> For the complete documentation index, see [llms.txt](https://developer.magtek.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/dynaprox/documents/programmers-manuals/programmers-manual-commands/commands/establish-ephemeral-kbpk.md). # Establish Ephemeral KBPK ## Command 0xF017 - Establish Ephemeral KBPK The host uses this command to complete the ECDHE-ECDSA Key Exchange protocol, which enables the host and the device to generate the same TEMP KBPK key to use with Command 0xEF01 - Load Key Using TR-31 to load the Master Transport Key (MTK). The sequence of events is as follows: {% stepper %} {% step %} The host uses Command 0xE001 - Get Challenge to establish a secure session with the device. {% endstep %} {% step %} The host constructs Command 0xF017 - Establish Ephemeral KBPK per the request table below. {% endstep %} {% step %} The host constructs Command 0xEEEE - Send Secured Command to Device using the previously constructed command request as the payload, and sends that command request to the device as a Request Message. * Because this command is secured using a signature, read Property 2.1.2.2.2.6 Key Type to determine which fixed key to use to generate the signature. * Build the Security Parameters Type portion of the wrapper with: * Table 46 - Encrypted Signature Capture File Type Operation Type = Command Authorization Using Signature * Operation Algorithm = ECDSA (indeterministic) * Operation Hash = SHA-256 * Operation Curve = P521 {% endstep %} {% step %} The device does the following: * Validates the secure wrapper around the command, and terminates if the signature is invalid. * Determines if the Master Transport Key (MTK) has already been loaded. If it has, the device rejects the command request. * Generates a pair of keys, saves the Device Private Key for calculation. * Generates and saves 8 bytes of Device Random Token for calculation. * Calculates the TEMP KBPK based on Host Public Key and Host Random Token passed in with the command request, and the Device Private Key and Device Random Token the device generated. {% endstep %} {% step %} The device sends a Response Message to the host to indicate the result. The response message includes Device Random Token and Device Public Key. {% endstep %} {% step %} The host calculates a matching TEMP KBPK as defined in NIST SP800-56A, using the Host Private Key, Host Random Token, Device Public Key, and Device Random Token. It can then use this key to perform encryption operations on secret data in the Master Transport Key (MTK). {% endstep %} {% step %} The device uses its copy of the matching TEMP KBPK to decrypt the secret information encrypted by the host using the same key. On successful MTK load, the device erases the TEMP KBPK. It also erases the TEMP KBPK if the device is power cycled or reset, and the host would need to restart the process with a new TEMP KBPK. {% endstep %} {% endstepper %} ## Table - Request Data for Command 0xF017 - Establish Ephemeral KBPK
TagLenValue / DescriptionTypReqDefault
Beginning of any wrappers, at minimum including Request Message
F017 = Command 0xF017 - Establish Ephemeral KBPK
A1var

Security Parameters — This contains a Security Parameters Type TLV data object with only the first parameter populated with:

01 = Key Agreement

01 = ECDHE

05 = Curve P521

01 = SP800-56A

BR
83varHost Ephemeral Public Key — This parameter is in ASN.1 format. The information of the cipher and key size are included in the ASN.1 Public Key file (PKCS#8).BR
8408

Host Random Token

This contains an 8 byte random number generated by the host.

BR
## Table - Response Data for Command 0xF017 - Establish Ephemeral KBPK
TagLenValue / DescriptionTypReqDefault
Beginning of any wrappers, at minimum including Response Message
F017 = Command 0xF017 - Establish Ephemeral KBPK
A1varSecurity Parameters — This contains a Security Parameters Type TLV data object populated entirely with 0x00 padding to indicate that all values are the same as the corresponding values in the Request.BR
83varDevice Ephemeral Public Key — This parameter is in ASN.1 format. The information of the cipher and key size are included in the ASN.1 key file.BR
8408Device Random Token — This contains an 8 byte random number generated by the device.BR
End of any wrappers, at minimum including Response Message found
## Table - Request Example {% code title="Example (hex)" %} ``` AA 00 81 04 01 10 F0 17 84 82 01 8C EE EE // Secure Wrapper A1 24 81 04 02 01 04 05 84 00 85 00 A8 16 81 02 00 00 82 07 45 43 43 53 49 47 4E 86 05 45 43 44 53 41 88 00 A9 00 82 04 B5 03 3D A0 83 08 ED B0 79 E6 E3 F1 83 AE 84 81 C3 // payload is 0xF017 command body F0 17 A1 14 // Security parameters 81 04 01 01 05 01 84 00 A8 0A 81 02 00 00 82 00 86 00 88 00 83 81 9E // TL of PKCS8 public key 30 81 9B // V of PKCS8 public key 30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 23 03 81 86 00 04 01 64 1C DA 45 C5 56 B3 8B 31 29 8C 94 A1 E7 95 C9 D3 85 C0 4D F3 15 13 D9 91 43 84 58 15 CD 45 6B 67 F6 AC 7C 56 DF F8 0C 65 A7 CF 81 F1 13 2F AA E5 22 10 78 23 C9 4F 1D CD 24 42 EC 1A 3F A4 75 58 00 97 59 96 9E 01 D0 62 47 B7 EF 5F 0B D0 8B E6 CA 12 F0 3C 13 43 AF 15 21 92 3D 6B FE 47 74 68 38 3F DD 1E 90 2B FD 0F D6 DA 7A A1 E9 A1 98 85 3A DA 93 6D EE 05 61 87 8B 81 BF 6A 78 2F 40 A5 E8 66 84 08 BD E3 77 88 83 0C F6 37 // TLV of 8-byte random # for TEMP-KBPK // end of 0xF017 command body 9E 81 8B 30 81 88 02 42 00 C4 13 1D C2 13 7A F6 FD F0 F1 BB BD 14 C2 4A FE D7 6F BC 80 91 84 26 43 85 40 B6 5D BE 1D 9C 74 90 77 B6 41 62 69 52 04 72 93 C0 9C 59 2A DB 03 31 0F 8A 28 C0 DB 1A B7 1B 51 B3 E6 BD FF 50 77 CA 02 42 01 EE D8 2D 9F A3 D1 98 4E 74 C8 85 11 52 93 15 FF 9D 7D 5A 03 FD 84 B8 B9 09 20 8B 15 98 7A 5E 56 A5 61 71 9A 0A B9 D1 DA 1C 96 1D 0C EF F0 D2 E3 A4 22 84 60 E2 AA 8C AA 2B 8B AE 02 50 D8 B3 CF 84 ``` {% endcode %} ## Table - Response Example {% code title="Example (hex)" %} ``` AA 00 81 04 82 10 F0 17 82 04 00 00 00 00 84 81 B5 // Response Payload F0 17 A1 06 81 01 00 82 01 00 83 81 9E // TL of PKCS8 public key 30 81 9B // V of PKCS8 public key 30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 23 03 81 86 00 04 01 77 CD 91 56 96 34 2B C6 5A 6C EC 5D 74 96 41 B3 F9 2B 12 85 19 90 F8 73 BF FF 3C 10 44 E3 CB 21 4E CA F6 CE FC F8 C8 80 52 44 13 FA B1 97 A1 8C 44 FE 95 A2 0A F3 3D A4 3A 8F 2E 39 41 23 22 B1 AB 01 29 26 4F CC 0E 86 11 16 92 FF BC E1 BF DA FC 21 BA B1 5A C4 DE 7B C1 6F A9 17 F8 4B 1E B2 1F 5F 21 7D 54 00 15 41 C3 21 75 0D 21 DC 95 13 A7 2C 8C 11 77 96 38 87 51 08 7A 1F 63 EC A8 8F C4 AB B3 84 08 4C 4A EC 0B 47 E4 53 EB // TLV of 8-byte random # for TEMP-KBPK ``` {% endcode %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/dynaprox/documents/programmers-manuals/programmers-manual-commands/commands/establish-ephemeral-kbpk.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.