Key checksum value

In cryptography, a Key Checksum Value (KCV) is checksum of the key value used to compare keys without knowing their actual values.

A KCV normally consists of a zero-block encrypted with the key, or a cryptographically secure hash over the key (also called a fingerprint)[1]

In the GlobalPlatform technical specifications the KCV is defined for DES/3DES and AES keys as follows:[2]

For a DES key, the key check value is computed by encrypting 8 bytes, each with value '00', with the key to be checked and retaining the 3 highest-order bytes of the encrypted result. For a AES key, the key check value is computed by encrypting 16 bytes, each with value '01', with the key to be checked and retaining the 3 highest-order bytes of the encrypted result.

The same definition is used by the GSMA.[3]

References

https://stackoverflow.com/questions/12228250/detecting-incorrect-key-using-aes-gcm-in-java
GPC_SPE_034, "GlobalPlatform Card Specification 2.3.1" , GlobalPlatform, March 2018, Section B5
"Remote Provisioning Architecture for Embedded UICC 3.1", GSMA, May 2016, Annex F

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] ttps://stackoverflow.com/questions/12228250/detecting-incorrect-key-using-aes-gcm-in-java

[2] GPC_SPE_034, "GlobalPlatform Card Specification 2.3.1" , GlobalPlatform, March 2018, Section B5

[3] "Remote Provisioning Architecture for Embedded UICC 3.1", GSMA, May 2016, Annex F