Command 0xEF11 - Get Key Info

The host uses this command to retrieve information about a key slot, including details about the key stored in that slot. It can be used for several purposes, including:

Determine if a key exists / has been loaded
Get key derivation data to derive a DUKPT key
Get transport key information to retrieve the appropriate transport key

Sequence of events:

Construct request

The host constructs the command request in the format below.

Send request

The host sends the command request to the device.

Receive response

The device sends a response in the format below to the host.

Table - Request Data for Command 0xEF11 - Get Key Info

Tag

Len

Value / Description

Typ

Req

Default

Beginning of any wrappers, at minimum including Request Message

EF11

Command 0xEF11 - Get Key Info

Key Slot ID — See Table 59 - Key Slot ID

End of any wrappers, at minimum including Request Message

Table - Response Data for Command 0xEF11 - Get Key Info

Tag

Len

Value / Description

Typ

Req

Default

EF11 = Command 0xEF11 - Get Key Info

Key Slot Information

Loaded Key Information

/null

(1)

Key Slot Status

· 0x00 = Empty

· 0x01 = Loaded (Key not assigned purpose)

· 0x02 = Loaded & Active

· 0x03 = Exhausted (End of DUKPT key sequence

· 0x04 = Expired (Reserved, certificate status)

0xFF = Not supported in this device

/null

(1)

Key Slot Type

First byte of the Key Slot ID in the host’s request message.

/null

(2)

Transport Key Slot ID

This specifies the key used to secure and load the key that the host is retrieving information about. See Table 59 - Key Slot ID

Loaded Key Information

/null

(1)

Key Environment — ‘T’ = Test, ‘P’ = Production

/null

(4)

TR-31 Attributes — See Table 55 - TR-31 Key Type Table - Usage/Algorithm/Mode.

/null

(1)

Encoding of Algorithm & Length: - 0x01 = DEA - 0x02 = 2TDEA - 0x03 = 3TDEA - 0x04 = AES128 - 0x05 = AES192 - 0x06 = AES256

var

Key Check Value: - For AES-CMAC, 5 bytes. - For TDES-CMAC or TDES-CBCMAC, 3 bytes.

var

Key Derivation Information — Contains the derivation block, key serial number (KSN), or key label, as appropriate for the key type.

var

Restrictions — Reserved. Do not include.

DUKPT Restrictions — These restrictions come from the TR-31 block.

var

Timestamp — This comes from the TR-31 block or from device’s real-time clock.

Table - Request Example

Example (hex)

AA 00 81 04 01 21 EF 11 84 06 EF 11 81 02 20 07

Table - Response Example

Example (hex)

AA 00 81 04 82 21 EF 11 82 04 00 00 00 00 84 34 A2 32 81 04 02 20 10 81 82 06 54 
42 31 54 58 03 84 0A FF FF 98 76 54 32 10 30 00 00 A6 04 81 02 00 3F 89 10 32 30 
32 30 30 39 30 32 54 31 35 35 38 30 32 5A

Note: For additional support, please contact MagTek Support.

Last updated 28 days ago