	Details
COMMAND MESSAGE
Message header	m A	(Subsequently returned to the Host unchanged).
Command code	2 A	Value GW.
MAC Mode	1N	1 = Verify 8 byte MAC 2 = Verify Approval MAC (4 leftmost bytes of MAC) 3 = Verfify Decline MAC (4 rightmost bytes of MAC) 4 = Generate 8 byte MAC 5 = Generate Approval MAC (4 leftmost bytes of MAC) 6 = Generate Decline MAC (4 rightmost bytes of MAC)
MAC Method	1N	1 = X9.19
*BDK	32H or 1A+32H or 1A+48H	The *BDK encrypted under LMK pair 28-29
KSN Descriptor	3H	The descriptor for the KSN (in the next field)
Key Serial Number	12-20H	The KSN supplied by the PIN Pad
MAC	32B or 64B	Only present for Modes 01,02,03 MAC to be verified.
Message Data Length	4N	Length of next field in bytes. Must be multiple of 8 bytes
Message Data	nB	Data for which MAC is to be generated/verified
End message delimiter	1 C	Present only if Message Trailer is present. Value X’19
Message trailer	n A	Optional. Maximum length 32 characters.

Field	Length & Type		Details
RESPONSE MESSAGE
Message header		n A		Returned to the Host unchanged.
Response code		2 A		Value GX.
Error code		2 N		00 : No error. 01 : MAC Verification Failure 12 : No Keys in User Storage 13 : LMK Error. Report to Supervisor 15 : Error in input data
MAC		8H or 16H		Only present for Modes 01, 02, 03 The MAC generated on the Message Data
End message delimiter		1 C		Present only if supplied in the command message. Value X’19.
Message trailer		n A		Present only if present in the command message. Maximum length 32 characters.