Key checksum value

From HandWiki

In cryptography, a Key Checksum Value (KCV) is the checksum of a cryptographic key.[1] It is used to validate the key integrity or compare keys without knowing their actual values. The KCV is computed by encrypting a block of bytes, each with value '00' or '01', with the cryptographic key and retaining the first 6 hexadecimal characters of the encrypted result. It is used in key management in different ciphering devices, like SIM-cards or Hardware Security Modules (HSM).

In the GlobalPlatform technical specifications the KCV is defined for DES/3DES and AES keys as follows:[2]

For a DES key, the key check value is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest-order bytes of the encrypted result. For a AES key, the key check value is computed by encrypting 16 bytes, each with value '01', with the key to be checked and retaining the 3 highest-order bytes of the encrypted result.

The same definition is used by the GSMA.[3]

References

  1. "Cryptography - Detecting incorrect key using AES/GCM in JAVA". https://stackoverflow.com/questions/12228250/detecting-incorrect-key-using-aes-gcm-in-java. 
  2. GPC_SPE_034, "GlobalPlatform Card Specification 2.3.1" , GlobalPlatform, March 2018, Section B5
  3. "Remote Provisioning Architecture for Embedded UICC 3.1", GSMA, May 2016, Annex F




Retrieved from "https://handwiki.org/wiki/index.php?title=Key_checksum_value&oldid=3357327"