package com.bhz.shell.authentic.encrypt;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
/**
* Derived Unique Key Per Transaction (DUKPT)<br/>
* 每次交易派生唯一密钥,保证每次交易使用的密钥不同<br/>
* 本工具类符合《ANSI X9.24-2009》规范
*
* @author sure
*/
public class Dukpt2009 {
private Dukpt2009() {
}
public static void main(String[] args) throws Exception {
String ksnStr = "ffff0090020000600001";
String bdkStr = "860D8952C16B3BE52610F80ED09DD54F";
byte[] ksn = hexStr2Bytes(ksnStr);
byte[] bdk = hexStr2Bytes(bdkStr);
byte[] pek = getInitPek(ksn, bdk);
String pekStr = bytes2HexStr(pek);
System.out.println("init pek = " + pekStr);
byte[] dataKey = getDataKey(ksn, pek);
String dataKeyStr = bytes2HexStr(dataKey);
System.out.println("data Key = " + dataKeyStr);
byte[] pinKey = getPinKey(ksn, pek);
String pinKeyStr = bytes2HexStr(pinKey);
System.out.println("pin Key = " + pinKeyStr);
byte[] macKey = getMacKey(ksn, pek);
String macKeyStr = bytes2HexStr(macKey);
System.out.println("mac Key = " + macKeyStr);
byte[] message = Base64.getDecoder().decode("JCtZfFbFi7v5F2mgBvQqKqTVBx0SmI2SIenM7Cdzi5sntP5EM2o527hZql2UqKnvRBR5/t+IlDVxroIfA/Vpaw==");
byte[] result = decryption3DesCbc(dataKey, message, new byte[8]);
System.out.println("data = " + bytes2HexStr(result));
message = hexStr2Bytes("020013373037373930343431303030303030303634360E00043237303123001E3730373739303434313030303030303036343644323730313230353033318000");
result = encryption3DesCbc(dataKey, message, new byte[8]);
message = decryption3DesCbc(dataKey, result, new byte[8]);
System.out.println("ori val = " + bytes2HexStr(message));
System.out.println("encrypt = " + bytes2HexStr(result));
System.out.println("decrypt = " + bytes2HexStr(message));
message = Base64.getDecoder().decode("fYnrDvkh5fk=");
result = decryption3Des(pinKey, message);
System.out.println("pin = " + bytes2HexStr(result));
}
/**
* 通过KSN和BDK获取初始PEK<br/>
* 初始PEK通常用于罐装到设备中,用于后续派生,设备中不会存有BDK
*
* @param ksn Key Serial Number 密钥序列号,生成初始PEK时只有前8个byte有效
* @param bdk Base Derivation Key 基础派生密钥,只有前16个byte有效
* @return 初始PEK(Initial PIN Encryption Key)
*/
public static byte[] getInitPek(byte[
java实现dukpt
最新推荐文章于 2024-08-03 21:02:21 发布
![](https://img-home.csdnimg.cn/images/20240711042549.png)